Trade: Trusted anonymous data exchange: Threat sharing using blockchain technology

Yair Allouche, Nachiket Tapas, Francesco Longo, Asaf Shabtai, Yaron Wolfsthal

arXiv preprint arXiv:2103.13158, 2021

Cyber attacks are becoming more frequent and sophisticated, introducing significant challenges for organizations to protect their systems and data from threat actors. Today, threat actors are highly motivated, persistent, and well-founded and operate in a coordinated manner to commit a diversity of attacks using various sophisticated tactics, techniques, and procedures. Given the risks these threats present, it has become clear that organizations need to collaborate and share cyber threat information (CTI) and use it to improve their security posture. In this paper, we present TRADE — TRusted Anonymous Data Exchange — a collaborative, distributed, trusted, and anonymized CTI sharing platform based on blockchain technology. TRADE uses a blockchain-based access control framework designed to provide essential features and requirements to incentivize and encourage organizations to share threat intelligence information. In TRADE, organizations can fully control their data by defining sharing policies enforced by smart contracts used to control and manage CTI sharing in the network. TRADE allows organizations to preserve their anonymity while keeping organizations fully accountable for their action in the network. Finally, TRADE can be easily integrated within existing threat intelligence exchange protocols – such as trusted automated exchange of intelligence information (TAXII) and OpenDXL, thereby allowing a fast and smooth technology adaptation.