2024 11th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO)

Amity University, Noida, India. Mar 14-15, 2024

Data Leakage Detection and Prevention Using

2024 11th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO) | 979-8-3503-5035-7/24/$31.00 ©2024 IEEE | DOI: 10.1109/ICRITO61523.2024.10522194

Ciphertext-Policy Attribute Based Encryption

Algorithm
Sasikala V Lakshmi Saipriya P Nagaraja kumari P
Vignan’s Nirula Institute of Technology Vignan’s Nirula Institute of Technology Vignan’s Nirula Institute of Technology
and Science for Women and Science for Women and Science for Women
Peda Palakaluru, Guntur Peda Palakaluru, Guntur Peda Palakaluru, Guntur
[email protected] [email protected] [email protected]

Lakshmi Padmaja V Bhanu Sri CH

Vignan’s Nirula Institute of Technology Vignan’s Nirula Institute of Technology
and Science for Women and Science for Women
Peda Palakaluru, Guntur Peda Palakaluru, Guntur
[email protected] [email protected]

Abstract: Unauthorized information transfer from an

enterprise to a third party is known as data leakage. In the
modern era, everything is done online, including data
transfers, stocks, groceries, clothing, appliances, and money
transactions. To avoid misuse, all shared information needs to
be protected from unwanted access.It helps protect and
prevent the leakage of unstructured data in addition to
assisting with the preservation of formatted data. Utilization of
Ciphertext-Policy Attribute-Based Encryption Algorithm has
surfaced in a viable approach to safeguard data both during
transmission and storage.The system starts preventive actions,
such encryption updates or access limits, in the case of a
suspected data breach to lessen the effect. By combining
anomaly detection methods with CP-ABE, a strong framework
for improving data security and privacy across a range of
domains is presented, providing a proactive line of defense
against possible breaches.this method improves System
efficiency and prevens the daa leakages with in the less time. Fig. 1. Data Breaches Statistics in 2022Results.

Keywords: Unauthorize, Leverages, Breaches, Data Leakage,
Encryption.
I. INTRODUCTION:
Data loss happens when information is physically or
mentally removed from an organization, whether on purpose
or accidentally. Organizations are in charge of handling data
loss, which has grown to the biggest issue facing them
nowadays. A situation where information confidentiality is
jeopardized is called a data breach. This example of data
being sent outside the organization to recipients who are not
authorised .Confidentially and Private data can be leaked,
while data loss occur as a result of deletion, system
malfunction, etc. The biggest concern that enterprises have
these days is data loss or leaks. The major roots of data
leakages are insufficient access control, lack of encryption,
inadequate monitoring, malicious insiders attack, integrate
challenges and rapid technological challenges. In 2022 ,there
were over4100 data breaches that were made public, which
translates to about 22 billion records being compromised.
Security Magazine, a cyber security publication, stated that
numbers for 2022 are predicted to surpass this amount by as
much as 5%.
Figure 1 shows the statistics of data breaches analytics.
This article lists the phishing, malware, and cyberattacks that
made the top ten most-read cyber security news stories of
2022, along with data breaches and leaks. Although data is
the driving force behind innovation and many technological
developments, the exponential growth in data volume has
resulted in a rise in vulnerabilities, especially with regard to
data security and privacy. Phishing, malware, and
cyberattacks dominated the year's cybersecurity news,
underscoring the pressing need for robust defenses. One
well-known cryptographic solution that allows safe data
sharing and access control in cloud environments and across
networks. This cryptographic solution, orchestrating access
through specified attributes, allowing only authorized users
to decrypt and access data. Its fine-grained access control
offers a paradigm shift in safeguarding sensitive information,
addressing the growing concerns of data integrity and
privacy breaches. This research aims to establish a strong
framework to prevent unauthorized access and minimize
potential data leaks by utilizing CP-ABE's attribute-based
access control. This research endeavors to showcase the
efficacy of CP-ABE algorithm in fortifying data security
protocols. Through meticulous analysis and empirical
investigation, the study aims to elucidate the inherent
strengths of CP-ABE in bolstering the resilience of data

