Private sector unclassified networks are exposed and accessible to adversaries. Various Government and civilian networks consistently face attacks and threats via the Internet. For example, Department of Defense (DoD) and Defense Industrial Base (DIB) unclassified networks, commercial banking institutions, large businesses, critical infrastructure facilities and many other organizations face a range of Internet threats on a daily basis, including advanced persistent threats (APT) that can evade commercially available security tools and defeat generic security practices. APTs usually refer to organized groups with the capability, resources and the intent to persistently and effectively target a specific entity. The term APT is commonly used to refer to cyber threats, in particular that of sophisticated Internet-enabled adversaries using a variety of knowledge gathering techniques to access sensitive information. Other recognized APT attack vectors include infected media, supply chain compromise, and social engineering. Individuals, such as an individual hacker, are not usually referred to as an APT as they rarely have the resources to be both advanced and persistent even if they are intent on gaining access to, or attacking, a specific target.
In this environment, where no tool or best practice can totally solve the problem, it would be very valuable to have available a qualified set of accurate cyber threat indicators that can be used to identify, screen, filter and thwart cyber threats against an enterprise. Such cyber threat indicators, in and of themselves, are very sensitive and must be protected by an organization in order to prevent any exposure or leakage to unintended users or adversaries lest they use that knowledge to develop countermeasures or change their techniques to evade detection. In addition, it would be extremely beneficial if the set of cyber threat indicators could be shared among selected organizations so they too can achieve a high level of cyber protection, but in a way that safeguards the secrecy of the indicators. This method of securely sharing sensitive sets of cyber threat indicators while not exposing their content is a significant step forward in protecting critical infrastructure and other vital assets in cyberspace.
In addition to cyber threats, physical terror threats to domestic security exist as a result of the movement across borders of dangerous individuals, e.g., terrorists, and substances, e.g., explosives or biological agents that the government needs to detect. Watch lists e.g., “no fly” lists, terrorist lists or banned substance lists, have been developed for these threats by various international and governmental entities. However, such entities lack a secure way to share and use this sensitive data at the point of need, e.g., airports, border crossings or sea-ports without the risk of exposure or leakage to adversaries.
Current solutions to the above problems typically involve expensive physical, personnel and operational security which inhibits fast or wide deployment and provides inferior security and performance. In certain secure environments, existing security controls consist primarily of sensitive compartmented information facilities (“SCIFs”), personnel with authorized security clearances, and management policies and operational processes and procedures. A SCIF is an enclosed area within a building that is used to process sensitive compartmented information which is required to be handled within formal access control systems. Some entire buildings are SCIFs where all but the front foyer is secure. Access to SCIFs is limited, and all of the activity and conversation inside is presumed restricted from public disclosure. A SCIF can also be located in an air, ground or maritime vehicle, or can be established on a temporary basis at a specific site. Implementing and maintaining SCIFs, and these other security measures, is expensive, inefficient and not sufficiently effective. Current security controls and solutions suffer from numerous other disadvantages as well.
There is a present need to perform searches and queries against a database containing sensitive information while maintaining the confidentiality or secrecy of the information contained within the database. There is also a need to protect the query of such searches from being revealed to anyone other than the intended user of the system. There is a need to perform database operations on data that resides in an open, untrusted network environment such as the Internet or in architectures utilizing Cloud computing resources. In these situations the owner of the database and the queries may find it advantageous to utilize networking and computing resources for cost and performance efficiencies; however, these resources are not necessarily under the data owner's control. In these cases the desired privacy, security or confidentiality of the data cannot be guaranteed due to the unknown and uncontrolled accessibility inherent to distributed computing resources on open, untrusted networks.