Security and Privacy in Communication Networks. 17th EAI International Conference, SecureComm 2021, Virtual Event, September 6–9, 2021, Proceedings, Part I

Research Article

A Distributed Ledger for Non-attributable Cyber Threat Intelligence Exchange

Download
191 downloads
  • @INPROCEEDINGS{10.1007/978-3-030-90019-9_9,
        author={Philip Huff and Qinghua Li},
        title={A Distributed Ledger for Non-attributable Cyber Threat Intelligence Exchange},
        proceedings={Security and Privacy in Communication Networks. 17th EAI International Conference, SecureComm 2021, Virtual Event, September 6--9, 2021, Proceedings, Part I},
        proceedings_a={SECURECOMM},
        year={2021},
        month={11},
        keywords={Blockchain Cyber threat intelligence Zero-knowledge proof},
        doi={10.1007/978-3-030-90019-9_9}
    }
    
  • Philip Huff
    Qinghua Li
    Year: 2021
    A Distributed Ledger for Non-attributable Cyber Threat Intelligence Exchange
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-030-90019-9_9
Philip Huff1, Qinghua Li1
  • 1: University of Arkansas

Abstract

Cyber threat intelligence (CTI) sharing provides cybersecurity operations an advantage over adversaries by more quickly characterizing the threat, understanding its tactics, anticipating the objective, and identifying the vulnerability and mitigation. However, organizations struggle with sharing threat intelligence due, in part, to the legal and financial risk of being associated with a potential malware campaign or threat group. An entity wishing to share threat information or obtain information about a specific threat risks being associated as a victim of the threat actors, resulting in costly legal disputes, regulatory investigation, and reputational damage. As a result, the threat intelligence data needed for cybersecurity situational awareness and vulnerability mitigation often lacks volume, quality, and timeliness. We propose a distributed blockchain ledger to facilitate sharing of cybersecurity threat information and provide a mechanism for entities to have non-attributable participation in a threat-sharing community. Learning from Distributed Anonymous Payment (DAP) schemes in cryptocurrency, we use a new token-based authentication scheme for use in a permissioned blockchain. The anonymous token authentication allows a consortium of semi-trusted entities to share the workload of curating CTI for the community’s cooperative benefit.