Privacy-Preserving Cybersecurity Information Exchange Mechanism

Cybersecurity information sharing is improving cyber incident detection and prevention by reducing the loss caused by attacks and eliminating the costs of duplication efforts for cyber-defense. However, privacy is one of the major concerns of organizations, while they are gathering security information to share externally. In order to preserve the privacy of organizations in the cybersecurity information sharing framework, we propose a novel mechanism which consists of four components: (i) Registration, (ii) Sharing, (iii) Dispute, (iv) Rewarding. Our mechanism enables the organizations to share their cybersecurity information without revealing their identities. Besides, in order to encourage collaboration and prevent free-riding, rewards are issued anonymously in return for contributions. For this purpose, we are proposing a new aggregatable blind signature based on BBS+ signature scheme. Security analysis and performance evaluation are conducted showing the effectiveness and efficiency of the proposed mechanism.