ProvChain: A Blockchain-based Data Provenance Architecture in Cloud Environment

Cloud data provenance is metadata that records the history of the creation and operations performed on a cloud data object. Secure data provenance is crucial for data accountability, forensics and privacy. In this talk, I will present a decentralized and trusted cloud data provenance architecture using blockchain technology. Blockchain technology has attracted tremendous interest from a wide range of stakeholders, including finance, healthcare, utilities, real estate and government agencies. By design, the blockchain technology is a distributed peer-to-peer ledger-like service that provides many benefits for applications that require functions such as distributed consensus agreement, verifiability and audit, creation of digital assets, ownership transfer of such assets, traceability of transfers of assets, and provenance establishment over such digital assets. Furthermore, blockchain technology can provide secure information exchange in cloud computing environment and assured data provenance and attribution. Blockchain-based data provenance can provide tamper-proof records, enable the transparency of data accountability in the cloud, and help to enhance the privacy and availability of the provenance data. With blockchain based cloud data provenance service, all data operations are transparently and permanently recorded. Thus, the trust between users and cloud service providers can easily be established. Furthermore, maintaining provenance can assist in improving the trust of cloud users toward cyber-threat information sharing to enable proactive cyber defense at a reduced security investment. We make use of the cloud storage scenario and choose the cloud file as a data unit to detect user operations for collecting provenance data. We design and implement ProvChain, an architecture to collect and verify cloud data provenance, by embedding the provenance data into blockchain transactions. We implemented the ProvChain on ownCloud (open source cloud storage platform) and have developed a prototype in form of a web service using Tierion (Blockchain development platform) . Results from performance evaluation demonstrate that ProvChain provides security features including tamper-proof provenance, user privacy and reliability with low overhead for the cloud storage applications.