Embed Size (px)
Citation preview
Blockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency
Dr.DeepakK.ToshAssistantProfessor
DepartmentofComputerScienceUniversityofTexasatElPaso
Email:[email protected]
Outline
• MoBvaBon• Cyber-ThreatInformaBon(CTI)sharing• CurrentEfforts• Modelinga“Specific”Problem:SharingParBcipaBon• BlockchainforInformaBonSharing• ResearchChallenges• ConcludingRemarks
Growth of Cyber Threats
• AdvancedcyberaOacksarewellorganizedandhardtodetect
• ExploitsareeasilyacquiredandcanbereusedonmulBpletargets• ReacBvestrategiesareinsufficienttodealwiththethreats
Need of Threat Intelligence
• CyberaOacksmaynotbepreventedbuttheirimpactscanbereducedby• Improvingcyber-awarenessandunderstandingthreatlandscape• CollaboraBveeffortfromenterprisesaswellasgovernment• Imposingsecuritypolicies/laws(e.g.GDPR)
• Cyber-ThreatIntelligence(CTI)canderive• AcBonableinformaBonfromvariouslowlevelthreatindicators(likeIP,email,maliciousURLs,domainnames,aOackpaOern,geo-locaBoninfo,malwarehash)• Findingtargetedresources,threatactors,methods/toolsused,aOackcharacterisBcs,IoC,etc.
Handling Cybersecurity Threats
• Securityinvestmenthelpsin• Discoveringsystemloopholes,bugs,vulnerabiliBes• IdenBfymaliciousacBviBes• DevelopinganB-threatstrategies
Improvesdefenders’abilitytopredicta2ackerbehaviorandcreatemoredynamicdefenses• Demerits:• Costly• Timeconsuming
Cybersecurity Informa8on Sharing
• AnecosystemwhereacBonablecyber-threatintelligenceissharedautomaBcallyacrossverBcalsandpublic/privatesectorsinnearreal-Bmetocombatcyberthreatlandscape• Benefits• AccesstoIndicators,TacBcs,techniques,andprocedures(TTPs),Securityalerts,Threatintelligencereports,ToolconfiguraBons• EnhanceoperaBonalunderstandingofcyberthreats• ProacBveDefense• ReduceCyberRisk• PrioriBzedMiBgaBonPlan• CosteffecBvedefensestrategy
Limita8ons of Informa8on Sharing
• SomethingstopsorganizaBonsfromsharing!!!• JeopardizethesecuritypostureofthesharingorganizaBon• Externalimpactssuchasmarketvalue,reputaBon,etc.• InformaBonfree-riding• SpuriousinformaBonandprocessingoverheads
How did we get here?
Following9-11FederalInformaBonSharinggrows-failuretoconnectthedots
In2007,PresidentBushcreatesComprehensiveNaEonalCyberIniEaEve(CNCI)-ConnecttheFedCyberCentersinordertoaddresscyberthreatlandscape
In2013,EnhanceSharedSituaEonAwarenessProject(ESSA)createdtoautomatecyberthreatinformaBonsharingbetweenFedCyberCenters.-StandardsharinglanguagesSTIX/TAXII,sharedcapabilityproviders,andcommonsharingagreement(MISA).
In2015,CybersecurityInformaEonSharingAct(CISA)passed.-EstablishestheDHSAutomatedIndicatorSharing(AIS)ProgramforsharingcyberthreatindicatorsanddefensivemeasuresbetweentheFederalGovernmentandNon-FederalEnBBes.
In2016thelegacyofESSAisleveragedbyDHSforconBnuaBonofFederalCyberThreatInformaBonSharingandcoordinaBonthroughtheFederalCybersecurityInteragencyGroup(FCIG).
