Authors:
Nesrine Kaaniche
1
;
Sana Belguith
2
;
Maryline Laurent
3
;
Ashish Gehani
4
and
Giovanni Russello
5
Affiliations:
1
Department of Computer Science, University of Sheffield, Sheffield, U.K.
;
2
School of Science, Engineering and Environment, University of Salford, Manchester, U.K.
;
3
Telecom SudParis, Institut Polytechnique de Paris, France
;
4
Computer Science Laboratory, SRI International, U.S.A.
;
5
Cyber Security Foundry, The University of Auckland, New Zealand
Keyword(s):
Intel SGX, Privacy Preserving, Data Provenance, Blockchain, Data Integrity.
Abstract:
Data provenance refers to records of the inputs, entities, systems, and processes that influence data of interest, providing a historical record of the data and its origins. Secure data provenance is vital to ensure accountability, forensics investigation of security attacks and privacy preservation. In this paper, we propose Prov-Trust, a decentralized and auditable SGX-based data provenance system relying on highly distributed ledgers. This consensually shared and synchronized database allows anchored data to have public witness, providing tamper-proof provenance data, enabling the transparency of data accountability, and enhancing the secrecy and availability of the provenance data. Prov-Trust relies on Intel SGX enclave to ensure a trusted execution of the provenance kernel to collect, store and query provenance records. The use of SGX enclave protects data provenance and users’ credentials against malicious hosting and processing parties. Prov-Trust does not rely on a trusted th
ird party to store provenance data while performing their verification using smart contracts and voting process. The storage of the provenance data in Prov-Trust is done using either the log events of Smart Contracts or blockchain’s transactions depending on the provenance change event, which enables low storage costs. Finally, Prov-Trust ensures an accurate privacy-preserving auditing process based on blockchain traces and achieved thanks to events’ logs that are signed by SGX enclaves, transactions being registered after each vote session, and sealing the linking information using encryption schemes.
(More)