Survey on Effective Disposal of E-Waste to Prevent Data Leakage

Downloads

Authors

  • Akila Victor School of Computer Science and Engineering, Vellore Institute of Technology, Vellore, India
  • Gurunathan Arunkumar School of Computer Science and Engineering, Vellore Institute of Technology, Vellore, India
  • Rajendran Kannadasan School of Computer Science and Engineering, Vellore Institute of Technology, Vellore, India
  • Soundrapandiyan Rajkumar School of Computer Science and Engineering, Vellore Institute of Technology, Vellore, India
  • Ramani Selvanambi School of Computer Science and Engineering, Vellore Institute of Technology, Vellore, India

Abstract

E-waste refers to electronic products that are of no use, not working properly, and either close to or at the end of their “useful life”. Companies generate large amounts of e-waste when they replace old and outdated IT hardware with new technologies. Disposing of this e-waste is not so simple, as it may contain a significant amount of intellectual property in the form of data. Timely elimination of these records and data is very crucial to secure it. E-waste cannot just be discarded due to associated data security, confidentiality, compliance and environmental risks and policies. Even after deleting data, it can still be prone to social engineering attacks by malicious individuals. Data leakage is the unauthorized transmission of data from within an organization to an external destination or recipient, and it can be transferred electronically or physically. Nowadays, protecting data is of upmost importance for organizations. However, organizations still fail at destroying confidential data from their end-of-life equipment. This article focuses on how to detect data leakage and try to find those responsible for doing so. Different Data Loss Prevention (DLP) techniques that are currently being used by many organizations are discussed and some suggestions are provided for developing more consistent DLP and overcoming the weaknesses prevalent in these techniques. Furthermore, this article discusses various algorithmic, logical, and methodological foundations and procedures followed for large-scale data disposal, determining when the life of data comes to an end.

Keywords:

e-waste, data leakage, data leakage detection, data leakage prevention, data disposal, data destruction, data security, end of life of data

References

1. B. Guttman, E.A. Roback, An Introduction to Computer Security: The NIST Handbook, Diane Publishing, International Institute of Standards and Technology, Gaithersburg, MD, 1995.

2. K. Kaur, I. Gupta, A.K. Singh, A comparative evaluation of data leakage/loss prevention systems (DLPS), [in:] Proceedings of 4th International Conference on Computer Science & Information Technology (CS & IT-CSCP), pp. 87–95, 2017, https://doi.org/10.5121/csit.2017.71008

3. A. Jones, Why are we not getting better at Data Disposal?, [in:] Annual ADFSL Conference on Digital Forensics, Security and Law, Vol. 7, pp. 89–94, 2009, https://commons.erau.edu/adfsl/2009/thursday/7

4. R. Tahboub, Y. Saleh, Data leakage/loss prevention systems (DLP), [in:] 2014 World Congress on Computer Applications and Information Systems (WCCAIS), pp. 1–6, IEEE, 2014, https://doi.org/10.1109/WCCAIS.2014.6916624

5. R.S. Kadu, V.B. Gadicha, Review on securing data by using data leakage prevention and detection, International Journal on Recent and Innovation Trends in Computing and Communication, 5(5): 731–735, 2017, https://doi.org/10.17762/ijritcc.v5i5.597

6. C. Bhatt, R. Sharma, Data leakage detection, International Journal of Computer Science and Information Technologies, 5(2): 2556–2558, 2014.

7. X. Shu, D. Yao, E. Bertino, Privacy-preserving detection of sensitive data exposure, IEEE Transactions on Information Forensics and Security, 10(5): 1092–1103, 2015, https://doi.org/10.1109/TIFS.2015.2398363

8. E. Costante, D. Fauri, S. Etalle, J. den Hartog, N. Zannone, A hybrid framework for data loss prevention and detection, [in:] Proceedings of 2016 IEEE Security and Privacy Workshops, San Jose, CA, USA, pp. 324–333, 2016, https://doi.org/10.1109/SPW.2016.24

9. P. Papadimitriou, H. Garcia-Molina, Data leakage detection, IEEE Transactions on Knowledge and Data Engineering, 23(1): 51–63, 2011, https://doi.org/10.1109/TKDE.2010.100

10. X. Shu, J. Zhang, D.D. Yao, W.-C. Feng, Fast detection of transformed data leaks, IEEE Transactions on Information Forensics and Security, 11(3): 1–16, 2016, https://doi.org/10.1109/TIFS.2015.2503271

11. S. Chhabra, A.K. Singh, Dynamic data leakage detection model based approach for MapReduce computational security in cloud, [in:] Proceedings of 2016 Fifth International Conference on Eco-friendly Computing and Communication Systems (ICECCS-2016), Bhopal, India, pp. 13–19, 2016, https://doi.org/10.1109/Eco-friendly.2016.7893234

12. A. Shabtai, Y. Elovici, L. Rokach, A Survey of Data Leakage Detection and Prevention Solutions, Springer, Boston, MA, 2012, https://doi.org/10.1007/978-1-4614-2053-8_4

13. M. Ghouse, M.J. Nene, Graph neural networks for prevention of leakage of secret data, [in:] 2020 5th International Conference on Communication and Electronics Systems (ICCES), Coimbatore, India, pp. 994–999, 2020, https://doi.org/10.1109/ICCES48766.2020.9137957

14. M. Ghouse, M.J. Nene, VembuSelvi C., Data leakage prevention for data in transit using artificial intelligence and encryption techniques, [in:] 2019 International Conference on Advances in Computing, Communication and Control (ICAC3), Mumbai, India, pp. 1–6, 2019, https://doi.org/10.1109/ICAC347590.2019.9036839

15. M.N.A. Wahid, A. Ali, B. Esparham, M. Marwan, A comparison of cryptographic algorithms: DES, 3DES, AES, RSA and blowfish for guessing attacks prevention, Journal Computer Science Applications and Information Technology, 3(2): 1–7, 2018.

