Skema Berbagi Informasi Keamanan Siber Menggunakan Model Hub and Spoke untuk Mendapatkan Kepercayaan dalam Public-Private Partnership

Authors

  • Farouq Aferudin Badan Siber dan Sandi Negara

DOI:

https://doi.org/10.56706/ik.v16i2.51

Keywords:

keamanan siber, kerahasiaan, scyther tools, skema berbagi informasi, protokol kriptografi

Abstract

Makalah ini mengusulkan skema berbagi informasi keamanan siber untuk diimplementasikan dalam Public-Private Partnership dengan menggunakan model Hub and Spoke. Model ini memiliki keunggulan dalam validitas informasi yang dibagikan tetapi memiliki tantangan yaitu membutuhkan kepercayaan tinggi dari para anggotanya. Kepercayaan diperlukan karena setiap informasi yang dibagikan akan melalui hub (sektor publik) yang berperan sebagai pusat informasi. Salah satu cara untuk mendapatkan kepercayaan anggota adalah dengan mengembangkan skema yang dapat memberikan jaminan kerahasiaan dan melindungi privasi anggotanya. Untuk mengatasi permasalahan diatas diusulkan sebuah skema yang dapat memberikan jaminan kerahasiaan, integritas, keaslian, non-penyangkalan dan perlindungan privasi dalam sebuah skema terintegrasi. Skema ini dibangun dengan beberapa teknik kriptografi seperti authenticated encryption dan group signature dimana pemilihan algoritma didalamnya tidak spesifik ditentukan melainkan dapat disesuaikan dengan kebutuhan sistem. Untuk membuktikan aspek keamanan dari skema yang diusulkan, dilakukan pengujian dengan melakukan analisis keamanan dan analisis formal. Hasil analisis keamanan membuktikan bahwa skema yang diusulkan memenuhi persyaratan keamanan yang diharapkan dan hasil analisis formal menggunakan Scyther Tools menunjukkan bahwa skema tersebut tahan terhadap berbagai kemungkinan serangan siber.

References

E. Luijijf and A. Kernkamp, "Sharing Cyber Security Information - Good Practice from the Dutch Public Private Participation Approach," 2015.

W. Zhao and G. White, "A collaborative information sharing framework for Community Cyber Security," in 2012 IEEE Conference on Technologies for Homeland Security (HST), 13-15 Nov. 2012 2012, pp. 457-462, doi: 10.1109/THS.2012.6459892.

K. Fotiadou, T. H. Velivassaki, A. Voulkidis, K. Railis, P. Trakadas, and T. Zahariadis, "Incidents Information Sharing Platform for Distributed Attack Detection," IEEE Open Journal of the Communications Society, vol. 1, pp. 593-605, 2020, doi: 10.1109/OJCOMS.2020.2989925.

P. Naghizadeh and M. Liu, "Using Private and Public Assessments in Security Information Sharing Agreements," IEEE Transactions on Information Forensics and Security, vol. 15, pp. 1801-1814, 2020, doi: 10.1109/TIFS.2019.2950125.

S. Ghernaouti, L. Cellier, and B. Wanner, "Information sharing in cybersecurity : Enhancing security, trust and privacy by capacity building," in 2019 3rd Cyber Security in Networking Conference (CSNet), 23-25 Oct. 2019 2019, pp. 58-62, doi: 10.1109/CSNet47905.2019.9108944.

MITRE, "Cyber Information-Sharing Models : An Overview," MITRS, 2012.

(2017). Public Private Partnership - Cooperative Models.

K. Harrison and G. White, "Information sharing requirements and framework needed for community cyber incident detection and response," in 2012 IEEE Conference on Technologies for Homeland Security (HST), 13-15 Nov. 2012 2012, pp. 463-469, doi: 10.1109/THS.2012.6459893.

W. Shen, J. Qin, J. Yu, R. Hao, and J. Hu, "Enabling Identity-Based Integrity Auditing and Data Sharing With Sensitive Information Hiding for Secure Cloud Storage," IEEE Transactions on Information Forensics and Security, vol. 14, no. 2, pp. 331-346, 2019, doi: 10.1109/TIFS.2018.2850312.

L. Nweke and S. Wolthusen, Legal Issues Related to Cyber Threat Information Sharing Among Private Entities for Critical Infrastructure Protection. 2020.

R. Jin, X. He, and H. Dai, "On the Security-Privacy Tradeoff in Collaborative Security: A Quantitative Information Flow Game Perspective," Trans. Info. For. Sec., vol. 14, no. 12, pp. 3273–3286, 2019, doi: 10.1109/tifs.2019.2914358.

T. Kokkonen, J. Hautamäki, J. Siltanen, and T. Hämäläinen, "Model for sharing the information of cyber security situation awareness between organizations," in 2016 23rd International Conference on Telecommunications (ICT), 16-18 May 2016 2016, pp. 1-5, doi: 10.1109/ICT.2016.7500406.

I. Vakilinia, D. K. Tosh, and S. Sengupta, "Attribute based sharing in cybersecurity information exchange framework," in 2017 International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS), 9-12 July 2017 2017, pp. 1-6, doi: 10.23919/SPECTS.2017.8046770.

F. Sadique, K. Bakhshaliyev, J. Springer, and S. Sengupta, "A System Architecture of Cybersecurity Information Exchange with Privacy (CYBEX-P)," in 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), 7-9 Jan. 2019 2019, pp. 0493-0498, doi: 10.1109/CCWC.2019.8666600.

I. Vakilinia, D. Tosh and S. Sengupta, Privacy-preserving cybersecurity information exchange mechanism. 2017, pp. 1-7.

I. Vakilinia, D. K. Tosh, and S. Sengupta, "Privacy-preserving cybersecurity information exchange mechanism," in 2017 International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS), 9-12 July 2017 2017, pp. 1-7, doi: 10.23919/SPECTS.2017.8046783.

Z. Fathi, A. J. Rafsanjani, and F. Habibi, "Anon-ISAC: Anonymity-preserving cyber threat information sharing platform based on permissioned Blockchain," in 2020 28th Iranian Conference on Electrical Engineering (ICEE), 4-6 Aug. 2020 2020, pp. 1-5, doi: 10.1109/ICEE50131.2020.9261029.

X. Huang et al., "Cost-Effective Authentic and Anonymous Data Sharing with Forward Security," IEEE Transactions on Computers, vol. 64, no. 4, pp. 971-983, 2015, doi: 10.1109/TC.2014.2315619.

R. Li, H. Asaeda, and J. Li, "A Distributed Publisher-Driven Secure Data Sharing Scheme for Information-Centric IoT," IEEE Internet of Things Journal, vol. 4, no. 3, pp. 791-803, 2017, doi: 10.1109/JIOT.2017.2666799.

J. Shen, T. Zhou, X. Chen, J. Li, and W. Susilo, "Anonymous and Traceable Group Data Sharing in Cloud Computing," IEEE Transactions on Information Forensics and Security, vol. PP, pp. 1-1, 11/16 2017, doi: 10.1109/TIFS.2017.2774439.

M. A. Will, R. K. L. Ko, and S. J. Schlickmann, "Anonymous Data Sharing Between Organisations with Elliptic Curve Cryptography," in 2017 IEEE Trustcom/BigDataSE/ICESS, 1-4 Aug. 2017 2017, pp. 1024-1031, doi: 10.1109/Trustcom/BigDataSE/ICESS.2017.347.

Downloads

Submitted

20-07-2022

Accepted

25-08-2022

Published

30-09-2022

Issue

Vol. 16 No. 2 (2022)

Section

Articles

License

Copyright (c) 2022 Info Kripto

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.