Abstract
Over recent years, the incidence of data breaches and cyberattacks has increased significantly. This has highlighted the need for sectoral organizations to share information about such events so that lessons can be learned to mitigate the prevalence and severity of cyber incidents against other organizations. Sectoral organizations embody a governance relationship between cross-sector public and private entities, called public-private partnerships (PPPs). However, organizations are hesitant to share such information due to a lack of trust and business-critical confidentially issues. This problem occurs because of the absence of any protocols that guarantee privacy protection and protect sensitive information. To address this issue, this paper proposes a novel protocol, Putra-Ramli Secure Cyber-incident Information Sharing (PURA-SCIS), to secure cyber incident information sharing. PURA-SCIS has been designed to offer exceptional data and privacy protection and run on the cloud services of sectoral organizations. The relationship between organizations in PURA-SCIS is symmetrical, where the entities must collectively maintain the security of classified cyber incident information. Furthermore, the organizations must be legitimate entities in the PURA-SCIS protocol. The Scyther tool was used for protocol verification in PURA-SCIS. The experimental results showed that the proposed PURA-SCIS protocol provided good security properties, including public verifiability for all entities, blockless verification, data privacy preservation, identity privacy preservation and traceability, and private information sharing. PURA-SCIS also provided a high degree of confidentiality to protect the security and integrity of cyber-incident-related information exchanged among sectoral organizations via cloud services.
Highlights
Sharing cybersecurity information between private sectors is an essential strategy for protecting against the recent increase in data breaches and cyberattacks [1,2]
Sectoral organizations are divided into sectors with similar business processes; sharing cybersecurity information can be done through cloud services because it has flexibility and simplicity for the sectoral organizations involved [3]
This paper proposes the novel PURA-SCIS protocol to address this problem, which focuses on providing security and privacy protection by incorporating secure protocols to ensure data confidentiality
Summary
Sharing cybersecurity information between private sectors is an essential strategy for protecting against the recent increase in data breaches and cyberattacks [1,2]. Recent research on privacy-preserving schemes in data sharing has been carried out by masking the participants’ identity or sensitive information [10,11]. A public auditing scheme to provide privacy in data storage was utilized in [13]. Efficient privacy preservation with a certificateless provable data possession scheme in cloud computing solutions was proposed in [17]. Issues related to data leakage have been discussed in previous studies, where the solution was to provide secure and trusted data protection. The studies in [21,22] utilized a fully homomorphic encryption scheme with elliptic curve cryptography to secure private clouds. That previous research focused on the role of fully homomorphic encryption used to protect data stored in cloud storage. All previous research focused on generic entities that can access information storage media
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
