Abstract
Collaboration is a keystone of defense in the field of cybersecurity. A collaborative detection system allows multiple collaborators or service providers to share their security-incident-response data, in order to effectively identify and isolate stealthy malicious actors who hide their traffic under the umbrella of legitimate Internet data transmissions. The fundamental challenge in the design of a collaborative system is ensuring the privacy of collaborators in a decentralized setting without incurring substantial computation and communication overheads. In this paper, we use healthcare as a case study and present Sharing Is Caring (SIC), a framework that allows multiple healthcare organizations to share their security defense and attack data with other organizations for the collaborative defense against common attackers without compromising the privacy of their system configurations and user data. The SIC framework ensures two essential properties: (1) it ensures that no party should learn how a particular healthcare organization has reacted to suspected IP addresses, attacks or security incidents; and (2) it performs operations in a decentralized setting, without relying on a trusted third party. We provide an analysis of the privacy and security properties of our framework against honest-but-curious as well as malicious players. We prototype the proposed system and evaluate its performance in terms of computation time and communication bandwidth. The reasonable computation cost and bandwidth overhead make the SIC framework a feasible choice for the privacy-preserving exchange of security information among the collaborating healthcare organizations
Original language | English |
---|---|
Pages (from-to) | 75-84 |
Number of pages | 10 |
Journal | Computer Communications |
Volume | 165 |
Early online date | 19 Oct 2020 |
DOIs | |
Publication status | Published - 1 Jan 2021 |
Externally published | Yes |
Keywords
- Collaborative security
- Privacy
- Privacy-preserving alert sharing
- Secure computation
ASJC Scopus subject areas
- Computer Networks and Communications