979-8-3503-5035-7/24/$31.00 ©2024 IEEE 1

zed licensed use limited to: Vignan's Foundation for Science Technology & Research (Deemed to be University). Downloaded on August 27,2024 at 13:37:17 UTC from IEEE Xplore. Restrictions
 security measures especially when it comes to situations
where private data must be exchanged safely and accessible
to authorized parties only. This research aims to demonstrate
CP-ABE's potential for protecting sensitive data in a variety
of applications and industries by conducting a thorough
analysis of its capabilities in data leakage detection and
prevention. In the end, this study seeks to advance data
security by providing a strong and proactive method for
reducing the risk of data leakage using CP-ABE.
II. LITERATURE SURVEY:
AlgorithmCP-ABE has garnered significant attention as a
potential solution to safeguard confidential information while
enabling controlled access. This literature review embarks on
an exploration of the extensive research landscape focusing
on CP-ABE-based strategies for detecting and preventing
data leakage. C. Delerable ert.al[1],fully Collusion Secure
Dynamic Broadcast Encryption with Constant-Size
ciphertext or Decryption Keys . N.Kumar etr.al [2]
“Detection of Dtata Leakage in Cloud computing
environment”, 2014. It suggesting a model for data leakage
problem. This model ,aims to identify the culprit who has
leaked the critical Organizational data. Arepalli, P.G.
etr.al[3] An IOT-based water contamination analysis for
aquaculture using leight weight multi-headed GRU model.
Environmental Monitoring and Assessments. Gupta, Ishu
etr.al[4] “An Integrated Approach for Data Leakage
Detection in Cloud Environment”. Shen,Wenting etr.al[5]
“Enabling Identity-based Integrity Auditing and Data
Sharing With Sensitive Information hiding for Secure Cloud
Storage”. which makes the file stored in the cloud able to be
shared and used by others on the condition that the sensitive
information is hidden .R.Canetti etr.al[6] chosen -ciphertext-
secure proxy re encryption , aproxy is given a special
information that allows it to translate a ciphertext under one
key into ciphertext of same message under a different key.
Arepalli, P.G etr.al[7] Adeep Learning-enabled IOT
framework for early hypoxia detection in aqua water using
leight weight spatially shared attention -LSTM network. The
journal of super computing. D. Naor, M.naor etr.al[8]
Revocation and tracing schemes for stateless Recievers.
Arepalli, P.G. etr.al[9] An IOT based smart water Quality
assessment framework for aquaponds management usng
Dilated spatiall-Temporal convolutional Nueral
network(DSTCNN).Aquacultural Engineering .D. Halevey
etr.al[10] The LSD Broadcast Encryption scheme . Y.Dodis
etr.al[11] public key broadcast encryption for stateless
Recievers ,in :ACM workshop on Digital Right management.
Backes,m. etr.al[12] “Data Lineage in malicious
Environment”. Gupta ,I etr.al[13] “Layers based privacy and
Security Architecture for Cloud Data Sharing Journals of
Communication Software System (JCOMSS). Arepalli,P.G
etr.al[14] An IOT framework for Quality analysis of aquatic
water data using time series convolutional neural network.
Environmental Science and pollution Research, Mohd
Ariffin(2019) etr.al[15] .”Data Leakage Detection in Cloud
Computing Platform. International Journal of Advanced
Trends in Computer Science and Engineering.
III. PROPOSED MODEL :
A. Architecture of Proposed Model:
In the context of data leakage detection and prevention,
CPABE (Ciphertext-Policy Attribute-Based Encryption) can
be utilized as part of a broader system architecture to
2
zed licensed use limited to: Vignan's Foundation for Science Technology & Research (Deemed to be University). Downloaded on August 27,2024 at 13:37:17 UTC from IEEE Xplore. Restrictions
enhance the security of sensitive data and control access to
prevent unauthorized data leaks. This Algorithm will Work
on ABE , existing detection models , user attribute
management ,integritation with other security measures .
Here is how CP-ABE can be integrated into a data leakage
detection and prevention system.
Fig. 2. Architecture of the CP-ABE
Figure 2 shows the Architecture of CP-ABE which is
using to data Leakage and Prevention.
Definition :A collection A is considered monotone in a
system where {P1, P2,..., Pn} denotes a group of parties if it
satisfies the following principle: for any B, C within A, if B
is a subset of C and B is within the collection A, then C must
also be included in A. Access structures, or their monotone
