short-paper

Private Sharing of IOCs and Sightings

Authors:

Tim van de Kamp,

Andreas Peter,

Maarten H. Everts,

Willem JonkerAuthors Info & Claims

WISCS '16: Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security

Pages 35 - 38

https://doi.org/10.1145/2994539.2994544

Published: 24 October 2016 Publication History

Get Access

Abstract

Information sharing helps to better protect computer systems against digital threats and known attacks. However, since security information is usually considered sensitive, parties are hesitant to share all their information through public channels. Instead, they only exchange this information with parties with whom they already established trust relationships. We propose the use of two complementary techniques to allow parties to share information without the need to immediately reveal private information. We consider a cryptographic approach to hide the details of an indicator of compromise so that it can be shared with other parties. These other parties are still able to detect intrusions with these cryptographic indicators. Additionally, we apply another cryptographic construction to let parties report back their number of sightings to a central party. This central party can aggregate the messages from the various parties to learn the total number of sightings for each indicator, without learning the number of sightings from each individual party.

An evaluation of our open-source proof-of-concept implementations shows that both techniques incur only little overhead, making the techniques prime candidates for practice.

References

[1]

M. Allman, E. Blanton, V. Paxson, and S. Shenker. Fighting coordinated attackers with cross-organizational information sharing. In HotNets, pages 121--126, 2006.

Google Scholar

[2]

B. Applebaum, H. Ringberg, M.,J. Freedman, M. Caesar, and J. Rexford. Collaborative, privacy-preserving data aggregation at scale. In M.,J. Atallah and N.,J. Hopper, editors, PETS, pages 56--74. Springer, 2010.

Digital Library

Google Scholar

[3]

M. Bellare, A. Desai, E. Jokipii, and P. Rogaway. A concrete security treatment of symmetric encryption. In FOCS, pages 394--403. IEEE, Oct. 1997.

Digital Library

Google Scholar

[4]

M. Burkhart, M. Strasser, D. Many, and X. Dimitropoulos. SEPIA: Privacy-preserving aggregation of multi-domain network events and statistics. In USENIX Security, 2010.

Digital Library

Google Scholar

[5]

C. Clifton, M. Kantarcioglu, J. Vaidya, X. Lin, and M.,Y. Zhu. Tools for privacy preserving distributed data mining. SIGKDD Explorations Newsletter, 4(2):28--34, Dec. 2002.

Digital Library

Google Scholar

[6]

J. Freudiger, E. De Cristofaro, and A. Brito. Privacy-friendly collaboration for cyber threat mitigation. Tech. rep. Nov. 2014. \hrefhttp://arxiv.org/abs/1403.2123arXiv:1403.2123 {cs.CR}.

Google Scholar

[7]

P. Gross, J. Parekh, and G. Kaiser. Secure "selecticast" for collaborative intrusion detection systems. In DEBS, pages 50--55, 2004.

Crossref

Google Scholar

[8]

P. Lincoln, P. Porras, and V. Shmatikov. Privacy-preserving sharing and correction of security alerts. In M. Blaze, editor, USENIX Security, pages 239--254, 2004.

Digital Library

Google Scholar

[9]

V. Paxson. Bro: A system for detecting network intruders in real-time. In A.,D. Rubin, editor, USENIX Security, 1998.

Digital Library

Google Scholar

[10]

J. Sherry, C. Lan, R.,A. Popa, and S. Ratnasamy. BlindBox: Deep packet inspection over encrypted traffic. In SIGCOMM, pages 213--226. ACM, 2015.

Digital Library

Google Scholar

[11]

E. Shi, T.,H. Chan, E.,G. Rieffel, R. Chow, and D. Song. Privacy-preserving aggregation of time-series data. In NDSS. The Internet Society, 2011.

Google Scholar

Cited By

View all

Rehbohm TSandkuhl K(2023)Referenzarchitektur Cybersicherheit im Föderalsystem DeutschlandsReference Architecture Cybersecurity in the Federal System of GermanyHMD Praxis der Wirtschaftsinformatik10.1365/s40702-023-01014-761:4(1042-1058)Online publication date: 10-Nov-2023
https://doi.org/10.1365/s40702-023-01014-7
Preuveneers DJoosen W(2023)Privacy-preserving correlation of cross-organizational cyber threat intelligence with private graph intersectionsComputers and Security10.1016/j.cose.2023.103505135:COnline publication date: 1-Dec-2023
https://dl.acm.org/doi/10.1016/j.cose.2023.103505
Olaifa Mvan Vuuren JDu Plessis DLeenen L(2023)Security Issues in Cyber Threat Intelligence Exchange: A ReviewIntelligent Computing10.1007/978-3-031-37963-5_89(1308-1319)Online publication date: 20-Aug-2023
https://doi.org/10.1007/978-3-031-37963-5_89
Show More Cited By

Index Terms

Private Sharing of IOCs and Sightings
1. General and reference
  1. Cross-computing tools and techniques
    1. Evaluation
2. Security and privacy
  1. Cryptography
    1. Symmetric cryptography and hash functions
  2. Security services
    1. Privacy-preserving protocols

