Individuals, corporations, and governments are brimming with data, but often struggle with verifying and maintaining accuracy. Without the means to easily check the provenance, authenticity, and integrity of data, how can anyone trust the information they receive? How can systems comply with the regulations governing the collection, use, and management of such data?
The benefits of living in the information society vanish if information is untrustworthy. Disinformation campaigns and fake news rely precisely on the historical separation of information from its provenance, that is, on our inability to have assurance of the sources and processes that produce a piece of information. In business, the cost of using bad data is known, even quantifiable1. In society, the increasing difficulty of distinguishing good from bad information makes people sceptical of our capacity to collectively make sound decisions. If information becomes toxic, neither public debate nor democracy can work.
Confidence in the quality of data can be established by providing a transparent mechanism, called data provenance, to check a datum's origin and history of modifications. Although data provenance has been motivated in multiple domains for decades, including scientific workflow, cyber security, healthcare, and forensics, its application to media content (content provenance) has only been made a top priority by government and industry recently, pushed by crises that were fuelled by disinformation, such as the 2020 elections in the United States, the COVID-19 pandemic, and the war in Ukraine.
The imperative of restoring trust in information distributed online, notably by major news sources, has led to the first technical standard for Content Provenance and Authenticity (C2PA), released in June 2022.
Vision
The vision of the PROVTOPIA project is a world where all citizens have the ability to access and the option to contribute to reliable and verifiable digital information without limiting their privacy rights
Goals
Developing a model-driven threat modelling methodology to analyse content provenance systems systematically, formally, and efficiently
This will be achieved by:
- Extending threat models with the capacity to reason about multiple unaligned requirements, notably about privacy threats and provenance goals with regulatory side-conditions.
- Developing analytical methods to assess privacy risk of both centralised and decentralised provenance systems.
- Investigating mechanisms by which both privacy and provenance properties can be simultaneously achieved..
Delivering a verifiable formal specification of a privacy-friendly content provenance system
The PROVTOPIA project will deliver a formal specification that:
- Enable mathematical proofs of correctness for security, privacy, and provenance properties.
- Are amenable to computer-aided formal verification.
- Are expressive enough to capture the C2PA standard and its requirements.
Achieving privacy-friendly content provenance system in a decentralized setting
Considering that no single provider of a provenance solution will be universally trusted, we have the obligation to study a decentralized solution to content provenance by:
- Extending our formal models and proofs to a decentralized setting.
- Showing that security and privacy assurances for content provenance can be given at the implementation level, including the implementation of smart contracts.
Team
Main researcher
Research team
- Dr. Alejandro Estrada Moreno
- Dr. Hebert Pérez Roses
Work team
- Dr. Olga Gadyatskaya, Leiden University, The Netherlands
- Dr. Sasa Radomirovic, Surrey University, The United Kingdom
- Dr. Jesse Laeuchli, UNSW Sydney, Australia
- Dr. Sjouke Mauw, University of Luxembourg
- Dr. Depeng Chen, URV
- Mauro Clavijo, URV
- Mario Carrillo, URV