On the Performance of Secure Sharing of Classified Threat Intelligence between Multiple Entities
The sharing of cyberthreat information within a community or group of entities is possible due to solutions such as the Malware Information Sharing Platform (MISP). However, the MISP was considered limited if its information was deemed as classified or shared only for a given period of time. A solut...
Main Authors: | , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
MDPI AG
2023-01-01
|
Series: | Sensors |
Subjects: | |
Online Access: | https://www.mdpi.com/1424-8220/23/2/914 |
_version_ | 1797437219444621312 |
---|---|
author | Ricardo Fernandes Sylwia Bugla Pedro Pinto António Pinto |
author_facet | Ricardo Fernandes Sylwia Bugla Pedro Pinto António Pinto |
author_sort | Ricardo Fernandes |
collection | DOAJ |
description | The sharing of cyberthreat information within a community or group of entities is possible due to solutions such as the Malware Information Sharing Platform (MISP). However, the MISP was considered limited if its information was deemed as classified or shared only for a given period of time. A solution using searchable encryption techniques that better control the sharing of information was previously proposed by the same authors. This paper describes a prototype implementation for two key functionalities of the previous solution, considering multiple entities sharing information with each other: the symmetric key generation of a sharing group and the functionality to update a shared index. Moreover, these functionalities are evaluated regarding their performance, and enhancements are proposed to improve the performance of the implementation regarding its execution time. As the main result, the duration of the update process was shortened from around 2922 s to around 302 s, when considering a shared index with 100,000 elements. From the security analysis performed, the implementation can be considered secure, thus confirming the secrecy of the exchanged nonces. The limitations of the current implementation are depicted, and future work is pointed out. |
first_indexed | 2024-03-09T11:15:42Z |
format | Article |
id | doaj.art-36f4556fe36945e4937a76a6c0ea10b9 |
institution | Directory Open Access Journal |
issn | 1424-8220 |
language | English |
last_indexed | 2024-03-09T11:15:42Z |
publishDate | 2023-01-01 |
publisher | MDPI AG |
record_format | Article |
series | Sensors |
spelling | doaj.art-36f4556fe36945e4937a76a6c0ea10b92023-12-01T00:29:43ZengMDPI AGSensors1424-82202023-01-0123291410.3390/s23020914On the Performance of Secure Sharing of Classified Threat Intelligence between Multiple EntitiesRicardo Fernandes0Sylwia Bugla1Pedro Pinto2António Pinto3INESC TEC, 4200-465 Porto, PortugalINESC TEC, 4200-465 Porto, PortugalINESC TEC, 4200-465 Porto, PortugalINESC TEC, 4200-465 Porto, PortugalThe sharing of cyberthreat information within a community or group of entities is possible due to solutions such as the Malware Information Sharing Platform (MISP). However, the MISP was considered limited if its information was deemed as classified or shared only for a given period of time. A solution using searchable encryption techniques that better control the sharing of information was previously proposed by the same authors. This paper describes a prototype implementation for two key functionalities of the previous solution, considering multiple entities sharing information with each other: the symmetric key generation of a sharing group and the functionality to update a shared index. Moreover, these functionalities are evaluated regarding their performance, and enhancements are proposed to improve the performance of the implementation regarding its execution time. As the main result, the duration of the update process was shortened from around 2922 s to around 302 s, when considering a shared index with 100,000 elements. From the security analysis performed, the implementation can be considered secure, thus confirming the secrecy of the exchanged nonces. The limitations of the current implementation are depicted, and future work is pointed out.https://www.mdpi.com/1424-8220/23/2/914performancethreat intelligencesecure sharing |
spellingShingle | Ricardo Fernandes Sylwia Bugla Pedro Pinto António Pinto On the Performance of Secure Sharing of Classified Threat Intelligence between Multiple Entities Sensors performance threat intelligence secure sharing |
title | On the Performance of Secure Sharing of Classified Threat Intelligence between Multiple Entities |
title_full | On the Performance of Secure Sharing of Classified Threat Intelligence between Multiple Entities |
title_fullStr | On the Performance of Secure Sharing of Classified Threat Intelligence between Multiple Entities |
title_full_unstemmed | On the Performance of Secure Sharing of Classified Threat Intelligence between Multiple Entities |
title_short | On the Performance of Secure Sharing of Classified Threat Intelligence between Multiple Entities |
title_sort | on the performance of secure sharing of classified threat intelligence between multiple entities |
topic | performance threat intelligence secure sharing |
url | https://www.mdpi.com/1424-8220/23/2/914 |
work_keys_str_mv | AT ricardofernandes ontheperformanceofsecuresharingofclassifiedthreatintelligencebetweenmultipleentities AT sylwiabugla ontheperformanceofsecuresharingofclassifiedthreatintelligencebetweenmultipleentities AT pedropinto ontheperformanceofsecuresharingofclassifiedthreatintelligencebetweenmultipleentities AT antoniopinto ontheperformanceofsecuresharingofclassifiedthreatintelligencebetweenmultipleentities |