Abstract

The emergence of the Internet of Things (IoT), Industry 5.0 applications and associated services have caused a powerful transition in the cyber threat landscape. As a result, organisations require new ways to proactively manage the risks associated with their infrastructure. In response, a significant amount of research has focused on developing efficient Cyber Threat Intelligence (CTI) sharing. However, in many cases, CTI contains sensitive information that has the potential to leak valuable information or cause reputational damage to the sharing organisation. While a number of existing CTI sharing approaches have utilised blockchain to facilitate privacy, it can be highlighted that a comprehensive approach that enables dynamic trust-based decision-making, facilitates decentralised trust evaluation and provides CTI producers with highly granular sharing of CTI is lacking. Subsequently, in this paper, we propose a blockchain-based CTI sharing framework, called Priv-Share, as a promising solution towards this challenge. In particular, we highlight that the integration of differential sharing, trustless delegation, democratic group managers and incentives as part of Priv-Share ensures that it can satisfy these criteria. The results of an analytical evaluation of the proposed framework using both queuing and game theory demonstrate its ability to provide scalable CTI sharing in a trustless manner. Moreover, a quantitative evaluation of an Ethereum proof-of-concept prototype demonstrates that applying the proposed framework within real-world contexts is feasible.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.