Recommendations

Unconditionally secure disjointness tests for private datasets

We present two unconditional secure protocols for private set disjointness tests. In order to provide intuition of our protocols, we give a naive example that applies Sylvester matrices. Unfortunately, this simple construction is insecure as it reveals ...
Quantum private comparison with a malicious third party

In this paper, we will show that quantum private comparison protocol is secure when a malicious third party is presented. The security of the protocol is considered in a cheat-sensitive model, in which the TP is kept honest by the possibility of being ...
Symmetric cryptographic solution to Yao's millionaires' problem and an evaluation of secure multiparty computations

Secure multiparty computation has become a central research focus in the international cryptographic community and in the future likely will represent an integral part of computing science. Protocols for Yao's millionaires' problem provide the building ...

Comments

Information & Contributors

Information

Published In

WISCS '16: Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security

October 2016

88 pages

ISBN:9781450345651

DOI:10.1145/2994539

General Chairs:
Stefan Katzenbeisser
TU Darmstadt and CASED, Germany
,
Edgar Weippl
SBA Research, Austria
,
Program Chairs:
Erik-Oliver Blass
Airbus Group Innovations, Germany
,
Florian Kerschbaum
SAP, Germany

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 October 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Conference

CCS'16

Sponsor:

SIGSAC

CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security

October 24, 2016

Vienna, Austria

Acceptance Rates

WISCS '16 Paper Acceptance Rate 8 of 24 submissions, 33%;

Overall Acceptance Rate 23 of 58 submissions, 40%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
244
Total Downloads

Downloads (Last 12 months)13
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Rehbohm TSandkuhl K(2023)Referenzarchitektur Cybersicherheit im Föderalsystem DeutschlandsReference Architecture Cybersecurity in the Federal System of GermanyHMD Praxis der Wirtschaftsinformatik10.1365/s40702-023-01014-761:4(1042-1058)Online publication date: 10-Nov-2023
https://doi.org/10.1365/s40702-023-01014-7
Preuveneers DJoosen W(2023)Privacy-preserving correlation of cross-organizational cyber threat intelligence with private graph intersectionsComputers and Security10.1016/j.cose.2023.103505135:COnline publication date: 1-Dec-2023
https://dl.acm.org/doi/10.1016/j.cose.2023.103505
Olaifa Mvan Vuuren JDu Plessis DLeenen L(2023)Security Issues in Cyber Threat Intelligence Exchange: A ReviewIntelligent Computing10.1007/978-3-031-37963-5_89(1308-1319)Online publication date: 20-Aug-2023
https://doi.org/10.1007/978-3-031-37963-5_89
Preuveneers DJoosen W(2022)Privacy-Preserving Polyglot Sharing and Analysis of Confidential Cyber Threat IntelligenceProceedings of the 17th International Conference on Availability, Reliability and Security10.1145/3538969.3538982(1-11)Online publication date: 23-Aug-2022
https://dl.acm.org/doi/10.1145/3538969.3538982
Brilingaitė ABukauskas LJuozapavičius AKutka E(2022)Overcoming information-sharing challenges in cyber defence exercisesJournal of Cybersecurity10.1093/cybsec/tyac0018:1Online publication date: 28-Jan-2022
https://doi.org/10.1093/cybsec/tyac001
(2020)The Creation of Network Intrusion Fingerprints by Graph HomomorphismWSEAS TRANSACTIONS ON INFORMATION SCIENCE AND APPLICATIONS10.37394/23209.2020.17.1517Online publication date: 7-Aug-2020
https://doi.org/10.37394/23209.2020.17.15
Preuveneers DJoosen WBernal Bernabe JSkarmeta A(2020)Distributed Security Framework for Reliable Threat Intelligence SharingSecurity and Communication Networks10.1155/2020/88337652020Online publication date: 1-Jan-2020
https://dl.acm.org/doi/10.1155/2020/8833765
Azad MBag STabassum SHao F(2020)privy: Privacy Preserving Collaboration Across Multiple Service Providers to Combat Telecom SpamsIEEE Transactions on Emerging Topics in Computing10.1109/TETC.2017.27712518:2(313-327)Online publication date: 1-Apr-2020
https://doi.org/10.1109/TETC.2017.2771251
Preuveneers DJoosen W(2020)TATIS: Trustworthy APIs for Threat Intelligence Sharing with UMA and CP-ABEFoundations and Practice of Security10.1007/978-3-030-45371-8_11(172-188)Online publication date: 17-Apr-2020
https://doi.org/10.1007/978-3-030-45371-8_11
(2018)A Systems Approach to Indicators of Compromise Utilizing Graph Theory2018 IEEE International Symposium on Technologies for Homeland Security (HST)10.1109/THS.2018.8574187(1-6)Online publication date: Oct-2018
https://doi.org/10.1109/THS.2018.8574187
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Unconditionally secure disjointness tests for private datasets

Quantum private comparison with a malicious third party

Symmetric cryptographic solution to Yao's millionaires' problem and an evaluation of secure multiparty computations