This document discusses data leakage detection techniques. It begins with an introduction to data leakage and examples of how it occurs when data is shared with third parties. It then summarizes some of the largest data breaches of the 21st century. Existing data leakage detection techniques like watermarking and steganography are described along with their disadvantages. The document discusses future applications and scope in the area of data leakage detection and concludes that such techniques can help identify sources of data leaks while data is distributed.

1. Data Leakage Detection
Submitted by:
Name: GauravKumar
Sic:15cs0967
Branch: CSE
Mob.No 9572343425

2. Contents…..
 Introduction
 How data leakage takes place
 Biggest data breaches of the 21st century
 Existing data leakage detection techniques
 Disadvantages of existing techniques
 Future scope
 Applications
 Conclusion

3. Introduction…..
DATA LEAKAGE is the unauthorized transmission of sensitive data or
information from within an organization to an external destination or
recipient.
SENSITIVE DATA of companies and organization includes
 intellectual property,
 Financial information,
 Patient information,
 Personal credit card data,
and other information depending upon the business and the industry

4. How data leakage takes place..??
 In the course of doing business, sometimes data must be handed
over to the trusted third parties for some enhancement or
operations.
 Sometimes these trusted third parties may act as points of data
leakage.
 Examples:
A. A hospital may give patient records to researcher who will devise
new treatments.
B. A company may have partnership with other companies that
require sharing of customer data.
C. An enterprise may outsource its data processing, so data must be
given to various other companies.

5.  Owner of data is termed as the distributor and the third
parties are called as the agents.
 In case of data leakage, the distributor must access the
likelihood that the leaked data come from one or more agents,
as opposed to having been independently gathered by other
means.

6. Biggest data breaches of the 21st century

7. 1. Yahoo
Date: September 2016
Impact: 3 billion user accounts
Details: In September 2016, the once dominant Internet
giant, while in negotiations to sell itself to Verizon,
announced it had been the victim of the biggest data breach
in history, likely by “a state-sponsored actor,” in 2014. The
attack compromised the real names, email addresses, dates
of birth and telephone numbers of 500 million users. The
company said the "vast majority" of the passwords involved
had been hashed using the robust bcrypt algorithm.

8. 2. eBay
Date: May 2014
Impact: 145 million users compromised
Details: The online auction giant reported a cyberattack in
May 2014 that it said exposed names, addresses, dates of
birth and encrypted passwords of all of its 145 million users.
The company said hackers got into the company network
using the credentials of three corporate employees, and had
complete inside access for 229 days, during which time they
were able to make their way to the user database.

9. 3. Uber
Date: Late 2016
Impact: Personal information of 57 million Uber users and 600,000
drivers exposed.
4. Election Systems & Software – 1.8 million accounts
In August, IT security experts discovered an open Amazon Web
Services (AWS) cloud container. It contained a backup copy of data
from Election Systems & Software (ES&S), a company that
manufactures voting machines and elections management
systems. The data contained a total of almost 2 million accounts
with names, addresses, dates of birth, and party affiliations of
Illinois residents. By default, access to AWS bins is possible only
after authentication; however, for some unknown reason, the
settings on this device were misconfigured, and that made the
container accessible to the public.

10.  "We have a responsibility to protect your data, and if
we can't then we don't deserve to serve you,"
Zuckerberg said in a statement on his Facebook page.
Over 50 million Facebook profiles were harvested by an
app for data, which was then passed the information on
to Cambridge Analytica.

14. DATA LEAKAGE DETECTION
 To detect whether data been leaked by agents.
 To prevent data leakage.

15. Existing data leakage detection techniques
1. Watermarking
2. Steganography

16. 1.Watermarking:
A unique code is embedded in each distributed copy. If
that copy is later discovered in the hands of an
unauthorized party, the leaker can be identified. The
watermark is difficult for an attacker to remove, even
when several individuals conspire together with
independently watermarked copies of the data.
HISTORY:
The term “water-marking” was coined by Andrew Tirkel and Charles Osborne
in December 1992. And the first successful embedding and extraction of it
was demonstrated in 1993 by Andrew Tirkel, Charles Osborne and Gerard
Rankin.

17. General water-marking procedure

19. Water-marking program
% Water Marking
clear all; close all
x=double(imread('greens.jpg'));
figure; imshow(x/255);
y=x
a=zeros(300,500);
a(100:250,100:350)=1
figure; imshow(a);
save m.dat a -ascii
x1=x(:,:,1);
x2=x(:,:,2);
x3=x(:,:,3);

20. dx1=dct2(x1); dx11=dx1; //discrete cosine transform
dx2=dct2(x2); dx22=dx2;
dx3=dct2(x3); dx33=dx3;
load m.dat
g=10; // to decide water-marking limit
[rm,cm]=size(m);
dx1(1:rm,1:cm)=dx1(1:rm,1:cm)g*m;
dx1(1:rm,1:cm)=dx1(1:rm,1:cm)g*m;
dx1(1:rm,1:cm)=dx1(1:rm,1:cm)g*m;
figure,imshow(dx1);
figure,imshow(dx2);
figure,imshow(dx3);

21. y1=idct2(dx1);
y2=idct2(dx2);
y2=idct2(dx3);
y(:,:,1)=y1;
y(:,:,2)=y2;
y(:,:,3)=y3;
figure,imshow(y1);
figure,imshow(y2);
figure,imshow(y3);
figure;imshow(y/255);

22. Image before & after water-marking

23. DRAWBACKS OF WATERMARKING
 It involves some modification of data that is making the
data less sensitive by altering attributes of the data.
 The second problem is that these watermarks can be
sometimes destroyed, if the recipient is malicious.

24. 2.Steganography:
Steganography is a technique for hiding a secret message
within a larger one in such a way that others can’t discern
the presence or contents of the hidden message.

25. Future scope
 Future work includes the investigation of agent guilt
models that capture the leakage scenarios that are not
yet considered.
 The extension of data allocation strategies so that they
can handle agent requests in an online fashion.

27. APPLICATIONS OF DATA LEAKAGEDETECTION
 It helps in detecting whether the distributor’s sensitive
data has been leaked by the trustworthy or authorized
agents.
 It helps to identify the agents who leaked the data.
 Reduce cybercrime.
 Copy prevention & control.
 Source tracking.

28. Conclusion
 In the real scenario there is no need to hand over the
sensitive data to the agents who will unknowingly or
maliciously leak it.
 However, in many cases, we must indeed work with
agents that may not be 100 percent trusted, and we
may not be certain if a leaked object came from an
agent or from some other source.
 We can provide security to our data during its
distribution or transmission and even we can detect if
that gets leaked by using data leakage detection
techniques.

29. Submitted by:
Name: GAURAV KUMAR
Branch: CSE
Email-id:-
Gaurav.kumar8462@gmail.com