Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

TIPS: Threat Sharing Information Platform for Enhanced Security

Lakshmi Rama Kiran Pasumarthy, Hisham Ali, William J Buchanan, Jawad Ahmad, Audun Josang, Vasileios Mavroeidis, Mouad Lemoudden

TL;DR

This paper addresses the challenge of securely sharing cyber threat intelligence under privacy and regulatory constraints such as GDPR and RTBF. It proposes Threat Sharing Information Platform (TIPS), a privacy-preserving architecture that combines Attribute-Based Encryption, Homomorphic Encryption, and Zero-Knowledge Proofs within a permissioned Hyperledger Fabric ledger to enable encrypted threat-data exchange through trusted channels. The implementation includes MSP-based identity management, STIX/TAXII interoperability, and a chaincode-enabled threat-sharing workflow, with Caliper-based performance showing ~91.6 TPS and low latency, demonstrating scalability and auditability. The study also discusses limitations related to forward secrecy in long-term channels and points to future improvements using PAKE protocols like OPAQUE to strengthen secure symmetric-key exchange. The work advances practical, auditable, and regulation-compliant CTI sharing in multi-domain environments with potential for real-world deployment in security operations centers.

Abstract

There is an increasing need to share threat information for the prevention of widespread cyber-attacks. While threat-related information sharing can be conducted through traditional information exchange methods, such as email communications etc., these methods are often weak in terms of their trustworthiness and privacy. Additionally, the absence of a trust infrastructure between different information-sharing domains also poses significant challenges. These challenges include redactment of information, the Right-to-be-forgotten, and access control to the information-sharing elements. These access issues could be related to time bounds, the trusted deletion of data, and the location of accesses. This paper presents an abstraction of a trusted information-sharing process which integrates Attribute-Based Encryption (ABE), Homomorphic Encryption (HE) and Zero Knowledge Proof (ZKP) integrated into a permissioned ledger, specifically Hyperledger Fabric (HLF). It then provides a protocol exchange between two threat-sharing agents that share encrypted messages through a trusted channel. This trusted channel can only be accessed by those trusted in the sharing and could be enabled for each data-sharing element or set up for long-term sharing.

TIPS: Threat Sharing Information Platform for Enhanced Security

TL;DR

This paper addresses the challenge of securely sharing cyber threat intelligence under privacy and regulatory constraints such as GDPR and RTBF. It proposes Threat Sharing Information Platform (TIPS), a privacy-preserving architecture that combines Attribute-Based Encryption, Homomorphic Encryption, and Zero-Knowledge Proofs within a permissioned Hyperledger Fabric ledger to enable encrypted threat-data exchange through trusted channels. The implementation includes MSP-based identity management, STIX/TAXII interoperability, and a chaincode-enabled threat-sharing workflow, with Caliper-based performance showing ~91.6 TPS and low latency, demonstrating scalability and auditability. The study also discusses limitations related to forward secrecy in long-term channels and points to future improvements using PAKE protocols like OPAQUE to strengthen secure symmetric-key exchange. The work advances practical, auditable, and regulation-compliant CTI sharing in multi-domain environments with potential for real-world deployment in security operations centers.

Abstract

There is an increasing need to share threat information for the prevention of widespread cyber-attacks. While threat-related information sharing can be conducted through traditional information exchange methods, such as email communications etc., these methods are often weak in terms of their trustworthiness and privacy. Additionally, the absence of a trust infrastructure between different information-sharing domains also poses significant challenges. These challenges include redactment of information, the Right-to-be-forgotten, and access control to the information-sharing elements. These access issues could be related to time bounds, the trusted deletion of data, and the location of accesses. This paper presents an abstraction of a trusted information-sharing process which integrates Attribute-Based Encryption (ABE), Homomorphic Encryption (HE) and Zero Knowledge Proof (ZKP) integrated into a permissioned ledger, specifically Hyperledger Fabric (HLF). It then provides a protocol exchange between two threat-sharing agents that share encrypted messages through a trusted channel. This trusted channel can only be accessed by those trusted in the sharing and could be enabled for each data-sharing element or set up for long-term sharing.
Paper Structure (17 sections, 7 equations, 5 figures, 1 table)

This paper contains 17 sections, 7 equations, 5 figures, 1 table.

Table of Contents

  1. Introduction
  2. Permissioned Blockchain
  3. General Data Protection Regulation (GDPR)
  4. Right-to-be-forgotten (RTBF)
  5. Cyber Threat Intelligence (CTI))
  6. Structured Threat Information eXpression (STIX)
  7. Related Work
  8. Privacy-preserving Data Sharing
  9. Architecture of C3ISP
  10. TIPS Infrastructure and Methodology
  11. Implementation and Results
  12. Users Registration on MSP, and Encryption Approach
  13. Messages Exchange Phases
  14. Environment Setup and Test Configurations
  15. Interaction System Implementation
  16. ...and 2 more sections

Figures (5)

  • Figure 1: Threat information sharing model with ABE, Homomorphic encryption and Zero Knowledge proof
  • Figure 2: Sequence diagram of Public key management and storage in Hyperledger Fabric
  • Figure 3: Sequence diagram of Message Transaction within Hyperledger Fabric ali2021privacy
  • Figure 4: chaincode invocation with majority endorsement peers
  • Figure 5: Running Caliper benchmark and getting the network performance report