A Trusted, Verifiable and Differential Cyber Threat Intelligence Sharing Framework using Blockchain

TL;DR

This paper introduces a blockchain-based framework for secure, trusted, and selective sharing of cyber threat intelligence, addressing privacy and verification challenges in collaborative cybersecurity efforts.

Contribution

It presents a novel blockchain framework enabling organizations to share sensitive CTI data verifiably and differentially with flexible policies, filling gaps in existing solutions.

Findings

Framework ensures trusted and verifiable CTI sharing

Allows differential sharing with flexible policies

Experimental results show low overheads

Abstract

Cyber Threat Intelligence (CTI) is the knowledge of cyber and physical threats that help mitigate potential cyber attacks. The rapid evolution of the current threat landscape has seen many organisations share CTI to strengthen their security posture for mutual benefit. However, in many cases, CTI data contains attributes (e.g., software versions) that have the potential to leak sensitive information or cause reputational damage to the sharing organisation. While current approaches allow restricting CTI sharing to trusted organisations, they lack solutions where the shared data can be verified and disseminated `differentially' (i.e., selective information sharing) with policies and metrics flexibly defined by an organisation. In this paper, we propose a blockchain-based CTI sharing framework that allows organisations to share sensitive CTI data in a trusted, verifiable and differential manner. We discuss the limitations associated with existing approaches and highlight the advantages of the proposed CTI sharing framework. We further present a detailed proof of concept using the Ethereum blockchain network. Our experimental results show that the proposed framework can facilitate the exchange of CTI without creating significant additional overheads.