PRACIS: Privacy-preserving and aggregatable cybersecurity information sharing

Cooperative cyberdefense has been recognized as an essential strategy to fight against cyberattacks. Cybersecurity Information Sharing (CIS), especially about threats and incidents, is a key aspect in this regard. CIS provides members with an improved situational awareness to prepare for and respond...

Full description

Saved in:
Bibliographic Details
Published in:Computers & security 2017-08, Vol.69, p.127-141
Main Authors: de Fuentes, José M., González-Manzano, Lorena, Tapiador, Juan, Peris-Lopez, Pedro
Format: Article
Language:English
Subjects:
Agglomeration
Cooperative cyberdefense
Cybersecurity
Cybersecurity information sharing
Cyberthreat management
Data encryption
Encryption
Format
Format preserving encryption
Homomorphic encryption
Information sharing
Middleware
Network security
Preservation
Privacy
Situational awareness
Standard data
Studies
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Cooperative cyberdefense has been recognized as an essential strategy to fight against cyberattacks. Cybersecurity Information Sharing (CIS), especially about threats and incidents, is a key aspect in this regard. CIS provides members with an improved situational awareness to prepare for and respond to future cyberthreats. Privacy preservation is critical in this context, since organizations can be reluctant to share information otherwise. This is particularly critical when CIS is facilitated through an untrusted infrastructure provided by a third party (e.g., the cloud). Despite this, current data formats and protocols for CIS do not guarantee any form of privacy preservation to participants. In this paper we introduce PRACIS, a scheme for CIS networks that guarantees private data forwarding and aggregation. PRACIS leverages the well-known Structured Threat Information Expression (STIX) standard data format. Remarkably, PRACIS can be seamlessly integrated with existing STIX-based message brokering middleware such as publish-subscribe architectures. PRACIS achieves these goals by combining standard format-preserving and homomorphic encryption primitives. We discuss experimental results obtained with a prototype implementation developed for a subset of STIX. Results show that entities may create up to 689 incidents per minute, far beyond the estimated average of 81. Moreover, aggregation of 104 incidents can be carried out in just 2.1 s, and the transmission overhead is just 13.5 kbps. Overall, these results suggest that the costs incurred by PRACIS are easily affordable in real-world scenarios.
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2016.12.011