Secure and Efficient Distributed Network Provenance for IoT: A Blockchain-Based Approach

Abstract

Network provenance is essential for Internet-of-Things (IoT) network administrators to conduct the network diagnostics and identify root causes of network errors. However, the distributed nature of the IoT network results in the management of the provenance data at different trust domains, which poses concerns on the security and trustworthiness of the cross-domain network diagnostics. In this article, we propose a blockchain-based architecture for secure and efficient distributed network provenance (SEDNP) in the IoT. Instead of directly storing and querying the whole provenance data on the blockchain with prohibitive implementation cost, we introduce a unified provenance query model and develop a provenance digest strategy that: 1) enables compact (constant size) on-blockchain digests of provenance data and a multilevel index regardless of provenance data volume and 2) ensures the correctness and integrity of provenance query results through the verification of the on-blockchain digests. We formally define the security requirements as Archiving Security along with thorough security analysis. Moreover, we conduct extensive experiments with the integration of a verifiable computation (VC) framework and a blockchain testing network. The experimental results are provided as performance benchmarks to demonstrate the application feasibility of SEDNP.