Skip to main content
SpringerLink
Log in

SuppliedTrust: A Trusted Blockchain Architecture for Supply Chains

  • Conference paper
  • First Online:
Applied Cryptography and Network Security Workshops (ACNS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13285))

Included in the following conference series:

Abstract

The impact of COVID-19, shortage of chips and external factors has made a flurry demand, increased costs and significant delays in supply chains despite technological advancements in the supply chain management process. The blockchain technology is constantly being explored and attracts supply chains in adopting them to allow businesses to scale rapidly. In our work, we identify gaps between existing blockchain implementations and cybersecurity standards. We introduce a framework and show how we can implement secure and trusted blockchains onto the supply chains.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. BitTorrent (BTT) White Paper. https://www.bittorrent.com/btt/btt-docs/BitTorrent_(BTT)_White_Paper_v0.8.7_Feb_2019.pdf

  2. Blockchain/Distributed Ledger Technology (DLT) Risk and Security. https://cloudsecurityalliance.org/artifacts/blockchain-dlt-risk-and-considerations/

  3. Bridges: Adding External Adapters to Nodes\(|\)Chainlink Documentation. https://docs.chain.link/docs/node-operators/

  4. Cloud Controls Matrix and CAIQ v4\(|\)Cloud Security Alliance. https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v4/

  5. Contracts [Sia Wiki]. https://siawiki.tech/renter/contracts

  6. Create, sell or collect digital items secured with blockchain. https://rarible.com

  7. culubas: Timejacking & Bitcoin. https://culubas.blogspot.com/2011/05/timejacking-bitcoin_802.html

  8. Cyber security\(|\)IEC. https://www.iec.ch/cyber-security

  9. Developing with Rust\(|\)Solana Docs. https://docs.solana.com/developing/on-chain-programs/developing-rust

  10. ETSI - Welcome to the World of Standards! https://www.etsi.org/

  11. GitHub - ArweaveTeam/SmartWeave: Simple, scalable smart contracts on the Arweave protocol. https://github.com/ArweaveTeam/SmartWeave

  12. GitHub - ConsenSys/mythril: Security analysis tool for EVM bytecode. https://github.com/ConsenSys/mythril

  13. GitHub - cosmos/gravity-bridge: a CosmosSDK application for moving assets on and off of EVM based, POW chains. https://github.com/cosmos/gravity-bridge

  14. GitHub - storj/whitepaper: The Storj v3 whitepaper. https://github.com/storj/whitepaper

  15. IBM Food Trust - Blockchain for the world’s food supply. https://www.ibm.com/blockchain/solutions/food-trust

  16. Inside the GPU Shortage: Why You Still Can’t Buy a Graphics Card. https://sea.pcmag.com/graphics-cards/44196/inside-the-gpu-shortage-why-you-still-cant-buy-a-graphics-card

  17. ISO - ISO/IEC 27001 - Information security management. https://www.iso.org/isoiec-27001-information-security.html

  18. ISO - ISO/TC 307 - Blockchain and distributed ledger technologies. https://www.iso.org/committee/6266604.html

  19. Metadata Standards. https://docs.opensea.io/docs/metadata-standards

  20. MythX: Smart contract security service for Ethereum. https://mythx.io/

  21. NFT tracking and analytics platform. https://icy.tools

  22. OWASP Top Ten Web Application Security Risks. https://owasp.org/www-project-top-ten/

  23. Parvus®DuraCOR®Pi. https://www.curtisswrightds.com/products/computing/systems/sff/duracor-pi.html

  24. Polkadot Bridges - Connecting the Polkadot Ecosystem with External Networks. https://polkadot.network/blog/polkadot-bridges-connecting-the-polkadot-ecosystem-with-external-networks/

  25. Scaling\(|\)ethereum.org. https://ethereum.org/en/developers/docs/scaling/

  26. Security Considerations\(|\)Solidity 0.8.14 documentation. https://docs.soliditylang.org/en/latest/security-considerations.html

  27. Shared Responsibility Model - Amazon Web Services (AWS). https://aws.amazon.com/compliance/shared-responsibility-model/

