EEMCS

Home > Publications
Home University of Twente
Education
Research
Prospective Students
Jobs
Publications
Intranet (internal)
 
 Nederlands
 Contact
 Search
 Organisation

EEMCS EPrints Service


27477 Private Sharing of IOCs and Sightings
Home Policy Brochure Browse Search User Area Contact Help

van de Kamp, T.R. and Peter, A. and Everts, M.H. and Jonker, W. (2016) Private Sharing of IOCs and Sightings. In: 3rd ACM Workshop on Information Sharing and Collaborative Security, WISCS 2016. pp. 35-38. ACM. ISBN 978-1-4503-4565-1

Full text available as:

PDF
- Univ. of Twente only
936 Kb

Official URL: http://dx.doi.org/10.1145/2994539.2994544

Exported to Metis

Abstract

Information sharing helps to better protect computer systems against digital threats and known attacks. However, since security information is usually considered sensitive, parties are hesitant to share all their information through public channels. Instead, they only exchange this information with parties with whom they already established trust relationships. We propose the use of two complementary techniques to allow parties to share information without the need to immediately reveal private information. We consider a cryptographic approach to hide the details of an indicator of compromise so that it can be shared with other parties. These other parties are still able to detect intrusions with these cryptographic indicators. Additionally, we apply another cryptographic construction to let parties report back their number of sightings to a central party. This central party can aggregate the messages from the various parties to learn the total number of sightings for each indicator, without learning the number of sightings from each individual party.

An evaluation of our open-source proof-of-concept implementations shows that both techniques incur only little overhead, making the techniques prime candidates for practice.

Item Type:Conference or Workshop Paper (Full Paper, Talk)
Research Group:EWI-SCS: Services, Cyber security and Safety, EWI-DB: Databases
Research Program:CTIT-General
Research Project:CRIPTIM: Critical Infrastructure Protection Through Cryptographic Incident Management
ID Code:27477
Status:Published
Deposited On:06 December 2016
Refereed:Yes
International:Yes
More Information:statisticsmetis

Export this item as:

To request a copy of the PDF please email us request copy

To correct this item please ask your editor

Repository Staff Only: edit this item