Blockchain Technology as a Cyber Threat Intelligence Sharing Platform

17th December, 2021

Authors Erisa Karafili and Stefano De Angelis

In the CyberKit4SME project, we are using Blockchain technology for the Cyber Threat Intelligence sharing platform.


Chosen Blockchain Technology

We are using Service Ledger (SL) that is a blockchain-as-a-service platform offering programmable blockchain-enabled services that can be adapted to several application scenarios. In the CyberKit4SME project, SL enables the sharing of Cyber Threat Intelligence (CTI), between organisations and national cybersecurity authorities.


The need for Cyber Threat Intelligence sharing

The exchange of CTI is crucial as it helps SMEs with the following activities:

  1. Improve cybersecurity awareness of ongoing and past cyber threats;
  2. Tune defences against possible new threats and malicious activities;
  3. Contribute to a community with their CTI data collected from monitoring and risk assessment systems.


Service Ledger – the technology for CTI sharing

SL has been designed to cope with security and privacy issues that usually affect data sharing platforms. Differently from classic centralised designs for data sharing, SL leverages a decentralised repository, a.k.a. Decentralised Data Storage (DDR), to avoid single points of failure and tampering of sensitive data. Thus, it makes use of a blockchain to maintain an immutable record of data shared among parties and control the ownership via unique digital tokens (CTI NFTs). Furthermore, everything is cryptographically secured via asymmetric encryption to ensure data confidentiality. SL embeds attribute-based encryption sharing protocols allowing SMEs to define ad-hoc, private, sharing groups and organise the visibility of data with precise access control rules. Additionally, SMEs have the possibility of anonymous sharing, to preserve business confidentiality while complying with data sharing duties.


A novel approach

The combination of DDR with the blockchain enables SL to introduce a novel approach coping with blockchain data storing limitations. SL uses the blockchain to mint a unique and immutable digital representation (NFTs) of each piece of CTI data stored over the repository. As a result, the sharing platform can offer adequate performance, and improve data availability, security, and privacy.


Integrability of SL

SL enables interoperability with other systems and sharing tools, embedding TAXII and STIX standards for the representation and exchange of CTI. The use of standards facilitates the interaction with current legacy systems without requiring additional implementations or data parsing activities.


Stefano De Angelis, Erisa Karafili