Blockchain for Data Provenance

Counter UAS

September 16, 2021

Blockchain for Cyber Supply Chain Risk Management

November 2, 2021

Problem

The protection of data exchanged within the cloud infrastructure is currently based on PKI based signatures. Specifically, there is a need for stronger attribution to detect unauthorized changes to the data and identify the responsible entity. Data provenance provides information on all changes performed on data exchanged between multiple entities. Researchers have proposed security solutions, such as PKI signatures, to ensure provenance. However, implementation of PKI signatures typically depends on a centralized authority which is not effective in cloud infrastructure. Blockchain has been proposed as a technology that facilitates secure transfer of information through a sequence of cryptographically-secure keys across a distributed system. There is no need for a central authority and is executed by a system of distributed ledgers which records all actions performed on data and is shared among all participating entities. The transactions in the public ledger are verified by a consensus of majority of participating entities. The blockchain contains a verifiable record of every transaction which cannot be changed.

Approach

We have developed the data provenance framework based on block chain that can be deployed in a cloud computing environment. We studied the data provenance challenges in cloud computing environment and documented challenges in linking cloud logging and auditing data, collected from multiple entities, to provide the complete history of changes to data. We also investigated multiple vulnerabilities in block chain. We also focused on the block discarding attack and provided insights into the effectiveness of the attack in cloud environment.

Accomplishments

Two research papers published from this project were voted Top 50 Academic papers in Blockchain in 2018. The team has published 14 articles in conference proceedings, three articles in journals, one magazine article and upcoming book published by IEEE-Press entitled, “Blockchain for Distributed Systems Security".. One research article, entitled “ProvChain: A Blockchain-based Data Provenance Architecture in Cloud Environment has garnered over 500 citations as of 2021. In addition to research articles, the team has developed three prototype tools. The Provchain tool provides Blockchain based data provenance capability in the cloud that allows cloud users to track the operations conducted on shared resources. A tool for Blockchain based information exchange provides an anonymous and privacy preserving mechanism to exchange cyber threat information. Finally, the tool for Blockchain based networked identity management provides the ability to detect rogue devices and unauthorized communication among authorized devices. We have disseminated the results of the project to Navy Research Lab, CERDEC, US Transcom, MITRE and Air Force Space Command. We also organized a symposium on Blockchain for Information sharing for NATO and shared the research results with the NATO community. In addition, we leveraged the results from the project to developing a networked identity management prototype for Air Force Space command.

Publications

Xueping Liang, Sachin Shetty, Deepak Tosh, Charles Kamhoua, Kevin Kwiat, Laurent Njilla, “ProvChain: A Blockchain-based Data Provenance Architecture in Cloud Environment with Enhanced Privacy and Availability”, The 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID), May 14-17 2017.
Deepak Tosh, Sachin Shetty, Xueping Liang, Charles Kamhoua, Kevin Kwiat, Laurent Njilla, “Security Implications of Blockchain Cloud with Analysis of Block Withholding Attack”, 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID), May 14-17 2017
Xueping Liang, Juan Zhao, Sachin Shetty, Jihong Liu, Danyi Li, “Integrating Blockchain for Data Sharing and Collaboration in Mobile Healthcare Applications,” IEEE International Symposium on Personal, Indoor and Mobile Radio Communications, 08-13 October 2017, Montreal, QC, Canada
Xueping Liang, Juan Zhao, Sachin Shetty, Danyi Li, “Towards Data Assurance and Resilience in IoT Using Blockchain,” IEEE Milcom, October 23-25, 2017, Baltimore, MD, USA
Xueping Liang, Sachin Shetty, Deepak Tosh, Peter Foytik and Lingchen Zhang, “Towards a Trusted and Privacy Preserving Membership Service in Distributed Ledger using Intel Software Guard Extensions,” The 19th International Conference on Information and Communications Security (ICICS 2017), Beijing, China, Dec 2017
Deepak Tosh, Sachin Shetty, Xueping Liang, Charles A. Kamhoua, Laurent Njilla, “Consensus Protocols for Blockchain-based Data Provenance: Challenges and Opportunities,” 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON) (Short Paper), NY, October 19-21, 2017
Xueping Liang, Sachin Shetty, Deepak Tosh, Peter Foytik, Lingchen Zhang, "A Reliable Data Provenance and Privacy Preservation Architecture for Business-Driven Cyber-Physical Systems Using Blockchain," International Journal of Information Security and Privacy (IJISP) 12 (2018): 4, doi:10.4018/IJISP.2018100105
Sachin Shetty, Charles Kamhoua, Laurent Njilla, "Blockchain for Distributed Systems Security", Wiley-IEEE Computer Society Press, 1 edition, March 19, 2019.
Deepak Tosh, Sachin Shetty, Xueping Liang, Charles Kamhoua, Laurent Njilla, "Data Provenance in the Cloud: A Blockchain-Based Approach," IEEE Consumer Electronics Magazine, Volume 8, Issue 3, 2019.