Sharing is Caring: A collaborative framework for sharing security alerts

Muhammad Ajmal Azad, Samiran Bag, Farhan Ahmad, Feng Hao

Research output: Contribution to journalArticle

Abstract

Collaboration is a keystone of defense in the field of cybersecurity. A collaborative detection system allows multiple collaborators or service providers to share their security-incident-response data, in order to effectively identify and isolate stealthy malicious actors who hide their traffic under the umbrella of legitimate Internet data transmissions. The fundamental challenge in the design of a collaborative system is ensuring the privacy of collaborators in a decentralized setting without incurring substantial computation and communication overheads. In this paper, we use healthcare as a case study and present Sharing Is Caring (SIC), a framework that allows multiple healthcare organizations to share their security defense and attack data with other organizations for the collaborative defense against common attackers without compromising the privacy of their system configurations and user data. The SIC framework ensures two essential properties: (1) it ensures that no party should learn how a particular healthcare organization has reacted to suspected IP addresses, attacks or security incidents; and (2) it performs operations in a decentralized setting, without relying on a trusted third party. We provide an analysis of the privacy and security properties of our framework against honest-but-curious as well as malicious players. We prototype the proposed system and evaluate its performance in terms of computation time and communication bandwidth. The reasonable computation cost and bandwidth overhead make the SIC framework a feasible choice for the privacy-preserving exchange of security information among the collaborating healthcare organizations
Original languageEnglish
Pages (from-to)75-84
Number of pages10
JournalComputer Communications
Volume165
Early online date19 Oct 2020
DOIs
Publication statusE-pub ahead of print - 19 Oct 2020
Externally publishedYes

Keywords

  • Collaborative security
  • Privacy
  • Privacy-preserving alert sharing
  • Secure computation

ASJC Scopus subject areas

  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Sharing is Caring: A collaborative framework for sharing security alerts'. Together they form a unique fingerprint.

Cite this