equivalents, are collections of non-empty subsets from {P1,
P2,..., Pn} that constitute authorised sets inside the structure.
The attributes that are present in X are authorised sets, and
that sets are missing unauthorised. The attributes that are
being represented here are similar to those of the parties. As
such, the authorised collections of these attributes correspond
with the access structure X. Limit our analysis to access
structures that are monotone. But this methods can also be
used to (inefficiently) implement broad access structures if
the node of an node set is treated as a separate node set.
Consequently, system's attribute count will double.
Henceforth, unless otherwise indicated, an access structure
will be understood to be a single access structure.
Key Generation:
Create a master key MK that will serve as the foundation
for all other keys. Describe the universe of attributes that can
be utilised to grant access to data that is encrypted. The
private key SK is the output.
Step of Setup:
The system uses a master key (MK) and a secret key to
generate a secret key for a user who has been given access to
a particular set of attributes. These keys make it easier to
construct the required characteristics linked to the user's
access. A master key (MK) and public parameters (PK),
which together define the framework within which access is
controlled and granted, are created as a result of this
procedure. A crucial component of the encryption scheme is
the master key, which works in tandem with the public
parameters to enable the creation of particular attribute-based
access controls. This gives the user a secret key that is
customised to their specified set of attributes.
 Encrypt (PK, M, A):The process of policy specification
entails creating a boolean formula using attributes to define
an access policy for encrypted data. Data is encrypted using
this access policy, resulting in a ciphertext that is linked to
the designated policy. The message (‫ܯ‬e)the access structure
(As), which consists of attributes, and the public parameters
(PK) are all used during encryption.This procedure
guarantees that the message can decrypted by a user who
satisfies the requirement of the access structure .The
Encryption process produces a ciphertext(CT) that includes
the encrpted message(Me)and the access structure (AS).
Decrypt(PK,CT,SK):In order to access the encrypted
content, a user asks for a secret key. The key generating
authority issues a key based on the attributes that the user
presents, provided that the user complies with the access
rules. In realm of secure data decryption, harmony between
user’s attribute align with the encryption parameter of public
data, access policy , and a specific private key , a seamless
decoding process unfolds. This elegant integration ensures
that only authorized users with matching attributes can
unlock the concealed content, exemplifying the epitome of
secure communication.
Identification and Mitigation of Data Leakage: To
identify unapproved access or data leaks: Monitoring of
Access Control: Make sure that only authorised users are
accessing the data by keeping a close eye on the access
records. To keep up with evolving security needs, evaluate
and update access policies on a regular basis. To identify any
irregularities or unauthorised access, keep thorough audit
logs that trace data access and modifications. Use encryption
to make sure that private information is safe even in the
event of illegal access. If an authorised user's characteristics
change or if their access is no longer required, put in place
procedures to instantly withdraw their access.
Secure Transmission: To guard against interception and
manipulation, make sure the data transmission is secure by
utilising secure channels .This is a high-level summary of the
methods for detecting and preventing data leaks using
attribute-based encryption. To create a Solid and dependable
system , more complex cryptographic procedures and
security considerations must be made during actual
implementation. Seeking advice from cryptography
specialists and comprehending use-case requirements is
strongly advised for real-world applications.
B. Robust Security Framework:(CP-ABE):
The adversary receives the public parameters, PK, from
the challenger after the Setup algorithm is executed.
Key generation: The key generation algorithm utilizes
set of attributes to create a unique key. For each attribute ,
the algorithm selects random values within a specified range.
These values, denoted as r and rj for each attribute j, are
incorporated to compute the final key. This process ensures
the generation of distinct keys tailored to the given attributes,
enhancing the security and uniqueness of encryption system.
Encrypt (PK, M, T ) :The encryption algorithm encrypts
message M using the tree access structure T. Using a top-
down approach, generating polynomials have degree dx, one
3
zed licensed use limited to: Vignan's Foundation for Science Technology & Research (Deemed to be University). Downloaded on August 27,2024 at 13:37:17 UTC from IEEE Xplore. Restrictions
less than the node threshold value kx(dx = kx – 1).At the root
node R. a random values is chosen, becoming qR(0).For qxin
other nodes, dx additional points are randomly selected , with
qx(0) set to qparent(x)(index(x)).The meticulous process
ensures the encryption of the ciphertext, enabling secure data
transmission within the specified access structure.
Decrypt(CT, SK): For improved understanding, a
recursive decryption algorithm is presented that outlines the
fundamental architecture of the decryption procedure. The
inputs for this algorithm, called DecryptNode, are a node (x)
that is taken from T, a private key (SK) that is linked to a set
of attributes (S), and a ciphertext (CT) that is made up of
different parts , like (T, C ,̃ C, ‫׊‬y ‫ א‬Y : Cy, C′y). The
construction is defined based on the presence of i in the
att(S) when x represents a leaf node, and its att’s i, is taken
into consideration. This basic framework provides the
foundation for more in-depth improvements and
optimisations, which are covered in more detail in the
sections that follow.
Evaluation: This present a concise overview
encompassing the security rationale behind our scheme,
directing readers to the complete proof in Appendix A,
highlighting the efficiency of our system , and exploring
potential strategies for addressing key revocation concerns .
In innovative system in ciphertext-Policy Attribute based
Encryption revolutionizes encrypted access control. It
empowers data encryption parities to define policies based
on user attribute, ensuring secure decryption by specified
users. Unlike traditional methods, our system accommodates
any monotonic tree access structure, robust against colusion
attacks. This implementation, enriched with optimizations,
showcases it efficiency.
Key-revocation and numerical attributes: Revoke is
an essential component of CP-ABE algorithm system used to
manage access to encrypted data, particularly in cases where
revocation or modification of users access rights is required.
The application of numerical attributes in CP-ABE for data
leakage prevention can be somewhat more complicated, but
it is still quite successful. Revocation is essential to make
sure that a user can no longer access the encrypted data in the
event that their attributes change or their access needs to be
revoked. Update user keys on a regular basis, making sure to
check against the revocation list to make sure any revoked
attributes are taken into consideration. Access policies can
make use of numerical conditions by encoding the numerical
values into attributes when integrating numerical attributes in
CP-ABE. These numerical attributes will be included in the
policy during encryption. In order to access the data and
perform decryption, the policy condition, including the
numerical attributes, must be satisfied. To avoid interception
and tampering, make sure the encrypted data and keys are
 transferred and kept securely. The system is made more
flexible and optimised to stop data leaks by adding numerical
attributes to CP-ABE and handling key revocation well.
C. Implementation of Proposed Methodology:
Implementation is with data classification, encryption,
user attribute management, logging and monitoring, key
generation, access control, integration on existing system.
Keeping an eye on access logs at all times to spot any
unauthorised access attempts. Examine and record each IV. RESULTS:
attempt at access, and look into any irregularities. Real-Time Results that we got for Data Leakage Detection and
Revocation. Put in place a system that allows access to be Prevention using cloud computing with CP-ABE Algorithm.
revoked instantly when a user becomes ineligible or their
attributes change. To track data access and modifications and
help detect possible leaks and unauthorised access, keep 140
thorough audit logs. Owners and user both has 120
Authentication Process, user request for the file which has 100

