Abstract
Cyber threat intelligence (CTI) sharing provides cybersecurity operations an advantage over adversaries by more quickly characterizing the threat, understanding its tactics, anticipating the objective, and identifying the vulnerability and mitigation. However, organizations struggle with sharing threat intelligence due, in part, to the legal and financial risk of being associated with a potential malware campaign or threat group. An entity wishing to share threat information or obtain information about a specific threat risks being associated as a victim of the threat actors, resulting in costly legal disputes, regulatory investigation, and reputational damage. As a result, the threat intelligence data needed for cybersecurity situational awareness and vulnerability mitigation often lacks volume, quality, and timeliness. We propose a distributed blockchain ledger to facilitate sharing of cybersecurity threat information and provide a mechanism for entities to have non-attributable participation in a threat-sharing community. Learning from Distributed Anonymous Payment (DAP) schemes in cryptocurrency, we use a new token-based authentication scheme for use in a permissioned blockchain. The anonymous token authentication allows a consortium of semi-trusted entities to share the workload of curating CTI for the community’s cooperative benefit.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Annual electric power industry report. https://www.eia.gov/electricity/data/eia861/. Accessed 12 Mar 2021
Critical infrastructure sectors. https://www.cisa.gov/critical-infrastructure-sectors. Accessed 12 Mar 2021
Cyber risk information sharing program (crisp). Tech. rep., Department of Energy, Office of Cybersecurity, Energy Security, and Emergency Response. Accessed 13 Jan 2021
Enhanced cybersecurity services (ecs). Tech. rep., Department of Homeland Security. Accessed 13 Jan 2021
Hackerone list of bug bounty programs. https://hackerone.com/bug-bounty-programs. Accessed 11 Mar 2021
A Common Cyber Threat Framework: A Foundation for Communication (2013)
The value of threat intelligence: A study of North American and United Kingdom companies. Tech. rep., Ponemon Institute (July 2016). Accessed 06 Jan 2021
Exploring the opportunities and limitations of current threat intelligence platforms. Tech. rep., ENISA (December 2017). Accessed 06 Jan 2021
Global security operations center market forecast up to 2025. Business Wire (English) (2019)
Androulaki, E., et al.: Hyperledger fabric: a distributed operating system for permissioned blockchains. In: Proceedings of the Thirteenth EuroSys Conference, pp. 1–15 (2018)
Banerjee, A., Clear, M., Tewari, H.: Demystifying the role of zk-SNARKs in Zcash. In: 2020 IEEE Conference on Application, Information and Network Security (AINS), pp. 12–19. IEEE (2020)
Barnum, S.: Information with the structured threat information expression (STIX) (2013)
Bitansky, N., Chiesa, A., Ishai, Y., Paneth, O., Ostrovsky, R.: Succinct non-interactive arguments via linear interactive proofs. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 315–333. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36594-2_18
Bowe, S., Gabizon, A., Green, M.D.: A multi-party protocol for constructing the public parameters of the Pinocchio zk-SNARK. In: Zohar, A., et al. (eds.) FC 2018. LNCS, vol. 10958, pp. 64–77. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-662-58820-8_5
Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 132–145 (2004)
Camenisch, J., Chen, L., Drijvers, M., Lehmann, A., Novick, D., Urian, R.: One TPM to bind them all: fixing TPM 2.0 for provably secure anonymous attestation. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 901–920 (2017)
Camenisch, J., Drijvers, M., Lehmann, A.: Anonymous attestation using the strong Diffie Hellman assumption revisited. In: Franz, M., Papadimitratos, P. (eds.) Trust 2016. LNCS, vol. 9824, pp. 1–20. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45572-3_1
Camenisch, J., Hohenberger, S., Lysyanskaya, A.: Compact E-cash. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 302–321. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_18
Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28(10), 1030–1044 (1985)
