Securing Data Provenance in Internet of Things (IoT) Systems

  • Nathalie Baracaldo
  • Luis Angel D. Bathen
  • Roqeeb O. Ozugha
  • Robert Engel
  • Samir Tata
  • Heiko Ludwig
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10380)


The Internet of Things (IoT) promises to yield a plethora of new innovative applications based on highly interconnected devices. In order to enable IoT applications for critical and/or sensitive use cases, it is important to (i) foster their dependability by assuring and verifying the integrity and correctness of data processed in such applications, and (ii) adequately account for privacy and confidentiality concerns. For addressing these requirements, IoT systems can be equipped with data provenance mechanisms for maintaining information on the lineage and ownership of data. However, in order to provide secure and dependable IoT systems, provenance data needs to be sufficiently protected against tampering and unauthorized access. In this paper, we present a novel framework for cryptographic provenance data protection and access control based on blockchain technology and confidentiality policies.


IoT Provenance Security Blockchain Keyless signature Access control 


  1. 1.
    Gadelha, J., et al.: Kairos: an architecture for securing authorship and temporal information of provenance data in grid-enabled workflow management systems. In: eScience 2008 (2008)Google Scholar
  2. 2.
    Braun, U., Shinnar, A., Seltzer, M.I.: Securing provenance. In: HotSec (2008)Google Scholar
  3. 3.
    Buldas, A., Kroonmaa, A., Laanoja, R.: Keyless signatures’ infrastructure: how to build global distributed hash-trees. In: Riis Nielson, H., Gollmann, D. (eds.) NordSec 2013. LNCS, vol. 8208, pp. 313–320. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-41488-6_21 CrossRefGoogle Scholar
  4. 4.
    Buldas, A., Truu, A., Laanoja, R., Gerhards, R.: Efficient record-level keyless signatures for audit logs. In: Bernsmed, K., Fischer-Hübner, S. (eds.) NordSec 2014. LNCS, vol. 8788, pp. 149–164. Springer, Cham (2014). doi: 10.1007/978-3-319-11599-3_9 Google Scholar
  5. 5.
    Buneman, P., Khanna, S., Wang-Chiew, T.: Why and where: a characterization of data provenance. In: Van den Bussche, J., Vianu, V. (eds.) ICDT 2001. LNCS, vol. 1973, pp. 316–330. Springer, Heidelberg (2001). doi: 10.1007/3-540-44503-X_20 CrossRefGoogle Scholar
  6. 6.
    Gartner: Gartner says worldwide IoT security spending to reach $348 million in 2016 (2016).
  7. 7.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 89–98. ACM (2006)Google Scholar
  8. 8.
    Gubbi, J., Buyya, R., Marusic, S., Palaniswami, M.: Internet of Things (IoT): a vision, architectural elements, and future directions. Future Gen. Comp. Sys. 29(7), 1645–1660 (2013)CrossRefGoogle Scholar
  9. 9.
    Hasan, R., Sion, R., Winslett, M.: The case of the fake picasso: preventing history forgery with secure provenance. FAST 9, 1–14 (2009)Google Scholar
  10. 10.
    IBM: IBM bluemix (2016).
  11. 11.
    Linux Foundation: The Hyperledger Project (2016).
  12. 12.
    Muniswamy-Reddy, K.K., Seltzer, M.: Provenance as first class cloud data. ACM SIGOPS Oper. Syst. Rev. 43(4), 11–16 (2010)CrossRefGoogle Scholar
  13. 13.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008).
  14. 14.
    Rangwala, M., Liang, Z., Peng, W., Zou, X., Li, F.: A mutual agreement signature scheme for secure data provenance. Environments 13, 14Google Scholar
  15. 15.
    Rodrigues, R., Liskov, B.: High availability in DHTs: erasure coding vs. replication. In: Castro, M., van Renesse, R. (eds.) IPTPS 2005. LNCS, vol. 3640, pp. 226–239. Springer, Heidelberg (2005). doi: 10.1007/11558989_21 CrossRefGoogle Scholar
  16. 16.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). doi: 10.1007/11426639_27 CrossRefGoogle Scholar
  17. 17.
    Wang, X., Zeng, K., Govindan, K., Mohapatra, P.: Chaining for securing data provenance in distributed information networks. In: MILCOM 2012, pp. 1–6 (2012)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Nathalie Baracaldo
    • 1
  • Luis Angel D. Bathen
    • 1
  • Roqeeb O. Ozugha
    • 2
  • Robert Engel
    • 1
  • Samir Tata
    • 1
  • Heiko Ludwig
    • 1
  1. 1.Almaden Research Center, IBM ResearchSan JoseUSA
  2. 2.Dakota State UniversityMadisonUSA

Personalised recommendations