TY - GEN
T1 - Protection Mechanism Against Internal Data Leakage Based on Scitags
AU - Huang, Che Yu
AU - Lin, Ting Yu
AU - Hung, Hsiang Ming
AU - Tsai, Meng-Hsun
AU - Tu, Chia Heng
N1 - Publisher Copyright:
© 2025 Institute of Electronics, Information and Communication Engineers (IEICE).
PY - 2025
Y1 - 2025
N2 - Privacy and security in data transmission have become essential concerns for modern research institutions. Prior studies have rarely focused on using the data packet itself, specifically those that contain confidential information, as the basis for detection and filtering. When a connection shares the same 5 -tuple, traditional firewalls are incapable of determining whether the packets contain confidential content, which may lead to unintentional data leakage from within the organization. This study proposes a solution based on the Scitags packet marking mechanism. By tagging IPv6 packets that carry internal institutional data with Scitags and parsing packet headers in programmable switches, the system can filter out packets marked with specific Scitags to prevent them from being forwarded externally. Even when the packet's 5 -tuple remains identical, the mechanism enables Layer 2 switches to identify and block packets carrying confidential data. Experimental results demonstrate that the switch can successfully block packets marked with specific Scitags from reaching external networks. Additionally, real-time network flow can be visualized through dashboards, offering effective monitoring of packet transmissions.
AB - Privacy and security in data transmission have become essential concerns for modern research institutions. Prior studies have rarely focused on using the data packet itself, specifically those that contain confidential information, as the basis for detection and filtering. When a connection shares the same 5 -tuple, traditional firewalls are incapable of determining whether the packets contain confidential content, which may lead to unintentional data leakage from within the organization. This study proposes a solution based on the Scitags packet marking mechanism. By tagging IPv6 packets that carry internal institutional data with Scitags and parsing packet headers in programmable switches, the system can filter out packets marked with specific Scitags to prevent them from being forwarded externally. Even when the packet's 5 -tuple remains identical, the mechanism enables Layer 2 switches to identify and block packets carrying confidential data. Experimental results demonstrate that the switch can successfully block packets marked with specific Scitags from reaching external networks. Additionally, real-time network flow can be visualized through dashboards, offering effective monitoring of packet transmissions.
UR - https://www.scopus.com/pages/publications/105019319997
UR - https://www.scopus.com/pages/publications/105019319997#tab=citedBy
U2 - 10.23919/APNOMS67058.2025.11181425
DO - 10.23919/APNOMS67058.2025.11181425
M3 - Conference contribution
AN - SCOPUS:105019319997
T3 - APNOMS 2025 - 25th Asia-Pacific Network Operations and Management Symposium: Towards Smarter and Pervasive Management in the Era of 6G Networks
BT - APNOMS 2025 - 25th Asia-Pacific Network Operations and Management Symposium
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 25th Asia-Pacific Network Operations and Management Symposium, APNOMS 2025
Y2 - 22 September 2025 through 24 September 2025
ER -