Abstract
The impact of COVID-19, shortage of chips and external factors has made a flurry demand, increased costs and significant delays in supply chains despite technological advancements in the supply chain management process. The blockchain technology is constantly being explored and attracts supply chains in adopting them to allow businesses to scale rapidly. In our work, we identify gaps between existing blockchain implementations and cybersecurity standards. We introduce a framework and show how we can implement secure and trusted blockchains onto the supply chains.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
BitTorrent (BTT) White Paper. https://www.bittorrent.com/btt/btt-docs/BitTorrent_(BTT)_White_Paper_v0.8.7_Feb_2019.pdf
Blockchain/Distributed Ledger Technology (DLT) Risk and Security. https://cloudsecurityalliance.org/artifacts/blockchain-dlt-risk-and-considerations/
Bridges: Adding External Adapters to Nodes\(|\)Chainlink Documentation. https://docs.chain.link/docs/node-operators/
Cloud Controls Matrix and CAIQ v4\(|\)Cloud Security Alliance. https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v4/
Contracts [Sia Wiki]. https://siawiki.tech/renter/contracts
Create, sell or collect digital items secured with blockchain. https://rarible.com
culubas: Timejacking & Bitcoin. https://culubas.blogspot.com/2011/05/timejacking-bitcoin_802.html
Cyber security\(|\)IEC. https://www.iec.ch/cyber-security
Developing with Rust\(|\)Solana Docs. https://docs.solana.com/developing/on-chain-programs/developing-rust
ETSI - Welcome to the World of Standards! https://www.etsi.org/
GitHub - ArweaveTeam/SmartWeave: Simple, scalable smart contracts on the Arweave protocol. https://github.com/ArweaveTeam/SmartWeave
GitHub - ConsenSys/mythril: Security analysis tool for EVM bytecode. https://github.com/ConsenSys/mythril
GitHub - cosmos/gravity-bridge: a CosmosSDK application for moving assets on and off of EVM based, POW chains. https://github.com/cosmos/gravity-bridge
GitHub - storj/whitepaper: The Storj v3 whitepaper. https://github.com/storj/whitepaper
IBM Food Trust - Blockchain for the world’s food supply. https://www.ibm.com/blockchain/solutions/food-trust
Inside the GPU Shortage: Why You Still Can’t Buy a Graphics Card. https://sea.pcmag.com/graphics-cards/44196/inside-the-gpu-shortage-why-you-still-cant-buy-a-graphics-card
ISO - ISO/IEC 27001 - Information security management. https://www.iso.org/isoiec-27001-information-security.html
ISO - ISO/TC 307 - Blockchain and distributed ledger technologies. https://www.iso.org/committee/6266604.html
Metadata Standards. https://docs.opensea.io/docs/metadata-standards
MythX: Smart contract security service for Ethereum. https://mythx.io/
NFT tracking and analytics platform. https://icy.tools
OWASP Top Ten Web Application Security Risks. https://owasp.org/www-project-top-ten/
Parvus®DuraCOR®Pi. https://www.curtisswrightds.com/products/computing/systems/sff/duracor-pi.html
Polkadot Bridges - Connecting the Polkadot Ecosystem with External Networks. https://polkadot.network/blog/polkadot-bridges-connecting-the-polkadot-ecosystem-with-external-networks/
Scaling\(|\)ethereum.org. https://ethereum.org/en/developers/docs/scaling/
Security Considerations\(|\)Solidity 0.8.14 documentation. https://docs.soliditylang.org/en/latest/security-considerations.html
Shared Responsibility Model - Amazon Web Services (AWS). https://aws.amazon.com/compliance/shared-responsibility-model/
Sia: Simple Decentralized Storage. https://blockchainlab.com/pdf/whitepaper3.pdf
Smart Contract Weakness Classification and Test Cases. https://swcregistry.io
Supply chain, shortages, and our first-ever price increase - raspberry pi. https://www.raspberrypi.com/news/supply-chain-shortages-and-our-first-ever-price-increase/
SWARM: Storage and communication infrastructure for a self-sovereign digital society. https://www.ethswarm.org/swarm-whitepaper.pdf
Timeline: How the Suez Canal blockage unfolded across supply chains\(|\)Supply Chain Dive. https://www.supplychaindive.com/news/timeline-ever-given-evergreen-blocked-suez-canal-supply-chain/597660/
Unibright IO - Unibright and Baseledger - Enterprise Blockchain Solutions from Germany. https://unibright.io/
Unstoppable Domains. https://unstoppabledomains.com/
World’s first and largest NFT marketplace. https://opensea.io
Writing Your First Chaincode - hyperledger-fabricdocs main documentation. https://hyperledger-fabric.readthedocs.io/en/latest/chaincode4ade.html
Security and privacy controls for information systems and organizations. Technical report, September 2020. https://doi.org/10.6028/nist.sp.800-53r5. https://doi.org/10.6028/nist.sp.800-53r5
