Abstract:
The current practice of informal cyber threat intelligence (CTI) sharing among organisations is characterized with the use of emails and social media exchanges among individuals. This model is highly subjective and dependent on a specific individual’s social networks. While international cyber threat intelligence is well covered by the traditional IT tools and firewalls, there exists a knowledge gap on locally manufactured and executed malware and cybercriminal activities. Financial institutions have CTI at their disposal that could protect each other from computer hacks and fraud. The effective sharing of this intelligence among financial institutions could help reduce the high-income leakages that is brought about by cyber-attacks. The challenge is how to share this intelligence confidentially and anonymously since the financial institutions are competitors, have a huge reputation to protect and thrive on business secrecy. To solve this problem effectively, trust-based computing must be used. Ethereum is a blockchain based technology that comes with the ability to write smart contracts, small programs that sit on the blockchain. As the contracts are on the blockchain, they become immutable thus providing an alternative protocol for building decentralized applications. This research was able to achieve the sharing CTI by a developed model utilizing Ethereum smart contract blockchain technology. The blockchain private ledger, based on Ethereum, was used in this research to ensure information is only passed among the trusted financial institutions. Sharing CTI on the developed model took an average of 45 seconds, costed an average of $0.45 with anonymity guaranteed. Anonymity was achieved by introducing a layer of abstraction to protect the identity of the participating nodes or the financial institutions in the private blockchain network when passing information. This model based on contract technologies will assist in sharing CTI securely among trusted parties.
Keywords: Blockchain, Cyber Threat Intelligence, Ethereum, IoT, Smart Contract