time(ms)
the data to owner that is uploaded and decrypted with the set 80
of attributes if attributes are matched then we can decrypt the 60
file ,if not can’t decrypt the file. 40
20
0
0 10 20 30 40 50
number of attributes

Fig. 4. key generation For Existing System.

Figure 4 shows the results of using key generation. A

existing graphs shows the number of attributes and time in
ms. This graph would effectively demonstrate how the CP-
ABE works in the existing system.

Fig. 3. User Encryption Flow Chart 200

150
time(ms)

Figure 3 shows the encryption flowchart how the users

data is encryted in the system. 100
Decrpyt Node’s Computation Directly: Data can be 50
encrypted by using CP-ABE,if a policy is in place that 0
defines the characteristics a user needs to have in order to
1 2 3 4 5 6
decrypt the data. The decryption process involves verifying number of attributes
the user’s attribute against the policy associated with the no of users time(ms)
encrypted data to grant access for decryption. There may be
more noticeable improvements if the decrypt Node function Fig. 5. Key Generation For Proposed System.
is removed to streamline the consolidate the exponentiations
for every leaf node that is used and simplify the recursive Figure 5 shows the results of using key generation. A
calls inside of Decrypt node. Access tree T, Where the root is proposed graphs shows the number of attributes and time in
indicated by r, and subset M‫ك‬T satisfying restrict(T,M).The ms.
set of attributes ߛ is considered.Let L represent the leaf node
inside M.Given tree is trimed so that internal nodes have the TABLE I. USER JOINING IN EXISTING MODEL AND PROPOSEED
MODEL.
neccesary number of children,we can proceed.The path from
κ to r can then be expressed as No of Users Time in No of Users in Time in
ߩሺκሻ=(κ,parent(κሻ),parent(parent(κ),…r) for each κ߳ L.This in Existing Existing Proposed Proposed
Model Model Model Model
reorganisation makes computation easier to understand and
1 7 105 5 120
more efficient. To represent a node X’s siblings,including 2 11 70 10 100
itself,use the notation sibs(x)={ y 3 18 60 15 85
parents(x)=parents(y)}.This notation in hand,can now go 4 20 85 20 60
ahead and compute the outcome of (CT,SK,r) refine Decrypt
Node’s operation to initiate by computing zκ as follows:
Table 1 shows User Joining to the Existing system and
the Proposed system results of No of Users Joining
according to Time in ms.

4
zed licensed use limited to: Vignan's Foundation for Science Technology & Research (Deemed to be University). Downloaded on August 27,2024 at 13:37:17 UTC from IEEE Xplore. Restrictions
 possible data breaches is presented by the integration of CP-
70 ABE with anomaly detection techniques. To maintain data
60 security and privacy in the ever-changing digital world,
50 research and development must be given top priority in order
Axis Title

40 to improve scalability, CP-ABE is a potent weapon that lays

30 a solid foundation for upcoming developments in data
20 security.
10 REFERENCES:
0
[1] Delerablee, C., Paillier, P., & Pointcheval, D. (2007). Fully Collusion
1 2 3 4 Secure Dynamic Broadcast Encryption with Constant-Size
numer of users Ciphertexts or Decryption Keys.Pairing-based cryptography.
no of users time(ms) [2] N. kumar, V. Katta, H. Mishra and H. garg, “Detection of Data
Leakage in Cloud Computing Networks, Bhopal, India, 2014, pp.
Fig. 6. User Revocation For Existing System. 803-807, doi:10.1109/CICN.2014.172.
[3] Arepalli, P. G., & Naik, K. J.(2023). An IoT-based water
Figure 6 shows the results of using user revocation. A contamination analysis for aquaculture using leightweight multi-
headed GRU model.Environmental Monitering and Assessment,
proposed graphs shows the number of users and time in ms. 195(12), 1516. https://doi.org/10.1007/s10661-023-12126-4.
This graph would effectively demonstrate how the CP-ABE [4] Gupta, Ishu and Ashutosh Kumar singh. “An Integrated Approach for
works in the existing system. Data Leaker Detection in Cloud Environment.” J. Inf. Sci
.Eng.36(2020): 993-1005.
150 [5] Shen, wenting et al.”Enabling identity-Based Integrity Auditing and
Data Sharing With Sensitive Information Hiding for Secure Cloud
Storage.”IEEE Transactions on information forensics and Security
time(ms)

100 14(2019): 331-346.

