Prov-Trust: Towards a Trustworthy SGX-based Data Provenance System

Nesrine Kaaniche, Sana Belguith, Maryline Laurent, Ashish Gehani, Giovanni Russello


Data provenance refers to records of the inputs, entities, systems, and processes that influence data of interest, providing a historical record of the data and its origins. Secure data provenance is vital to ensure accountability, forensics investigation of security attacks and privacy preservation. In this paper, we propose Prov-Trust, a decentralized and auditable SGX-based data provenance system relying on highly distributed ledgers. This consensually shared and synchronized database allows anchored data to have public witness, providing tamper-proof provenance data, enabling the transparency of data accountability, and enhancing the secrecy and availability of the provenance data. Prov-Trust relies on Intel SGX enclave to ensure a trusted execution of the provenance kernel to collect, store and query provenance records. The use of SGX enclave protects data provenance and users’ credentials against malicious hosting and processing parties. Prov-Trust does not rely on a trusted third party to store provenance data while performing their verification using smart contracts and voting process. The storage of the provenance data in Prov-Trust is done using either the log events of Smart Contracts or blockchain’s transactions depending on the provenance change event, which enables low storage costs. Finally, Prov-Trust ensures an accurate privacy-preserving auditing process based on blockchain traces and achieved thanks to events’ logs that are signed by SGX enclaves, transactions being registered after each vote session, and sealing the linking information using encryption schemes.


Paper Citation