Sharing is Caring: A collaborative framework for sharing security alerts

A threat detection system that aims to be collaborative and active cannot function without adequate communication between the actors involved. In particular, an exchange of information about responses to security incidents allows better identification and prevention of future incidents while enabling them to be isolated faster. On the other hand, the main problem that seems to hinder companies or individuals concerned by cybersecurity attacks from communicating adequately with others is the notion of confidentiality.

For this reason, researchers Ajmal et al. (2021) attempt to demystify methods to circumvent this problem through a case study. In particular, they have chosen the field of health as a subject of study.  Also, they present the Sharing is Caring (SIC) model, which consists of allowing different organizations in the health sector to share their data on attacks and security defences. This process helps obtain a better collaborative defence against their common attackers without compromising the confidentiality of their network, users, nor patients.

Specifically, the SIC model offers two guarantees to users in terms of confidentiality. First, no affected party will be aware of how an organization has reacted to IP addresses. Secondly, the operations carried out are completely decentralized, so they are not committed under a trusted party to avoid harming it.

Researchers analyzed this model’s confidentiality and security properties against malicious security attacks. In addition, they did a prototype of the system architecture (see Figure 1) to assess its performance in terms of time, and they observed the communication bandwidth.

As a result of the various complex analyses, the researchers affirm that the SIC model is an adequate choice to allow collaboration between organizations while preserving the confidentiality of the network, clients, or patients.

They shed light on the relevant strengths of CIS, such as lightweight crypto operations, properties of decentralization, and reasonable overhead that allow confidentiality in sharing alerts. Finally, this healthcare case study opens our eyes to collaborative communication possibilities using application models like the CIS model presented. The researchers conclude that improving communication between organizations affected by cybersecurity issues through models and tools securing confidential information is possible.

To cite: Ajmal Azad, M., Bag, S., Ahmad, F., Hao, F. (2021). Sharing is Caring: A collaborative framework for sharing security alerts. Computer Communications, 165, 75-84.