Understanding the Complexities of Data Leakage in the Modern Era

Introduction

Background

Data leakage has become one of the most critical issues in the digital era where there is a dominant use of the mobile and internet technologies. Data leakage is basically regarded as unauthorized transmission of data from the organization to another recipient or destination outside the company. Skrop (2015) noted that measures have been put in place for the purposes of ensuring all confidential data such as financial data, trade secrets, customer information and personal employee information remains secure and safe. However, such measures have never facilitated absolute protection as indicated by Skrop (2015). On the basis of the Symantec study, approximately 40% of all the data breaches are as a result of the insider negligence. Besides, data would constantly change due to discovery as well as classification process across large organizations, which adds more complexities. In the modern day operations, it has been stipulated that around 80% to around 90% of the organizational data is said to be unstructured.

The latter describes data stored in a range of files including the web pages, instant messages, worksheets, videos and even emails among others. The unstructured data is believed to be everywhere and exploding. Periyasamy and Thenmozhi (2017) noted that there is a surge in terms of internet, which has attracted a wide range of the web-based services like the online decision support system, e-commerce, and database as a service, libraries and digital repositories among others. At some point, sensitive data need to be submitted to the trusted third parties. The best example given by Periyasamy and Thenmozhi (2017) includes that of a hospital which issues the patients’ records to the researchers working on new treatments. The researchers become the agents who would take note of the data leakages. This raises the issue of guilty agent in which the analytical approaches would attempt to determine the potential leaker.

Papadimitriou and Garcia-Molina (2010) asserted that the rise of guilty agents calls for immediate intervention from the stakeholders. This comes after confirmation of the fact that the threat is real, and therefore calls for data loss prevention. The latter conforms to an effective strategy which ensures that sensitive information or confidential details are not send outside of the intended network. However, the gap areas across the highlighted studies include the fact that the scale of data leakage prevention analysis is missing together with a potential technique which can support the strategy.

Aims and objectives

The aim of this research is to review and analyse data leakage and data leakage prevention analysis, before proposing the new data leakage prevention technique. The supporting objectives include

To explore the scope of data leakage and its impact

To examine data leakage prevention and the techniques

To analyse new approaches to data leakage prevention

To develop the appropriate technique to data leakage

Rationale

Data leakage across organizations in the digital world is emerging as a big issue and can therefore result in enormous financial losses. Data leakage, therefore, is a problem that requires attention. Over the years, innovators and researchers would essentially focus on strategies that would prevent data leakages. However, there is no approach that has absolutely impeded the scalable data leakages especially in big companies. The missing link involves a proper analysis of data leakage prevention even before focusing on the area that needs more attention compared to the rest.

Feasibility

The research attracts insights regarding data leakage prevention and techniques that can be applied. It is even more practical that some of techniques have been developed before and applied but they have never addressed the issue of data leakage in a more satisfying way. With the new focus on data-leakage prevention analysis, the research can easily pick on the available techniques and modify or customize them to suit a particular purpose. This is aligned to the possible access to the necessary tools and appropriate development of the research process that would address the problem at hand.

Literature Review

The literature review looks at the findings from other case studies and the methodological contributions, which could be associated or linked to the research topic. Based on this, this chapter will focus on the following areas.

What is Data leakage?

With the severity of the problems brought by data leakage, organizations need to understand the tenets and the scope of data leakage. According to Tahboub and Saleh (2014), data leakage is deemed as the unauthorized and uncontrolled transmission of any classified information to the external side. The access or transmission of data posits serious problems to the organizations including the costs due to the incidents. The idea has essentially been captured by Kaur et al. (2017) as the researchers think of the sensitive data being revealed to the unauthorized parties. The data leaked may lead to serious threats to the organization with the first landing point being the image of the company before touching on the confidence of both the employees and customers. Kaur et al. (2017) further insisted that when the damage is worse or irreversible, it can possibly lead to the closure of the company. Data leakage has consistently been distinguished from the concept of data unavailability such as the one that emanates from the network outage. Data unavailability is considerably temporary. On the other hand, data loss or data leakage can be permanent. At the same time, data leakage is believed to be different from the data spill. Data spills can occur without a significant loss of data. Common cases of data loss include accidental drive format, natural disaster, accidental damage, accidental deletion of data, and purposeful deletion of data, power failure, software failure and viral attack as well as malicious attacks.

