746 research outputs found
Tamper-Evident Data Provenance
Data Provenance describes what has happened to a users data within a ma- chine as a form of digital evidence. However this type of evidence is currently not admissible in courts of law, because the integrity of data provenance can- not be guaranteed. Tools which capture data provenance must either prevent, or be able to detect changes to the information they produce, i.e. tamper-proof or tamper-evident.
Most current tools aim to be tamper-evident, and capture data provenance at a kernel level or higher. However, these tools do not provide a secure mechanism for transferring data provenance to a centralised location, while providing data integrity and confidentiality.
In this thesis we propose a tamper-evident framework to fill this gap by using a widely-available hardware security chip: the Trusted Platform Module (TPM). We apply our framework to Progger, a cloud-based provenance logger, and demonstrate the completeness, confidentiality and admissibility require- ments for data provenance, enabling the information to be used as digital evidence in courts of law
Secure Data Provenance in Home Energy Monitoring Networks
Smart grid empowers home owners to efficiently manage their smart home appliances within a Home Area Network (HAN), by real time monitoring and fine-grained control. However, it offers the possibility for a malicious user to intrude into the HAN and deceive the smart metering system with fraudulent energy usage report. While most of the existing works have focused on how to prevent data tampering in HAN's communication channel, this paper looks into a relatively less studied security aspect namely data provenance. We propose a novel solution based on Shamir's secret sharing and threshold cryptography to guarantee that the reported energy usage is collected from the specific appliance as claimed at a particular location, and that it reflects the real consumption of the energy. A byproduct of the proposed security solution is a guarantee of data integrity. A prototype implementation is presented to demonstrate the feasibility and practicality of the proposed solution
The lifecycle of provenance metadata and its associated challenges and opportunities
This chapter outlines some of the challenges and opportunities associated
with adopting provenance principles and standards in a variety of disciplines,
including data publication and reuse, and information sciences
Location proof systems for smart internet of things:Requirements, taxonomy, and comparative analysis
FrameProv: Towards End-To-End Video Provenance
Video feeds are often deliberately used as evidence, as in the case of CCTV
footage; but more often than not, the existence of footage of a supposed event
is perceived as proof of fact in the eyes of the public at large. This reliance
represents a societal vulnerability given the existence of easy-to-use editing
tools and means to fabricate entire video feeds using machine learning. And, as
the recent barrage of fake news and fake porn videos have shown, this isn't
merely an academic concern, it is actively been exploited. I posit that this
exploitation is only going to get more insidious. In this position paper, I
introduce a long term project that aims to mitigate some of the most egregious
forms of manipulation by embedding trustworthy components in the video
transmission chain. Unlike earlier works, I am not aiming to do tamper
detection or other forms of forensics -- approaches I think are bound to fail
in the face of the reality of necessary editing and compression -- instead, the
aim here is to provide a way for the video publisher to prove the integrity of
the video feed as well as make explicit any edits they may have performed. To
do this, I present a novel data structure, a video-edit specification language
and supporting infrastructure that provides end-to-end video provenance, from
the camera sensor to the viewer. I have implemented a prototype of this system
and am in talks with journalists and video editors to discuss the best ways
forward with introducing this idea to the mainstream
PDFS: Practical Data Feed Service for Smart Contracts
Smart contracts are a new paradigm that emerged with the rise of the
blockchain technology. They allow untrusting parties to arrange agreements.
These agreements are encoded as a programming language code and deployed on a
blockchain platform, where all participants execute them and maintain their
state. Smart contracts are promising since they are automated and
decentralized, thus limiting the involvement of third trusted parties, and can
contain monetary transfers. Due to these features, many people believe that
smart contracts will revolutionize the way we think of distributed
applications, information sharing, financial services, and infrastructures.
To release the potential of smart contracts, it is necessary to connect the
contracts with the outside world, such that they can understand and use
information from other infrastructures. For instance, smart contracts would
greatly benefit when they have access to web content. However, there are many
challenges associated with realizing such a system, and despite the existence
of many proposals, no solution is secure, provides easily-parsable data,
introduces small overheads, and is easy to deploy.
In this paper we propose PDFS, a practical system for data feeds that
combines the advantages of the previous schemes and introduces new
functionalities. PDFS extends content providers by including new features for
data transparency and consistency validations. This combination provides
multiple benefits like content which is easy to parse and efficient
authenticity verification without breaking natural trust chains. PDFS keeps
content providers auditable, mitigates their malicious activities (like data
modification or censorship), and allows them to create a new business model. We
show how PDFS is integrated with existing web services, report on a PDFS
implementation and present results from conducted case studies and experiments.Comment: Blockchain; Smart Contracts; Data Authentication; Ethereu
Secure Network Provenance
This paper introduces secure network provenance (SNP), a novel technique that enables networked systems to explain to their operators why they are in a certain state – e.g., why a suspicious routing table entry is present on a certain router, or where a given cache entry originated. SNP provides network forensics capabilities by permitting operators to track down faulty or misbehaving nodes, and to assess the damage such nodes may have caused to the rest of the system. SNP is designed for adversarial settings and is robust to manipulation; its tamper-evident properties ensure that operators can detect when compromised nodes lie or falsely implicate correct nodes. We also present the design of SNooPy, a general-purpose SNP system. To demonstrate that SNooPy is practical, we apply it to three example applications: the Quagga BGP daemon, a declarative implementation of Chord, and Hadoop MapReduce. Our results indicate that SNooPy can efficiently explain state in an adversarial setting, that it can be applied with minimal effort, and that its costs are low enough to be practical
- …