Skip to main content
SpringerLink
Log in

A Distributed Ledger for Non-attributable Cyber Threat Intelligence Exchange

  • Conference paper
  • First Online:
Security and Privacy in Communication Networks (SecureComm 2021)

Abstract

Cyber threat intelligence (CTI) sharing provides cybersecurity operations an advantage over adversaries by more quickly characterizing the threat, understanding its tactics, anticipating the objective, and identifying the vulnerability and mitigation. However, organizations struggle with sharing threat intelligence due, in part, to the legal and financial risk of being associated with a potential malware campaign or threat group. An entity wishing to share threat information or obtain information about a specific threat risks being associated as a victim of the threat actors, resulting in costly legal disputes, regulatory investigation, and reputational damage. As a result, the threat intelligence data needed for cybersecurity situational awareness and vulnerability mitigation often lacks volume, quality, and timeliness. We propose a distributed blockchain ledger to facilitate sharing of cybersecurity threat information and provide a mechanism for entities to have non-attributable participation in a threat-sharing community. Learning from Distributed Anonymous Payment (DAP) schemes in cryptocurrency, we use a new token-based authentication scheme for use in a permissioned blockchain. The anonymous token authentication allows a consortium of semi-trusted entities to share the workload of curating CTI for the community’s cooperative benefit.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Annual electric power industry report. https://www.eia.gov/electricity/data/eia861/. Accessed 12 Mar 2021

  2. Critical infrastructure sectors. https://www.cisa.gov/critical-infrastructure-sectors. Accessed 12 Mar 2021

  3. Cyber risk information sharing program (crisp). Tech. rep., Department of Energy, Office of Cybersecurity, Energy Security, and Emergency Response. Accessed 13 Jan 2021

    Google Scholar 

  4. Enhanced cybersecurity services (ecs). Tech. rep., Department of Homeland Security. Accessed 13 Jan 2021

    Google Scholar 

  5. Hackerone list of bug bounty programs. https://hackerone.com/bug-bounty-programs. Accessed 11 Mar 2021

  6. A Common Cyber Threat Framework: A Foundation for Communication (2013)

    Google Scholar 

  7. The value of threat intelligence: A study of North American and United Kingdom companies. Tech. rep., Ponemon Institute (July 2016). Accessed 06 Jan 2021

    Google Scholar 

  8. Exploring the opportunities and limitations of current threat intelligence platforms. Tech. rep., ENISA (December 2017). Accessed 06 Jan 2021

    Google Scholar 

  9. Global security operations center market forecast up to 2025. Business Wire (English) (2019)

    Google Scholar 

  10. Androulaki, E., et al.: Hyperledger fabric: a distributed operating system for permissioned blockchains. In: Proceedings of the Thirteenth EuroSys Conference, pp. 1–15 (2018)

    Google Scholar 

  11. Banerjee, A., Clear, M., Tewari, H.: Demystifying the role of zk-SNARKs in Zcash. In: 2020 IEEE Conference on Application, Information and Network Security (AINS), pp. 12–19. IEEE (2020)

    Google Scholar 

  12. Barnum, S.: Information with the structured threat information expression (STIX) (2013)

    Google Scholar 

  13. Bitansky, N., Chiesa, A., Ishai, Y., Paneth, O., Ostrovsky, R.: Succinct non-interactive arguments via linear interactive proofs. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 315–333. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36594-2_18

    Chapter  Google Scholar 

  14. Bowe, S., Gabizon, A., Green, M.D.: A multi-party protocol for constructing the public parameters of the Pinocchio zk-SNARK. In: Zohar, A., et al. (eds.) FC 2018. LNCS, vol. 10958, pp. 64–77. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-662-58820-8_5

    Chapter  Google Scholar 

  15. Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 132–145 (2004)

    Google Scholar 

  16. Camenisch, J., Chen, L., Drijvers, M., Lehmann, A., Novick, D., Urian, R.: One TPM to bind them all: fixing TPM 2.0 for provably secure anonymous attestation. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 901–920 (2017)

    Google Scholar 

  17. Camenisch, J., Drijvers, M., Lehmann, A.: Anonymous attestation using the strong Diffie Hellman assumption revisited. In: Franz, M., Papadimitratos, P. (eds.) Trust 2016. LNCS, vol. 9824, pp. 1–20. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45572-3_1

    Chapter  Google Scholar 

  18. Camenisch, J., Hohenberger, S., Lysyanskaya, A.: Compact E-cash. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 302–321. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_18

    Chapter  Google Scholar 

  19. Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28(10), 1030–1044 (1985)

    Article  Google Scholar 

  20. Danezis, G., Fournet, C., Kohlweiss, M., Parno, B.: Pinocchio coin: building zerocoin from a succinct pairing-based proof system. In: Proceedings of the First ACM Workshop on Language Support for Privacy-Enhancing Technologies, pp. 27–30 (2013)

    Google Scholar 

  21. Daniel, M., Kenway, J.: Repairing the foundation: how cyber threat information sharing can live up to its promise and implications for NATO. Cyber Threats and NATO 2030: Horizon Scanning and Analysis, p. 178 (2020)

