Private Sharing of IOCs and Sightings

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

11 Citations (Scopus)
7 Downloads (Pure)


Information sharing helps to better protect computer systems against digital threats and known attacks. However, since security information is usually considered sensitive, parties are hesitant to share all their information through public channels. Instead, they only exchange this information with parties with whom they already established trust relationships. We propose the use of two complementary techniques to allow parties to share information without the need to immediately reveal private information. We consider a cryptographic approach to hide the details of an indicator of compromise so that it can be shared with other parties. These other parties are still able to detect intrusions with these cryptographic indicators. Additionally, we apply another cryptographic construction to let parties report back their number of sightings to a central party. This central party can aggregate the messages from the various parties to learn the total number of sightings for each indicator, without learning the number of sightings from each individual party. An evaluation of our open-source proof-of-concept implementations shows that both techniques incur only little overhead, making the techniques prime candidates for practice.
Original languageEnglish
Title of host publication3rd ACM Workshop on Information Sharing and Collaborative Security, WISCS 2016
Place of PublicationNew York
PublisherAssociation for Computing Machinery
Number of pages4
ISBN (Print)978-1-4503-4565-1
Publication statusPublished - 2016
Event3rd ACM Workshop on Information Sharing and Collaborative Security, WISCS 2016 - Hofburg Palace, Vienna, Austria
Duration: 24 Oct 201624 Oct 2016
Conference number: 3

Publication series



Workshop3rd ACM Workshop on Information Sharing and Collaborative Security, WISCS 2016
Abbreviated titleWISCS


  • EWI-27477
  • METIS-319501
  • IR-102394
  • SCS-Cybersecurity


Dive into the research topics of 'Private Sharing of IOCs and Sightings'. Together they form a unique fingerprint.

Cite this