Deepak K. Tosh

ProvChain: A Blockchain-based Data Provenance Architecture in Cloud Environment with Enhanced Privacy and Availability

Cloud data provenance is metadata that records the history of the creation and operations performed on a cloud data object. Secure data provenance is crucial for data accountability, forensics and privacy. In this paper, we propose a decentralized and trusted cloud data provenance architecture using blockchain technology. Blockchain-based data provenance can provide tamper-proof records, enable the transparency of data accountability in the cloud, and help to enhance the privacy and availability of the provenance data. We make use of the cloud storage scenario and choose the cloud file as a data unit to detect user operations for collecting provenance data. We design and implement ProvChain, an architecture to collect and verify cloud data provenance, by embedding the provenance data into blockchain transactions. ProvChain operates mainly in three phases: (1) provenance data collection, (2) provenance data storage, and (3) provenance data validation. Results from performance evaluation demonstrate that ProvChain provides security features including tamper-proof provenance, user privacy and reliability with low overhead for the cloud storage applications.

Establishing evolutionary game models for CYBer security information EXchange (CYBEX)

Abstract The initiative to protect critical resources against cyber attacks requires security investments complemented with a collaborative sharing effort from every organization. A CYBersecurity information EXchange (CYBEX) framework is required to facilitate cyber-threat intelligence (CTI) sharing among the organizations to abate the impact of cyber attacks. In this research, we present an evolutionary game theoretic framework to investigate the economic benefits of cybersecurity information sharing and analyze the impacts and consequences of not participating in the game. By using micro-economic theory as substrate, we model this framework as human-society inspired evolutionary game among the organizations and investigate the implications of information sharing. Using our proposed dynamic cost adaptation scheme and distributed learning heuristic, organizations are induced toward adopting the evolutionary stable strategy of participating in the sharing framework. We also extend the evolutionary analysis to understand sharing nature of participants in a heterogeneous information exchange environment.

Cyber-Threats Information Sharing in Cloud Computing: A Game Theoretic Approach

Cybersecurity is among the highest priorities in industries, academia and governments. Cyber-threats information sharing among different organizations has the potential to maximize vulnerabilities discovery at a minimum cost. Cyber-threats information sharing has several advantages. First, it diminishes the chance that an attacker exploits the same vulnerability to launch multiple attacks in different organizations. Second, it reduces the likelihood an attacker can compromise an organization and collect data that will help him launch an attack on other organizations. Cyberspace has numerous interconnections and critical infrastructure owners are dependent on each others service. This well-known problem of cyber interdependency is aggravated in a public cloud computing platform. The collaborative effort of organizations in developing a countermeasure for a cyber-breach reduces each firms cost of investment in cyber defense. Despite its multiple advantages, there are costs and risks associated with cyber-threats information sharing. When a firm shares its vulnerabilities with others there is a risk that these vulnerabilities are leaked to the public (or to attackers) resulting in loss of reputation, market share and revenue. Therefore, in this strategic environment the firms committed to share cyber-threats information might not truthfully share information due to their own self-interests. Moreover, some firms acting selfishly may rationally limit their cybersecurity investment and rely on information shared by others to protect themselves. This can result in under investment in cybersecurity if all participants adopt the same strategy. This paper will use game theory to investigate when multiple self-interested firms can invest in vulnerability discovery and share their cyber-threat information. We will apply our algorithm to a public cloud computing platform as one of the fastest growing segments of the cyberspace.

Self-Coexistence in Cognitive Radio Networks Using Multi-Stage Perception Learning

In this paper, we study the self-coexistence problem among competitive Cognitive Radio (CR) networks in an uncoordinated distributed wireless environment of homogeneous and heterogeneous bands. This problem can be correlated with famous optimal foraging theory, where the humming birds forage to explore islands in search of food sources to survive. The behavior of learning from observations leads them to find island of optimal resources. The proposed perception based learning mechanism for homogeneous spectra, helps the CR networks to strategize their choice of actions on the basis of rewards gathered from the accessed spectrum bands and successfully grab a clear chunk of spectrum. However, in heterogeneous bands scenario, the CR networks inadvertently choose the best suitable band greedily which lead them to collision. We incorporate a regret minimization technique with the proposed learning mechanism to resolve the contention among them and maximize system performance. Experimental results conclude that the networks could achieve the objective of finding a free spectrum with maximized system utility using the proposed heuristic within limited number of interactions.

