Order preserving secure provenance scheme for distributed networks

Abstract

Data provenance has an essential role in establishing the trustworthiness of data in many applications, where critical decisions have to be made based on the data collected from different sources. Therefore, it is indispensable to use authentic and accurate data for such mission critical applications. In order to fully trust the data provenance itself, it is extremely important to secure the data provenance from forgeries and misuse. Provenance generation, management, and dissemination have received substantial attention from the research community. However, provenance security in a file sharing network has earned less heed from the research community. One cannot apply the time-honoured security solutions as it is to secure the provenance information because of its chained structure. We propose a secure provenance scheme for distributed environments that ensures confidentiality, integrity, and non-repudiation while maintaining the chained structure through aggregated signatures. Our proposed scheme detects the attacks launched by multiple consecutive and/or non-consecutive colluders, which is missing in existing secure provenance schemes. Moreover, our scheme detects attack launched by an adversary to shuffle the order of provenance records. In order to check the correctness of proposed scheme, we conduct the formal verification using High-Level Petri Net (HLPN), Satisfiability Modulo Theories Library (SMT-Lib) and Z3 solver. Furthermore, to validate our results and claims, we evaluate our scheme both empirically and analytically. Experimental results show that our scheme performs better as compared to existing state of the art provenance schemes with regards to security, computation and storage cost.