PURA-SCIS protocol: a novel solution for cloud-based information sharing protection for sectoral organizations

Putra, Fandi Aditya and Ramli, Kalamullah and Hayati, Nur and Gunawan, Teddy Surya (2021) PURA-SCIS protocol: a novel solution for cloud-based information sharing protection for sectoral organizations. Symmetry, 13 (12). pp. 1-22. E-ISSN 2073-8994

PDF - Published Version
Restricted to Registered users only
Download (27MB) | Request a copy

Official URL: https://www.mdpi.com/2073-8994/13/12/2347

Abstract

Over recent years, the incidence of data breaches and cyberattacks has increased significantly. This has highlighted the need for sectoral organizations to share information about such events so that lessons can be learned to mitigate the prevalence and severity of cyber incidents against other organizations. Sectoral organizations embody a governance relationship between cross-sector public and private entities, called public-private partnerships (PPPs). However, organizations are hesitant to share such information due to a lack of trust and business-critical confidentially issues. This problem occurs because of the absence of any protocols that guarantee privacy protection and protect sensitive information. To address this issue, this paper proposes a novel protocol, Putra-Ramli Secure Cyber-incident Information Sharing (PURA-SCIS), to secure cyber incident information sharing. PURA-SCIS has been designed to offer exceptional data and privacy protection and run on the cloud services of sectoral organizations. The relationship between organizations in PURA-SCIS is symmetrical, where the entities must collectively maintain the security of classified cyber incident information. Furthermore, the organizations must be legitimate entities in the PURA-SCIS protocol. The Scyther tool was used for protocol verification in PURA-SCIS. The experimental results showed that the proposed PURA-SCIS protocol provided good security properties, including public verifiability for all entities, blockless verification, data privacy preservation, identity privacy preservation and traceability, and private information sharing. PURA-SCIS also provided a high degree of confidentiality to protect the security and integrity of cyber-incident-related information exchanged among sectoral organizations via cloud services.

Item Type:	Article (Journal)
Uncontrolled Keywords:	cyber incident information sharing; secure protocol; sectoral organizations; classified information; privacy preservation; data protection
Subjects:	T Technology > TK Electrical engineering. Electronics Nuclear engineering > TK7800 Electronics. Computer engineering. Computer hardware. Photoelectronic devices > TK7885 Computer engineering
Kulliyyahs/Centres/Divisions/Institutes (Can select more than one option. Press CONTROL button):	Kulliyyah of Engineering Kulliyyah of Engineering > Department of Electrical and Computer Engineering
Depositing User:	Prof. Dr. Teddy Surya Gunawan
Date Deposited:	08 Dec 2021 11:02
Last Modified:	08 Dec 2021 11:02
URI:	http://irep.iium.edu.my/id/eprint/94513

Actions (login required)

View Item

Download Statistics

Downloads

Downloads per month over past year