Enabling conditional cross-domain data sharing via a cryptographic approach

Cross-domain Internet-scale collaborative security is affected by a native dichotomy. On one side, sharing of monitoring data across domains may significantly help in detecting large scale threats and attacks; on the other side, data sharing conflicts with the need to protect network customers´ privacy and confidentiality of business and operational information. The approach first proposed in this paper enables what we call “conditional data sharing”, i.e., permit cross-domain sharing of fine-grained organized subsets of network security data (called monitoring data feeds), only when a threshold number of domains are ready to reveal their data for the same feed. The proposed approach revolves on a careful combination of distributed threshold based cryptography with identity-based encryption. It appears scalable and easy to deploy, not requiring neither a-priori monitoring data feeds identification, nor explicit coordination among domains. Protection is accomplished by “simply” using different cryptographic keys per feed, and automatically permitting per-feed key reconstruction upon the occurrence of independent and asynchronous per-domain/per-feed alerts.