CargoX Bluepaper - Building Digital Trust with Blockchain Document Transfer, September 2021. https://cargox.io/static/files/CargoX-Bluepaper-September-2021.pdf
Moving Crypto Forward with Updated KYC Policies on Binance, September 2021. https://www.binance.com/en/blog/community/moving-crypto-forward-with-updated-kyc-policies-on-binance-421499824684902779
Baytaş, M.A., Cappellaro, A., Fernaeus, Y.: Stakeholders and value in the NFT ecosystem: towards a multi-disciplinary understanding of the NFT phenomenon. In: CHI Conference on Human Factors in Computing Systems Extended Abstracts. CHI EA 2022, New York, NY, USA. Association for Computing Machinery (2022). https://doi.org/10.1145/3491101.3519694
Benet, J.: IPFS - Content Addressed, Versioned, P2P File System. CoRR abs/1407.3561 (2014). https://arxiv.org/abs/1407.3561
Castro, M., Liskov, B.: Practical byzantine fault tolerance and proactive recovery. ACM Trans. Comput. Syst. 20(4), 398–461 (2002). https://doi.org/10.1145/571637.571640
Castro, M., Liskov, B., et al.: Practical byzantine fault tolerance. In: OSDI 1999, pp. 173–186 (1999)
Daniel, E., Tschorsch, F.: IPFS and friends: a qualitative comparison of next generation peer-to-peer data networks. CoRR abs/2102.12737 (2021). https://arxiv.org/abs/2102.12737
Deirmentzoglou, E., Papakyriakopoulos, G., Patsakis, C.: A survey on long-range attacks for proof of stake protocols. IEEE Access 7, 28712–28725 (2019). https://doi.org/10.1109/ACCESS.2019.2901858
Diligence, C.: Ethereum smart contract best practices. https://consensys.github.io/smart-contract-best-practices/
Doan, T.V., Bajpai, V., Psaras, Y., Ott, J.: Towards decentralised cloud storage with IPFS: opportunities, challenges, and future directions (2022). https://doi.org/10.48550/ARXIV.2202.06315. https://arxiv.org/abs/2202.06315
Douceur, J.R.: The sybil attack. In: Druschel, P., Kaashoek, F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 251–260. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45748-8_24
Durieux, T., Ferreira, J.a.F., Abreu, R., Cruz, P.: Empirical review of automated analysis tools on 47,587 ethereum smart contracts. In: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, ICSE 2020, New York, NY, USA, pp. 530–541. Association for Computing Machinery (2020). https://doi.org/10.1145/3377811.3380364
Eyal, I., Sirer, E.G.: Majority is not enough: bitcoin mining is vulnerable. CoRR abs/1311.0243 (2013). https://arxiv.org/abs/1311.0243
Feist, J., Grieco, G., Groce, A.: Slither: a static analysis framework for smart contracts. CoRR abs/1908.09878 (2019). https://arxiv.org/abs/1908.09878
Galiev, A., Ishmukhametov, S., Latypov, R., Prokopyev, N., Stolov, E., Vlasov, I.: ARCHAIN: a novel blockchain based archival system. CoRR abs/1901.04225 (2019). https://arxiv.org/abs/1901.04225
Gonczol, P., Katsikouli, P., Herskind, L., Dragoni, N.: Blockchain implementations and use cases for supply chains-a survey. IEEE Access 8, 11856–11871 (2020). https://doi.org/10.1109/ACCESS.2020.2964880
Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on bitcoin’s peer-to-peer network. In: 24th USENIX Security Symposium (USENIX Security 2015), pp. 129–144. USENIX Association, Washington, D.C., August 2015. https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/heilman
Iqbal, M., Matulevičius, R.: Exploring sybil and double-spending risks in blockchain systems. IEEE Access 9, 76153–76177 (2021). https://doi.org/10.1109/ACCESS.2021.3081998
Ishida, S.: Perspectives on supply chain management in a pandemic and the post-COVID-19 era. IEEE Eng. Manag. Rev. 48(3), 146–152 (2020). https://doi.org/10.1109/EMR.2020.3016350
Chen, C.J.: Developing a model for supply chain agility and innovativeness to enhance firms’ competitive advantage. Manage. Decis. 57, November 2018. https://doi.org/10.1108/MD-12-2017-1236
Kaczorowski, M.: Exploring container security: the shared responsibility model in GKE\(|\)Google Cloud Blog. https://cloud.google.com/blog/products/containers-kubernetes/exploring-container-security-the-shared-responsibility-model-in-gke-container-security-shared-responsibility-model-gke
King, S., Nadal, S.: Ppcoin: peer-to-peer crypto-currency with proof-of-stake. Self-published paper, August 19, 1 (2012)
Kushwaha, S.S., Joshi, S., Singh, D., Kaur, M., Lee, H.N.: Systematic review of security vulnerabilities in ethereum blockchain smart contract. IEEE Access 10, 6605–6621 (2022). https://doi.org/10.1109/ACCESS.2021.3140091
König, L., Korobeinikova, Y., Tjoa, S., Kieseberg, P.: Comparing blockchain standards and recommendations. Future Internet 12(12) (2020). https://doi.org/10.3390/fi12120222. https://www.mdpi.com/1999-5903/12/12/222
