BibTeX for papers by David Kotz; for complete/updated list see https://www.cs.dartmouth.edu/~kotz/research/papers.html @Misc{hardin:patent1, author = {Taylor Hardin and David Kotz}, title = {{Data system with information provenance}}, howpublished = {U.S. Patent 12,244,726}, year = 2025, month = {March}, day = 4, URL = {https://www.cs.dartmouth.edu/~kotz/research/hardin-patent1/index.html}, note = {Priority date March 2, 2020. Application March 2, 2021. Issued March 4, 2025.}, abstract = {A secure, integrated data system and method users both blockchain and Trusted Execution Environment (TEE) technologies to achieve information provenance for data, particularly, mobile health device data. Using a blockchain to record and enforce data access policies removes the need to trust a single entity with gatekeeping the health data. Instead, participants form a consortium and collectively partake in verifying and enforcing access policies for data stored in private data silos. Data access and computation takes place inside of TEEs, which preserves data confidentiality and provides a verifiable attestation that can be stored on the blockchain for the purpose of information provenance.}, } @InProceedings{hardin:amanuensis2, author = {Taylor Hardin and David Kotz}, title = {{Amanuensis: provenance, privacy, and permission in TEE-enabled blockchain data systems}}, booktitle = {{Proceedings of the IEEE International Conference on Distributed Computing Systems}}, year = 2022, month = {July}, pages = {144--156}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/ICDCS54860.2022.00023}, URL = {https://www.cs.dartmouth.edu/~kotz/research/hardin-amanuensis2/index.html}, abstract = { Blockchain technology is heralded for its ability to provide transparent and immutable audit trails for data shared among semi-trusted parties. With the addition of smart contracts, blockchains can track and verify arbitrary computations -- which enables blockchain users to verify the provenance of information derived from data through the blockchain. This provenance comes at the cost of data confidentiality and user privacy, however, which is unacceptable for many sensitive applications. The need for verifiable yet confidential data sharing and computation has led some to add trusted execution environment (TEE) hardware to blockchain platforms. By moving sensitive operations (e.g., data decryption and analysis) off of the blockchain and into a TEE, they get both the confidentiality of TEEs and the transparency of blockchains without the need to completely trust any one party in the data-sharing ecosystem.In this paper, we build on our TEE-enabled blockchain data-sharing system, Amanuensis, to ensure the freshness of access-control lists shared between the blockchain and TEE, and to improve the privacy of users interacting within the system. We also detail how TEE-based remote attestation help us to achieve information provenance -- specifically, how to achieve information provenance in the context of the Intel SGX trusted execution environment. Finally, we present an evaluation of our system, in which we test several real-world machine-learning applications (logistic regression, kNN, SVM) to determine the run-time overhead of information confidentiality and provenance. Each machine-learning program exhibited a slowdown between 1.1 and 2.8x when run inside of our confidential environment, and took an average of 59 milliseconds to verify the provenance of an input data set.}, } @PhdThesis{hardin:thesis, author = {Taylor Hardin}, title = {{Information Provenance for Mobile Health Data}}, school = {Dartmouth Computer Science}, year = 2022, month = {May}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/hardin-thesis/index.html}, abstract = { Mobile health (mHealth) apps and devices are increasingly popular for health research, clinical treatment and personal wellness, as they offer the ability to continuously monitor aspects of individuals' health as they go about their everyday activities. Many believe that combining the data produced by these mHealth apps and devices may give healthcare-related service providers and researchers a more holistic view of an individual's health, increase the quality of service, and reduce operating costs. For such mHealth data to be considered useful though, data consumers need to be assured that the authenticity and the integrity of the data has remained intact --- especially for data that may have been created through a series of aggregations and transformations on many input data sets. In other words, \emph{information provenance} should be one of the main focuses for any system that wishes to facilitate the sharing of sensitive mHealth data. Creating such a trusted and secure data sharing ecosystem for mHealth apps and devices is difficult, however, as they are implemented with different technologies and managed by different organizations. Furthermore, many mHealth devices use ultra-low-power micro-controllers, which lack the kinds of sophisticated