Secure Cybersecurity Information Sharing for Sectoral Organizations Using Ethereum Blockchain and IPFS
Abstract
The COVID-19 pandemic has resulted in increased cross-sector cyber-attacks. Passive and reactive cybersecurity techniques relying solely on technology are insufficient to combat sophisticated attacks, necessitating proactive and collaborative security measures to minimize attacks. Cybersecurity Information Sharing (CIS) enhances security via proactive and collaborative cybersecurity information exchange, but its implementation via cloud services faces threats from man in the middle (MITM) and distributed denial of service (DDoS) attacks, as well as a vulnerability in cloud storage involving centralized data control. These threats and vulnerabilities result in a lack of user confidence in the confidentiality, integrity, and availability of information. This paper proposes Secure Cybersecurity Information Sharing (SCIS) to secure Cybersecurity Information in sectoral organizations using the private interplanetary file system (IPFS) network and the private Ethereum Blockchain network. Private Ethereum Blockchain enables secure and transparent transaction logging, while Private IPFS network provides decentralized storage, addressing vulnerabilities in centralized storage systems. The outcomes of the tests reveal that the suggested SCIS system offers cybersecurity information availability, confidentiality, and integrity. SCIS provides a high level of security to protect cybersecurity information exchanged between sectoral organizations using the Private Ethereum Blockchain network and the Private IPFS network so that organizations can safely share and utilize information.
Downloads
References
A. Lamssaggad, N. Benamar, A. S. Hafid, and M. Msahli, “A Survey on the Current Security Landscape of Intelligent Transportation Systems,” IEEE Access, vol. 9, no. Vlc, pp. 9180–9208, 2021.
https://doi.org/10.1109/ACCESS.2021.3050038.
H. S. Lallie et al., “Cyber security in the age of COVID-19: A timeline and analysis of cyber-crime and cyber-attacks during the pandemic,” Comput Secur, vol. 105, p. 102248, 2021.
https://doi.org/10.1016/j.cose.2021.102248.
S. J. Ee, J. W. Tien Ming, J. S. Yap, and S. C. Y. Lee, “Active and Passive Security Attacks in Wireless Networks and Prevention Techniques,” pp. 1–17, 2020.
https://doi.org/doi: 10.36227/techrxiv.12972857.v1.
K. Bhat, E. Van Der Kouwe, H. Bos, and C. Giuffrida, “ProbeGuard: Mitigating Probing Attacks Through Reactive Program Transformations,” International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS, pp. 545–558, 2019.
https://doi.org/10.1145/3297858.3304073.
A. B. Ajmal, M. A. Shah, C. Maple, M. N. Asghar, and S. U. Islam, “Offensive Security: Towards Proactive Threat Hunting via Adversary Emulation,” IEEE Access, vol. 9, pp. 126023–126033, 2021.
https://doi.org/10.1109/ACCESS.2021.3104260.
N. N. P. Mkuzangwe and Z. C. Khan, “Cyber-Threat Information-Sharing Standards: A Review of Evaluation Literature,” The African Journal of Information and Communication, no. 25, pp. 1–12, 2020.
https://doi.org/10.23962/10539/29191.
Berlilana, T. Noparumpa, A. Ruangkanjanases, T. Hariguna, and Sarmini, “Organization benefit as an outcome of organizational security adoption: The role of cyber security readiness and technology readiness,” Sustainability (Switzerland), vol. 13, no. 24, 2021.
https://doi.org/10.3390/su132413761.
Y. Li and Q. Liu, “A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments,” Energy Reports, vol. 7, no. xxxx, pp. 8176–8186, 2021.
https://doi.org/10.1016/j.egyr.2021.08.126.
J. Dykstra, L. A. Gordon, M. P. Loeb, and L. Zhou, “The Economics of Sharing Unclassified Cyber Threat Intelligence by Government Agencies and Departments,” Journal of Information Security, vol. 13, no. 03, pp. 85–100, 2022.
https://doi.org/10.4236/jis.2022.133006.
A. Pala and J. Zhuang, “Information sharing in cybersecurity: A review,” Decision Analysis, vol. 16, no. 3, pp. 172–196, 2019.
https://doi.org/10.1287/deca.2018.0387.
S. Pal, M. Hitchens, T. Rabehaja, and S. Mukhopadhyay, “Security requirements for the internet of things: A systematic approach,” Sensors (Switzerland), vol. 20, no. 20, pp. 1–34, 2020.
https://doi.org/10.3390/s20205897.
M. A. Berawi, M. Sari, F. A. F. Addiani, and N. Madyaningrum, “Developing a Blockchain-based Data Storage System Model to Improve Government Agencies’ Organizational Performance,” International Journal of Technology, vol. 12, no. 5, pp. 1038–1047, 2021, doi: 10.14716/ijtech.v12i5.5237.
M. Hajizadeh, N. Afraz, M. Ruffini, and T. Bauschert, “Collaborative cyber attack defense in SDN networks using blockchain technology,” Proceedings of the 2020 IEEE Conference on Network Softwarization: Bridging the Gap Between AI and Network Softwarization, NetSoft 2020, no. June, pp. 487–492, 2020.
https://doi.org/10.1109/NetSoft48620.2020.9165396.
A. Mallik, A. Ahsan, M. M. Z. Shahadat, and J. C. Tsou, “Man-in-the-middle-attack: Understanding in simple words,” International Journal of Data and Network Science, vol. 3, no. 2, pp. 77–92, 2019.
https://doi.org/10.5267/j.ijdns.2019.1.001.
