Jointly analysing cyber security information without sharing

Jointly analysing cyber security information without sharing

2020-06-23 Webinar MPC -TNO.pngFriday 10 July 2020

On July 7th, 2020, at a webinar organized for members of CIO Platform Nederland, TNO introdced an ongoing research project in the field of the exchange of cyber security information and Secure Multi-Party Computation (MPC). In this blog post, we'll make the information from the webinar more widely available, as MPC and cyber security can be an interesting and valuable combination for anyone who is working on cyber security (threat) information.

TNO is conducting exploratory research into Secure Mult-Party Computation (MPC) and cyber security information because it expects that valuable analyzes are possible when calculating confidential 'information security data' using MPC. The strength of this technology is that it makes analyzing sensitive data from multiple parties possible, without actually sharing this data.

Throughout 2020 TNO will be working together with other interested parties in order to gain experience with MPC and generate ideas and solutions. They have a lot of freedom to choose partners, test this technique in practice and to investigate its viability.

What is MPC?
Secure Multi-Party Computation (MPC) is a ‘toolbox’ of cryptographic techniques that allows several different parties to combine their (encrypted) data with (encrypted) data from other parties, with the aim of having previously agreed analyzes take place. The agreements are recorded in a mathematical protocol that can replace a trusted third party, and only in accordance with this protocol do analyzes take place on the data. Distinctive and of added value is the fact that the data itself is not exchanged. 

Important features of the technique are: the data remains safe, data is not decrypted for the analyzes, it is not possible to deviate from (the number of) parties included in the protocol, the data from the parties cannot be traced, many calculations can take place and it can be integrated with existing tooling. The only thing that is shared is the outcome of the analyzes. Please watch the video about MPC. For more information and videos, please visit www.tno.nl/mpc.

Looking for use cases
The relevance of MPC has been proven in various economic sectors and domains. Application in the cybersecurity domain is relatively new, but could potentially make a major contribution to an information sharing paradox:

Yes
Information about how others are doing or what they are seeing is useful.

Paradox

paradox.jpg

NO
Revealing cyber security information from my company to others might damage our reputation, or may even be illegal.


Due to the new character of the technique, identifying a use case is a challenge. Many companies have cyber security (threat) information at their disposal, but how does that compare with the information of others? Can we learn more when we compare data, or merge without knowing exactly what is being merged? Does MPC complement the informal relationship of trust? These questions form the starting position of the exploratory TNO research.

Does your company have any cyber security information that you would like to know from other companies, but which you are hesistant or unable to share yourself? 

Do you want to know more? Please contact the project leader of this project Marie Beth van Egmond, marie_beth.vanegmond@tno.nl.




« Back

More news

CIOTV #75 What about the maturity of digital transformations? With Martijn Koning and Arthur Govaert

ciotv 75 martijn en arthurMonday 04 July 2022 In this special seventy-fifth episode of CIOTV, current chairman Martijn Koning (Chief Digital & Sustainability Officer AutoBinck Group) and former chairman Arthur Govaert (VP Innovation Program ... full story

Fair Principle 3: Customers shall remain in control of their own data and all the data uploaded or processed by the service/solution.

Fair Principle 3Thursday 30 June 2022 Business users associations Beltug, Voice, Cigref and CIO Platform Nederland call for a balanced cloud market: 11 fair principles to unleash Europe’s digital potential. Fair principle 3 calls for customers to remain in control of their own data and all the data uploaded or processed by the service/solution. full story

Fair Principle 2: Vendors must not create a technical or commercial lock-in

Fair Principles 2Thursday 23 June 2022 Business users associations Beltug, Voice, Cigref and CIO Platform Nederland call for a balanced cloud market: 11 fair principles to unleash Europe’s digital potential. Fair principle 2 calls for every vendor to avoid creating a technical or commercial lock-in. full story

Urgent call to European Commission regarding the European Cybersecurity Certification Scheme for Cloud Services (EUCS)

2021-05-18 Terugkoppeling gesprek met Europese Commissie over digitale technologiebeleid.pngWednesday 22 June 2022 CIO Platform Nederland calls on the European Commission not to adopt the EUCS until the consequences for business users in industry and government in Europe have been thoroughly investigated, a consultation of stakeholders has taken place and the responsible political bodies have weighed up the digital autonomy, costs and benefits of a decision. full story

View all news items through the archive

Close