You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Sometimes some Organizations want to tell other Organizations some information, without them knowing it came from them. This may be for 'National Security' reasons, commercial confidence reason, or even just licensing requirements. We need a way for secretive organizations to provide data without their identity being disclosed, yet we also need their identifier to relate specifically to them so that they can receive Sightings as feedback, and so that others in the Community can respond to the information they provide.
POTENTIAL ANSWER
We can take some lessons from the networking world. When an Organization wants to keep it's internal network ranges secret, it can use Network Address Translation (NAT) to 'hide' this information behind a NAT proxy, which will translate the real IP address into a fake IP address as the traffic passes through it.
Similarly, we can use the concept of a STIX proxy, where content generated in the namespace of a secretive organization can be hidden behind a STIX proxy, and where all content eminating out of the external side of the STIX proxy is within the namespace of the Organization operating the STIX proxy.
As an example, if Gov Dept X wants to send out a list of Indicators X to all OASIS members, yet doesn't want anyone to know where it came from, it could use a third-party STIX proxying service (lets call it SProxY) to hide its content behind. Gov Dept X could sent SProxY it's Indicator X, with the request that SPRoxY sends out the content on it's behalf. SProxY will then distribute the content within the SProxY namespace, making it appear to everyone who views the content that it came directly from SProxY. SProxY has effectively NATed the communication; everyone thinks it is SProxY's information but only SProxY knows the truth.
This proxy style obfuscation has the added benefit of allowing bi-directional communcation, meaning that if anyone else releases content that adds to or enhances the content using the SProxY identifier, SProxY is able to see that, translate the SProxY identifier back to the original GovDept X identifier, and give the Gov Dept X that information.
It means that Gov Dept X is able to fully participate in trust groups without the participants of the trust groups knowing the original source of the information.
The text was updated successfully, but these errors were encountered:
PROBLEM
Sometimes some Organizations want to tell other Organizations some information, without them knowing it came from them. This may be for 'National Security' reasons, commercial confidence reason, or even just licensing requirements. We need a way for secretive organizations to provide data without their identity being disclosed, yet we also need their identifier to relate specifically to them so that they can receive Sightings as feedback, and so that others in the Community can respond to the information they provide.
POTENTIAL ANSWER
We can take some lessons from the networking world. When an Organization wants to keep it's internal network ranges secret, it can use Network Address Translation (NAT) to 'hide' this information behind a NAT proxy, which will translate the real IP address into a fake IP address as the traffic passes through it.
Similarly, we can use the concept of a STIX proxy, where content generated in the namespace of a secretive organization can be hidden behind a STIX proxy, and where all content eminating out of the external side of the STIX proxy is within the namespace of the Organization operating the STIX proxy.
As an example, if Gov Dept X wants to send out a list of Indicators X to all OASIS members, yet doesn't want anyone to know where it came from, it could use a third-party STIX proxying service (lets call it SProxY) to hide its content behind. Gov Dept X could sent SProxY it's Indicator X, with the request that SPRoxY sends out the content on it's behalf. SProxY will then distribute the content within the SProxY namespace, making it appear to everyone who views the content that it came directly from SProxY. SProxY has effectively NATed the communication; everyone thinks it is SProxY's information but only SProxY knows the truth.
This proxy style obfuscation has the added benefit of allowing bi-directional communcation, meaning that if anyone else releases content that adds to or enhances the content using the SProxY identifier, SProxY is able to see that, translate the SProxY identifier back to the original GovDept X identifier, and give the Gov Dept X that information.
It means that Gov Dept X is able to fully participate in trust groups without the participants of the trust groups knowing the original source of the information.
The text was updated successfully, but these errors were encountered: