Blockchain-based Cybersecurity Informa8on...
Transcript of Blockchain-based Cybersecurity Informa8on...
![Page 1: Blockchain-based Cybersecurity Informa8on …credit.pvamu.edu/MCBDA2019/UTEP_Tosh.pdfBlockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency Dr. Deepak K. Tosh Assistant](https://reader033.fdocuments.net/reader033/viewer/2022042303/5ece4ca7b1af104f892b65b6/html5/thumbnails/1.jpg)
Blockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency
Dr.DeepakK.ToshAssistantProfessor
DepartmentofComputerScienceUniversityofTexasatElPaso
Email:[email protected]
![Page 2: Blockchain-based Cybersecurity Informa8on …credit.pvamu.edu/MCBDA2019/UTEP_Tosh.pdfBlockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency Dr. Deepak K. Tosh Assistant](https://reader033.fdocuments.net/reader033/viewer/2022042303/5ece4ca7b1af104f892b65b6/html5/thumbnails/2.jpg)
Outline
• MoBvaBon• Cyber-ThreatInformaBon(CTI)sharing• CurrentEfforts• Modelinga“Specific”Problem:SharingParBcipaBon• BlockchainforInformaBonSharing• ResearchChallenges• ConcludingRemarks
![Page 3: Blockchain-based Cybersecurity Informa8on …credit.pvamu.edu/MCBDA2019/UTEP_Tosh.pdfBlockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency Dr. Deepak K. Tosh Assistant](https://reader033.fdocuments.net/reader033/viewer/2022042303/5ece4ca7b1af104f892b65b6/html5/thumbnails/3.jpg)
Growth of Cyber Threats
• AdvancedcyberaOacksarewellorganizedandhardtodetect
• ExploitsareeasilyacquiredandcanbereusedonmulBpletargets• ReacBvestrategiesareinsufficienttodealwiththethreats
![Page 4: Blockchain-based Cybersecurity Informa8on …credit.pvamu.edu/MCBDA2019/UTEP_Tosh.pdfBlockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency Dr. Deepak K. Tosh Assistant](https://reader033.fdocuments.net/reader033/viewer/2022042303/5ece4ca7b1af104f892b65b6/html5/thumbnails/4.jpg)
Need of Threat Intelligence
• CyberaOacksmaynotbepreventedbuttheirimpactscanbereducedby• Improvingcyber-awarenessandunderstandingthreatlandscape• CollaboraBveeffortfromenterprisesaswellasgovernment• Imposingsecuritypolicies/laws(e.g.GDPR)
• Cyber-ThreatIntelligence(CTI)canderive• AcBonableinformaBonfromvariouslowlevelthreatindicators(likeIP,email,maliciousURLs,domainnames,aOackpaOern,geo-locaBoninfo,malwarehash)• Findingtargetedresources,threatactors,methods/toolsused,aOackcharacterisBcs,IoC,etc.
![Page 5: Blockchain-based Cybersecurity Informa8on …credit.pvamu.edu/MCBDA2019/UTEP_Tosh.pdfBlockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency Dr. Deepak K. Tosh Assistant](https://reader033.fdocuments.net/reader033/viewer/2022042303/5ece4ca7b1af104f892b65b6/html5/thumbnails/5.jpg)
Handling Cybersecurity Threats
• Securityinvestmenthelpsin• Discoveringsystemloopholes,bugs,vulnerabiliBes• IdenBfymaliciousacBviBes• DevelopinganB-threatstrategies
Improvesdefenders’abilitytopredicta2ackerbehaviorandcreatemoredynamicdefenses• Demerits:• Costly• Timeconsuming
![Page 6: Blockchain-based Cybersecurity Informa8on …credit.pvamu.edu/MCBDA2019/UTEP_Tosh.pdfBlockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency Dr. Deepak K. Tosh Assistant](https://reader033.fdocuments.net/reader033/viewer/2022042303/5ece4ca7b1af104f892b65b6/html5/thumbnails/6.jpg)
Cybersecurity Informa8on Sharing
• AnecosystemwhereacBonablecyber-threatintelligenceissharedautomaBcallyacrossverBcalsandpublic/privatesectorsinnearreal-Bmetocombatcyberthreatlandscape• Benefits• AccesstoIndicators,TacBcs,techniques,andprocedures(TTPs),Securityalerts,Threatintelligencereports,ToolconfiguraBons• EnhanceoperaBonalunderstandingofcyberthreats• ProacBveDefense• ReduceCyberRisk• PrioriBzedMiBgaBonPlan• CosteffecBvedefensestrategy
![Page 7: Blockchain-based Cybersecurity Informa8on …credit.pvamu.edu/MCBDA2019/UTEP_Tosh.pdfBlockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency Dr. Deepak K. Tosh Assistant](https://reader033.fdocuments.net/reader033/viewer/2022042303/5ece4ca7b1af104f892b65b6/html5/thumbnails/7.jpg)
Limita8ons of Informa8on Sharing
• SomethingstopsorganizaBonsfromsharing!!!• JeopardizethesecuritypostureofthesharingorganizaBon• Externalimpactssuchasmarketvalue,reputaBon,etc.• InformaBonfree-riding• SpuriousinformaBonandprocessingoverheads
![Page 8: Blockchain-based Cybersecurity Informa8on …credit.pvamu.edu/MCBDA2019/UTEP_Tosh.pdfBlockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency Dr. Deepak K. Tosh Assistant](https://reader033.fdocuments.net/reader033/viewer/2022042303/5ece4ca7b1af104f892b65b6/html5/thumbnails/8.jpg)
How did we get here?
Following9-11FederalInformaBonSharinggrows-failuretoconnectthedots
In2007,PresidentBushcreatesComprehensiveNaEonalCyberIniEaEve(CNCI)-ConnecttheFedCyberCentersinordertoaddresscyberthreatlandscape
In2013,EnhanceSharedSituaEonAwarenessProject(ESSA)createdtoautomatecyberthreatinformaBonsharingbetweenFedCyberCenters.-StandardsharinglanguagesSTIX/TAXII,sharedcapabilityproviders,andcommonsharingagreement(MISA).
In2015,CybersecurityInformaEonSharingAct(CISA)passed.-EstablishestheDHSAutomatedIndicatorSharing(AIS)ProgramforsharingcyberthreatindicatorsanddefensivemeasuresbetweentheFederalGovernmentandNon-FederalEnBBes.
In2016thelegacyofESSAisleveragedbyDHSforconBnuaBonofFederalCyberThreatInformaBonSharingandcoordinaBonthroughtheFederalCybersecurityInteragencyGroup(FCIG).
![Page 9: Blockchain-based Cybersecurity Informa8on …credit.pvamu.edu/MCBDA2019/UTEP_Tosh.pdfBlockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency Dr. Deepak K. Tosh Assistant](https://reader033.fdocuments.net/reader033/viewer/2022042303/5ece4ca7b1af104f892b65b6/html5/thumbnails/9.jpg)
Cybersecurity Informa8on Sharing Today
• CybersecurityInformaBonsharinghasbeengoingonthroughISACs,ISAOs,eco-systems,opensource,andcommercialofferings• LimitaBons• Generallyunstructureddata• Ad-hocmanualcommunicaBonssuchasemail/IM/IRC/paper• Fewautomatedtools• LackofincenBvemodelforvoluntaryparBcipaBon
![Page 10: Blockchain-based Cybersecurity Informa8on …credit.pvamu.edu/MCBDA2019/UTEP_Tosh.pdfBlockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency Dr. Deepak K. Tosh Assistant](https://reader033.fdocuments.net/reader033/viewer/2022042303/5ece4ca7b1af104f892b65b6/html5/thumbnails/10.jpg)
Outline
ü MoBvaBonü Cyber-ThreatInformaBon(CTI)sharingü CurrentEfforts• Modelinga“Specific”Problem:SharingParEcipaEon• BlockchainforInformaBonSharing• ResearchChallenges• ConcludingRemarks
![Page 11: Blockchain-based Cybersecurity Informa8on …credit.pvamu.edu/MCBDA2019/UTEP_Tosh.pdfBlockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency Dr. Deepak K. Tosh Assistant](https://reader033.fdocuments.net/reader033/viewer/2022042303/5ece4ca7b1af104f892b65b6/html5/thumbnails/11.jpg)
CYBEX Self-Coexistence Game
• N-firmsplayindependentlytofigureoutwhethertoparBcipateintheCTIsharingornot
![Page 12: Blockchain-based Cybersecurity Informa8on …credit.pvamu.edu/MCBDA2019/UTEP_Tosh.pdfBlockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency Dr. Deepak K. Tosh Assistant](https://reader033.fdocuments.net/reader033/viewer/2022042303/5ece4ca7b1af104f892b65b6/html5/thumbnails/12.jpg)
CYBEX Self-Coexistence Game
Conflict:• Firms’parBcipaBondependonparBcipaBoncostchargedbyCYBEX• IfCYBEXchargestoohigh,lowparBcipaBonmightberesulted• IfCYBEXchargestoolow,CYBEXmightnotbeprofitable
• Firm’snetpayoffdependstwomajorfactors:• SharingandInvestmentGain• ParBcipaBoncostandcostofinformaBonshared
![Page 13: Blockchain-based Cybersecurity Informa8on …credit.pvamu.edu/MCBDA2019/UTEP_Tosh.pdfBlockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency Dr. Deepak K. Tosh Assistant](https://reader033.fdocuments.net/reader033/viewer/2022042303/5ece4ca7b1af104f892b65b6/html5/thumbnails/13.jpg)
CYBEX Self-Coexistence Game
• Thestrategicformcanbe
• IfSislow,thenpurestrategyNashequilibriumforthesinglestagegameis:(NotPar)cipate,NotPar)cipate)• CYBEXcannotsurviveinthiscase
• MulE-stageevoluEonaryanalysisisimportant
![Page 14: Blockchain-based Cybersecurity Informa8on …credit.pvamu.edu/MCBDA2019/UTEP_Tosh.pdfBlockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency Dr. Deepak K. Tosh Assistant](https://reader033.fdocuments.net/reader033/viewer/2022042303/5ece4ca7b1af104f892b65b6/html5/thumbnails/14.jpg)
Evolu8onary Game Analysis
Goal:FindevoluBonarystablestrategy(ESS)thatcannotbeinvadedbyanyotherstrategyReplicatorDynamics:Assume,𝛼=ProporBonofpopulaBonwhoparBcipateandshareinCYBEX,thetransformaBonrate(𝑔(𝛼))is• ProporBonaltodifferenceofexpectedindividualuBlityforthatstrategy(𝐸↓𝑠ℎ (𝑢))andexpecteduBlityofthepopulaBono 𝑔(𝛼)=𝛼[ 𝐸↓𝑠ℎ (𝑢)−𝐸(𝑢)]
Where,𝐸(𝑢)isaverageuBlityofthewholepopulaBon
![Page 15: Blockchain-based Cybersecurity Informa8on …credit.pvamu.edu/MCBDA2019/UTEP_Tosh.pdfBlockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency Dr. Deepak K. Tosh Assistant](https://reader033.fdocuments.net/reader033/viewer/2022042303/5ece4ca7b1af104f892b65b6/html5/thumbnails/15.jpg)
Solving the Game
§ Solvingfor𝑔(𝛼)=0,wefind
§ Tohavestableneighborhood,𝑔↑′ (𝛼)<0§ WisechoiceofincenBveorparBcipaBoncost(c)isneededtomoBvatethesociallyopBmalbehavior
![Page 16: Blockchain-based Cybersecurity Informa8on …credit.pvamu.edu/MCBDA2019/UTEP_Tosh.pdfBlockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency Dr. Deepak K. Tosh Assistant](https://reader033.fdocuments.net/reader033/viewer/2022042303/5ece4ca7b1af104f892b65b6/html5/thumbnails/16.jpg)
Interes8ng Evolu8onary Strategy
• ExactESSisdecideddependingoniniBalsharingstrategypopulaBon(𝛼)• 𝛼↓𝑠𝑜𝑙↓1 (NoSharing)isESS,if0<𝛼< 𝑐+𝑥/(𝑆−1)𝑎𝑙𝑜𝑔(1+𝐼) • 𝛼↓𝑠𝑜𝑙↓2 (Share&ParBcipate)isESS,if𝑐+𝑥/(𝑆−1)𝑎𝑙𝑜𝑔(1+𝐼) <𝛼<1
![Page 17: Blockchain-based Cybersecurity Informa8on …credit.pvamu.edu/MCBDA2019/UTEP_Tosh.pdfBlockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency Dr. Deepak K. Tosh Assistant](https://reader033.fdocuments.net/reader033/viewer/2022042303/5ece4ca7b1af104f892b65b6/html5/thumbnails/17.jpg)
Incen8viza8on through Par8cipa8on Cost
• DynamicincenBve/parBcipaBoncostexploitstheESScondiBons• RevenueofCYBEXgrowsperiodically
• StaBccostdemoBvatesfirmsfromparBcipaBon
![Page 18: Blockchain-based Cybersecurity Informa8on …credit.pvamu.edu/MCBDA2019/UTEP_Tosh.pdfBlockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency Dr. Deepak K. Tosh Assistant](https://reader033.fdocuments.net/reader033/viewer/2022042303/5ece4ca7b1af104f892b65b6/html5/thumbnails/18.jpg)
Other Challenges
• Cyber-investment• OpBmalsecurityinvestmentwhilesharingisconsidered
• InformaBonOwnership
• IntegrityandAuditabilityofsharedinformaBon
![Page 19: Blockchain-based Cybersecurity Informa8on …credit.pvamu.edu/MCBDA2019/UTEP_Tosh.pdfBlockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency Dr. Deepak K. Tosh Assistant](https://reader033.fdocuments.net/reader033/viewer/2022042303/5ece4ca7b1af104f892b65b6/html5/thumbnails/19.jpg)