16. J.M. Gómez-Hidalgo, J.M. Martín-Abreu, J. Nieves, I. Santos, F. Brezo, P.G. Bringas, Data leak prevention through named entity recognition, [in:] 2010 IEEE Second International Conference on Social Computing, Minneapolis, MN, USA, pp. 1129–1134, 2010, https://doi.org/10.1109/SocialCom.2010.167

17. A. Buda, A. Colesa, File system minifilter based data leakage prevention system, [in:] 2018 17th RoEduNet Conference: Networking in Education and Research (RoEduNet), Cluj-Napoca, Romania, pp. 1–6, 2018, https://doi.org/10.1109/ROEDUNET.2018.8514147

18. T. Mustafa, Malicious data leak prevention and purposeful evasion attacks: An approach to Advanced Persistent Threat (APT) management, [in:] 2013 Saudi International Electronics, Communications and Photonics Conference, Riyadh, Saudi Arabia, pp. 1–5, 2013, https://doi.org/10.1109/SIECPC.2013.6551028

19. Y. Lu, X. Huang, D. Li, Y. Zhang, Collaborative graph-based mechanism for distributed big data leakage prevention, [in:] 2018 IEEE Global Communications Conference (GLOBECOM), Abu Dhabi, United Arab Emirates, pp. 1–7, 2018, https://doi.org/10.1109/GLOCOM.2018.8647746

20. G. Katz, Y. Elovici, B. Shapira, CoBAn: A context based model for data leakage prevention, Information Sciences, 262: 137–158, 2014, https://doi.org/10.1016/j.ins.2013.10.005

21. G. Michael, Data leakage in cloud computing, International Journal of Pure and Applied Mathematics, 116(9): 273–278, 2017.

22. S.B. Alkhadhr, M.A. Alkandari, Cryptography and randomization to dispose of data and boost system security, Cogent Engineering, 4(1): 1300049, 2017, https://doi.org/10.1080/23311916.2017.1300049

23. R. Chandramouli, D. Pinhas, Security guidelines for storage infrastructure, NIST Special Publication, 800: 209, 2020, https://doi.org/10.6028/NIST.SP.800-209

24. T. Liquori, Methods of Data Destruction, Dispose of Data Securely, Accessed on Nov 10, 2021 at https://dataspan.com/blog/what-are-the-different-types-of-data-destruction-andwhich-one-should-you-use/

25. H. Hammouchi, O. Cherqi, G. Mezzour, M. Ghogho, M. El Koutbi, Digging deeper into data breaches: An exploratory data analysis of hacking breaches over time, Procedia Computer Science, 151: 1004–1009, 2019, https://doi.org/10.1016/j.procs.2019.04.141

26. S. Alneyadi, E. Sithirasenan, V. Muthukkumarasamy, A survey on data leakage prevention systems, Journal of Network and Computer Applications, 62: 137–152, 2016, https://doi.org/10.1016/j.jnca.2016.01.008

27. K.S. Wagh, A survey: Data leakage detection techniques, International Journal of Electrical and Computer Engineering, 8(4): 2247–2253, 2018, https://doi.org/10.11591/ijece.v8i4.pp2247-2253

28. A. Jones, Lessons not learned on data disposal, Digital Investigation, 6(1-2): 3–7, 2009.

29. K. Rahul, R.K. Banyal, Data life cycle management in big data analytics, Procedia Computer Science, 173: 364–371, 2020, https://doi.org/10.1016/j.procs.2020.06.042

30. D. Bisson, 7 Data Breach Case Studies Involving Human Error, Venafi, Accessed on Nov 15, 2021 at https://venafi.com/blog/7-data-breaches-caused-human-error-didencryption-play-role/

31. C. Chakraborty, A. Kishor, J.J.P.C. Rodrigues, Novel enhanced-grey wolf optimization hybrid machine learning technique for biomedical data computation, Computers and Electrical Engineering, 99: 107778, 2022, https://doi.org/10.1016/j.compeleceng.2022.107778

32. S. Acharya, Security Injection: Mobile Risk Management – Introduction, Towson University, Accessed on Dec 12, 2021 at https://cisserv1.towson.edu/~cyber4all/modules/nanomodules/Mobile_Risk_Management-Introduction.html

33. A. Jones, C. Valli, I. Sutherland, P. Thomas, The 2006 analysis of information remaining on disks offered for sale on the second hand market, Journal of Digital Forensics, Security and Law, 1(3): 2, 2006, https://doi.org/10.15394/jdfsl.2006.1008

34. Blancco, Data Sanitization in the Modern Age: DoD or NIST?, Accessed on Dec 26, 2021 at https://www.blancco.com/resources/bp-data-sanitization-in-the-modern-age-dod-or-nist/

35. T. Caldwell, Seek and destroy, Network Security, 2012(9): 15–19, 2012, https://doi.org/10.1016/S1353-4858%2812%2970083-1

36. Report on Data Loss, Dallas City Hall, Accessed on Jan 10, 2022 at https://dallascityhall.com/departments/ciservices/Pages/Report-on-Data-Loss.aspx