Private sharing of IOCs and sightings

conference paper
2016
Kamp, T.R. van de

Peter, A.

Everts, M.H.

Jonker, W.
Information sharing helps to better protect computer sys- tems against digital threats and known attacks. However, since security information is usually considered sensitive, parties are hesitant to share all their information through public channels. Instead, they only exchange this informa- tion with parties with whom they already established trust relationships. We propose the use of two complementary techniques to allow parties to share information without the need to im- mediately reveal private information. We consider a crypto- graphic approach to hide the details of an indicator of com- promise so that it can be shared with other parties. These other parties are still able to detect intrusions with these cryptographic indicators. Additionally, we apply another cryptographic construction to let parties report back their number of sightings to a central party. This central party can aggregate the messages from the various parties to learn the total number of sightings for each indicator, without learning the number of sightings from each individual party. An evaluation of our open-source proof-of-concept imple- mentations shows that both techniques incur only little over- head, making the techniques prime candidates for practice. © 2016 ACM.
ACM SIGSAC
Topics
CryptographyEvaluationPrivate information sharingCryptographyInformation analysisComplementary techniquesEvaluationGraphic approachesInformation sharingOpen sourcesPrivate informationProof of conceptTrust relationshipInformation dissemination
TNO Identifier
575099
Repository link
https://resolver.tno.nl/uuid:0a09542e-c31c-400e-a9bd-f1011daa47cc
ISBN
9781450345651
Publisher
Association for Computing Machinery, Inc
Source title
3rd ACM Workshop on Information Sharing and Collaborative Security, WISCS 2016. 24 October 2016
Pages
35-38
Files
To receive the publication files, please send an e-mail request to TNO Repository.