TY - JOUR
T1 - Sharing is Caring
T2 - A collaborative framework for sharing security alerts
AU - Azad, Muhammad Ajmal
AU - Bag, Samiran
AU - Ahmad, Farhan
AU - Hao, Feng
N1 - Funding Information:
Feng Hao and Samiran Bag would like to acknowledge the support by the Royal Society, United Kingdom grant, ICA/R1/180226 . All authors approved the version of the manuscript to be published.
Publisher Copyright:
© 2020 Elsevier B.V.
PY - 2021/1/1
Y1 - 2021/1/1
N2 - Collaboration is a keystone of defense in the field of cybersecurity. A collaborative detection system allows multiple collaborators or service providers to share their security-incident-response data, in order to effectively identify and isolate stealthy malicious actors who hide their traffic under the umbrella of legitimate Internet data transmissions. The fundamental challenge in the design of a collaborative system is ensuring the privacy of collaborators in a decentralized setting without incurring substantial computation and communication overheads. In this paper, we use healthcare as a case study and present Sharing Is Caring (SIC), a framework that allows multiple healthcare organizations to share their security defense and attack data with other organizations for the collaborative defense against common attackers without compromising the privacy of their system configurations and user data. The SIC framework ensures two essential properties: (1) it ensures that no party should learn how a particular healthcare organization has reacted to suspected IP addresses, attacks or security incidents; and (2) it performs operations in a decentralized setting, without relying on a trusted third party. We provide an analysis of the privacy and security properties of our framework against honest-but-curious as well as malicious players. We prototype the proposed system and evaluate its performance in terms of computation time and communication bandwidth. The reasonable computation cost and bandwidth overhead make the SIC framework a feasible choice for the privacy-preserving exchange of security information among the collaborating healthcare organizations.
AB - Collaboration is a keystone of defense in the field of cybersecurity. A collaborative detection system allows multiple collaborators or service providers to share their security-incident-response data, in order to effectively identify and isolate stealthy malicious actors who hide their traffic under the umbrella of legitimate Internet data transmissions. The fundamental challenge in the design of a collaborative system is ensuring the privacy of collaborators in a decentralized setting without incurring substantial computation and communication overheads. In this paper, we use healthcare as a case study and present Sharing Is Caring (SIC), a framework that allows multiple healthcare organizations to share their security defense and attack data with other organizations for the collaborative defense against common attackers without compromising the privacy of their system configurations and user data. The SIC framework ensures two essential properties: (1) it ensures that no party should learn how a particular healthcare organization has reacted to suspected IP addresses, attacks or security incidents; and (2) it performs operations in a decentralized setting, without relying on a trusted third party. We provide an analysis of the privacy and security properties of our framework against honest-but-curious as well as malicious players. We prototype the proposed system and evaluate its performance in terms of computation time and communication bandwidth. The reasonable computation cost and bandwidth overhead make the SIC framework a feasible choice for the privacy-preserving exchange of security information among the collaborating healthcare organizations.
KW - Collaborative security
KW - Privacy
KW - Privacy-preserving alert sharing
KW - Secure computation
UR - http://www.scopus.com/inward/record.url?scp=85095915765&partnerID=8YFLogxK
U2 - 10.1016/j.comcom.2020.09.013
DO - 10.1016/j.comcom.2020.09.013
M3 - Article
AN - SCOPUS:85095915765
VL - 165
SP - 75
EP - 84
JO - Computer Communications
JF - Computer Communications
SN - 0140-3664
ER -