The document describes SECProv, a system for securely managing provenance data in untrusted clouds. It presents a generic provenance model called CloProv and identifies attacks from dishonest cloud providers and users. SECProv addresses these by constructing provenance chains using hash chains and aggregate signatures, and publishing system provenance proofs. It was implemented on OpenStack Swift for efficiency evaluations, showing overhead of only 2% compared to 5.7% for prior work. SECProv provides integrity and privacy for provenance records in untrusted clouds.

1. SECProv: Trustworthy and Efficient Provenance
Management in the Cloud
http://secret.cis.uab.edu
Authors: Shams Zawoad, Ragib Hasan, and Kamrul Islam
Presenter: Mahmud Hossain
Department of Computer and Information Sciences
University of Alabama at Birmingham
INFOCOM 2018
SECuRE and Trustworthy computing Lab
Department of CIS, UAB
http://secret.cis.uab.edu

2. Outline
 Background
 A generic provenance model
 Attacks on the provenance model
 A secure provenance scheme
 Implementation
 Experimental results
 Conclusion
2

3. 3
Cloud Computing
Cloud
Services
SaaS
PaaSIaaS

4. 4
Cloud Forensics
Malicious Cloud
Computing
Malicious Users
Malicious Service Providers
Dishonest Cloud Providers
Contraband
Documents
Services & Apps
False
Information
 Forensic investigation finding facts
 Evidence collection and preservation
 Evidence acquisition

5. 5
Motivation
Trustworthy provenance management can make the cloud
more accountable
Research Problem: efficiently & securely manage provenance
records when cloud provider is dishonest
 CloProv – a generic block-based model to record provenance data
 SecProv - a secure data provenance scheme based on CloProv
 Use aggregate signature
 Hash-chain
 Proof-publishing
Contribution

6. 6
CloProv: A generic, efficient provenance model
PBo1
eo
PRo1e0
0
Provenance Chain
PRo1e0
n1
PBo2
eo
PRo2e0
0
Provenance Chain
PRo2e0
n2 …"…" SPe0%
PBo1
e1
PRo1e1
0
Provenance Chain
PRo1e1
n3
PBo2
e1
PRo2e1
0
Provenance Chain
PRo2e1
n4 SPe1%…"…"
.".".""."
Provenance Block Chain
Block chain
Provenance Block (PB)
Provenance Chain
Entity Activity
Agent State
Provenance Record (PR)
Provenance Block Chain
System Provenance (SP)
Proof of System Provenance
Entity-1 Entity-2
Time
T1
T2

7. 7
:document Di
a prov:Entity
prov:wasAttributedTo :Ui
prov:wasGeneratedBy:documentWriteActivity
prov:value Hash(Si)
:Ui
a foaf:Person, prov:Agent;
foaf:openid ”Unique ID of Ui”;
:documentWriteActivity
a prov:Activity;
prov:startedAtTime Ti xsd:dateTime;
wasAssociatedWith :Ui
:changeInfo
a prov:Entity
prov:value EncKi (CSi)
prov:wasDerivedFrom :document Di
:sessionKey
a prov:Entity
prov:value EncP KA (Ki)
Definition of a Provenance Record in SECProv
using W3C PROV Ontology

8. 8
Possible attacks on CloProv model
 Key Assumption: Cloud provider can be dishonest and
collude with users to tamper with the provenance data
Integrity
Confidentiality
Provenance record and provenance chain
alteration
Provenance block and block chain
alteration
Repudiation

9. 9
Possible attacks on CloProv model
 Key Assumption: Cloud provider can be dishonest and
collude with users to tamper with the provenance data
Integrity
Confidentiality
Data leakage through change history
Unauthorized access
Inference from published proof
How can we secure the CloProv model from various attacks?

10. 10
SECProv: A Secure Data Provenance Scheme
based on CloProv
PRe0
0 PRe0
1 PRe0
n1
. . .
Provenance Chain:
Aggregate Signature σ
Provenance Block (PBo
eo)
Current Hash-Chain Value
Hash of Previous Block
Block Identity
Set of Provenance Records
 A secure data provenance scheme
for cloud-based, multi-user, shared
data storage systems.
 Use secure provenance chain and
aggregate signature schemes