[6] R. Canetti, and S. Hohenberger, Chosen-ciphertext secure proxy
50 reencryption, in: Acm Conference on Computer & Communication
Security,2007,pp. 185-194.
0 [7] Arepalli, P. G., & Naik, K. J.(2023). A deep learning-enabled IoT
number of users framework for early hypoxia detection in aqua water using leight
no of users time(ms) weight spatially shared attention-LSTM network. The journal of
Supercomputing, 1-30.
[8] D.Naor, M. Naor, and J. Lotspiech Revocation and tracing schemes
for stateless recievers, in:Annual International cryptology Conference,
Fig. 7. User Revocation For Proposed System. 2001,pp. 41-62.
[9] Arepalli, P. G., Naik, k. J. (2023). A IoT based Smart Water Quality
Figure 7 shows the results of using user revocation. A Assesment Framework for Aqua-Ponds Management using Dialated
proposed graphs shows the number of users and time in the Spatial-Temporal Convolution Neural Network (DSTCNN) .
Aquacultural Engineering , 101373 .
ms. This graph would effectively demonstrate how the CP- https://doi.org/10.1016/j.aquaeng.2023.102373.
ABE works in the Proposed system. [10] D. Halevy, and A. Shamir, The LSD Broadcast Encryption Scheme,
in: Annual International Cryptology Conference, 2002,pp. 47-60.
TABLE II. USER LEAVING IN EXISTING MODEL AND PROPOSED [11] Y. Dodis and N. Fazio, Public Key Broadcast Encryption for Stateless
MODEL.
Receivers, in: ACM Workshop on Digital Rights Management, 2002,
No of Users Time in No of Users Time in pp. 61-80.
inExisting Existing in Proposed Proposed [12] Backes, M., Grimm, N., Kate, A.: “Data Lineage in malicious
Model Model Model Model environments”,IEEE Trans. Dependable Secur. Comput.,
1 3 100 5 43 2016,13,(2),pp.178-191.
2 8 42 10 75 [13] Gupta, I., Singh, N., Singh, A.: “Layer-based privacy and security
3 12 82 15 110 architecture for cloud data sharing”, Journal of Communications
4 18 30 20 138 software and Systems(JCOMSS), 2019, 15, (2), pp. 173-185,
https://jcomss.fesb.unist.hr/index.php/jcomss/article/view/617.
[14] Arepalli, P. G., & Khetavath, J.N.(2023). An IoT framework for
The table 2 shows No of Time in ms User Leaving to quality analysis of aquatic water data using time-series convolutional
Existing System and Proposed System. Neural network. Environment Science and Pllution Reasearch, 1-20.
[15] Mohd Ariffin, Muhammad Azizi. (2019). Data Leakage Detection in
V. CONCLUSION Cloud Computing Platform. International Journal of Advanced trends
Data Leaks poses serious threats to information in Computer Science and Engineering. 8. 400-
confidentiality and integrity across various domains. CP- 408.10.30534/ijatcse/2019/7081.32019.
ABE has emerged as a robust cryptographic solution,
providing fine-grained access control and secure data
sharing, efficiently mitigating these risks. This paper
develops into the utilization of CP-ABE for data leak
prevention and detection, explains how this cryptographic
technique restricts access solely for authorized individuals
possessing requisite attributes. For CP-ABE to become a
widely used, reliable security measure against data leaks,
these issues must be resolved. The proactive and all
encompassing approach to detecting, stopping and mitigating

5
zed licensed use limited to: Vignan's Foundation for Science Technology & Research (Deemed to be University). Downloaded on August 27,2024 at 13:37:17 UTC from IEEE Xplore. Restrictions