Privacy-preserving cybersecurity information exchange mechanism

Cybersecurity information sharing is improving cyber incident detection and prevention by reducing the loss caused by attacks and eliminating the costs of duplication efforts for cyber-defense. However, privacy is one of the major concerns of organizations, while they are gathering security information to share externally. In order to preserve the privacy of organizations in the cybersecurity information sharing framework, we propose a novel mechanism which consists of four components: (i) Registration, (ii) Sharing, (iii) Dispute, (iv) Rewarding. Our mechanism enables the organizations to share their cybersecurity information without revealing their identities. Besides, in order to encourage collaboration and prevent free-riding, rewards are issued anonymously in return for contributions. For this purpose, we are proposing a new aggregatable blind signature based on BBS+ signature scheme. Security analysis and performance evaluation are conducted showing the effectiveness and efficiency of the proposed mechanism.

Three Layer Game Theoretic Decision Framework for Cyber-Investment and Cyber-Insurance

Cyber-threat landscape has become highly complex, due to which isolated attempts to understand, detect, and resolve cybersecurity issues are not feasible in making a time constrained decisions. Introduction of cyber-threat information (CTI) sharing has potential to handle this issue to some extent, where knowledge about security incidents is gathered, exchanged across organizations for deriving useful information regarding the threat actors and vulnerabilities. Although, sharing security information could allow organizations to make informed decision, it may not completely eliminate the risks. Therefore, organizations are also inclined toward considering cyber-insurance for transferring risks to the insurers. Also, in networked environment, adversaries may exploit the information sharing to successfully breach the participating organizations. In this paper, we consider these players, i.e. organizations, adversary, and insure, to model a three layer game, where players play sequentially to find out their optimal strategies. Organizations determine their optimal self-defense investment to make while participating in CTI sharing and cyber-insurance. The adversary looks for an optimal attack rate while the insurer targets to maximize its profit by offering suitable coverage level to the organizations. Using backward induction approach, we conduct subgame perfect equilibrium analysis to find optimal strategies for the involved players. We observe that when cyber-insurance is not considered, attacker prefers to increase its rate of attack. This motivates the organizations to consider cyber-insurance option for transferring the risks on their critical assets.

Towards a Trusted and Privacy Preserving Membership Service in Distributed Ledger Using Intel Software Guard Extensions

Distributed Ledger Technology (DLT) provides decentralized services by removing the need of trust among distributed nodes and the trust of central authority in the distributed system. Transactions across the whole network are visible to all participating nodes. However, some transactions may contain sensitive information such as business contracts and financial reports, or even personal health records. To protect user privacy, the architecture of distributed ledger with membership service as a critical component can be adopted. We make a step towards such vision by proposing a membership service architecture that combines two promising technologies, distributed ledger and Intel Software Guard Extensions (SGX). With SGX remote attestation and isolated execution features, each distributed node can be enrolled as a trusted entity. We propose security properties for membership service in distributed ledger and illustrate how SGX capabilities help to achieve these properties in each phase of membership service, including member registration, enrollment, transaction signing and verifying and transacting auditing. The SGX enabled membership service could enhance the support of privacy preservation, and defense capabilities against adversarial attacks, with scalability and cost effectiveness.

Risk Management Using Cyber-Threat Information Sharing and Cyber-Insurance

Critical infrastructure systems spanning from transportation to nuclear operations are vulnerable to cyber attacks. Cyber-insurance and cyber-threat information sharing are two prominent mechanisms to defend cybersecurity issues proactively. However, standardization and realization of these choices have many bottlenecks. In this paper, we discuss the benefits and importance of cybersecurity information sharing and cyber-insurance in the current cyber-warfare situation. We model a standard game theoretic participation model for cybersecurity information exchange (CYBEX) and discuss the applicability of economic tools in addressing important issues related to CYBEX and cyber-insurance. We also pose several open research challenges, which need to be addressed for developing a robust cyber-risk management capability.

An SDN Based Framework for Guaranteeing Security and Performance in Information-Centric Cloud Networks

Cloud data centers are critical infrastructures to deliver cloud services. Although security and performance of cloud data centers have been well studied in the past, their networking aspects are overlooked. Current network infrastructures in cloud data centers limit the ability of cloud provider to offer guaranteed cloud network resources to users. In order to ensure security and performance requirements as defined in the service level agreement (SLA) between cloud user and provider, cloud providers need the ability to provision network resources dynamically and on the fly. The main challenge for cloud provider in utilizing network resource can be addressed by provisioning virtual networks that support information centric services by separating the control plane from the cloud infrastructure. In this paper, we propose an sdn based information centric cloud framework to provision network resourcesin order to support elastic demands of cloud applications depending on SLA requirements. The framework decouples the control plane and data plane wherein the conceptually centralized control plane controls and manages the fully distributed data plane. It computes the path to ensure security and performance of the network. We report initial experiment on average round-trip delay between consumers and producers.