Secure and Efficient Distributed Network Provenance for IoT: A Blockchain-Based Approach

Network provenance is essential for Internet-of-Things (IoT) network administrators to conduct the network diagnostics and identify root causes of network errors. However, the distributed nature of the IoT network results in the management of the provenance data at different trust domains, which poses concerns on the security and trustworthiness of the cross-domain network diagnostics. In this article, we propose a blockchain-based architecture for secure and efficient distributed network provenance (SEDNP) in the IoT. Instead of directly storing and querying the whole provenance data on the blockchain with prohibitive implementation cost, we introduce a unified provenance query model and develop a provenance digest strategy that: 1) enables compact (constant size) on-blockchain digests of provenance data and a multilevel index regardless of provenance data volume and 2) ensures the correctness and integrity of provenance query results through the verification of the on-blockchain digests. We formally define the security requirements as Archiving Security along with thorough security analysis. Moreover, we conduct extensive experiments with the integration of a verifiable computation (VC) framework and a blockchain testing network. The experimental results are provided as performance benchmarks to demonstrate the application feasibility of SEDNP.

[1]  Cong Wang,et al.  Efficient verifiable fuzzy keyword search over encrypted data in cloud computing , 2013, Comput. Sci. Inf. Syst..

[2]  Jianliang Xu,et al.  vChain: Enabling Verifiable Boolean Range Queries over Blockchain Databases , 2018, SIGMOD Conference.

[3]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[4]  Sachin Shetty,et al.  ProvChain: A Blockchain-Based Data Provenance Architecture in Cloud Environment with Enhanced Privacy and Availability , 2017, 2017 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID).

[5]  David M. Eyers,et al.  Runtime Analysis of Whole-System Provenance , 2018, CCS.

[6]  Jonathan Katz,et al.  ALITHEIA: Towards Practical Verifiable Graph Processing , 2014, CCS.

[7]  Yang Wu,et al.  Zeno: Diagnosing Performance Problems with Temporal Provenance , 2019, NSDI.

[8]  Aggelos Kiayias,et al.  Ouroboros Praos: An Adaptively-Secure, Semi-synchronous Proof-of-Stake Blockchain , 2018, EUROCRYPT.

[9]  Tigang Jiang,et al.  Blockchain-Based Internet of Vehicles: Distributed Network Architecture and Performance Analysis , 2019, IEEE Internet of Things Journal.

[10]  Jia Shi,et al.  Multiobjective Optimization Based Sensor Selection for TDOA Tracking in Wireless Sensor Network , 2019, IEEE Transactions on Vehicular Technology.

[11]  Stefan Tai,et al.  ZoKrates - Scalable Privacy-Preserving Off-Chain Computations , 2018, 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[12]  Biplab Sikdar,et al.  Data Provenance for IoT With Light Weight Authentication and Privacy Preservation , 2019, IEEE Internet of Things Journal.

[13]  Cédric Fournet,et al.  Hash First, Argue Later: Adaptive Verifiable Computations on Outsourced Data , 2016, CCS.

[14]  Andreas Haeberlen,et al.  Data Provenance at Internet Scale: Architecture, Experiences, and the Road Ahead , 2017, CIDR.

[15]  Andreas Haeberlen,et al.  The Good, the Bad, and the Differences: Better Network Diagnostics with Differential Provenance , 2016, SIGCOMM.

[16]  Ding Li,et al.  NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage , 2019, NDSS.

[17]  Honggang Wang,et al.  An Integrated Wearable Sensor for Unobtrusive Continuous Measurement of Autonomic Nervous System , 2019, IEEE Internet of Things Journal.

[18]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[19]  Craig Gentry,et al.  Pinocchio: Nearly Practical Verifiable Computation , 2013, 2013 IEEE Symposium on Security and Privacy.

[20]  Xiaodong Lin,et al.  Privacy-Preserving Traffic Monitoring with False Report Filtering via Fog-Assisted Vehicular Crowdsensing , 2019, IEEE Transactions on Services Computing.

[21]  Mauro Conti,et al.  Blockchain-Enabled Secure Energy Trading With Verifiable Fairness in Industrial Internet of Things , 2020, IEEE Transactions on Industrial Informatics.

[22]  Qian Wang,et al.  Augmenting Encrypted Search: A Decentralized Service Realization with Enforced Execution , 2019, IEEE Transactions on Dependable and Secure Computing.

[23]  Jianliang Xu,et al.  GEM^2-Tree: A Gas-Efficient Structure for Authenticated Range Queries in Blockchain , 2019, 2019 IEEE 35th International Conference on Data Engineering (ICDE).

[24]  Cong Wang,et al.  Searching an Encrypted Cloud Meets Blockchain: A Decentralized, Reliable and Fair Realization , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[25]  Xiaodong Lin,et al.  Enabling Strong Privacy Preservation and Accurate Task Allocation for Mobile Crowdsensing , 2018, IEEE Transactions on Mobile Computing.

[26]  Pin-Han Ho,et al.  An Efficient Identity-Based Batch Verification Scheme for Vehicular Sensor Networks , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[27]  Yuting Wu,et al.  An Index-Based Provenance Compression Scheme for Identifying Malicious Nodes in Multihop IoT Network , 2020, IEEE Internet of Things Journal.

[28]  Elaine Shi,et al.  xJsnark: A Framework for Efficient Verifiable Computation , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[29]  Jian Weng,et al.  Toward Blockchain-Based Fair and Anonymous Ad Dissemination in Vehicular Networks , 2019, IEEE Transactions on Vehicular Technology.

[30]  Xiaodong Lin,et al.  Anonymous Reputation System for IIoT-Enabled Retail Marketing Atop PoS Blockchain , 2019, IEEE Transactions on Industrial Informatics.

[31]  Andreas Haeberlen,et al.  Secure network provenance , 2011, SOSP.

[32]  Adam O'Neill,et al.  Privacy-preserving Network Provenance , 2017, Proc. VLDB Endow..

[33]  Rui Hu,et al.  A survey on data provenance in IoT , 2019, World Wide Web.

[34]  Feng Lyu,et al.  Edge Coordinated Query Configuration for Low-Latency and Accurate Video Analytics , 2020, IEEE Transactions on Industrial Informatics.

[35]  Petar Tsankov,et al.  zkay: Specifying and Enforcing Data Privacy in Smart Contracts , 2019, CCS.

[36]  Cong Wang,et al.  Enabling Reliable Keyword Search in Encrypted Decentralized Storage with Fairness , 2018, IEEE Transactions on Dependable and Secure Computing.

[37]  Shashank Agrawal,et al.  Non-Interactive Zero-Knowledge Proofs for Composite Statements , 2018, IACR Cryptol. ePrint Arch..

[38]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[39]  Matthew Green,et al.  A multi-party protocol for constructing the public parameters of the Pinocchio zk-SNARK , 2018, IACR Cryptol. ePrint Arch..