Impact of data leakage

Martin et al. (2017) asserted that since the year 2000, most of the researchers have shown increased attention towards the effects that come with the information security events. Some of the events are not limited to the website defacement, denial of service and privacy violations, which seem to have compromised the rule of availability, integrity and confidentiality. In the California Data Breach Report of 2012-2015, it could be established that there were different types of data breaches which were essentially caused by physical loss, hacking, malware and human error. Notably, most of the data breaches cannot be detached from a breach of sensitive personal details like medical information, bank account information and the social security numbers. Gatzlaff and McCullough (2010) further asserted that the highly affected sectors include small businesses, healthcare, finance and retail as well. Most of the external perpetrators or sometimes the hackers are dubbed as being skilled, innovative and organized at the same time. Gatzlaff and McCullough (2010) alluded to the fact that the International Data Corporation pointed out the fact that before the year 2020, almost a quarter of the global population would have been touched by a data breach.

Davis (2019) pointed out that the first damaging effect falls on the financial loss, which is commonly regarded as the fateful consequence in case of an incident of data breach. Business or organizations are always left to grapple with the costs being incurred from covering the breach funding, or compensating customers believed to have been affected and noting decreased share value accompanied with heightened security costs. Davis (2019) established that 29% of all the businesses said to have encountered a data breach would end up losing the revenues. The United States alone realized an average cost of $7.91 million as a result of data breach based on a study conducted in the year 2018. Apart from the financial loss, the impact further falls on the reputational damage. This accompanied with negative press, loss of confidence, identity theft as well as the customers’ views are likely to leave behind dark clouds that would tarnish the image of the company. If such an incident occurs, then a company should be ready to withstand the long term complications. The survey reported by Davis (2019) indicates that 65% of the victims would report a loss of trust in the affected organization due to data breach. 85% of the victims are likely to share the negative experience with others while 33.4% would use social media in sharing the incident.

The impact would therefore be felt by a larger number of people who would start to judge or question the reputation of the affected company. Operational disruptions are likely to be encountered when data is compromised. Most of the data breaches are likely to lead towards a complete loss of the significant data, which is something that calls for the victims or the affected parties to spend relatively long periods of time to recover (Alneyadi et al. 2016). If such incidents occur, then organizations would opt for an absolute shut down of the operations. When the shutdown takes a long period of time, then customers are likely to leave thereby leading to a huge loss of the revenue. Legal ramifications cannot be ignored. According to Angst et al. (2017), data breaches largely involve loss of personal information, which may attract class-action lawsuits. Notable examples over the recent times that saw a lot of money paid through settlements include Neiman Marcus, Target and Home Depot. Authorities may sometimes go ahead and restrict the organization from undertaking some operations up to the time when legal investigations are concluded.

Data leakage prevention

Tahboub and Saleh (2014) defined data leakage prevention as a solution which is designed for the purposes of detecting incidents of data breaches in almost in a timely manner. DLP can prevent such incidents through monitoring data. It is regarded as a paradigm shift in terms of the information security while addressing the risks. The primary objective of DLP is to essentially address the problem aligned to protection of the confidential data. Tahboub and Saleh (2014) also noted that DLP constitutes components which are designed or work together for the purposes of monitoring as well as protecting sensitive data. DLP solutions comprise of network, management, storage and endpoint. Based on these components, DLP can effectively use the Deep Content Inspection, which is commonly regarded as the evolution of the Deep Packet Inspection.

The latter gives room for the services to keep a significant track of the content among multiple packets. In the effort of DLP, Yoshihama et al. (2010) still argues that data leakage through the web traffic is hard to detect due to three key reasons. Preliminarily, traditional perimeter defences with the help of firewalls may not prevent data leakages through web channels. This is due to the fact that firewalls would allow HTTP connections from the significant client machines across the private network to an external server. At the same time, the data flows in any web traffic seem to be large, which makes it hard to analyse sensitivity of the outgoing web messages. Secondly, it is hard to differentiate between non-trusted services and the trusted SaaS providers with the help of the coarse grained content inspection. Yoshihama et al. (2010) further noted that service integration and mashups can make the entire situation complicated. Finally, the available DLP technologies largely focus on detection of certain types of the sensitive data and dictionaries matching.