Cybersecurity Informa8on Sharing Today
• CybersecurityInformaBonsharinghasbeengoingonthroughISACs,ISAOs,eco-systems,opensource,andcommercialofferings• LimitaBons• Generallyunstructureddata• Ad-hocmanualcommunicaBonssuchasemail/IM/IRC/paper• Fewautomatedtools• LackofincenBvemodelforvoluntaryparBcipaBon
Outline
ü MoBvaBonü Cyber-ThreatInformaBon(CTI)sharingü CurrentEfforts• Modelinga“Specific”Problem:SharingParEcipaEon• BlockchainforInformaBonSharing• ResearchChallenges• ConcludingRemarks
CYBEX Self-Coexistence Game
• N-firmsplayindependentlytofigureoutwhethertoparBcipateintheCTIsharingornot
CYBEX Self-Coexistence Game
Conflict:• Firms’parBcipaBondependonparBcipaBoncostchargedbyCYBEX• IfCYBEXchargestoohigh,lowparBcipaBonmightberesulted• IfCYBEXchargestoolow,CYBEXmightnotbeprofitable
• Firm’snetpayoffdependstwomajorfactors:• SharingandInvestmentGain• ParBcipaBoncostandcostofinformaBonshared
CYBEX Self-Coexistence Game
• Thestrategicformcanbe
• IfSislow,thenpurestrategyNashequilibriumforthesinglestagegameis:(NotPar)cipate,NotPar)cipate)• CYBEXcannotsurviveinthiscase
• MulE-stageevoluEonaryanalysisisimportant
Evolu8onary Game Analysis
Goal:FindevoluBonarystablestrategy(ESS)thatcannotbeinvadedbyanyotherstrategyReplicatorDynamics:Assume,𝛼=ProporBonofpopulaBonwhoparBcipateandshareinCYBEX,thetransformaBonrate(𝑔(𝛼))is• ProporBonaltodifferenceofexpectedindividualuBlityforthatstrategy(𝐸↓𝑠ℎ (𝑢))andexpecteduBlityofthepopulaBono 𝑔(𝛼)=𝛼[ 𝐸↓𝑠ℎ (𝑢)−𝐸(𝑢)]
Where,𝐸(𝑢)isaverageuBlityofthewholepopulaBon
Solving the Game
§ Solvingfor𝑔(𝛼)=0,wefind
§ Tohavestableneighborhood,𝑔↑′ (𝛼)<0§ WisechoiceofincenBveorparBcipaBoncost(c)isneededtomoBvatethesociallyopBmalbehavior
Interes8ng Evolu8onary Strategy
• ExactESSisdecideddependingoniniBalsharingstrategypopulaBon(𝛼)• 𝛼↓𝑠𝑜𝑙↓1 (NoSharing)isESS,if0<𝛼< 𝑐+𝑥/(𝑆−1)𝑎𝑙𝑜𝑔(1+𝐼) • 𝛼↓𝑠𝑜𝑙↓2 (Share&ParBcipate)isESS,if𝑐+𝑥/(𝑆−1)𝑎𝑙𝑜𝑔(1+𝐼) <𝛼<1
Incen8viza8on through Par8cipa8on Cost
• DynamicincenBve/parBcipaBoncostexploitstheESScondiBons• RevenueofCYBEXgrowsperiodically
• StaBccostdemoBvatesfirmsfromparBcipaBon
Other Challenges
• Cyber-investment• OpBmalsecurityinvestmentwhilesharingisconsidered
• InformaBonOwnership
• IntegrityandAuditabilityofsharedinformaBon
Outline
ü MoBvaBonü Cyber-ThreatInformaBon(CTI)sharingü CurrentEffortsü Modelinga“Specific”Problem:SharingParBcipaBon• BlockchainforInformaEonSharing• ResearchChallenges• ConcludingRemarks
Blockchain for Informa8on Sharing
Blockchain(IntegralpartofBitcoin):• AnopendistributedledgertorecordtransacBonsimmutably• Cost-lessverificaEonoftransacBons• Fault-tolerant
Source:hOps://en.wikipedia.org/wiki/Blockchain
Blockchain-empowered Cybersecurity Informa8on Sharing Goals
What?Real-BmedisseminaBonofrelevantandacBonablecyberthreatindicatorsanddefensivemeasuresWho?Government,militaryandcommercialsectorsWhy?ProacBvedefenseandreducecyberriskWhile?Ensuringintegrity,trust,andprivacy
Blockchain-integrated Informa8on Sharing
Provenance:• AudiBngprocesswhichmaintainsarecordofalloperaBonsconductedonsharedthreatinformaBon• MaintainInformaBonIntegrity
Research Challenges
Ø EnsuringinformaBonprivacy
Ø PruningredundantinformaBon
Ø DerivingacBonablethreatintelligence
Ø Qualityvs.quanBty
Ø Enablingsector-wiseinformaBonsharing
Concluding Remarks
• Cybersecuritylandscapeishugeandtherearealottoexplore• Cyber-threatinformaBonsharingisoneimportantiniBaBvetowardproacBvedefense• BlockchaintechnologyisanewfronBertodesigntamper-resistantsystems• Aworkingpladormthatintegratesbothisyettocome
Thank You QuesBons??
