Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

A Privacy-Preserving Cyber Threat Intelligence Sharing System

Journal Article · · 2024 IEEE 6th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)
 [1];  [1];  [1];  [1]
  1. University of Arkansas at Little Rock, AR (United States)
+ Show Author Affiliations

Cyber Threat Intelligence (CTI) is a key resource for developing defensive strategies against potential cyber adversaries. Entities typically access CTI through open-source platforms, national agencies, or specialized commercial services. However, the bi-directional exchange of CTI is hindered by organizational trust boundaries, which complicate the sharing processes between entities and CTI providers. Centralized CTI services benefit from receiving suspicious cyber observables such as IP addresses, domain names, and email addresses from various entities. The aggregation allows for the correlation of widespread adversarial activities to enhance the alert and response mechanisms across the network of involved parties. Despite these benefits, openly sharing such observables incurs potential legal, regulatory, and reputational risks for the disclosing entities.This paper introduces a system designed to facilitate the secure exchange of cyber observables across trust boundaries without compromising the anonymity of the sharing entities. Here, we propose an architecture that leverages common web protocols alongside zero-knowledge proofs to authenticate members while maintaining anonymity. Additionally, we outline a privacy model tailored for STIX (Structured Threat Information eXpression) cyber observables to minimize the risk of inadvertently disclosing private information. Through our threat models, we assess the privacy implications of our proposed system and demonstrate its potential to enhance collaborative cyber defense efforts without exposing entities to undue risk.

Research Organization:
National Energy Technology Laboratory (NETL), Pittsburgh, PA, Morgantown, WV, and Albany, OR (United States)
Sponsoring Organization:
USDOE
Grant/Contract Number:
CR0000031; CR0000022
OSTI ID:
2587202
Report Number(s):
DOE-UALR-CR31--1
Journal Information:
2024 IEEE 6th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA), Journal Name: 2024 IEEE 6th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)
Publisher:
IEEECopyright Statement
Country of Publication:
United States
Language:
English

References (1)

Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials book January 2002

Similar Records

Improving Cyber Situational Understanding
Thesis/Dissertation · Wed Aug 20 00:00:00 EDT 2025 · OSTI ID:2584218
Privacy Vulnerability of Published Anonymous Mobility Traces
Journal Article · Sat Jun 01 00:00:00 EDT 2013 · IEEE/ACM Transactions on Networking · OSTI ID:1095747
Mitigate: An Adaptive Network Data Anonymization Tool Using Condensation-Based Differential Privacy
Technical Report · Mon Mar 14 00:00:00 EDT 2022 · OSTI ID:1854575

Related Subjects

BBS+ Signatures
Cyber Threat Intelligence
Privacy
STIX
Zero-Knowledge Proofs