All COSSAS projects are hosted on GitLab with a push mirror to GitHub. For issues/contributions check CONTRIBUTING.md
The secure aggregator of cyber threat intelligence (SACTI) is an MPC functionality to securely aggregate CTI sightings and report this on MISP. In the SACTI protocol, the aggregator (central party) requests all participants to report a number for each threat of the listed cyber threats. The participants respond by sending each other participant a Shamir secret shared list of sightings. In a joint computation, the parties check both the validity of the inputs and that the number of zero-sightings per thread does not exceed the threshold. If so, the responses are jointly reconstructed and published on MISP via the aggregator. The software is written in Python based on TNO's MPC lab.
More information can be found on cossas-project.org.
To install SACTI, you'll need a running MISP instance
First, install MISP in a Docker container
git clone https://github.com/MISP/misp-docker
cd misp-docker
cp template.env .env
docker-compose up --build -dwhen MISP is up press Ctrl+C in order to fix a config file
sudo sed -i "s@'baseurl'[\t ]*=> 'localhost',@'baseurl' => 'http://127.0.0.1',@g" data/web/app/Config/config.php
docker-compose up- Login with the default credentials:
- Username:
admin@admin.test - Password:
admin(you'll be forced to set a new password)
- Username:
- Click the Auth Keys button and then Add authentication key.
- Create and copy the new key.
- In the
config.pyfile setMISP_KEY=<your_fresh_key>.
- Copy and paste the content of
feed_index.jsonto import feeds and press Add. - Enable all feeds.
- Click on Fetch and store all feed data.
- The events list will now populate (it might take a while to fetch everything).
- Alternatively, you can create dummy events in the event list.
SACTI depends on liboqs for its operations, so you need to install that.
-
Build
liboqsaccording to the liboqs building instructions with shared library support enabled (add-DBUILD_SHARED_LIBS=ONto the cmake command), followed (optionally) by asudo ninja installto ensure that the shared library is visible system-wide (by default it installs under/usr/local/includeand/usr/local/libon Linux/macOS). -
On Linux/macOS you may need to set the
LD_LIBRARY_PATH(DYLD_LIBRARY_PATHon macOS) environment variable to point to the path to liboqs' library directory, e.g.export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib
Assuming liboqs.so.* were installed in /usr/local/lib (true if you ran sudo ninja install after building liboqs).
-
On Windows ensure that the liboqs shared library
oqs.dllis visibly system-wide. Use the Edit the system environment variables Control Panel tool or type in a Command Prompt.set PATH="%PATH%;C:\some\dir\liboqs\build\bin"
Replacing the paths with the ones corresponding to your system.
- Set up the environment with
poetry installor, alternatively, withpip install -r requirements.txt. - Check the parameters in
config.py. - Run the PKI setup script
python sacti/pq_pki_utils.py. If you want to simulate more than 3 subscribers, you'll need to create empty key files first inPKI/Party_<number>. - For a 3-party example run (the sightings and damage value will be randomly generated for each party):
python sacti/aggregator.pypython sacti/party.py 1 8011python sacti/party.py 2 8012python sacti/party.py 3 8013
Contributions to SACTI are highly appreciated and more than welcome. Please read CONTRIBUTING.md for more information about our contributions process.
The SACTI software was developed by TNO in the European Prometheus project, which received funding from the European Union's Horizon 2020 Research and Innovation program under Grant Agreement No. 780701.