Research Article
A Distributed Ledger for Non-attributable Cyber Threat Intelligence Exchange
@INPROCEEDINGS{10.1007/978-3-030-90019-9_9, author={Philip Huff and Qinghua Li}, title={A Distributed Ledger for Non-attributable Cyber Threat Intelligence Exchange}, proceedings={Security and Privacy in Communication Networks. 17th EAI International Conference, SecureComm 2021, Virtual Event, September 6--9, 2021, Proceedings, Part I}, proceedings_a={SECURECOMM}, year={2021}, month={11}, keywords={Blockchain Cyber threat intelligence Zero-knowledge proof}, doi={10.1007/978-3-030-90019-9_9} }
- Philip Huff
Qinghua Li
Year: 2021
A Distributed Ledger for Non-attributable Cyber Threat Intelligence Exchange
SECURECOMM
Springer
DOI: 10.1007/978-3-030-90019-9_9
Abstract
Cyber threat intelligence (CTI) sharing provides cybersecurity operations an advantage over adversaries by more quickly characterizing the threat, understanding its tactics, anticipating the objective, and identifying the vulnerability and mitigation. However, organizations struggle with sharing threat intelligence due, in part, to the legal and financial risk of being associated with a potential malware campaign or threat group. An entity wishing to share threat information or obtain information about a specific threat risks being associated as a victim of the threat actors, resulting in costly legal disputes, regulatory investigation, and reputational damage. As a result, the threat intelligence data needed for cybersecurity situational awareness and vulnerability mitigation often lacks volume, quality, and timeliness. We propose a distributed blockchain ledger to facilitate sharing of cybersecurity threat information and provide a mechanism for entities to have non-attributable participation in a threat-sharing community. Learning from Distributed Anonymous Payment (DAP) schemes in cryptocurrency, we use a new token-based authentication scheme for use in a permissioned blockchain. The anonymous token authentication allows a consortium of semi-trusted entities to share the workload of curating CTI for the community’s cooperative benefit.