Outline
ü MoBvaBonü Cyber-ThreatInformaBon(CTI)sharingü CurrentEffortsü Modelinga“Specific”Problem:SharingParBcipaBon• BlockchainforInformaEonSharing• ResearchChallenges• ConcludingRemarks
![Page 20: Blockchain-based Cybersecurity Informa8on …credit.pvamu.edu/MCBDA2019/UTEP_Tosh.pdfBlockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency Dr. Deepak K. Tosh Assistant](https://reader033.fdocuments.net/reader033/viewer/2022042303/5ece4ca7b1af104f892b65b6/html5/thumbnails/20.jpg)
Blockchain for Informa8on Sharing
Blockchain(IntegralpartofBitcoin):• AnopendistributedledgertorecordtransacBonsimmutably• Cost-lessverificaEonoftransacBons• Fault-tolerant
Source:hOps://en.wikipedia.org/wiki/Blockchain
![Page 21: Blockchain-based Cybersecurity Informa8on …credit.pvamu.edu/MCBDA2019/UTEP_Tosh.pdfBlockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency Dr. Deepak K. Tosh Assistant](https://reader033.fdocuments.net/reader033/viewer/2022042303/5ece4ca7b1af104f892b65b6/html5/thumbnails/21.jpg)
Blockchain-empowered Cybersecurity Informa8on Sharing Goals
What?Real-BmedisseminaBonofrelevantandacBonablecyberthreatindicatorsanddefensivemeasuresWho?Government,militaryandcommercialsectorsWhy?ProacBvedefenseandreducecyberriskWhile?Ensuringintegrity,trust,andprivacy
![Page 22: Blockchain-based Cybersecurity Informa8on …credit.pvamu.edu/MCBDA2019/UTEP_Tosh.pdfBlockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency Dr. Deepak K. Tosh Assistant](https://reader033.fdocuments.net/reader033/viewer/2022042303/5ece4ca7b1af104f892b65b6/html5/thumbnails/22.jpg)
Blockchain-integrated Informa8on Sharing
Provenance:• AudiBngprocesswhichmaintainsarecordofalloperaBonsconductedonsharedthreatinformaBon• MaintainInformaBonIntegrity
![Page 23: Blockchain-based Cybersecurity Informa8on …credit.pvamu.edu/MCBDA2019/UTEP_Tosh.pdfBlockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency Dr. Deepak K. Tosh Assistant](https://reader033.fdocuments.net/reader033/viewer/2022042303/5ece4ca7b1af104f892b65b6/html5/thumbnails/23.jpg)
Research Challenges
Ø EnsuringinformaBonprivacy
Ø PruningredundantinformaBon
Ø DerivingacBonablethreatintelligence
Ø Qualityvs.quanBty
Ø Enablingsector-wiseinformaBonsharing
![Page 24: Blockchain-based Cybersecurity Informa8on …credit.pvamu.edu/MCBDA2019/UTEP_Tosh.pdfBlockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency Dr. Deepak K. Tosh Assistant](https://reader033.fdocuments.net/reader033/viewer/2022042303/5ece4ca7b1af104f892b65b6/html5/thumbnails/24.jpg)
Concluding Remarks
• Cybersecuritylandscapeishugeandtherearealottoexplore• Cyber-threatinformaBonsharingisoneimportantiniBaBvetowardproacBvedefense• BlockchaintechnologyisanewfronBertodesigntamper-resistantsystems• Aworkingpladormthatintegratesbothisyettocome
![Page 25: Blockchain-based Cybersecurity Informa8on …credit.pvamu.edu/MCBDA2019/UTEP_Tosh.pdfBlockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency Dr. Deepak K. Tosh Assistant](https://reader033.fdocuments.net/reader033/viewer/2022042303/5ece4ca7b1af104f892b65b6/html5/thumbnails/25.jpg)
Thank You QuesBons??