Skip to main content
Springer Nature Link
Log in

Secure and Robust Cyber Security Threat Information Sharing

  • Conference paper
  • First Online:
Foundations and Practice of Security (FPS 2021)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13291))

Included in the following conference series:

  • 1282 Accesses

Abstract

In recent years, several laws have been decreed, at both national and European levels, to mandate private and public organizations to share their Cyber Security related information. However, existing threat sharing platforms implement “classical” access control mechanisms or at most centralized attribute-based encryption (ABE) to prevent data leakage and preserve data confidentiality. These schemes are well-known to be suffering from a single point of failure on security aspects. That is, if the central authority is compromised, the confidentiality of the shared sensitive information is no longer ensured. To address this challenge, we propose a new ABE scheme combining both the advantages of centralized and decentralized ABE while overcoming their weaknesses. It overcomes the centralized ABE’s single point of failure on security by requiring the collaboration of several entities for decryption key issuing. In addition, in contrast to existing decentralized ABE schemes, our construction does not require the data providers to fully trust all attributes authorities, only a single authority should be trusted. Finally, we formally prove the security of our ABE construction in the generic group model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://www.opencti.io/en/.

References

  1. Incentives and Barriers to Information Sharing - ENISA. https://www.enisa.europa.eu/publications/incentives-and-barriers-to-information-sharing

  2. The French CIIP Framework—Agence nationale de la sécurité des systèmes d’information. https://www.ssi.gouv.fr/en/cybersecurity-in-france/ciip-in-france/

  3. Bertilsson, M., Ingemarsson, I.: A construction of practical secret sharing schemes using linear block codes. In: Seberry, J., Zheng, Y. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 67–79. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-57220-1_53

  4. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on Security and Privacy (SP 2007), pp. 321–334. IEEE (2007)

    Google Scholar 

  5. Boneh, D., Boyen, X., Goh, E.-Jn.: hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_26

  6. Chase, M.: Multi-authority attribute based encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 515–534. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_28

  7. ENISA: ENISA NCSS Good Practice Guide. No. November (2016). www.enisa.europa.eu

  8. Ito, M., Saito, A., Nishizeki, T.: Secret sharing scheme realizing general access structure. Electron. Commun. Japan (Part III: Fund. Electron. Sci.) 72(9), 56–64 (1989)

    Google Scholar 

  9. Kampanakis, P.: Security automation and threat information-sharing options. IEEE Secur. Privacy 12(5), 42–51 (2014). https://doi.org/10.1109/MSP.2014.99

    Article  Google Scholar 

  10. Khouzani, M., Pham, V., Cid, C.: Strategic discovery and sharing of vulnerabilities in competitive environments. In: Poovendran, R., Saad, W. (eds.) GameSec 2014. LNCS, vol. 8840, pp. 59–78. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-12601-2_4

  11. Kumar, P., Alphonse, P., et al.: Attribute based encryption in cloud computing: a survey, gap analysis, and future directions. J. Network Comput. Appl. 108, 37–52 (2018)

    Article  Google Scholar 

  12. Li, W., Xue, K., Xue, Y., Hong, J.: TMACS: a robust and verifiable threshold multi-authority access control system in public cloud storage. IEEE Trans. Parallel Distrib. Syst. 27(5), 1484–1496 (2015)

    Article  Google Scholar 

  13. Liu, Z., Cao, Z.: On efficiently transferring the linear secret-sharing scheme matrix in ciphertext-policy attribute-based encryption. IACR Cryptol. ePrint Arch. 2010, 374 (2010)

    Google Scholar 

  14. Nweke, L.O., Wolthusen, S.: Legal issues related to cyber threat information sharing among private entities for critical infrastructure protection. In: International Conference on Cyber Conflict, CYCON 2020-May, pp. 63–78 (2020). https://doi.org/10.23919/CyCon49761.2020.9131721

