BloCyNfo-Share: Blockchain based Cybersecurity Information Sharing with Fine Grained Access Control

Abstract

To build a proactive cyber defense system, sharing the cybersecurity information has been very popular by which any organization can get more information about unknown and new threats. Cybersecurity Information Exchange (CYBEX) is one of the important platforms which has been playing an important role in implementing proactive cyber defense system by allowing organizations sharing their cybersecurity information. However, they are centralized and therefore they may suffer from complete failure in case of any damage or accident. Moreover, while sharing private information it lacks the mechanism of providing rights to query organizations i.e., enabling the access control over the shared sensitive information. Finally, nonrepudiation of the system does not exist i.e., there is no way to track or keep the record what any organization is sharing and it is necessary to keep the record in case anyone denies after sharing false information. To address these issues, in this paper we propose blockchain based privacy preserving cybersecurity information sharing using proxy re-encryption and attribute-based encryption (BloCyNfo-Share) where the organization can achieve fine-grain access control by delegating which organization can have the access to its cybersecurity information leveraging the benefits of blockchain technology. We conduct privacy and experimental analysis of the proposed system and the findings show that the model is private as well as efficient.