Notably, the type of data associated to workers can be more diverse with the likes of intellectual properties and business secrets introduced in the context. Based on these challenges, the research proposed a system directed at performing a fine-grained analysis attached to the web content and the HTTP protocol with the likes of XML, JSON, JavaScript and HTML being given attention. This approach essentially extracts data elements both from the outbound as well as inbound web traffic which can determine the real or actual data flows through comparison of the traffic history. As part of DLP, the approach leads to identification of dangerous data flows across the massive amounts of the messages. A record of history of the traffic at the significant granularity of data allows the proposed system to detect the data flows.

Data leakage prevention techniques

Varieties of techniques are being developed to support the course of DLP. Based on the findings tapped from the studies conducted by Raman et al. (2011), it can be established that some of the solutions, which have been, developed focus more on restricting the access or encrypting the information. However, the state of art depends on the robust policies as well as the pattern matching algorithms especially for the data leak detection. On the grounds of user-level policy language, it is worth noting that hardware enforced policies would focus more on the sensitivity of data which should not hit the untrusted output channels. Raman et al. (2011) further insisted that from a forensic point of view, any delay in terms of collecting data may have subsequent detrimental effects. This means that a better technique is needed for the purposes of detecting data leaks. The synthetic decoy scheme essentially focuses on data leakages on relatively large databases that carry personal records. Based on this technique, data leaks that emanate from the database will have decoys which are unique to a specific database. Furthermore, the undermined use of pattern matching attracts the fundamental use of social network analysis that entails mapping, as well as measuring the relationships across groups, people and organizations through representation of the relationships with the help of connections and nodes at the same time.

Analysis of the social networks would essentially enhance the understanding of groupings and relationships across the parties. Further findings determined by Nyarko (2018) indicated that techniques can be preventive or detective. Under the preventive type, the first technique incudes the policy and the access rights in which organizations need to restrict utilization of the CDs and the USB drives. The second approach includes virtualization and isolation in which the application focuses on the sensitivity of data. The cryptographic approaches would hide the sensitive data especially from the unauthorized users with the help of algorithms and cryptographic tools. Common detective techniques that would be used in DLP include data identification which relies on such approaches like regular expressions, data fingerprints and the partial data match. The second technique includes the social and behavioural analysis in which the patterns can be of use in the process of detecting the irregularity before raising any alarm. The last technique includes text clustering or data mining, which is a pointer to capabilities of performing advanced tasks like classification, clustering and anomaly detection (Readshaw et al. 2016). Essentially, data mining is closely linked to machine learning that constitutes algorithms which would note the complex patterns before making better decisions. It is also worth noting that text clustering is related or associated to information retrieval known for critical roles across the DLPs.

Attention given DLP also extends to DLP analysis. Some of the techniques include the context analysis technique, which takes into consideration the metadata that is a pointer to size, source, format, size and even destination. The DLPs need to study the significant context which surrounds the confidentiality of data for the purposes of detecting potential data leaks. Another critical area constitutes the essence of content analysis technique, which points at the actual content rather than focusing on the context. Main platforms considered under the content analysis include statistical analysis, data fingerprinting and regular expression (Readshaw et al. 2016). Data fingerprinting is very common approach in which the entire file is hashed with the help of such functions like SHA1 and MD5. The hash values associated to sensitive documents can be stored in essential databases. In terms of regular expression, a set of characters or terms can be applied in establishing the detection patterns. The latter is applied in matching and striking a comparison across a given set of the data strings. Regular expressions are more significant to text processing and search engines when it comes to extracting as well as replacing data. Statistical analysis is known for providing more specific tools such as retrieval term weighting and machine learning classification (Confente et al. 2019). Common techniques applied in this form of analysis include the term weighting analyses and N-gram.

New approaches to data leakage prevention

Apart from the techniques highlighted in the previous sections, scholars are increasingly concentrating on establishing new approaches, or better means of handling the data leakages. MISTRAL (2018) noted that there might be two new approaches that aid data loss prevention. These included the Data-in-Motion DLP and the Data-at-Rest DLP. MISTRAL (2018) noted that Data-at-Rest approach is believed to be growing in terms of its acceptance and adoption due to its capacity in guarding data at the source. The approach denotes data which is stored in the computers or even the storage devices. On the other hand, the Data-in-Motion approach refers to the protection of the transmitted data over a given network. This approach has worked in terms of preventing any data from leaving organizations at the time when people send unprotected details. Hasan (2011) also noted that most of the organizations are paying more attention to the integrated DLP solutions. This is aligned to the fact organizations need to support implementation of a chain of the new security solutions which take advantage of the features of the DLP solution and the accompanying security tools.

