Abstract
Insider threats are a significant security issue. The last decade has witnessed countless instances of data loss and exposure in which data has become publicly available and easily accessible. Losing or disclosing sensitive data or confidential information may cause substantial financial and reputational damage to a company. Whilst more recent research has specifically focused on the insider misuse problem, it has tended to focus on the information itself – either through its protection or approaches to detect leakage. In contrast, this paper presents a proactive approach to the attribution of misuse via information leakage using biometrics and a locality-sensitive hashing scheme. The hash digest of the object (e.g. a document) is mapped with the given biometric information of the person who interacted with it and generates a digital imprint file that represents the correlation between the two parties. The proposed approach does not directly store or preserve any explicit biometric information nor document copy in a repository. It is only the established correlation (imprint) is kept for the purpose of reconstructing the mapped information once an incident occurred. Comprehensive experiments for the proposed approach have shown that it is highly possible to establish this correlation even when the original version has undergone significant file modification. In many scenarios, such as changing the file format r removing parts of the document, including words and sentences, it was possible to extract and reconstruct the correlated biometric information out of a modified document (e.g. 100 words were deleted) with an average success rate of 89.31%.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Titcomb, J.: WikiLeaks releases thousands of hacked Macron campaign emails (2017). http://www.telegraph.co.uk/news/2017/07/31/wikileaks-releases-thousands-hacked-macron-campaign-emails/. Accessed 07 Sept 2017
WikiLeaks publishes ‘biggest ever leak of secret CIA documents’ (2017). https://www.theguardian.com/media/2017/mar/07/wikileaks-publishes-biggest-ever-leak-of-secret-cia-documents-hacking-surveillance. Accessed 09 Sept 2017
Moshinsky, B.: LEAKED DOCUMENT: Bank of England has ‘significant concern’ over post-Brexit approval for Deutsche Bank’s UK branch (2017). http://uk.businessinsider.com/bank-of-england-document-deutsche-bank-post-brexit-uk-2017-8. Accessed 07 Sept 2017
Rahayu Selamat, S., Sahib, S., Hafeizah, N., Yusof, R., Faizal Abdollah, M.: A forensic traceability index in digital forensic investigation. J. Inf. Secur. 4(1), 19–32 (2013)
Homem, I., Dosis, S., Popov, O.: LEIA: the live evidence information aggregator: towards efficient cyber-law enforcement. In: World Congress on Internet Security (WorldCIS-2013), pp. 156–161 (2013)
Magklaras, G., Furnell, S., Papadaki, M.: LUARM – an audit engine for insider misuse detection. Int. J. Digit. Crime Forensics 3(3), 37–49 (2011)
Homem, I., Dosis, S., Popov, O.: The network factor in proactive digital evidence acquisition. Int. J. Intell. Comput. Res. 6(1), 517–526 (2015)
Quick, D., Choo, K.-K.R.: Forensic collection of cloud storage data: does the act of collection result in changes to the data or its metadata? Digit. Investig. 10(3), 266–277 (2013)
Pilli, E.S., Joshi, R.C., Niyogi, R.: Network forensic frameworks: survey and research challenges. Digit. Invest. 7(1–2), 14–27 (2010)
Khan, S., Gani, A., Wahab, A.W.A., Shiraz, M., Ahmad, I.: Network forensics: review, taxonomy, and open challenges. J. Netw. Comput. Appl. 66, 214–235 (2016)
Birk, D., Wegener, C.: Technical issues of forensic investigations in cloud computing environments. In: 2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering, pp. 1–10 (2011)
Hashem, Y., Takabi, H., GhasemiGol, M., Dantu, R.: Towards insider threat detection using psychophysiological signals. In: Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats - MIST 2015, vol. 6, no. 1, pp. 71–74 (2015)
Almehmadi, A., El-Khatib, K.: On the possibility of insider threat detection using physiological signal monitoring. In: Proceedings of the 7th International Conference on Security of Information and Networks - SIN 2014, pp. 223–230 (2014)
Bouslimi, D., Coatrieux, G.: A crypto-watermarking system for ensuring reliability control and traceability of medical images. Sig. Process. Image Commun. 47, 160–169 (2016)
Chaabane, F., Charfeddine, M., Ben Amar, C.: A survey on digital tracing traitors schemes. In: 2013 9th International Conference on Information Assurance and Security (IAS), pp. 85–90 (2013)
Macq, B., Alface, P.R., Montanola, M.: Applicability of watermarking for intellectual property rights protection in a 3D printing scenario. In: Proceedings of the 20th International Conference on 3D Web Technology - Web3D 2015, pp. 89–95 (2015)
Alruban, A., Clarke, N., Li, F., Furnell, S.: Insider misuse attribution using biometrics. In: Proceedings of the 12th International Conference on Availability, Reliability and Security - ARES 2017, pp. 1–7 (2017)
Oliver, J., Cheng, C., Chen, Y.: TLSH – a locality sensitive hash. In: 2013 Fourth Cybercrime and Trustworthy Computing Workshop, pp. 7–13, November 2013
Kornblum, J.: Identifying almost identical files using context triggered piecewise hashing. Digit. Investig. 3(SUPPL), 91–97 (2006)
Roussev, V.: Data fingerprinting with similarity digests. In: Chow, K.-P., Shenoi, S. (eds.) DigitalForensics 2010. IAICT, vol. 337, pp. 207–226. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15506-2_15
Damiani, E., di Vimercati, S.D.C., Paraboschi, S., Samarati, P.: An open digest-based technique for spam detection. In: Proceedings of 2004 International Workshop Security in Parallel and Distributed Systems, vol. 1, no. 1, pp. 559–564 (2004)
Oliver, J., Forman, S., Cheng, C.: Using randomization to attack similarity digests. In: Batten, L., Li, G., Niu, W., Warren, M. (eds.) ATIS 2014. CCIS, vol. 490, pp. 199–210. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45670-5_19
WikiLeaks. https://wikileaks.org. Accessed 05 Sept 2017
A billion in secret Congressional reports (2009). https://wikileaks.org/wiki/Change_you_can_download:_a_billion_in_secret_Congressional_reports. Accessed 04 Sept 2017
The Intercept. https://theintercept.com/. Accessed 05 Sept 2017
Belhumeur, P.N., Hespanha, J.P., Kriegman, D.J.: Eigenfaces vs. fisherfaces: recognition using class specific linear projection. IEEE Trans. Pattern Anal. Mach. Intell. 19(7), 711–720 (1997)
Smith, R.: An overview of the tesseract OCR engine. In: Ninth International Conference on Document Analysis and Recognition (ICDAR 2007), vol. 2, pp. 629–633 (2007)
Acknowledgements
This research was undertaken with the support of the Majmaah University, Majmaah city, Saudi Arabia.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Alruban, A., Clarke, N., Li, F., Furnell, S. (2018). Biometrically Linking Document Leakage to the Individuals Responsible. In: Furnell, S., Mouratidis, H., Pernul, G. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2018. Lecture Notes in Computer Science(), vol 11033. Springer, Cham. https://doi.org/10.1007/978-3-319-98385-1_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-98385-1_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-98384-4
Online ISBN: 978-3-319-98385-1
eBook Packages: Computer ScienceComputer Science (R0)