MASTER Assignment
Analysing Cyber Threat Intelligence Data Using Fully Homomorphic Encryption
Type : Master M-CS
Period: Mar, 2022 - Oct, 2022
Student : Sustronk, J.J. (Jasper, Student M-CS)
Date Final project: Oct 7, 2022
Supervisors:
Abstract:
Companies continuously monitor their (internal) networks for incoming cyber attacks and use that ‘cyber threat intelligence data’ (CTI) to improve their security policies. This information is almost always considered private data that parties are unwilling to share with others. However, at the same time can this information help the overall community in its defence against cyber attacks. We present new methods that allow multiple parties to analyze their CTI without the need to share the data itself. We use fully homomorphic encryption (FHE) for this purpose, a technique that allows us to compute arbitrary functions on encrypted data. Consequently, we do not need extensive communication protocols for large calculations, something that is necessary for more traditional secure multi-party computation solutions. We construct an aggregation and k-means clustering algorithm for encrypted data points and implement our solution using the Lattigo framework. Using an ordinary PC, we can aggregate 20 rows of data in 10 minutes with high accuracy, and perform one iteration of k-means clustering for a dataset of 212 points in 69 minutes with a silhouette score of 0.47. To the best of our knowledge, these algorithms are the first of their kind and their results form a solid basis for future MPC analysis applications. Furthermore, it shows that FHE becomes increasingly viable as a tool for MPC purposes.