Hasan (2011) came up with the year of two layers of defence. In the first phase of this model, there is what is known as endpoint protection in which a company needs to prohibit the non-necessary applications including the FTP clients, sharing files, wireless network connections, unauthorized email client and even instant messaging service. There is also need to block the spyware programs that are commonly used by the information hackers in achieving malicious entry and gain access to sensitive data. Management of access operation to portable storage devices like the USB keys and the rest is more recommendable. The devices can again be forms of security risks across the organization. The second layer of the proposed DLP solution by Hasan (2011) constitutes Security offered to the Sensitive Data of the Organization. In this second layer, the organization needs to perform secure data procedures which include performing a full disk encryption for the laptops, personal computers and even the notebooks among other devices. It is also important to encrypt any sensitive data stored in most of the removable devices such as the DVDs, the USB drives and the CDs as well. The email content can be encrypted to impede the unauthorized users from gaining access into the system.

Research Methodology

The research comprehends the fact that new DLP solution is needed as stated in the objectives highlighted at the start of the project. In the course of developing the new solution, the research keeps in mind that the project has to undertake a model that would help it develop software or a software-based solution. In the course of this development, the research best selects the agile SLDC model, which provides a combination of the incremental and iterative process model which focuses on customer satisfaction and process adaptability. The models sets in the idea of customizing the process to meet the necessary needs as stipulated in the research problem. The following process stands as far as the development and analysis of the new DLP technique stands.

Concept

At this stage, the objective of the program or software is established based on the client’s requirements or past experiences. The stage demands that the research process need to define opportunities. In this context, the research aids a preventive approach that would help most of the organizations to impede data leakages.

Identification of the requirement

Initial requirements are also recommendable after the project is finalized. Some of the requirements include formulation of the teams for designing and development. It is also in order to gather the initial support and the fund as well. Primary focus is given to categorization of the semi structured data sets, which can fall under the non-confidential data and the confidential one.

Design and Development

The New DLP solution will be designed as well as developed based on the objectives. Notably, text data will be generated from a range of sources including tweets, emails and even commends among others. The notable approach of encryption will apply and requires one to have the necessary decryption keys. The following phases would apply in the course of design and development.

Organizational understanding

The organizational perspective should be internalized while digesting the objectives and requirements as well. The prototype would then be developed to address the key objectives. Concerns are directed to the analysis of the situation, the objectives and the project plan.

Data Understanding

This phase starts with collection of data before narrowing down to data quality problems and seeking insights on how organizations understand data.

Data Preparation

The research process shall develop the final data set that will be introduced to the modelling tool.

Modelling

This phase focus on appropriate modelling techniques that would attract the optimal result

Evaluation

It is important to assess data mining results for the purposes of ensuring the organizational results are attained. In case there are numerous processes that need modelling, then this will be taken back to the understanding phase.

Deployment

At this stage, everything is successful.

Demonstration

The artifact would be demonstrated as a sign of proof on how effective it can be in helping organizations to impede data leakages and do proper analysis of the data leakages.

Evaluation

The approach will be observed and analysed at the same time. Feedbacks at this point would help in the implementation process.

Project Design / Findings

The section is necessary in the presentation of the actual project. The CRISP-DM model plays a significant role in the process. In the course of data understanding, the research narrows down to what is referred to as sensitive data that has what is referred to as personally identifiable information like the biometric records, social security number and the maiden’s name. In the context of data description, such information like offer letters and salary information can be exported to the word document, text formats and excels if possible. Sample data is as shown below.

Preparation of data and modelling

The available data is converted into raw data before picking the right format ready for modelling. Significant tasks at this point include construction of data, cleansing of data and formatting among others. Data need to be exported into the TXT format. The modelling part shall be supported by unsupervised learning, supervised learning algorithms and reinforcement learning. For the unsupervised learning, data sets and documents are never labelled across the entire process. On the other hand, the supervised learning aid labelled documents which attract automatic classification.

