[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] Gap Analysis
I should highlight that adding tokenization in 2.1 or 2.2 is perfectly acceptable, and actually preferred.
Patrick Maroney
President Integrated Networking Technologies, Inc. Desk: (856)983-0001 Cell: (609)841-5104 Email: pmaroney@specere.org Thanks for providing feedback Mark on the initial draft of the Tokenization. Please keep the feedback coming (to the community where appropriate, or directly to me). (k)
(1) Re: "This is based only on a quick reading, but IMO a key concept in tokenization is the process that is necessary to support it.
There are indeed processes required for tokenization. To the extent a given Community wants to leverage aggregated Tokenization for Industry/Sector and/or common shared Adversary TTP analysis/correlation, then they need to share common tokenization methods.
An updated notional Tokenization Table framework is included below:
However, regardless of whether or not one subscribes to these notions, the CTI language itself needs to allow us to identify Objects as Tokenized. The Namespace, Ref ID, and Version the Tokenization Tables (again refer to the notional Tokenization Table.
Note that we need to be able pass any TLO as a Tokenized Value. I can elaborate on these Use Cases if required.
(2) Re: "It seems that the tokenization concept requires a system/process for mapping tokenized values back to the sensitive data element."
No, not for the primary Tokenization scenarios outlined. I can perform analytics on the Tokens as Categorical variables. "Pre"-Tokenization through a common shared algorithm actually makes this Analytics process easier for all participants.
The place where one "requires a system/process for mapping tokenized values back to the sensitive data element." Is the "hiding in plain sight" Use Case where one is obfuscating the real values in transit. Again, we would want/need
to ensure all parties know that the values contained are obfuscated. But only the parties with "Need to Know" or "Right to Know" need to share the process, tables, keys, etc.
Patrick Maroney
President Integrated Networking Technologies, Inc. Desk: (856)983-0001 Cell: (609)841-5104 Email: pmaroney@specere.org FWIW, the data security version of tokenization [1] is very different from the computer programming concept of tokenization [2].
I think we can add it as an item to track and vote on. This will make things a little messier to track for John – maybe we have a section for things that were added after the initial request?
This is based only on a quick reading, but IMO a key concept in tokenization is the process that is necessary to support it. It seems that the tokenization concept requires a system/process for mapping tokenized values back to the sensitive data element.
I would vote non-MVP on tokenization. The keystone of my opinion is that I haven’t seen evidence that tokenization is needed for STIX 2.0 to be viable. I understand the goal, but I personally haven’t heard anyone say that they can't use STIX 2.0 unless
it has tokenization. My understanding is nascent and I could change my vote if enough evidence is provided that STIX 2.0 is not viable without tokenization.
Thank you.
-Mark
From: <cti@lists.oasis-open.org> on behalf of JG on CTI-TC <jg@ctin.us>
Date: Sunday, April 3, 2016 at 11:27 PM To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org> Subject: Re: [cti] Gap Analysis Patrick/Bret & All:
Where would the issue of Tokenization fit into the MVP list? See attached. Jane On 4/3/2016 4:36 PM, Jordan, Bret wrote:
Thanks... And yes, the more eyes we can have on this the better.. As you find stuff that is missing, please speak up so we can add it to the list. -- Jane Ginn, MSIA, MRP Cyber Threat Intelligence Network, Inc. jg@ctin.us |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]