TIPS: Threat Sharing Information Platform for Enhanced Security

• URL: http://arxiv.org/abs/2403.05210v1
• Date: Fri, 8 Mar 2024 10:50:49 GMT
• Title: TIPS: Threat Sharing Information Platform for Enhanced Security
• Authors: Lakshmi Rama Kiran Pasumarthy, Hisham Ali, William J Buchanan, Jawad Ahmad, Audun Josang, Vasileios Mavroeidis, Mouad Lemoudden,
• Abstract summary: This paper presents an abstraction of a trusted information-sharing process which integrates Attribute-Based Encryption (ABE), Homomorphic Encryption (HE) and Zero Knowledge Proof (ZKP) It then provides a protocol exchange between two threat-sharing agents that share encrypted messages through a trusted channel.
• Score: 0.5384718724090648
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: There is an increasing need to share threat information for the prevention of widespread cyber-attacks. While threat-related information sharing can be conducted through traditional information exchange methods, such as email communications etc., these methods are often weak in terms of their trustworthiness and privacy. Additionally, the absence of a trust infrastructure between different information-sharing domains also poses significant challenges. These challenges include redactment of information, the Right-to-be-forgotten, and access control to the information-sharing elements. These access issues could be related to time bounds, the trusted deletion of data, and the location of accesses. This paper presents an abstraction of a trusted information-sharing process which integrates Attribute-Based Encryption (ABE), Homomorphic Encryption (HE) and Zero Knowledge Proof (ZKP) integrated into a permissioned ledger, specifically Hyperledger Fabric (HLF). It then provides a protocol exchange between two threat-sharing agents that share encrypted messages through a trusted channel. This trusted channel can only be accessed by those trusted in the sharing and could be enabled for each data-sharing element or set up for long-term sharing.

Related papers

• Uncovering Attacks and Defenses in Secure Aggregation for Federated Deep Learning [17.45950557331482]
  Federated learning enables the collaborative learning of a global model on diverse data, preserving data locality and eliminating the need to transfer user data to a central server. Secure aggregation protocols are designed to mask/encrypt user updates and enable a central server to aggregate the masked information. MicroSecAgg (PoPETS 2024) proposes a single server secure aggregation protocol that aims to mitigate the high communication complexity of the existing approaches.
  arXiv  Detail & Related papers  (2024-10-13T00:06:03Z)
• Self-Sovereign Identity for Consented and Content-Based Access to Medical Records using Blockchain [1.118478900782898]
  We propose a blockchain-based solution enabling secure exchange of EHRs between different parties powered by a self-sovereign identity wallet and decentralized identifiers. We grant users full control over their medical data, and enable them to securely share it in total confidentiality over secure communication channels.
  arXiv  Detail & Related papers  (2024-07-31T12:27:31Z)
• MARTSIA: Safeguarding Data Confidentiality in Blockchain-Driven Process Execution [6.26635837045368]
  Multi-Authority Approach to Transaction Systems for Interoperating Applications (MARTSIA) MARTSIA provides read-access control at the message-part level through user-defined policies and certifier-declared attributes. MARTSIA resorts to encrypted, Multi-Authority Attribute-Based Encryption and distributed hash-table data-stores.
  arXiv  Detail & Related papers  (2024-07-15T12:59:54Z)
• Differentiated Security Architecture for Secure and Efficient Infotainment Data Communication in IoV Networks [55.340315838742015]
  Negligence on the security of infotainment data communication in IoV networks can unintentionally open an easy access point for social engineering attacks. In particular, we first classify data communication in the IoV network, examine the security focus of each data communication, and then develop a differentiated security architecture to provide security protection on a file-to-file basis.
  arXiv  Detail & Related papers  (2024-03-29T12:01:31Z)
• Secure Aggregation is Not Private Against Membership Inference Attacks [66.59892736942953]
  We investigate the privacy implications of SecAgg in federated learning. We show that SecAgg offers weak privacy against membership inference attacks even in a single training round. Our findings underscore the imperative for additional privacy-enhancing mechanisms, such as noise injection.
  arXiv  Detail & Related papers  (2024-03-26T15:07:58Z)
• ByzSecAgg: A Byzantine-Resistant Secure Aggregation Scheme for Federated Learning Based on Coded Computing and Vector Commitment [90.60126724503662]
  ByzSecAgg is an efficient secure aggregation scheme for federated learning. ByzSecAgg is protected against Byzantine attacks and privacy leakages.
  arXiv  Detail & Related papers  (2023-02-20T11:15:18Z)
• Privacy-Preserving Joint Edge Association and Power Optimization for the Internet of Vehicles via Federated Multi-Agent Reinforcement Learning [74.53077322713548]
  We investigate the privacy-preserving joint edge association and power allocation problem. The proposed solution strikes a compelling trade-off, while preserving a higher privacy level than the state-of-the-art solutions.
  arXiv  Detail & Related papers  (2023-01-26T10:09:23Z)
• Orchestrating Collaborative Cybersecurity: A Secure Framework for Distributed Privacy-Preserving Threat Intelligence Sharing [7.977316321387031]
  Cyber Threat Intelligence (CTI) sharing is an important activity to reduce information asymmetries between attackers and defenders. Current literature assumes access to centralized databases containing all the information, but this is not always feasible. We propose a novel framework for extracting CTI from distributed data on incidents, vulnerabilities and indicators of compromise.
  arXiv  Detail & Related papers  (2022-09-06T17:44:20Z)
• Privacy and Trust Redefined in Federated Machine Learning [5.4475482673944455]
  We present a privacy-preserving decentralised workflow that facilitates trusted federated learning among participants. Only entities in possession of Verifiable Credentials issued from the appropriate authorities are able to establish secure, authenticated communication channels.
  arXiv  Detail & Related papers  (2021-03-29T16:47:01Z)
• A System for Automated Open-Source Threat Intelligence Gathering and Management [53.65687495231605]
  SecurityKG is a system for automated OSCTI gathering and management. It uses a combination of AI and NLP techniques to extract high-fidelity knowledge about threat behaviors.
  arXiv  Detail & Related papers  (2021-01-19T18:31:35Z)
• BeeTrace: A Unified Platform for Secure Contact Tracing that Breaks Data Silos [73.84437456144994]
  Contact tracing is an important method to control the spread of an infectious disease such as COVID-19. Current solutions do not utilize the huge volume of data stored in business databases and individual digital devices. We propose BeeTrace, a unified platform that breaks data silos and deploys state-of-the-art cryptographic protocols to guarantee privacy goals.
  arXiv  Detail & Related papers  (2020-07-05T10:33:45Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.