AudiWFlow: Confidential, collusion-resistant auditing of distributed workflows

We discuss the problem of accountability when multiple parties cooperate towards an end result, such as multiple companies in a supply chain or departments of a government service under different authorities. In cases where a fully trusted central point does not exist, it is difficult to obtain a trusted audit trail of a workflow when each individual participant is unaccountable to all others. We propose AudiWFlow, an auditing architecture that makes participants accountable for their contributions in a distributed workflow. Our scheme provides confidentiality in most cases, collusion detection, and availability of evidence after the workflow terminates. AudiWFlow is based on verifiable secret sharing and real-time peer-to-peer verification of records; it further supports multiple levels of assurance to meet a desired trade-off between the availability of evidence and the overhead resulting from the auditing approach. We propose and evaluate two implementation approaches for AudiWFlow. The first one is fully distributed except for a central auxiliary point that, nevertheless, needs only a low level of trust. The second one is based on smart contracts running on a public blockchain, which is able to remove the need for any central point but requires integration with a blockchain.