However, the application of Fully Homomorphic Encryption (FHE), and Trusted Execution Environments (TEE), can provide a solution to the need for secure, privacy-preserving CTI sharing and extraction. FHE and TEE represent cutting-edge solutions for preserving the privacy of individuals. FHE allows computations on encrypted data, offering results without ever exposing the underlying data. TEEs provide secure areas within processors to execute code confidentially and securely, ensuring that sensitive data is processed in an isolated and protected environment.
These techniques can also be used for maintaining the privacy of a CTI sharing and extraction procedure. Implementing FHE in CTI extraction process, involves several key steps. Initially, data must be encrypted, ensuring that sensitive information is protected. Secure analysis then takes place on the encrypted data, with the assurance that the privacy of the underlying data is maintained. Finally, results can be decrypted and utilized, all without ever compromising data privacy. On the other hand, TEE can provide its secure environment to host both the datasets of the data providers as well as the functions used for CTI extraction. Furthermore, it can act as a trusted environment where the extracted CTI of the data providers can be stored and correlated, producing enriched CTI. Then these enriched CTI can be shared between the data holders. Given the privacy and security guarantees of these two techniques, actionable CTI can be extracted without any privacy violation.
In ENCRYPT, the combination of CTI, HE, and TEE will be tested on the CTI use case provided by CERTH as the service provider (i.e., CTI extractor) and EXUS, DBC, and 8BELLs as the cybersecurity data providers. The data of EXUS and 8BELLs contain IP-related attacks while the data of DBC email-related attacks. This will give the chance for the extraction and correlation of different data in a private format.