International Journal of Research

Intentional or unintentional leakage of confidential data is undoubtedly one of the most severe security threats thatorganizations face in the digital era. The threat now extends to our personal lives: a plethora of personal information is available tosocial networks and smartphone providers and is indirectly transferred to untrustworthy third party and fourth party applications. In thiswork, we present a generic data lineage framework LIME for data flow across multiple entities that take two characteristic, principal roles(i.e., owner and consumer). We define the exact security guarantees required by such a data lineage mechanism toward identificationof a guilty entity, and identify the simplifying non-repudiation and honesty assumptions. We then develop and analyze a novelaccountable data transfer protocol between two entities within a malicious environment by building upon oblivious transfer, robustwatermarking, and signature primitives. Finally, we perform an experimental evaluation to demonstrate the practicality of our protocoland apply our framework to the important data leakage scenarios of data outsourcing and social networks. In general, we consider LIME, our lineage framework for data transfer, to be an key step towards achieving accountability by design.