Reinhold, Thomas ; Kühn, Philipp ; Günther, Daniel ; Schneider, Thomas ; Reuter, Christian (2023)
ExTRUST: Reducing exploit stockpiles with a privacy-preserving depletion system for inter-state relationships.
In: IEEE Transactions on Technology and Society, 4 (2)
doi: 10.1109/TTS.2023.3280356
Artikel, Bibliographie
Kurzbeschreibung (Abstract)
Cyberspace is a fragile construct threatened by malicious cyber operations of different actors, with vulnerabilities in IT hardware and software forming the basis for such activities, thus also posing a threat to global IT security. Advancements in the field of artificial intelligence accelerate this development, either with artificial intelligence enabled cyber weapons, automated cyber defense measures, or artificial intelligence-based threat and vulnerability detection. Especially state actors, with their long-term strategic security interests, often stockpile such knowledge of vulnerabilities and exploits to enable their military or intelligence service cyberspace operations. While treaties and regulations to limit these developments and to enhance global IT security by disclosing vulnerabilities are currently being discussed on the international level, these efforts are hindered by state concerns about the disclosure of unique knowledge and about giving up tactical advantages. This leads to a situation where multiple states are likely to stockpile at least some identical exploits, with technical measures to enable a depletion process for these stockpiles that preserve state secrecy interests and consider the special constraints of interacting states as well as the requirements within such environments being non-existent. This paper proposes such a privacy-preserving approach that allows multiple state parties to privately compare their stock of vulnerabilities and exploits to check for items that occur in multiple stockpiles without revealing them so that their disclosure can be considered. We call our system ExTRUST and show that it is scalable and can withstand several attack scenarios. Beyond the intergovernmental setting, ExTRUST can also be used for other zero-trust use cases, such as bug-bounty programs.
| Typ des Eintrags: | Artikel |
|---|---|
| Erschienen: | 2023 |
| Autor(en): | Reinhold, Thomas ; Kühn, Philipp ; Günther, Daniel ; Schneider, Thomas ; Reuter, Christian |
| Art des Eintrags: | Bibliographie |
| Titel: | ExTRUST: Reducing exploit stockpiles with a privacy-preserving depletion system for inter-state relationships |
| Sprache: | Englisch |
| Publikationsjahr: | 29 Juni 2023 |
| Ort: | k.A. |
| Verlag: | IEEE |
| Titel der Zeitschrift, Zeitung oder Schriftenreihe: | IEEE Transactions on Technology and Society |
| Jahrgang/Volume einer Zeitschrift: | 4 |
| (Heft-)Nummer: | 2 |
| Buchtitel: | IEEE Transactions on Technology and Society |
| DOI: | 10.1109/TTS.2023.3280356 |
| URL / URN: | https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=101... |
| Kurzbeschreibung (Abstract): | Cyberspace is a fragile construct threatened by malicious cyber operations of different actors, with vulnerabilities in IT hardware and software forming the basis for such activities, thus also posing a threat to global IT security. Advancements in the field of artificial intelligence accelerate this development, either with artificial intelligence enabled cyber weapons, automated cyber defense measures, or artificial intelligence-based threat and vulnerability detection. Especially state actors, with their long-term strategic security interests, often stockpile such knowledge of vulnerabilities and exploits to enable their military or intelligence service cyberspace operations. While treaties and regulations to limit these developments and to enhance global IT security by disclosing vulnerabilities are currently being discussed on the international level, these efforts are hindered by state concerns about the disclosure of unique knowledge and about giving up tactical advantages. This leads to a situation where multiple states are likely to stockpile at least some identical exploits, with technical measures to enable a depletion process for these stockpiles that preserve state secrecy interests and consider the special constraints of interacting states as well as the requirements within such environments being non-existent. This paper proposes such a privacy-preserving approach that allows multiple state parties to privately compare their stock of vulnerabilities and exploits to check for items that occur in multiple stockpiles without revealing them so that their disclosure can be considered. We call our system ExTRUST and show that it is scalable and can withstand several attack scenarios. Beyond the intergovernmental setting, ExTRUST can also be used for other zero-trust use cases, such as bug-bounty programs. |
| Freie Schlagworte: | Engineering E4, E7, Cryptography and Privacy Engineering (ENCRYPTO), Science and Technology for Peace and Security (PEASEC), CYSEC, GRK Privacy&Trust for Mobile Users (Project A.1) |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Praktische Kryptographie und Privatheit 20 Fachbereich Informatik > Wissenschaft und Technik für Frieden und Sicherheit (PEASEC) DFG-Sonderforschungsbereiche (inkl. Transregio) DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche DFG-Graduiertenkollegs DFG-Graduiertenkollegs > Graduiertenkolleg 2050 Privacy and Trust for Mobile Users Profilbereiche Profilbereiche > Cybersicherheit (CYSEC) DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen |
| Hinterlegungsdatum: | 10 Jul 2023 10:00 |
| Letzte Änderung: | 10 Jul 2023 10:00 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum