Marine carbon dioxide removal (mCDR) projects are increasingly recognized as a strategic pillar in climate change mitigation. However, their effectiveness and credibility critically depend on the ability to implement secure and verifiable Monitoring, Reporting, and Verification (MRV) procedures, particularly in remote, adversarial, and resource-constrained environments like underwater ecosystems. Despite growing interest in mCDR, current MRV frameworks remain inadequate for such challenging contexts, lacking essential mechanisms to ensure secure device identity, reliable data provenance, and verifiable auditability, as mandated by standards such as ISO 14064-2 and ISO 14064-3. This thesis addresses these limitations by first focusing on the fundamental security challenges that arise in underwater untrusted environments. To overcome these barriers, it introduces a set of modular, composable building blocks that integrate: i) decentralized identifiers (DIDs) for self-sovereign identity management, ii) physically unclonable functions (PUFs) to cryptographically bind secrets to hardwaredevices, iii) non-interactive zero-knowledge proofs (NIZKPs) to enable lightweight and privacy-preserving authentication, and iv) distributed ledger technologies (DLTs) to ensure immutable and verifiable data anchoring. These solutions are designed to be modular, interoperable, and composable, providing the necessary foundation to build secure, transparent, and standards-compliant MRV frameworks suitable for deployment in underwater and blue carbon ecosystems. Crucially, the proposed work does not merely adapt to MRV requirements but proactively resolves critical security gaps that existing MRV models overlook, thus enabling trustworthy data collection, secure identity management, and verifiable certification in these complex environments. The individual building blocks have been implemented and validated on constrained embedded platforms (e.g., ESP32-C3), demonstrating their feasibility under the constraints of underwater sensing. Formal security guarantees are established using symbolic analysis, while empirical evaluations quantify the computational and communication overhead of each component under realistic conditions. By starting from low-level cryptographic primitives and addressing core security challenges, this thesis delivers a foundational contribution to the development of secure, verifiable, and scalable MRV infrastructures for underwater and blue carbon applications. The proposed approach supports the creation of trustworthy, standards-aligned MRV frameworks, enabling verifiable environmental accountability even in hostile and resource-constrained deployment scenarios.
Data Provenance for Blue Carbon: Enabling Secure and Verifiable MRV with IoUT / Altamura, Nicola. - (2025 Sep 18).
Data Provenance for Blue Carbon: Enabling Secure and Verifiable MRV with IoUT
ALTAMURA, NICOLA
18/09/2025
Abstract
Marine carbon dioxide removal (mCDR) projects are increasingly recognized as a strategic pillar in climate change mitigation. However, their effectiveness and credibility critically depend on the ability to implement secure and verifiable Monitoring, Reporting, and Verification (MRV) procedures, particularly in remote, adversarial, and resource-constrained environments like underwater ecosystems. Despite growing interest in mCDR, current MRV frameworks remain inadequate for such challenging contexts, lacking essential mechanisms to ensure secure device identity, reliable data provenance, and verifiable auditability, as mandated by standards such as ISO 14064-2 and ISO 14064-3. This thesis addresses these limitations by first focusing on the fundamental security challenges that arise in underwater untrusted environments. To overcome these barriers, it introduces a set of modular, composable building blocks that integrate: i) decentralized identifiers (DIDs) for self-sovereign identity management, ii) physically unclonable functions (PUFs) to cryptographically bind secrets to hardwaredevices, iii) non-interactive zero-knowledge proofs (NIZKPs) to enable lightweight and privacy-preserving authentication, and iv) distributed ledger technologies (DLTs) to ensure immutable and verifiable data anchoring. These solutions are designed to be modular, interoperable, and composable, providing the necessary foundation to build secure, transparent, and standards-compliant MRV frameworks suitable for deployment in underwater and blue carbon ecosystems. Crucially, the proposed work does not merely adapt to MRV requirements but proactively resolves critical security gaps that existing MRV models overlook, thus enabling trustworthy data collection, secure identity management, and verifiable certification in these complex environments. The individual building blocks have been implemented and validated on constrained embedded platforms (e.g., ESP32-C3), demonstrating their feasibility under the constraints of underwater sensing. Formal security guarantees are established using symbolic analysis, while empirical evaluations quantify the computational and communication overhead of each component under realistic conditions. By starting from low-level cryptographic primitives and addressing core security challenges, this thesis delivers a foundational contribution to the development of secure, verifiable, and scalable MRV infrastructures for underwater and blue carbon applications. The proposed approach supports the creation of trustworthy, standards-aligned MRV frameworks, enabling verifiable environmental accountability even in hostile and resource-constrained deployment scenarios.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
