All COSSAS projects are hosted on GitLab with a push mirror to GitHub. For issues/contributions check CONTRIBUTING.md
The secure aggregator of cyber threat intelligence (SACTI) is an MPC functionality to securely aggregate CTI sightings and report this on MISP. In the SACTI protocol, the aggregator (central party) requests all participants to report a number for each threat of the listed cyber threats. The participants respond by sending each other participant a Shamir secret shared list of sightings. In a joint computation, the parties check both the validity of the inputs and that the number of zero-sightings per thread does not exceed the threshold. If so, the responses are jointly reconstructed and published on MISP via the aggregator. The software is written in Python based on TNO's MPC lab.
More information can be found on cossas-project.org.
To install SACTI, you'll need a running MISP instance
First, install MISP in a Docker container
git clone https://github.com/MISP/misp-docker
cd misp-docker
cp template.env .env
docker-compose up --build -d
when MISP is up press Ctrl+C
in order to fix a config file
sudo sed -i "s@'baseurl'[\t ]*=> 'localhost',@'baseurl' => 'http://127.0.0.1',@g" data/web/app/Config/config.php
docker-compose up
- Login with the default credentials:
- Username:
[email protected]
- Password:
admin
(you'll be forced to set a new password)
- Username:
- Click the Auth Keys button and then Add authentication key.
- Create and copy the new key.
- In the
config.py
file setMISP_KEY=<your_fresh_key>
.
- Copy and paste the content of
feed_index.json
to import feeds and press Add. - Enable all feeds.
- Click on Fetch and store all feed data.
- The events list will now populate (it might take a while to fetch everything).
- Alternatively, you can create dummy events in the event list.
SACTI depends on liboqs
for its operations, so you need to install that.
-
Build
liboqs
according to the liboqs building instructions with shared library support enabled (add-DBUILD_SHARED_LIBS=ON
to the cmake command), followed (optionally) by asudo ninja install
to ensure that the shared library is visible system-wide (by default it installs under/usr/local/include
and/usr/local/lib
on Linux/macOS). -
On Linux/macOS you may need to set the
LD_LIBRARY_PATH
(DYLD_LIBRARY_PATH
on macOS) environment variable to point to the path to liboqs' library directory, e.g.export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib
Assuming liboqs.so.*
were installed in /usr/local/lib
(true if you ran sudo ninja install
after building liboqs).
-
On Windows ensure that the liboqs shared library
oqs.dll
is visibly system-wide. Use the Edit the system environment variables Control Panel tool or type in a Command Prompt.set PATH="%PATH%;C:\some\dir\liboqs\build\bin"
Replacing the paths with the ones corresponding to your system.
- Set up the environment with
poetry install
or, alternatively, withpip install -r requirements.txt
. - Check the parameters in
config.py
. - Run the PKI setup script
python sacti/pq_pki_utils.py
. If you want to simulate more than 3 subscribers, you'll need to create empty key files first inPKI/Party_<number>
. - For a 3-party example run (the sightings and damage value will be randomly generated for each party):
python sacti/aggregator.py
python sacti/party.py 1 8011
python sacti/party.py 2 8012
python sacti/party.py 3 8013
Contributions to SACTI are highly appreciated and more than welcome. Please read CONTRIBUTING.md for more information about our contributions process.
The SACTI software was developed by TNO in the European Prometheus project, which received funding from the European Union's Horizon 2020 Research and Innovation program under Grant Agreement No. 780701.