11. 11
Provenance Chain Construction in SECProv
PRε
0
0 PRε
0
1 PRε
0
n1. . .
Provenance Chain: Aggregate Signature σ
Provenance Block (PBε
0)
Current Hash-Chain ValueHash of Previous BlockBlock ID
Set of Provenance Records
 Prepare provenance record using the definition
Confidential data are encrypted using session key, session key is
encrypted with auditor’s public key.
 Generate Hash-chain:
HCi ← Hash(Pri | HCi−1), where i ≥ 1
 Generate aggregate signature from Hash-chain values
hi ← H(HCi)  σi ← hxj  σ←σ×σi, where i≥1 (i=0, σ ← σi)
Ensures authenticity, integrity, and chain of custody of provenance records

12. 12
System Provenance Construction in SECProv
Provenance Block 1e
Provenance Block 2e
Provenance Block ne
.
.
.
1
1
0
1
1
0
0
0
1
1
0
1
Generate system provenance of an epoch using accumulator scheme
Bloom Filter (SPe)
Proof of System Provenance (PSPe) = <SPe,Tp,SigSKC(SPe,Tp)>
Ensures integrity and chain of custody of Provenance Blocks

13. 13
Integrity Verification in SECProv
Block Verification
Provenance Block Chain
Verification
Provenance Record Chain
Verification
VerifyProof(PSPe,PKC)
//check the signature of
the published proof
IntegrityBloom (PBi,SPe)
//check the membership
of each block in the
published proof

14. 14
Integrity Verification in SECProv
Block Verification
Provenance Block Chain
Verification
Provenance Record Chain
Verification
VerifyBlockChain (List of
provenance blocks, PKC )
//for each block run the
VerifyProof and
IntegrityBloom procedures
//BC value of each block
must equal to the hash of
its previous block.

15. 15
Integrity Verification in SECProv
Block Verification
Provenance Block Chain
Verification
Provenance Record Chain
Verification
VerifyProvChain
(ProvenanceBlock, HPBprev,
σ, g2 ):
//verify the provenance
chain (aggregate
signature) of the block
Sj = {h0, . . . hn}, hi are
the provenance record,
where Uj is the actor.
hi ← H(HCi)
nuj = |Sj|
M = |U|
Vj is the public key of
user Uj.

16. 16
 Provenance records
 Alteration
 Insertion
 Deletion
 Reordering
 Provenance block deletion, reordering
 Provenance switching
 Repudiation
 Privacy violation
SECProv Protects

17. Outline
 Background
 A generic provenance model
 Attacks on the provenance model
 A secure provenance scheme
 Implementation
 Experimental results
 Conclusion
17

18. 18
SECProv Integration with OpenStack Swift
Provenance Gateway
System Provenance
Manager
Swift Storage
Provenance
Handler
Provenance
Database
SMThread
APIRequestHandler
Forward PUT/DELETE Request
SMThread
Message Queue
Epoch
Epoch
Blocks

19. 19
Client
OpenStack
Swift
PrepProvRecord
Provenance
Gateway
Setup phase [keys]
PUT
GET
PRi, HCi-1
GenHashChain
Sign
HCi, σi
AppendtoProvChain
PUT
SECProv Workflow

20. 20
SECProv+Swift on Amazon Cloud
Provenance
Database
API
Request
Handler
m4.large
52.90.251.154
System
Provenance
Manager
m1.medium
52.90.237.238
Swift
Storage
Amazon SQS
Message
Queue
Provenance
Handler

21. Performance Comparison with State-of-the-art
21
0 10000 20000 30000 40000 50000
File Size (KB)
0
5
10
15
20
25
30
35
%Overhead
Epoch 1 min
Epoch 2 min
Epoch 4 min
SProv
SECProv ~2%
Sprov[1] 5.7%
Overhead for uploading new files
100 500 1000 2000
No of Operations
0
20
40
60
80
100
120
RatioofStorageOverheadSProv/SECProv
Epoch 1 min
Epoch 2 min
Epoch 4 min
Storage overhead ratio
SECProv 10-110 Times
storage efficient
[1] Ragib Hasan, Radu Sion, Marianne Winslett, The Case of the Fake Picasso: Preventing
History Forgery with Secure Provenance, USENIX FAST, 2009

22. Conclusion
22
 A novel provenance model – CloProv to capture the
provenance of various entities in clouds.
 Threat model on CloProv considering the CSPs as malicious
and collusion between CSPs and malicious users.
 A novel secure data provenance scheme for cloud – SECProv
 Demonstrate the practical implementation and efficiency of
the proposed solution on OpenStack Swift storage.

23. 23
Thank You
SECuRE and Trustworthy computing Lab
Department of CIS, UAB
http://secret.cis.uab.edu
Contact: ragib@uab.edu & szawoad42@gmail.com
secret.cis.uab.edu