Article Preview
Top1. Introduction
In the past decade, numerous works on data provenance have been reported (O. Q. Zhang et al., 2012)(Imran & Hlavacs, 2012) (Ahmed, Khan, Anjum, Ahmed, & Habib, 2020). The term “data provenance” refers to a record trail that accounts for the origin of information along with an evidence of how and why it came into its present state. Data provenance has been successfully used in numerous domains including healthcare, food production and databases for verification of items and objects (Hammad & Wu, 2014)(Moreau, Batlajery, Huynh, Michaelides, & Packer, 2018) (Guedes, Jesus, Ocaña, Drummond, & de Oliveira, 2020). However, the main challenge in provenance is storage representation since data provenance can grow up to 22 times the size of actual data(Phua & Ko, 2018)(Feng, Li, & Long, 2013). The relationships between entities depend on data sharing, which creates a critical demand for data provenance in various domains. However, security issues have been raised as provenance may contain both sensitive and non-sensitive information. For instance, provenance security deals with issues such as absence of date on an article that can be reused by aggregators (e.g Google News). This can lead to economic losses if the investors misinterpret this information (Cheney, 2011). Therefore, we need to develop a secure framework for data provenance in order to provide authentic access to sensitive information with immutability, transparency, and integrity. Most of the work on provenance security have effectively applied known techniques such as digital signature verification, information flow control, and access control(Cheney, 2011) with centralized storage (third-party) services.
Currently, the third-party services are widely used for provenance data storage by the commercial applications with on demand services. The underlying services of third-party storage are facilitated by different vendors with heterogeneous software and log based services for data provenance (Debruyne, Pandit, Lewis, & O’Sullivan, 2020). The security of these services can be compromised due to unreliable data traceability. Therefore, the data provenance activities demands the assured provenance and distributed infrastructure, where data and its traceability can be easily handled. Thus, it is important not only to protect the data but also to ensure the integrity, immutability, and trustworthiness of the data through provenance.
The Blockchain (BC) is an emerging technology that supports a decentralized and fully distributed ledger of append-only records in a Peer-to-peer (P2P) network. It provides a high level of immutability, security, trust, and integrity to data in a trust-less environment (Ulybyshev et al., 2018) (Y. Zhang, Wu, Jin, & Du, 2017). It is suitable for keeping record trail of ownership transfer in TF owing to its DLT based storage approach. However, its adoption in this application requires careful consideration of roles and access control. Blockchain is categorized into two different types:
- a)
Public, and b) Permissioned blockchain. Public blockchain allows anonymous users to join the blockchain network (Liang et al., 2017) whereas permissioned blockchain allows only known participants to join the network. In our TF, entities cannot be anonymous and are limited to generate a specific type of operations based on their roles. Assurance of the identities of a TF for different traders and their control over the privacy of data compel the use of a permissioned blockchain rather than a public one. We have proposed ownership transfer in a TF using Hyperledger Composer permissioned BC. Recently, most of the research efforts have been made for the provenance management (Hammad & Wu, 2014) (Liang et al., 2017), whereas a few research efforts focused on provenance security (Shweta & Mirajkar, 2017)(Warekuromor, James, Anifowose, & Trodd, 2017).
Along with data provenance, it is also important to maintain provenance security. Hence, there must be some mechanism for safety of information using access control techniques (Tosh, Shetty, Liang, Kamhoua, & Njilla, 2017). Thus, in order to ensure provenance security, we utilize access control language (ACL) rules for the entities (traders) using set theory relationship. The access control rules are designed to manage the resources and their associated policies. It prevents from the unauthorized access of resources. In this proposed model, we have used policies of set-theory (1:1 and N:1) rules to manage the resources.