The PUZZLE project offers a set of technologies that will allow Small & Medium Enterprises and Micro Enterprises (SMEs&MEs) to develop a secure, fair, and scalable communication network between them in order to be proactive against known cyber threats.
Such a communication mechanism allows the “transacting” entities to exchange sensitive information over secure and private channels and provides the necessary ground to create a large data bank of Cyber Threat Information (CTI).
This Collective Threat Intelligence data bank is shared among, trusted or not, transacting entities and it is protected under the umbrella of security mechanisms that blockchain technology provides. The platform used to realize this idea is the Hyperledger Fabric, which is an open source blockchain framework offered by the Linux Foundation. Tis permissioned network allows organisations to authenticate themselves, while access control and governance are also highly supported through distinct private channels of communication and Attribute-base access control (ABAC) mechanisms.
The core components that were developed for the needs of the PUZZLE project in terms of threat intelligence sharing are the Security Context Broker (SCB), and the Blockchain Peer. The SCB as can be seen in Figure 1, is responsible for offering a trusted bridge between the Blockchain network and the outside world, and essentially plays the role of a secure oracle that converts the Threat Intelligence sharing policies into smart contracts as it sits in the heart of the communication system.
The Blockchain Peer is a component that enables each organization to interact with the blockchain Ledger. It is an entity of the blockchain network that hosts the chaincode to be executed, as well as the Ledger where the cyber threat intelligence information is written, as presented in Figure 2.
To cover all the functionalities needed by such a communication system, we have developed a set of smart contracts that are packed into a single chaincode that each Blockchain Peer abides by.
Author: AEGIS IT Research.
Featured Photo by Geralt on Pixabay.