Secure Provenance for Distributed Environment

Abstract

Data provenance has an essential role in establishing the trustworthiness of data in many applications, where critical decisions have to be made based on the data collected from diverse sources. Therefore, it is indispensable to use authentic and accurate data for such mission-critical applications. In order to fully trust the data provenance itself, it is extremely important to secure the data provenance from forgeries and misuse. Provenance generation, management, and dissemination have received substantial attention from the research community. However, provenance security in a collaborative distributed network has earned less heed from the research community. The traditional time-honoured security solutions cannot be directly applied because of the chained or directed acyclic graph structure of the provenance. For a collaborative distributed network, in the literature, some security solutions have been proposed to secure the provenance information. However,these schemes are not without their limitations. The existing schemes assume transitive trust among participating users, thus attacks initiated by multiple consecutive colluding users on a provenance chain cannot be detected. Such an assumption is beyond the reality, especially working in a file sharing environment or distributed network. Moreover, the existing schemes introduce an additional element to chain the provenance records which results an extra storage overhead. To overcome the aforementioned loopholes, we have proposed secure provenance schemes for a document/file sharing n etwork. The proposed schemes can detect the attacks launched by either consecutive or non-consecutive adversaries. For the provenance records chaining, these schemes aggregate the signatures of the participating users. Experimental results show that the proposed schemes outperform as compared to existing schemes in terms of computation and storage cost. Provenance size is a major hindrance to the adoption of provenance in a resourceconstrained network. The provenance size increases drastically when the number of nodes in the network grow. The growing provenance size becomes the per formance bottleneck especially in Wireless Sensor Networks (WSNs). Different solutions have been proposed in the literature to compress the provenance in formation along with its security. However, in existing provenance compression schemes, the provenance’s size grows linearly with the number of nodes in a WSN. Furthermore, the existing provenance compression schemes are designed for static nodes only and do not account for the mobility factor. Moreover, some secure provenance compression schemes use overlapped arithmetic coding to compress the provenance information. However, there is no criterion to find the overlapping ratio. To overcome the above-mentioned issues, we have proposed a secure provenance compression scheme for mobile nodes of a WSN. Moreover, a novel mechanism has been devised to calculate the overlapping ratio for overlapped arithmetic coding. Furthermore, the proposed scheme assures the confidentiality, integrity, and fresh ness of the provenance information. It is evident from the simulation results that the proposed scheme has higher compression and lower false positive rate.