{"title":"Priv-Share:利用区块链实现网络威胁情报差异化和无信任委托的隐私保护框架","authors":"","doi":"10.1016/j.comnet.2024.110686","DOIUrl":null,"url":null,"abstract":"<div><p>The emergence of the Internet of Things (IoT), Industry 5.0 applications and associated services have caused a powerful transition in the cyber threat landscape. As a result, organisations require new ways to proactively manage the risks associated with their infrastructure. In response, a significant amount of research has focused on developing efficient <em>Cyber Threat Intelligence</em> (CTI) sharing. However, in many cases, CTI contains sensitive information that has the potential to leak valuable information or cause reputational damage to the sharing organisation. While a number of existing CTI sharing approaches have utilised blockchain to facilitate privacy, it can be highlighted that a comprehensive approach that enables dynamic trust-based decision-making, facilitates decentralised trust evaluation and provides CTI producers with highly granular sharing of CTI is lacking. Subsequently, in this paper, we propose a blockchain-based CTI sharing framework, called <em>Priv-Share</em>, as a promising solution towards this challenge. In particular, we highlight that the integration of <em>differential sharing</em>, <em>trustless delegation</em>, <em>democratic group managers</em> and <em>incentives</em> as part of <em>Priv-Share</em> ensures that it can satisfy these criteria. The results of an analytical evaluation of the proposed framework using both queuing and game theory demonstrate its ability to provide scalable CTI sharing in a trustless manner. Moreover, a quantitative evaluation of an Ethereum proof-of-concept prototype demonstrates that applying the proposed framework within real-world contexts is feasible.</p></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":null,"pages":null},"PeriodicalIF":4.4000,"publicationDate":"2024-08-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S1389128624005188/pdfft?md5=f66aca799d724e317c329989ebfd22dc&pid=1-s2.0-S1389128624005188-main.pdf","citationCount":"0","resultStr":"{\"title\":\"Priv-Share: A privacy-preserving framework for differential and trustless delegation of cyber threat intelligence using blockchain\",\"authors\":\"\",\"doi\":\"10.1016/j.comnet.2024.110686\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>The emergence of the Internet of Things (IoT), Industry 5.0 applications and associated services have caused a powerful transition in the cyber threat landscape. As a result, organisations require new ways to proactively manage the risks associated with their infrastructure. In response, a significant amount of research has focused on developing efficient <em>Cyber Threat Intelligence</em> (CTI) sharing. However, in many cases, CTI contains sensitive information that has the potential to leak valuable information or cause reputational damage to the sharing organisation. While a number of existing CTI sharing approaches have utilised blockchain to facilitate privacy, it can be highlighted that a comprehensive approach that enables dynamic trust-based decision-making, facilitates decentralised trust evaluation and provides CTI producers with highly granular sharing of CTI is lacking. Subsequently, in this paper, we propose a blockchain-based CTI sharing framework, called <em>Priv-Share</em>, as a promising solution towards this challenge. In particular, we highlight that the integration of <em>differential sharing</em>, <em>trustless delegation</em>, <em>democratic group managers</em> and <em>incentives</em> as part of <em>Priv-Share</em> ensures that it can satisfy these criteria. The results of an analytical evaluation of the proposed framework using both queuing and game theory demonstrate its ability to provide scalable CTI sharing in a trustless manner. Moreover, a quantitative evaluation of an Ethereum proof-of-concept prototype demonstrates that applying the proposed framework within real-world contexts is feasible.</p></div>\",\"PeriodicalId\":50637,\"journal\":{\"name\":\"Computer Networks\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":4.4000,\"publicationDate\":\"2024-08-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.sciencedirect.com/science/article/pii/S1389128624005188/pdfft?md5=f66aca799d724e317c329989ebfd22dc&pid=1-s2.0-S1389128624005188-main.pdf\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer Networks\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1389128624005188\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128624005188","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
Priv-Share: A privacy-preserving framework for differential and trustless delegation of cyber threat intelligence using blockchain
The emergence of the Internet of Things (IoT), Industry 5.0 applications and associated services have caused a powerful transition in the cyber threat landscape. As a result, organisations require new ways to proactively manage the risks associated with their infrastructure. In response, a significant amount of research has focused on developing efficient Cyber Threat Intelligence (CTI) sharing. However, in many cases, CTI contains sensitive information that has the potential to leak valuable information or cause reputational damage to the sharing organisation. While a number of existing CTI sharing approaches have utilised blockchain to facilitate privacy, it can be highlighted that a comprehensive approach that enables dynamic trust-based decision-making, facilitates decentralised trust evaluation and provides CTI producers with highly granular sharing of CTI is lacking. Subsequently, in this paper, we propose a blockchain-based CTI sharing framework, called Priv-Share, as a promising solution towards this challenge. In particular, we highlight that the integration of differential sharing, trustless delegation, democratic group managers and incentives as part of Priv-Share ensures that it can satisfy these criteria. The results of an analytical evaluation of the proposed framework using both queuing and game theory demonstrate its ability to provide scalable CTI sharing in a trustless manner. Moreover, a quantitative evaluation of an Ethereum proof-of-concept prototype demonstrates that applying the proposed framework within real-world contexts is feasible.
期刊介绍:
Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.