P. Purwono et al., “Blockchain Technology,” vol. 8, no. 2, pp. 199–205, 2022.
https://doi.org/10.26555/jiteki.v8i2.24327.
A. G. Gad, D. T. Mosa, L. Abualigah, and A. A. Abohany, “Emerging Trends in Blockchain Technology and Applications: A Review and Outlook,” Journal of King Saud University - Computer and Information Sciences, vol. 34, no. 9, pp. 6719–6742, 2022.
https://doi.org/10.1016/j.jksuci.2022.03.007.
H. Taherdoost, “Smart Contracts in Blockchain Technology: A Critical Review,” Information (Switzerland), vol. 14, no. 2, 2023.
https://doi.org/10.3390/info14020117.
R. Tas and O. O. Tanriover, “Building A Decentralized Application on the Ethereum Blockchain,” 3rd International Symposium on Multidisciplinary Studies and Innovative Technologies, ISMSIT 2019 - Proceedings, pp. 1–4, 2019.
https://doi.org/10.1109/ISMSIT.2019.8932806.
N. Gowda and C. Chakravorty, “Comparative study on cryptocurrency transaction and banking transaction,” Global Transitions Proceedings, vol. 2, no. 2, pp. 530–534, 2021.
https://doi.org/10.1016/j.gltp.2021.08.064.
S. Nzuva, “Smart Contracts Implementation, Applications, Benefits, and Limitations,” Public Policy and Administration Research, no. October, 2019.
https://doi.org/10.7176/ppar/9-9-06.
M. Muneeb, Z. Raza, I. U. Haq, and O. Shafiq, “SmartCon: A Blockchain-Based Framework for Smart Contracts and Transaction Management,” IEEE Access, vol. 10, pp. 10719–10730, 2022.
https://doi.org/10.1109/ACCESS.2021.3135562.
J. E. de Azevedo Sousa et al., “An analysis of the fees and pending time correlation in Ethereum,” International Journal of Network Management, vol. 31, no. 3, 2021.
https://doi.org/10.1002/nem.2113.
T. Ncube, N. Dlodlo, and A. Terzoli, “Private Blockchain Networks: A Solution for Data Privacy,” 2020 2nd International Multidisciplinary Information Technology and Engineering Conference, IMITEC 2020, no. December, 2020.
https://doi.org/10.1109/IMITEC50163.2020.9334132.
S. Namane and I. Ben Dhaou, “Blockchain-Based Access Control Techniques for IoT Applications,” Electronics (Switzerland), vol. 11, no. 14, pp. 1–29, 2022.
https://doi.org/10.3390/electronics11142225.
M. A. Manolache, S. Manolache, and N. Tapus, “Decision Making using the Blockchain Proof of Authority Consensus,” Procedia Comput Sci, vol. 199, pp. 580–588, 2021.
https://doi.org/10.1016/j.procs.2022.01.071.
A. Al-Zoubi, T. Saadeddin, and M. Dmour, “An Ethereum Private Network for Data Management in Blockchain of Things Ecosystem,” International Journal of Online and Biomedical Engineering (iJOE), vol. 19, no. 01, pp. 38–58, 2023.
https://doi.org/10.3991/ijoe.v19i01.35261.
E. Nyaletey, R. M. Parizi, Q. Zhang, and K. K. R. Choo, “BlockIPFS - Blockchain-enabled interplanetary file system for forensic and trusted data traceability,” Proceedings - 2019 2nd IEEE International Conference on Blockchain, Blockchain 2019, no. September, pp. 18–25, 2019.
https://doi.org/10.1109/Blockchain.2019.00012.
J. Shamdasani, “Decentralized File Storage ( Interplanetary File System ) using Blockchain,” vol. 12, no. 03, pp. 252–256, 2023.
https://doi.org/10.1016/j.procs.2023.01.088.
G. Gurung, R. Shah, and D. P. Jaiswal, “Software Development Life Cycle Models-A Comparative Study,” International Journal of Scientific Research in Computer Science, Engineering and Information Technology, no. March, pp. 30–37, 2020.
https://doi.org/10.32628/cseit206410.
C. Munoz-Ausecha, J. E. G. Gómez, J. Ruiz-Rosero, and G. Ramirez-Gonzalez, “Asset Ownership Transfer and Inventory Using RFID UHF TAGS and Ethereum Blockchain NFTs,” Electronics (Switzerland), vol. 12, no. 6, pp. 1–20, 2023.
https://doi.org/doi: 10.3390/electronics12061497.
S. K. Panda and S. C. Satapathy, “An Investigation into Smart Contract Deployment on Ethereum Platform Using Web3.js and Solidity Using Blockchain,” no. July, pp. 549–561, 2021. https://doi.org/10.1007/978-981-16-0171-2_52.
J. Zheng et al., “An In-Depth Review on Blockchain Simulators for IoT Environments,” Future Internet, vol. 14, no. 6, pp. 1–22, 2022.
Copyright (c) 2023 Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi)
This work is licensed under a Creative Commons Attribution 4.0 International License.
Copyright in each article belongs to the author
- The author acknowledges that the RESTI Journal (System Engineering and Information Technology) is the first publisher to publish with a license Creative Commons Attribution 4.0 International License.
- Authors can enter writing separately, arrange the non-exclusive distribution of manuscripts that have been published in this journal into other versions (eg sent to the author's institutional repository, publication in a book, etc.), by acknowledging that the manuscript has been published for the first time in the RESTI (Rekayasa Sistem dan Teknologi Informasi) journal ;
