Securing Provenance of Distributed Processes in an Untrusted Environment
スポンサーリンク
概要
- 論文の詳細を見る
Recently, there is much concern about the provenance of distributed processes, that is about the documentation of the origin and the processes to produce an object in a distributed system. The provenance has many applications in the forms of medical records, documentation of processes in the computer systems, recording the origin of data in the cloud, and also documentation of human-executed processes. The provenance of distributed processes can be modeled by a directed acyclic graph (DAG) where each node represents an entity, and an edge represents the origin and causal relationship between entities. Without sufficient security mechanisms, the provenance graph suffers from integrity and confidentiality problems, for example changes or deletions of the correct nodes, additions of fake nodes and edges, and unauthorized accesses to the sensitive nodes and edges. In this paper, we propose an integrity mechanism for provenance graph using the digital signature involving three parties: the process executors who are responsible in the nodes' creation, a provenance owner that records the nodes to the provenance store, and a trusted party that we call the Trusted Counter Server (TCS) that records the number of nodes stored by the provenance owner. We show that the mechanism can detect the integrity problem in the provenance graph, namely unauthorized and malicious “authorized” updates even if all the parties, except the TCS, collude to update the provenance. In this scheme, the TCS only needs a very minimal storage (linear with the number of the provenance owners). To protect the confidentiality and for an efficient access control administration, we propose a method to encrypt the provenance graph that allows access by paths and compartments in the provenance graph. We argue that encryption is important as a mechanism to protect the provenance data stored in an untrusted environment. We analyze the security of the integrity mechanism, and perform experiments to measure the performance of both mechanisms.
- 2012-07-01
著者
-
Nishide Takashi
Department Of Informatics Kyushu University
-
Syalim Amril
Department Of Informatics Kyushu University
-
Sakurai Kouichi
Department Of Applied Science Faculty Of Engineering 36 Kyushu University
-
SAKURAI Kouichi
Department of Informatics, Kyushu University
関連論文
- On Non-Pseudorandomness from Block Ciphers with Provable Immunity Against Linear Cryptanalysis (Special Section on Cryptography and Information Security)
- Password-Authenticated Key Exchange for Multi-Party with Different Passwords Using a Constant Number of Rounds
- Password-Authenticated Key Exchange for Multi-Party with Different Passwords Using a Constant Number of Rounds
- Analysis and Comparison of Crytographic Techniques in E-voting and E-auction
- Reliable Key Distribution Scheme for Lossy Channels
- D-031 Preserving Integrity and Confidentiality of a Directed Acyclic Graph Model of Provenance
- Private Data Clustering based on Secure Approximation
- Analysis and Design for Private Message Board Systems
- On the Complexity of the Discrete Logarithm for a General Finite Group (Special Section on Cryptography and Information Security)
- Improved Subset Difference Method with Ternary Tree
- Towards a Fairness Multimedia Transmission Using Layered-Based Multicast Protocol
- On the Vulnerability of Exponent Recodings for the Exponentiation against Side Channel Attacks(Tamper-Resistance)(Cryptography and Information Security)
- Proposal and Analysis of a Distributed Online Certificate Status Protocol with Low Communication Cost(Application)(Cryptography and Information Security)
- Analysis and Design for Private Message Board Systems (Applications) (Cryptography and Information Security)
- Special Section on Discrete Mathematics and Its Applications
- Elliptic curve ElGamal Threshold-based Key Management Scheme against Compromise of Distributed RSUs for VANETs
- Securing Provenance of Distributed Processes in an Untrusted Environment
- Elliptic curve ElGamal Threshold-based Key Management Scheme against Compromise of Distributed RSUs for VANETs
- Equivalence problem and automorphisms of some abelian branched coverings of the Riemann sphere