Amanuensis: provenance, privacy, and permission in TEE-enabled blockchain data systems

Amanuensis, a TEE-enabled blockchain data-sharing system, allows data providers to set access-control lists for all data and ensures that data remains confidential in an ecosystem comprised of organizations that do not necessarily trust one another. Along with data confidentiality, Amanuensis provides information provenance – the ability to trace the origin of information that may have been derived from a series of aggregations and transformations on many input and intermediary data sets – for data created as the result of a computation. In this paper, we build on Amanuensis to ensure the freshness of access-control lists shared between the blockchain and the trusted execution environment (TEE), and to improve the privacy of users interacting within the system. We also detail how TEE-based remote attestation helps us to achieve information provenance – specifically, how to achieve information provenance in the context of the Intel SGX trusted execution environment. The paper makes three major contributions:

  • assured freshness of access-control lists stored on the blockchain,
  • expanded privacy for users interacting on blockchain, and
  • secured protocol for verifying the provenance of data produced by confidential TEE programs.

Taylor Hardin and David Kotz. Amanuensis: provenance, privacy, and permission in TEE-enabled blockchain data systems. Proceedings of the IEEE International Conference on Distributed Computing Systems, pages 144–156. IEEE, July 2022. doi:10.1109/ICDCS54860.2022.00023. ©Copyright IEEE.

New THaW Dissertation: ‘Information Provenance for Mobile Health Data’

We are proud to announce a THaW team members’ successful dissertation. Dr. Taylor Hardin’s dissertation focuses on an end-to-end solution for providing information provenance for mHealth data, which begins by securing mHealth data at its source: the mHealth device. 

The dissertation describes a memory-isolation method that combines compiler-inserted code and Memory Protection Unit (MPU) hardware to protect application code and data on ultra-low-power micro-controllers. The security of mHealth data outside of the source (e.g., data that has been uploaded to smartphone or remote-server) is then addressed with Amanuensis, a health-data system, which uses Blockchain and Trusted Execution Environment (TEE) technologies to provide confidential, yet verifiable, data storage and computation for mHealth data. The use of blockchain and TEEs introduce identity privacy and data freshness issues, which are explored. A privacy-preserving solution for blockchain transactions, and a freshness solution for data access-control lists retrieved from the blockchain are presented.

To learn more, check out Dr. Taylor Hardin’s dissertation below. 

Hardin, Taylor A., “Information Provenance for Mobile Health Data” (2022). Dartmouth College Ph.D Dissertations. 79.