Lambert, N., Ma, Q., Irvine, D.: Safecoin: the decentralised network token. https://docs.maidsafe.net/whitepapers/pdf/safecoin.pdf
Lanfear, T., Berry, D.: Shared responsibility in the cloud - Microsoft Azure\(|\)Microsoft Docs. https://docs.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility
Lim, Y.Z., Zhou, J., Saerbeck, M.: Shaping blockchain technology for securing supply chains. In: Zhou, J., et al. (eds.) ACNS 2021. LNCS, vol. 12809, pp. 3–18. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81645-2_1
López Vivar, A., Sandoval Orozco, A.L., García Villalba, L.J.: A security framework for Ethereum smart contracts. Comput. Commun. 172, 119–129 (2021). https://doi.org/10.1016/j.comcom.2021.03.008. https://www.sciencedirect.com/science/article/pii/S0140366421001043
Mansfield-Devine, S.: The state of operational technology security. Netw. Secur. 2019(10), 9–13 (2019). https://doi.org/10.1016/S1353-4858(19)30121-7. https://www.sciencedirect.com/science/article/pii/S1353485819301217
Marcus, Y., Heilman, E., Goldberg, S.: Low-resource eclipse attacks on Ethereum’s peer-to-peer network. Cryptology ePrint Archive, Report 2018/236 (2018). https://ia.cr/2018/236
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Technical report, Manubot (2019). https://git.dhimmel.com/bitcoin-whitepaper
NCC Group: Decentralized Application Security Project (DASP) - Top 10 (2018). https://dasp.co/
Niu, J., Feng, C.: Selfish mining in Ethereum. CoRR abs/1901.04620 (2019). https://arxiv.org/abs/1901.04620
Palladino, S.: The parity wallet hack explained - OpenZeppelin blog (2017). https://blog.openzeppelin.com/on-the-parity-wallet-multisig-hack-405a8c12e8f7/
Perez, D., Livshits, B.: Smart contract vulnerabilities: vulnerable does not imply exploited. In: 30th USENIX Security Symposium (USENIX Security 2021), pp. 1325–1341. USENIX Association, August 2021. https://www.usenix.org/conference/usenixsecurity21/presentation/perez
Rossella, M., Cédric, L.: Methodologies for the identification of critical information infrastructure assets and services. European Union Agency for Network and Information Security (ENISA), Brussels (2015)
Saad, M., Njilla, L., Kamhoua, C., Kim, J., Nyang, D., Mohaisen, A.: Mempool optimization for defending against DDoS attacks in PoW-based blockchain systems. In: 2019 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), pp. 285–292 (2019). https://doi.org/10.1109/BLOC.2019.8751476
Saad, M., et al.: Exploring the attack surface of blockchain: a systematic overview. CoRR abs/1904.03487 (2019). https://arxiv.org/abs/1904.03487
Secureum: Web3 Security Perspectives - Secureum #0. https://secureum.substack.com/p/web3-security-perspectives-secureum
Sguanci, C., Spatafora, R., Vergani, A.M.: Layer 2 blockchain scaling: a survey. CoRR abs/2107.10881 (2021). https://arxiv.org/abs/2107.10881
Shakhbulatov, D., Medina, J., Dong, Z., Rojas-Cessa, R.: How blockchain enhances supply chain management: a survey. IEEE Open J. Comput. Soc. 1, 230–249 (2020). https://doi.org/10.1109/OJCS.2020.3025313
Sharma, T., Zhou, Z., Huang, Y., Wang, Y.: “It’s a blessing and a curse”: unpacking creators’ practices with non-fungible tokens (NFTs) and their communities (2022). https://doi.org/10.48550/ARXIV.2201.13233. https://arxiv.org/abs/2201.13233
Szabo, N.: Smart contracts: building blocks for digital markets. https://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/smart_contracts_2.html
Vessenes, P.: Deconstructing the DAO attack: a brief code tour (2016). https://vessenes.com/deconstructing-thedao-attack-a-brief-code-tour/
Waas, M.: Understanding the world of automated smart contract analyzers. https://soliditydeveloper.com/smart-contract-security-analyzers
Entriken, W., Shirley, D., Evans, J., Sachs, N.: EIP-721: ERC-721 non-fungible token standard. https://eips.ethereum.org/EIPS/eip-721
Xia, P., Wang, H., Yu, Z., Liu, X., Luo, X., Xu, G.: Ethereum name service: the good, the bad, and the ugly. CoRR abs/2104.05185 (2021). https://arxiv.org/abs/2104.05185
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Lim, Y.Z., Zhou, J., Saerbeck, M. (2022). SuppliedTrust: A Trusted Blockchain Architecture for Supply Chains. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2022. Lecture Notes in Computer Science, vol 13285. Springer, Cham. https://doi.org/10.1007/978-3-031-16815-4_3
Download citation
DOI: https://doi.org/10.1007/978-3-031-16815-4_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-16814-7
Online ISBN: 978-3-031-16815-4
eBook Packages: Computer ScienceComputer Science (R0)