    Google Scholar 

  22. Douris, C.: Cyber Threat Data Sharing Needs Refinement. Lexington Institute Arlington, Virginia (2017)

    Google Scholar 

  23. Gong, S., Lee, C.: Blocis: blockchain-based cyber threat intelligence sharing framework for sybil-resistance. Electronics 9(3), 521 (2020)

    Article  Google Scholar 

  24. He, S., Fu, J., Jiang, W., Cheng, Y., Chen, J., Guo, Z.: Blotisrt: blockchain-based threat intelligence sharing and rating technology. In: Proceedings of the 2020 International Conference on Cyberspace Innovation of Advanced Technologies, pp. 524–534 (2020)

    Google Scholar 

  25. Office of Inspector General: DHS Made Limited Progress to Improve Information Sharing under the Cybersecurity Act in Calendar Years 2017 and 2018 (2020)

    Google Scholar 

  26. Johnson, C., Badger, M., Waltermire, D., Snyder, J., Skorupka, C.: Guide to cyber threat information sharing. Tech. rep., National Institute of Standards and Technology (2016)

    Google Scholar 

  27. Kosba, A., Miller, A., Shi, E., Wen, Z., Papamanthou, C.: Hawk: the blockchain model of cryptography and privacy-preserving smart contracts. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 839–858. IEEE (2016)

    Google Scholar 

  28. Lysyanskaya, A., Rivest, R.L., Sahai, A., Wolf, S.: Pseudonym systems. In: Heys, H., Adams, C. (eds.) SAC 1999. LNCS, vol. 1758, pp. 184–199. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-46513-8_14

    Chapter  Google Scholar 

  29. Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed e-cash from bitcoin. In: 2013 IEEE Symposium on Security and Privacy, pp. 397–411. IEEE (2013)

    Google Scholar 

  30. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Tech. rep., Manubot (2019)

    Google Scholar 

  31. Petkus, M.: Why and how zk-SNARK works: definitive explanation

    Google Scholar 

  32. Riesco, R., Larriva-Novo, X., Villagra, V.A.: Cybersecurity threat intelligence knowledge exchange based on blockchain. Telecommun. Syst. 73(2), 259–288 (2019). https://doi.org/10.1007/s11235-019-00613-4

    Article  Google Scholar 

  33. Sasson, E.B., et al.: Zerocash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy, pp. 459–474. IEEE (2014)

    Google Scholar 

  34. Shen, M., Duan, J., Zhu, L., Zhang, J., Du, X., Guizani, M.: Blockchain-based incentives for secure and collaborative data sharing in multiple clouds. IEEE J. Sel. Areas Commun. 38(6), 1229–1241 (2020)

    Article  Google Scholar 

  35. Stillions, R.: The DML Model (2014)

    Google Scholar 

  36. Thakkar, P., Nathan, S., Viswanathan, B.: Performance benchmarking and optimizing hyperledger fabric blockchain platform. In: 2018 IEEE 26th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS), pp. 264–276. IEEE (2018)

    Google Scholar 

  37. Wagner, C., Dulaunoy, A., Wagener, G., Iklody, A.: MISP: the design and implementation of a collaborative threat intelligence sharing platform. In: Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, pp. 49–56 (2016)

    Google Scholar 

  38. Wood, G., et al.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Proj. Yellow Pap. 151(2014), 1–32 (2014)

    Google Scholar 

  39. Zetter, K.: Exclusive: comedy of errors led to false ‘water-pump hack’ report. Wired Threat Level (2011)

    Google Scholar 

  40. Zibak, A., Simpson, A.: Cyber threat information sharing: perceived benefits and barriers. In: Proceedings of the 14th International Conference on Availability, Reliability and Security, pp. 1–9 (2019)

    Google Scholar 

Download references

Acknowledgement

This work is supported in part by NSF under award number 1751255. This material is also based upon work supported by the Department of Energy under Award Number DE-OE0000779.

Author information

Authors and Affiliations

  1. University of Arkansas, Fayetteville, AR, 72701, USA

    Philip Huff & Qinghua Li

Authors
  1. Philip Huff
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Qinghua Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Philip Huff .

Editor information

Editors and Affiliations

  1. Télécom SudParis, Institut Polytechnique de Paris, Palaiseau, France

    Joaquin Garcia-Alfaro

  2. University of Kent Canterbury, Canterbury, Kent, UK

    Shujun Li

  3. University of Washington, Seattle, WA, USA

    Radha Poovendran

  4. Télécom SudParis, Institut Polytechnique de Paris, Palaiseau, France

    Hervé Debar

  5. Google Inc., New York, NY, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Huff, P., Li, Q. (2021). A Distributed Ledger for Non-attributable Cyber Threat Intelligence Exchange. In: Garcia-Alfaro, J., Li, S., Poovendran, R., Debar, H., Yung, M. (eds) Security and Privacy in Communication Networks. SecureComm 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 398. Springer, Cham. https://doi.org/10.1007/978-3-030-90019-9_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-90019-9_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-90018-2

  • Online ISBN: 978-3-030-90019-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation