Zand, Arman and Pfluegel, Eckhard (2023) A hybrid personal cyber threat intelligence sharing protocol using steganography and secret sharing. In: Cyber Science 2023; 03 - 04 Jul 2023, Copenhagen, Denmark.
Abstract
Cyber Threat Intelligence (CTI) sharing allows organisations, communities and individuals to respond to emerging threats quickly, provided secure and reliable communication can be ensured. However, privacy constraints, restrictive sharing policies, concerns about trust misuse, and the lack of trustworthy tools limit the quality and quantity of information that are exchanged. This paper proposes a novel cryptographic protocol for sharing personal CTI information by private individuals based on hybrid information hiding and sharing techniques. Messages can be sent via an intermediary so that a passive monitoring attacker is misled, interpreting the intermediary as the dealer of a secret sharing scheme. Recipients can reconstruct the information as part of the secret sharing scheme. However, the true nature of the original messages being cover objects and pre-defined shares remain hidden. The protocol has been implemented, and our proof-ofconcept system has been assessed for robustness and performance. Our evaluation shows that the system is efficient, secure and practical. Hence, our approach could be a valuable tool for real-world personal CTI sharing as an effective method to manage confidentiality, trust and risk of CTI owned by private individuals.
![[img]](https://eprints.kingston.ac.uk/style/images/fileicons/text.png)
Actions (Repository Editors)
 |
Item Control Page |