Secure exchange of cyber threat intelligence using TAXII and distributed ledger technologies - application for electrical power and energy system

Abstract: The energy sector has been, in recent years, the target of sophisticated cyberattacks. Although the importance of collaborative cyber-security consciousness, expressed as extensive cyber threat intelligence sharing, is undoubted, the standardization of the means of exchanging cyber threat information efficiently and securely has been inadequately addressed and is mostly expressed by the emergence of the Trusted Automated eXchange of Indicator Information (TAXII TM ) protocol which faces major deficiencies when… Show more

“…Considering the growing concern about data security and privacy, this work develops a blockchain-enabled Secure and Efficient Threat Sharing platform (SETS) which takes into account the data protection regulations, specifically the GDPR right to be forgotten, while leveraging a private permissioned blockchain for security properties. To this end, it extends our previous solution [9] wherein the technological capacity of the TAXII framework was expanded to address the inherited deficiencies of the platform including lack of support for the event-driven architecture and absence of database protection. The rationale behind the framework selection was to address interoperability issues among different sectors since the TAXII framework is deemed as one of the most prominent cybersecurity information sharing platforms.…”

“…As stated above, the TAXII server sits between CTI providers and consumers and maintains a repository of CTI objects which would be on-demand forwarded to the interested parties. The server component extends our previous work [9] which addressed the inherited deficiencies of the minimal implementation of TAXII 2.1 server [41], so-called medallion node, with the blockchain integration and pub-sub middleware. Thereby, the TAXII server component similarly to the official implementation gives the ability to clients to access the endpoints defined in TAXII 2.1 protocol using the Flask web framework [44].…”

“…Furthermore, the TAXII standard [27] was defined to support the secure exchange of threat information particularly data structured in STIX formats. Our previous work [9], which the current implementation is also built upon, expanded the official TAXII framework, which is encouraged to be utilised by public and private sectors for sharing threat information.…”

“…In [9], the TAXII framework was extended with the publish-subscribe module, enabling the automatic distribution of CTI towards the subscribed partners upon reception of new threat information. Thereby, the SETS framework satisfies the fifth criterion which is automation.…”

“…This work builds on our previous solution [9] in which the technological capacity of the TAXII framework was expanded to address the inherited deficiencies of the platform such as the lack of support for event-driven architecture. The effectiveness of the CTI sharing platform in addition to trust formation between different parties highly relies on the reliability of shared information.…”

Secure and Efficient Exchange of Threat Information Using Blockchain Technology

“…Considering the growing concern about data security and privacy, this work develops a blockchain-enabled Secure and Efficient Threat Sharing platform (SETS) which takes into account the data protection regulations, specifically the GDPR right to be forgotten, while leveraging a private permissioned blockchain for security properties. To this end, it extends our previous solution [9] wherein the technological capacity of the TAXII framework was expanded to address the inherited deficiencies of the platform including lack of support for the event-driven architecture and absence of database protection. The rationale behind the framework selection was to address interoperability issues among different sectors since the TAXII framework is deemed as one of the most prominent cybersecurity information sharing platforms.…”

“…As stated above, the TAXII server sits between CTI providers and consumers and maintains a repository of CTI objects which would be on-demand forwarded to the interested parties. The server component extends our previous work [9] which addressed the inherited deficiencies of the minimal implementation of TAXII 2.1 server [41], so-called medallion node, with the blockchain integration and pub-sub middleware. Thereby, the TAXII server component similarly to the official implementation gives the ability to clients to access the endpoints defined in TAXII 2.1 protocol using the Flask web framework [44].…”

“…Furthermore, the TAXII standard [27] was defined to support the secure exchange of threat information particularly data structured in STIX formats. Our previous work [9], which the current implementation is also built upon, expanded the official TAXII framework, which is encouraged to be utilised by public and private sectors for sharing threat information.…”

“…In [9], the TAXII framework was extended with the publish-subscribe module, enabling the automatic distribution of CTI towards the subscribed partners upon reception of new threat information. Thereby, the SETS framework satisfies the fifth criterion which is automation.…”

“…This work builds on our previous solution [9] in which the technological capacity of the TAXII framework was expanded to address the inherited deficiencies of the platform such as the lack of support for event-driven architecture. The effectiveness of the CTI sharing platform in addition to trust formation between different parties highly relies on the reliability of shared information.…”

Secure and Efficient Exchange of Threat Information Using Blockchain Technology

The Distributed Ledger Technology as Development Platform for Distributed Information Systems

Security Issues in Cyber Threat Intelligence Exchange: A Review