Encryption and Decryption

Files and documents can either non-confidential or confidential. The documents will have to be encrypted for safety transmission over the insecure networks. Cryptography is divided into hashing, asymmetric key and the symmetric key. The symmetric key requires a single key which is shared by the parties for the purposes of encryption and decryption. Notable examples include Triple DES and Data Encryption Standard among others. Asymmetric key entails the two keys engaged in the communication process. Notable example includes Elliptic Curve among others. The RSA cryptosystem utilizes two significant keys, which include private and public keys. The algorithm aligned to RSA include

When

Public key is (d, j)

Private Key is (n)

Encryption:

C = Pd mod j

Where P is the plain text and C is the cipher text

Both d and j are public

New DLP solution

The preventive approach deployed for the encryption constitutes two main phases. Emphasis is placed on textual data. The first phase involves categorization of documents, which can either be non-confidential and confidential. The confidential documents shall be encrypted. The input to these phase include the document as they are transformed into the vectors. During the learning phase, the following algorithm is as shown below.

Collect text documents

Load data sets into a specific data mining platform

Execute text pre-processing

Perform NBC

Store

In a summary

During the detection process, unknown data will serve as the input to allow the prior model to be applied. The following steps apply

The New DLP is beyond a technique. It is an entire system that would analyse possible threats, classify documents and encrypt them thereby providing limited access to the users. While the system may not be satisfying to block all the threats, it gives an approach towards data leakage analysis before encrypting the known and unknown data and classifies them within the system. The system does not retain the original format of data or document but converts them into text format which can easily be processed. New data can be fed in the system with the damaged one falling into the category of unknown. This means that the system has the capacity of reducing the damage by quickly encrypting the remaining data, which can be decrypted and restored to the original form in case there is a backup.

Results and Analysis

Data leakage prevention and data leakage analysis are two key areas that have attracted the attention of the entire research process. The new DLP solution is grounded on these two important aspects for the purposes of impeding further data leakages. The project first considered data leakage analysis before impeding further damage to the system. This consideration comes at a time when organizations are simply focusing or implementing techniques even without doing a risk analysis or a data leakage analysis. This analysis is important to understand whether data to be protected is confidential, non-confidential or unknown. In case data was damaged in the previous scenario and can be recovered, then the system would protect the damaged data as unknown and therefore, classification can only be done after identifying the type. The consideration is picked from the literature review where it was noted that companies find it hard to cover the losses when they can have a chance of restoring the damaged data.

The literature review also covered techniques that can be used for DLP. The broader categories of these techniques include the prevention methods and the detection methods. The preventive ones can be utilized in protecting the system from the unseen danger. The best mechanism applied on this includes cryptography. On the other hand, the detective methods can only be applied to sense the danger or a risk that would lead to data loss. However, very few organizations can respond to a data loss incident immediately after detecting it. Even to some of the organizations that can provide immediate response, they would still incur losses in the process. Based on this reason, the new DLP solution inclined towards prevention as opposed to detection. After digesting the data and realizing that it can either be confidential, non-confidential or unknown, the system has the ability of encrypting them and prevents a further damage on them.

With proper choices made at the start of the project, the research thought it wise to also deploy the DSRM and CRISP-DM, which provide a standard platform for data mining. There was also the need for the system to learn or to be trained with reference to the non-confidential and the actual confidential documents noted across the organization. Again, data should be understood even before introducing the appropriate technique. The NBC approach was engaged as the appropriate modelling technique which would help in classifying the documents. Afterwards, the system would propose the necessary encryption method, which can take the hybrid asymmetric or symmetric. The development of the AES and RSA algorithms made it easier for the encryption process. This follows the understanding of applications of each type of the key. The hybrid approach has highly been recommended for the purposes of providing reliable protection.

The system has its own strength and areas of weakness as well. Its areas of strength include the fact that it can handle data leakage and data analysis before proposing the appropriate approach. Secondly, it is more extensive in the sense the text or data goes through a number of processes that assures the security of the documents. However, the system suffers from one limitation in which it cannot handle large files.