  15. Pedersen, T.P.: A threshold cryptosystem without a trusted party. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 522–526. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-46416-6_47

  16. Preuveneers, D., Joosen, W., Bernal Bernabe, J., Skarmeta, A.: Distributed security framework for reliable threat intelligence sharing. Secur. Commun. Networks 2020, 1–15 (2020). https://doi.org/10.1155/2020/8833765

  17. Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_27

  18. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)

    Article  MathSciNet  Google Scholar 

  19. Steinberger, J., Sperotto, A., Golling, M., Baier, H.: How to exchange security events? overview and evaluation of formats and protocols. In: 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 261–269. IEEE (2015)

    Google Scholar 

  20. Talamo, M., Arcieri, F., Dimitri, A., Schunck, C.H.: A blockchain based PKI validation system based on rare events management. Future Internet 12(2), 40 (2020)

    Article  Google Scholar 

  21. UNION, T.C.O.T.E.: Strategy for a Secure Information Society in Europe (2007/C 68/01). https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32007G0324(01)

  22. Vakilinia, I., Tosh, D.K., Sengupta, S.: 3-way game model for privacy-preserving cybersecurity information exchange framework. In: MILCOM 2017–2017 IEEE Military Communications Conference (MILCOM), pp. 829–834 (2017). https://doi.org/10.1109/MILCOM.2017.8170842

  23. Vakilinia, I., Tosh, D.K., Sengupta, S.: Attribute based sharing in cybersecurity information exchange framework. In: 2017 International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS), pp. 1–6 (2017). https://doi.org/10.23919/SPECTS.2017.8046770

  24. Wagner, T.D., Mahbub, K., Palomar, E., Abdallah, A.E.: Cyber threat intelligence sharing: survey and research directions. Comput. Secur. 87, 101589 (2019). https://doi.org/10.1016/j.cose.2019.101589, https://www.sciencedirect.com/science/article/pii/S016740481830467X

  25. Yakubov, A., Shbair, W., Wallbom, A., Sanda, D., et al.: A blockchain-based PKI management framework. In: The First IEEE/IFIP International Workshop on Managing and Managed by Blockchain (Man2Block) Colocated with IEEE/IFIP NOMS 2018, 23–27 April 2018. Tapei, Tawain (2018)

    Google Scholar 

  26. Zibak, A., Simpson, A.: Cyber threat information sharing: perceived benefits and barriers. In: Proceedings of the 14th International Conference on Availability, Reliability and Security, pp. 1–9 (2019)

    Google Scholar 

Download references

Acknowledgments

This research is funded by the European Union’s Horizon 2020 research and innovation programme under the Secure Collaborative Intelligent Industrial Automation (SeCoIIA) project, grant agreement No 871967. Additionally, part of this work was done as part of IRT SystemX project PFS (Security of Smart Ports).

Author information

Authors and Affiliations

  1. SystemX Technological Research Institute, 91120, Palaiseau, France

    Anis Bkakria, Reda Yaich & Walid Arabi

Authors
  1. Anis Bkakria
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Reda Yaich
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Walid Arabi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Anis Bkakria .

Editor information

Editors and Affiliations

  1. University of Montreal, Montreal, QC, Canada

    Esma Aïmeur

  2. Télécom SudParis, Palaiseau, France

    Maryline Laurent

  3. IRT SystemX, Palaiseau, France

    Reda Yaich

  4. University of Montreal, Montreal, QC, Canada

    Benoît Dupont

  5. Télécom SudParis, Palaiseau, France

    Joaquin Garcia-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bkakria, A., Yaich, R., Arabi, W. (2022). Secure and Robust Cyber Security Threat Information Sharing. In: Aïmeur, E., Laurent, M., Yaich, R., Dupont, B., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2021. Lecture Notes in Computer Science, vol 13291. Springer, Cham. https://doi.org/10.1007/978-3-031-08147-7_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-08147-7_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-08146-0

  • Online ISBN: 978-3-031-08147-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics