Singapore Academic Cybersecurity R&D

Harnessing R&D to Secure our Nation

NRF2016NCR-NCR002-025

Cybersecurity Protocol and Mechanism for e-Logistics of Dangerous Goods Tracking Using Block Chain
 

• Lead PIs : Albert Ching, i-Sprint Innovations and Lam Kwok Yan, Professor, NTU ( kwokyan.lam@ntu.edu.sg )
• Host Institution : i-Sprint Innovations
• Partner Institution : School of Computer Science and Engineering, NTU

I. Goal

Complex e-logistics networks of goods is the circulation system for our economy activities. Supply Chain Safety is becoming important concern for consumer and government.

At present, visibility on movement of goods in a supply chain is provided through the track and trace system, which keeps a record of every product’s supply chain history as goods move from one location to another. However, the distributed nature of record keeping effort involving multiple parties are open to tampering and fraud. Furthermore, its process is inherently slow given multiple levels of access authorization are usually involved.

Another major issue faced by Track & Trace solutions is some of their users might be concerned about their commercial secrecy or the commercial secrecy of their suppliers further up the chain.

Addressing the security risks associated with data security of movement of goods and also improve system performance of track and trace systems, we propose to study cybersecurity protocol and mechanism using smart contracts enabled by distributed blockchain, and then build a proof-of-concept tracking system for dangerous goods.

Visibility on movement of goods in a supply chain is currently provided using a track-&-trace system that maintains a history of every product’s movement.

Today’s track & trace solution, generally provides a platform for trading and non-trading partners to share and store important information about the trade items, such platform is usually built based on a centralized database/ledger. The challenge of operating a centralized ledger is that it is difficult to find one trusted organization as the broker for all data of every product’s supply chain given the complexity of supply chain networks.

The modern supply chain continues to seek more cost savings and greater transparency and efficiency in all processes. In the commercial world, centralized databases are usually deployed by the manufacturers. As they hold absolute control of it, there is an intrinsic issue of “trust”. This data can be changed from its original form, causing some to feel the supply chain is not being fully transparent with supplier, manufacturing and logistics processes.

Problems in Existing Systems:

• Vulnerable to tampering and fraud associated with the data for movement of dangerous goods.
• Security, privacy and anonymity of parties, goods, and documents are poorly designed/managed.

Objectives are:

• To address the issue of privacy in supply chain networks, and provide legitimacy and assurance of products without disclosing manufacturers’ identities or amounts of product units.
• To address the risks associated with data security of movement of dangerous goods; and improving performance and reliability of track and trace systems.
• Privacy/Security benefits: Block Chain (smart contract), will offer distributed consensus, and security measure against tampering using decentralized ledger maintenance.
• Performance benefits: Auto-executing smart contracts will accelerate administrative and legal processes and reduce supply chain management cost.

II. Technologies

The proposed solution will not only protect identities and other details of products, it will also still transfer other crucial information.  For example, manufacturers in the middle of the supply chain could securely pass a certificate with full authenticity downstream while keeping their identities private.  The described system provides the ability to check important attributes of purchased goods without necessarily seeing the full intricacies of the supply chain that created them.

We proposed cyber-security protocol and mechanism design using distributed block chain platform & smart contracts. Block Chain, an integral component of smart contract, enables distributed consensus, protection against tampering, and de-centralized ledger maintenance.  This offers the opportunity to provide an open and distributed logistics platform for neutrality, reliability and security for all participants in the network of supply chains.

On the business context, the proposed solution is to address the risks associated with data security of movement of goods and improving system performance of track and trace systems.

• Security benefits: block chain, as an integral component of smart contract, will offer distributed consensus, and offer security measure against tampering and decentralized ledger maintenance.
• Performance benefits: Smart contracts, comes with automatic enforcement, will accelerate execution of administrative, and legal processes and reduce e-logistics management cost.

By providing the benefits as described above could significantly accelerate the adoption of full track and trace in most manufacturing industries.

This project involves the design and implementation of an application-driven protocol based on blockchain as a distributed system platform for supporting multi-party, cross-domain transactions. The blockchain platform leverages on i-Sprint’s privilege management system to enforce a permissioned blockchain environment, and is implemented with in-housed designed system mechanisms to cater for the scalability and security requirements of the supply chain ecosystem.

Apart from the design and implementation of the blockchain platform, we designed the protocols for stakeholders to publish transaction records in the blockchain without compromising the commercial secrecy of the transaction details. In essence, the technology development includes:

• A distributed system platform consisting of multiple nodes, with their data records being synchronized by a group consensus protocol.
• An application-driven protocol for submitting transaction records to the blockchain without compromising the privacy of individual transaction details
• A suite of smart contract modules will be developed to interact with the blockchain to enquire status of multi-party, cross-domain transactions and, based on the terms and conditions of existing transactions, to automatically execute new transactions.
• Integration of the blockchain platform with AccessMatrix to enforce the control requirements of a permissioned blockchain.