The increasing frequency and sophistication of cyberattacks underscore the need for adequate cybersecurity solutions, particularly by utilizing Cyber Threat Intelligence (CTI). CTI is critical for maintaining a proactive security posture, but its collaborative sharing is often hindered by concerns over data privacy, reputation risk, and the potential exposure of sensitive or proprietary information. To defeat these deficiencies, this research proposes a novel plan for privacy-preserving CTI sharing. Our approach is to include an OPRF-based Private Set Intersection (PSI) scheme as an external sidecar of OpenCTI, which is a popular open-source threat intelligence solution. With such an arrangement, two organizations are able to compute the intersection of their CTI datasets privately and only publish the common IoCs without disclosing the remainder of their CTI data. The architecture is built to interoperate with industry standard Structured Threat Information eXpression (STIX), enabling interoperability. The success and experimentation with this protocol prove its potential to enable secure, cooperative CTI sharing without compromising privacy, while supporting a trusted, intelligence-driven cybersecurity environment.
Cyber Threat Intelligence, Private Set Intersection, Anonymous sharing, Privacy, CTI sharing
© IACyC is conducted under the administration of the CyberMACS Erasmus-Mundus Masters Programme. cybermacs.org