Memory Management Units (MMUs) required to sufficiently isolate sensitive application code and data. \par In this thesis, we present an end-to-end solution for providing information provenance for mHealth data, which begins by securing mHealth data at its source: the mHealth device. To this end, we devise a memory-isolation method that combines compiler-inserted code and Memory Protection Unit (MPU) hardware to protect application code and data on ultra-low-power micro-controllers. Then we address the security of mHealth data outside of the source (e.g., data that has been uploaded to smartphone or remote-server) with our health-data system, Amanuensis, which uses Blockchain and Trusted Execution Environment (TEE) technologies to provide confidential, yet verifiable, data storage and computation for mHealth data. Finally, we look at identity privacy and data freshness issues introduced by the use of blockchain and TEEs. Namely, we present a privacy-preserving solution for blockchain transactions, and a freshness solution for data access-control lists retrieved from the blockchain. }, } @Article{hardin:amanuensis, author = {Taylor Hardin and David Kotz}, title = {{Amanuensis: Information Provenance for Health-Data Systems}}, journal = {Journal of Information Systems Management and Security}, year = 2021, month = {March}, volume = 58, number = 2, articleno = 102460, numpages = 21, publisher = {Elsevier}, copyright = {Elsevier}, DOI = {10.1016/j.ipm.2020.102460}, URL = {https://www.cs.dartmouth.edu/~kotz/research/hardin-amanuensis/index.html}, abstract = {Mobile health (mHealth) apps and devices are increasingly popular for health research, clinical treatment, and personal wellness, as they offer the ability to continuously monitor aspects of individuals' health as they go about their everyday activities. Combining the data produced by these mHealth devices may give healthcare providers a more holistic view of a patient's health, increase the level of patient care, and reduce operating costs. Creating a trusted and secure data sharing ecosystem for mHealth devices is difficult, however, as devices are implemented with different technologies and managed by different organizations. To address these issues, we present \emph{Amanuensis:} a concept for a secure, integrated healthcare data system that leverages Blockchain and Trusted Execution Environment (TEE) technologies to achieve information provenance for mHealth data. By using a blockchain to record and enforce data-access policies, we remove the need to trust a single entity with gate-keeping the health data. Instead, participating organizations form a consortium to share responsibility for verifying data integrity and enforcing access policies for data stored in private data silos. Data accesses and computations take place inside of TEEs to preserve data confidentiality and to provide a verifiable attestation report that can be stored on the blockchain for the purpose of information provenance. We evaluate a prototype implementation of Amanuensis -- built using Intel SGX trusted execution hardware and the VeChain Thor blockchain platform -- which shows that Amanuensis is capable of supporting up to 14,256,000 mHealth data sources at \$0.07 per data source per day.}, } @InProceedings{hardin:blockchain-survey, author = {Taylor Hardin and David Kotz}, title = {{Blockchain in Healthcare Data Systems: a Survey}}, booktitle = {{Proceedings of the International Conference on Internet of Things: Systems, Management and Security (IOTSMS)}}, year = 2019, month = {October}, pages = {490--497}, publisher = {IEEE}, copyright = {IEEE}, location = {Granada, Spain}, DOI = {10.1109/IOTSMS48152.2019.8939174}, URL = {https://www.cs.dartmouth.edu/~kotz/research/hardin-blockchain-survey/index.html}, abstract = {There has been increasing interest in connecting disjointed Electronic Medical Records, mobile health data, and related health data systems for the purpose of improving preventative and precision medicine, while also providing individuals with greater access and control to their data. Blockchains provide data transparency, immutability, and decentralized trust -- making them a promising solution to the interoperability and security issues faced by such health data systems. Several papers have proposed the use of blockchain technology in healthcare to determine its viability as a solution and to identify potential applications and challenges. We build upon their work by 1) presenting implementation details related to blockchain applications in health data systems, 2) discussing the security, privacy, and performance trade-offs of each, and 3) identifying a set of research questions regarding the use of blockchain technology in health data systems. We find that blockchain-based healthcare research should place greater emphasis on real-world deployments and testing, smart-contract security, efficient and usable audit tools, blockchain governance, and adherence to healthcare data regulations and standards.}, }