近幾年來，分散式阻斷服務攻擊（DDoS）攻擊在是一個非常嚴重的威脅，也是最流行的攻擊之一。各種IoMT平台、網站或伺服器可能會因遭受DDoS攻擊而癱瘓。目前，黑名單存取控制仍然是抵制這些攻擊的有效方法。不幸的是，大多數能夠收集大量威脅情資的資訊安全監控中心（SOC）都拒絕交換他們收集到的寶貴知識。因此，如何有效與公平地共享威脅情資是一個具有前景的研究課題。
在本文中，我們提出了一個基於區塊鏈的威脅情資共享平台，並且搭配誘因式代幣鼓勵資訊分享。為了保護資料隱私，提議的系統實作了代理重新加密方案，使資料透過加密形式做資訊交換。此外，為了有效地搜尋有用的資料，我們提出的方案設計了一種新穎的布隆過濾器，可以有效地排除無效的數據集。最後的模擬結果表明，本文採用的代理重新加密執行時間優於其他現有方案65%到70%。

In recent decades, Distributed Denial of Service (DDoS) attacks is a very serious threat in today's, which is one of the most popular attacks. As a consequence, various IoMT platforms, websites and servers could be paralyzed by DDoS attacks. Currently, blacklist access control is still the effective way to resist those attack. Unfortunately, most of security operation centers (SOC) who can gather a lot of threat intelligence refuse to exchange their valuable knowledge due to lack of benefits. Therefore, how to effective and fair sharing threat intelligence is a promising research topic.
In this article, we proposed a blockchain-based threat intelligence sharing platform to offer incentive benefit and keep exchange records on smart contracts for transparency. For data privacy, the proposed system implements a proxy re-encryption scheme keeping data in encrypted form. Furthermore, to effectively search useful data, our scheme proposed a novel bloom filter for data requester, which can effectively rule out inefficacious data set. Our simulation results show that the execution time of proxy re-encryption is about 65\%-70\% better than other existing schemes.

[1] AˇColakovi´c, M. Hadˇziali´c, Internet of things (iot): A review of enabling technologies, challenges, and open research issues, Computer networks, 144, 2018, 17–39.
[2] M. Bromiley, Threat intelligence: What it is, and how to use it effectively, SANS Institute InfoSec Reading Room, 15, 2016, 172.
[3] S. Barnum, Standardizing cyber threat intelligence information with the structured threat information expression (stix), Mitre Corporation, 11, 2012, 1–22.
[4] S. Nakamoto, Bitcoin: A peer-to-peer electronic cash system, Decentralized Business Review, 2008, 21260.
[5] G. Wood, et al., Ethereum: A secure decentralised generalised transaction ledger, Ethereum project yellow paper, 151, 2014, 1–32.
[6] E. Androulaki, A. Barger, V. Bortnikov, C. Cachin, K. Christidis, A. De Caro, D. Enyeart, C. Ferris, G. Laventman, Y. Manevich, et al., Hyperledger fabric: a distributed operating system for permissioned blockchains, in: Proceedings of the thirteenth EuroSys conference, 2018, 1–15.
[7] M. Wohrer, U. Zdun, Smart contracts: security patterns in the ethereum ecosystem and solidity, in: 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE), IEEE, 2018, 2–8.
[8] M. I. Mehar, C. L. Shier, A. Giambattista, E. Gong, G. Fletcher, R. Sanayhie, H. M. Kim, M. Laskowski, Understanding a revolutionary and flawed grand experiment in blockchain: the dao attack, Journal of Cases on Information Technology (JCIT), 21 (1), 2019, 19–32.
[9] L. Luu, D.-H. Chu, H. Olickel, P. Saxena, A. Hobor, Making smart contracts smarter, in: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, 2016, 254–269.
[10] J. Benet, Ipfs-content addressed, versioned, p2p file system, arXiv preprint arXiv:1407.3561.
[11] A. M. Antonopoulos, G. Wood, Mastering ethereum: building smart contracts and dapps, O’reilly Media, 2018.
[12] L. Breidenbach, C. Cachin, B. Chan, A. Coventry, S. Ellis, A. Juels, F. Koushanfar, A. Miller, B. Magauran, D. Moroz, et al., Chainlink 2.0: Next steps in the evolution of decentralized oracle networks, Chainlink Labs.
[13] M. Blaze, G. Bleumer, M. Strauss, Divertible protocols and atomic proxy cryptography, in: International conference on the theory and applications of cryptographic techniques, Springer, 1998, 127–144.
[14] B. H. Bloom, Space/time trade-offs in hash coding with allowable errors, Communications of the ACM, 13 (7), 1970, 422–426.
[15] H. Shafagh, A. Hithnawi, L. Burkhalter, P. Fischli, S. Duquennoy, Secure sharing of partially homomorphic encrypted iot data, in: Proceedings of the 15th ACM Conference on Embedded Network Sensor Systems, 2017, 1–14.
[16] L.-Y. Yeh, P. J. Lu, S.-H. Huang, J.-L. Huang, Sochain: A privacypreserving ddos data exchange service over soc consortium blockchain, IEEE Transactions on Engineering Management, 67 (4), 2020, 1487–1500.
[17] A. A. Battah, M. M. Madine, H. Alzaabi, I. Yaqoob, K. Salah, R. Jayaraman, Blockchain-based multi-party authorization for accessing ipfs encrypted data, IEEE Access, 8, 2020, 196813–196825.
[18] W. Zhang, Y. Bai, J. Feng, Tiia: A blockchain-enabled threat intelligence integrity audit scheme for iiot, Future Generation Computer Systems, 132, 2022, 254–265.
[19] S. S. Chow, J.Weng, Y. Yang, R. H. Deng, Efficient unidirectional proxy reencryption, in: International Conference on Cryptology in Africa, Springer, 2010, 316–332.
[20] D. Derler, K. Gellert, T. Jager, D. Slamanig, C. Striecks, Bloom filter encryption and applications to efficient forward-secret 0-rtt key exchange, Journal of Cryptology, 34 (2), 2021, 1–59.
[21] S. Yao, R. Sankar, I.-H. Ra, A collusion-resistant identity-based proxy reencryption scheme with ciphertext evolution for secure cloud sharing, Security and Communication Networks, 2020.
[22] P. Zeng, K.-K. R. Choo, A new kind of conditional proxy re-encryption for secure cloud storage, IEEE Access, 6, 2018, 70017–70024.
[23] K. He, X. Liu, H. Yuan, W. Wei, K. Liang, Hierarchical conditional proxy re-encryption: A new insight of fine-grained secure data sharing, in: International Conference on Information Security Practice and Experience, Springer, 2017, 118–135.
[24] C. Zhou, Z. Zhao, W. Zhou, Y. Mei, Certificateless key-insulated generalized signcryption scheme without bilinear pairings, Security and Communication Networks, 2017.