Danezis, G., Fournet, C., Kohlweiss, M., Parno, B.: Pinocchio coin: building zerocoin from a succinct pairing-based proof system. In: Proceedings of the First ACM Workshop on Language Support for Privacy-Enhancing Technologies, pp. 27–30 (2013)
Daniel, M., Kenway, J.: Repairing the foundation: how cyber threat information sharing can live up to its promise and implications for NATO. Cyber Threats and NATO 2030: Horizon Scanning and Analysis, p. 178 (2020)
Douris, C.: Cyber Threat Data Sharing Needs Refinement. Lexington Institute Arlington, Virginia (2017)
Gong, S., Lee, C.: Blocis: blockchain-based cyber threat intelligence sharing framework for sybil-resistance. Electronics 9(3), 521 (2020)
He, S., Fu, J., Jiang, W., Cheng, Y., Chen, J., Guo, Z.: Blotisrt: blockchain-based threat intelligence sharing and rating technology. In: Proceedings of the 2020 International Conference on Cyberspace Innovation of Advanced Technologies, pp. 524–534 (2020)
Office of Inspector General: DHS Made Limited Progress to Improve Information Sharing under the Cybersecurity Act in Calendar Years 2017 and 2018 (2020)
Johnson, C., Badger, M., Waltermire, D., Snyder, J., Skorupka, C.: Guide to cyber threat information sharing. Tech. rep., National Institute of Standards and Technology (2016)
Kosba, A., Miller, A., Shi, E., Wen, Z., Papamanthou, C.: Hawk: the blockchain model of cryptography and privacy-preserving smart contracts. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 839–858. IEEE (2016)
Lysyanskaya, A., Rivest, R.L., Sahai, A., Wolf, S.: Pseudonym systems. In: Heys, H., Adams, C. (eds.) SAC 1999. LNCS, vol. 1758, pp. 184–199. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-46513-8_14
Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed e-cash from bitcoin. In: 2013 IEEE Symposium on Security and Privacy, pp. 397–411. IEEE (2013)
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Tech. rep., Manubot (2019)
Petkus, M.: Why and how zk-SNARK works: definitive explanation
Riesco, R., Larriva-Novo, X., Villagra, V.A.: Cybersecurity threat intelligence knowledge exchange based on blockchain. Telecommun. Syst. 73(2), 259–288 (2019). https://doi.org/10.1007/s11235-019-00613-4
Sasson, E.B., et al.: Zerocash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy, pp. 459–474. IEEE (2014)
Shen, M., Duan, J., Zhu, L., Zhang, J., Du, X., Guizani, M.: Blockchain-based incentives for secure and collaborative data sharing in multiple clouds. IEEE J. Sel. Areas Commun. 38(6), 1229–1241 (2020)
Stillions, R.: The DML Model (2014)
Thakkar, P., Nathan, S., Viswanathan, B.: Performance benchmarking and optimizing hyperledger fabric blockchain platform. In: 2018 IEEE 26th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS), pp. 264–276. IEEE (2018)
Wagner, C., Dulaunoy, A., Wagener, G., Iklody, A.: MISP: the design and implementation of a collaborative threat intelligence sharing platform. In: Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, pp. 49–56 (2016)
Wood, G., et al.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Proj. Yellow Pap. 151(2014), 1–32 (2014)
Zetter, K.: Exclusive: comedy of errors led to false ‘water-pump hack’ report. Wired Threat Level (2011)
Zibak, A., Simpson, A.: Cyber threat information sharing: perceived benefits and barriers. In: Proceedings of the 14th International Conference on Availability, Reliability and Security, pp. 1–9 (2019)
Acknowledgement
This work is supported in part by NSF under award number 1751255. This material is also based upon work supported by the Department of Energy under Award Number DE-OE0000779.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Huff, P., Li, Q. (2021). A Distributed Ledger for Non-attributable Cyber Threat Intelligence Exchange. In: Garcia-Alfaro, J., Li, S., Poovendran, R., Debar, H., Yung, M. (eds) Security and Privacy in Communication Networks. SecureComm 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 398. Springer, Cham. https://doi.org/10.1007/978-3-030-90019-9_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-90019-9_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-90018-2
Online ISBN: 978-3-030-90019-9
eBook Packages: Computer ScienceComputer Science (R0)