Privacy-preserving and Trusted Threat Intelligence Sharing using Distributed Ledgers
This addresses the need for a trusted and scalable infrastructure for cybersecurity threat sharing among organizations, though it appears incremental as it applies existing distributed ledger methods to this domain.
The paper tackles the problem of securely sharing sensitive threat intelligence among trusted partners by proposing a system that uses distributed ledger technology and smart contracts to ensure privacy, security, and traceability, specifically applied to the MITRE ATT&CK framework.
Threat information sharing is considered as one of the proactive defensive approaches for enhancing the overall security of trusted partners. Trusted partner organizations can provide access to past and current cybersecurity threats for reducing the risk of a potential cyberattack - the requirements for threat information sharing range from simplistic sharing of documents to threat intelligence sharing. Therefore, the storage and sharing of highly sensitive threat information raises considerable concerns regarding constructing a secure, trusted threat information exchange infrastructure. Establishing a trusted ecosystem for threat sharing will promote the validity, security, anonymity, scalability, latency efficiency, and traceability of the stored information that protects it from unauthorized disclosure. This paper proposes a system that ensures the security principles mentioned above by utilizing a distributed ledger technology that provides secure decentralized operations through smart contracts and provides a privacy-preserving ecosystem for threat information storage and sharing regarding the MITRE ATT\&CK framework.