Chaining for securing data provenance in distributed information networks

Entities in an information communication network may use various types of collaborative networking for sharing information such as documents, sensing reports, datasets, etc. The derivation history (i.e., the provenance) of the information plays a very important role in such a networking environment. For example, provenance can be used for information trustworthiness assessment, copyright clearance, data reconciliation, and data replication. While substantial research efforts have focused on these usages of provenance, very limited work has focused on the security issues of the provenance, which is the prerequisite of any provenance-based information analysis systems. In this paper, we explore the security properties of provenance meta-data compared to other general user data in a distributed network environment. We introduce a “chain-structure” provenance scheme to provide security assurance for the provenance meta-data in three dimensions - confidentiality, integrity and availability. Our scheme outperforms the previously proposed “onion-structure” provenance security scheme in terms of the flexibility, protection capability as well as computational overhead.