Conclusion and Recommendations

The research aimed at conducting a data leakage prevention analysis and develops a new DLP solution. Notably, the literature review explored the understanding of data leakage and data leakage analysis across a wide range of case studies. The pre-study also provided an opportunity to tap into techniques that have been researched by other authors towards DLP and the new approaches that were recently developed or are still under development. The research process further picked on the Agile SDLC model as guide towards project development. This approach is more convenient because it allows developers to test every step of the project in its development phase. The guide further helped in designing the new DLP solution which conducts data leakage analysis, data analysis, encryption and classification of data linked to the specific organization. The system has an advantage of being multi-functional. It also paves way for data analysis which is rarely done by other approaches. However, the system cannot handle large files. Based on this limitation, it is highly recommended that the system should be customized to meet different needs or conditions.

Continue your journey with our comprehensive guide to Theory of Planned Behavior.

References

Alneyadi, S., Sithirasenan, E. and Muthukkumarasamy, V., 2016. A survey on data leakage prevention systems. Journal of Network and Computer Applications, 62, pp.137-152.

Angst, C.M., Block, E.S., D'arcy, J. and Kelley, K., 2017. When do IT security investments matter? Accounting for the influence of institutional factors in the context of healthcare data breaches. Mis Quarterly, 41(3), pp.893-916.

Balaji, S. and Murugaiyan, M.S., 2012. Waterfall vs. V-Model vs. Agile: A comparative study on SDLC. International Journal of Information Technology and Business Management, 2(1), pp.26-30.

Confente, I., Siciliano, G.G., Gaudenzi, B. and Eickhoff, M., 2019. Effects of data breaches from user-generated content: A corporate reputation analysis. European Management Journal, 37(4), pp.492-504.

Davis, M. (2019). 4 Damaging After-Effects of a Data Breach. Available at. https://www.cybintsolutions.com/4-damaging-after-effects-of-a-data-breach/

Gatzlaff, K.M. and McCullough, K.A., 2010. The effect of data breaches on shareholder wealth. Risk Management and Insurance Review, 13(1), pp.61-83.

Hasan, M.Y.F., 2011. A New Approach for Sensitive Data Leakage Prevention Based on Viewer- Side Monitoring (Doctoral dissertation, Al-Balqa’Applied University).

Kaur, K., Gupta, I. and Singh, A.K., 2017. A Comparative Evaluation of Data Leakage/Loss prevention Systems (DLPS). In Proc. 4th Int. Conf. Computer Science & Information Technology (CS & IT-CSCP), Dubai, UAE (pp. 87-95).

Leau, Y.B., Loo, W.K., Tham, W.Y. and Tan, S.F., 2012. Software development life cycle AGILE vs traditional approaches. In International Conference on Information and Network Technology (Vol. 37, No. 1, pp. 162-167).

Martin, K.D., Borah, A. and Palmatier, R.W., 2017. Data privacy: Effects on customer and firm performance. Journal of Marketing, 81(1), pp.36-58.

MISTRAL. 2018. The two distinct approaches to data loss prevention. Available at. https://www.mistralsolutions.com/articles/two-distinct-approaches-data-loss-prevention/

Nyarko, R., 2018. Security of Big Data: Focus on Data Leakage Prevention (DLP).

Papadimitriou, P. and Garcia-Molina, H., 2010. Data leakage detection. IEEE Transactions on knowledge and data engineering, 23(1), pp.51-63.

Periyasamy, A.R.P. and Thenmozhi, E., 2017. Data Leakage Detection and Data Prevention Using Algorithm. International Journal, 7(4).

Raman, P., Kayacık, H.G. and Somayaji, A., 2011, June. Understanding data leak prevention. In 6th Annual Symposium on Information Assurance (ASIA’11) (p. 27).

Readshaw, N.I., Ramanathan, J. and Bray, G.G., International Business Machines Corp, 2016. Method and apparatus for associating data loss protection (DLP) policies with endpoints. U.S. Patent 9,311,495.

Shabtai, A., Elovici, Y. and Rokach, L., 2012. A survey of data leakage detection and prevention solutions. Springer Science & Business Media.

Skrop, A., 2015. DATALEAK: Data Leakage Detection System. MACRo 2015, 1(1), pp.113- 124.

Tahboub, R. and Saleh, Y., 2014, January. Data leakage/loss prevention systems (DLP). In 2014 World Congress on Computer Applications and Information Systems (WCCAIS) (pp. 1- 6). IEEE.

Yoshihama, S., Mishina, T. and Matsumoto, T., 2010. Web-Based Data Leakage Prevention. In IWSEC (Short Papers) (pp. 78-93).