ActShare: Sensitive Data Sharing with Reliable Leaker Identification

Data sharing among multiple parties becomes increasingly common today, so is the potential for data leakage. As required by new data protection regulations and laws, when data leakage occurs, one must be able to reliably identify the leaking party. Existing solutions utilize watermark technology or data object allocation strategy to differentiate the data shared with different parties to identify potential leakers. However the differentiation loses its effectiveness under several attacks, including injecting noise into the data copy to weaken the differentiation, or denying the reception of certain shared data. Worse yet, multiple parties might collude and apply a set of operations such as intersection, complement, and union to the shared dataset before leaking it, making leaker identification more difficult. In this paper, we propose ActShare, a systematic solution to provide reliable leaking source identification for leakages of identifiable information. ActShare takes advantage of the intrinsic properties of identifiable data and allocates data objects to individual sharing parties by identifying attributes, uses oblivious data transfer between the sender and receivers, and employs an immutable ledger to log all data sharing operations. A knowledge-based identification algorithm is proposed in ActShare to identify leakers in data leakage. Our evaluation shows that, with a modest amount of leaked data, ActShare can accurately (with accuracy > 99%) and undeniably identify the guilty party(s) in cases of non-collusive leakage, or collusive leakage by any number of data receivers, or even leakage by the data sender.