  28. Sia: Simple Decentralized Storage. https://blockchainlab.com/pdf/whitepaper3.pdf

  29. Smart Contract Weakness Classification and Test Cases. https://swcregistry.io

  30. Supply chain, shortages, and our first-ever price increase - raspberry pi. https://www.raspberrypi.com/news/supply-chain-shortages-and-our-first-ever-price-increase/

  31. SWARM: Storage and communication infrastructure for a self-sovereign digital society. https://www.ethswarm.org/swarm-whitepaper.pdf

  32. Timeline: How the Suez Canal blockage unfolded across supply chains\(|\)Supply Chain Dive. https://www.supplychaindive.com/news/timeline-ever-given-evergreen-blocked-suez-canal-supply-chain/597660/

  33. Unibright IO - Unibright and Baseledger - Enterprise Blockchain Solutions from Germany. https://unibright.io/

  34. Unstoppable Domains. https://unstoppabledomains.com/

  35. World’s first and largest NFT marketplace. https://opensea.io

  36. Writing Your First Chaincode - hyperledger-fabricdocs main documentation. https://hyperledger-fabric.readthedocs.io/en/latest/chaincode4ade.html

  37. Security and privacy controls for information systems and organizations. Technical report, September 2020. https://doi.org/10.6028/nist.sp.800-53r5. https://doi.org/10.6028/nist.sp.800-53r5

  38. CargoX Bluepaper - Building Digital Trust with Blockchain Document Transfer, September 2021. https://cargox.io/static/files/CargoX-Bluepaper-September-2021.pdf

  39. Moving Crypto Forward with Updated KYC Policies on Binance, September 2021. https://www.binance.com/en/blog/community/moving-crypto-forward-with-updated-kyc-policies-on-binance-421499824684902779

  40. Baytaş, M.A., Cappellaro, A., Fernaeus, Y.: Stakeholders and value in the NFT ecosystem: towards a multi-disciplinary understanding of the NFT phenomenon. In: CHI Conference on Human Factors in Computing Systems Extended Abstracts. CHI EA 2022, New York, NY, USA. Association for Computing Machinery (2022). https://doi.org/10.1145/3491101.3519694

  41. Benet, J.: IPFS - Content Addressed, Versioned, P2P File System. CoRR abs/1407.3561 (2014). https://arxiv.org/abs/1407.3561

  42. Castro, M., Liskov, B.: Practical byzantine fault tolerance and proactive recovery. ACM Trans. Comput. Syst. 20(4), 398–461 (2002). https://doi.org/10.1145/571637.571640

    Article  Google Scholar 

  43. Castro, M., Liskov, B., et al.: Practical byzantine fault tolerance. In: OSDI 1999, pp. 173–186 (1999)

    Google Scholar 

  44. Daniel, E., Tschorsch, F.: IPFS and friends: a qualitative comparison of next generation peer-to-peer data networks. CoRR abs/2102.12737 (2021). https://arxiv.org/abs/2102.12737

  45. Deirmentzoglou, E., Papakyriakopoulos, G., Patsakis, C.: A survey on long-range attacks for proof of stake protocols. IEEE Access 7, 28712–28725 (2019). https://doi.org/10.1109/ACCESS.2019.2901858

    Article  Google Scholar 

  46. Diligence, C.: Ethereum smart contract best practices. https://consensys.github.io/smart-contract-best-practices/

  47. Doan, T.V., Bajpai, V., Psaras, Y., Ott, J.: Towards decentralised cloud storage with IPFS: opportunities, challenges, and future directions (2022). https://doi.org/10.48550/ARXIV.2202.06315. https://arxiv.org/abs/2202.06315

  48. Douceur, J.R.: The sybil attack. In: Druschel, P., Kaashoek, F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 251–260. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45748-8_24

    Chapter  Google Scholar 

  49. Durieux, T., Ferreira, J.a.F., Abreu, R., Cruz, P.: Empirical review of automated analysis tools on 47,587 ethereum smart contracts. In: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, ICSE 2020, New York, NY, USA, pp. 530–541. Association for Computing Machinery (2020). https://doi.org/10.1145/3377811.3380364

  50. Eyal, I., Sirer, E.G.: Majority is not enough: bitcoin mining is vulnerable. CoRR abs/1311.0243 (2013). https://arxiv.org/abs/1311.0243

  51. Feist, J., Grieco, G., Groce, A.: Slither: a static analysis framework for smart contracts. CoRR abs/1908.09878 (2019). https://arxiv.org/abs/1908.09878

  52. Galiev, A., Ishmukhametov, S., Latypov, R., Prokopyev, N., Stolov, E., Vlasov, I.: ARCHAIN: a novel blockchain based archival system. CoRR abs/1901.04225 (2019). https://arxiv.org/abs/1901.04225

  53. Gonczol, P., Katsikouli, P., Herskind, L., Dragoni, N.: Blockchain implementations and use cases for supply chains-a survey. IEEE Access 8, 11856–11871 (2020). https://doi.org/10.1109/ACCESS.2020.2964880

    Article  Google Scholar 

  54. Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on bitcoin’s peer-to-peer network. In: 24th USENIX Security Symposium (USENIX Security 2015), pp. 129–144. USENIX Association, Washington, D.C., August 2015. https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/heilman

  55. Iqbal, M., Matulevičius, R.: Exploring sybil and double-spending risks in blockchain systems. IEEE Access 9, 76153–76177 (2021). https://doi.org/10.1109/ACCESS.2021.3081998

    Article  Google Scholar 

  56. Ishida, S.: Perspectives on supply chain management in a pandemic and the post-COVID-19 era. IEEE Eng. Manag. Rev. 48(3), 146–152 (2020). https://doi.org/10.1109/EMR.2020.3016350

    Article  Google Scholar 

  57. Chen, C.J.: Developing a model for supply chain agility and innovativeness to enhance firms’ competitive advantage. Manage. Decis. 57, November 2018. https://doi.org/10.1108/MD-12-2017-1236

  58. Kaczorowski, M.: Exploring container security: the shared responsibility model in GKE\(|\)Google Cloud Blog. https://cloud.google.com/blog/products/containers-kubernetes/exploring-container-security-the-shared-responsibility-model-in-gke-container-security-shared-responsibility-model-gke

  59. King, S., Nadal, S.: Ppcoin: peer-to-peer crypto-currency with proof-of-stake. Self-published paper, August 19, 1 (2012)

    Google Scholar 

  60. Kushwaha, S.S., Joshi, S., Singh, D., Kaur, M., Lee, H.N.: Systematic review of security vulnerabilities in ethereum blockchain smart contract. IEEE Access 10, 6605–6621 (2022). https://doi.org/10.1109/ACCESS.2021.3140091

    Article  Google Scholar 

  61. König, L., Korobeinikova, Y., Tjoa, S., Kieseberg, P.: Comparing blockchain standards and recommendations. Future Internet 12(12) (2020). https://doi.org/10.3390/fi12120222. https://www.mdpi.com/1999-5903/12/12/222

  62. Lambert, N., Ma, Q., Irvine, D.: Safecoin: the decentralised network token. https://docs.maidsafe.net/whitepapers/pdf/safecoin.pdf

  63. Lanfear, T., Berry, D.: Shared responsibility in the cloud - Microsoft Azure\(|\)Microsoft Docs. https://docs.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility

  64. Lim, Y.Z., Zhou, J., Saerbeck, M.: Shaping blockchain technology for securing supply chains. In: Zhou, J., et al. (eds.) ACNS 2021. LNCS, vol. 12809, pp. 3–18. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81645-2_1

    Chapter  Google Scholar 

  65. López Vivar, A., Sandoval Orozco, A.L., García Villalba, L.J.: A security framework for Ethereum smart contracts. Comput. Commun. 172, 119–129 (2021). https://doi.org/10.1016/j.comcom.2021.03.008. https://www.sciencedirect.com/science/article/pii/S0140366421001043

  66. Mansfield-Devine, S.: The state of operational technology security. Netw. Secur. 2019(10), 9–13 (2019). https://doi.org/10.1016/S1353-4858(19)30121-7. https://www.sciencedirect.com/science/article/pii/S1353485819301217

  67. Marcus, Y., Heilman, E., Goldberg, S.: Low-resource eclipse attacks on Ethereum’s peer-to-peer network. Cryptology ePrint Archive, Report 2018/236 (2018). https://ia.cr/2018/236

  68. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Technical report, Manubot (2019). https://git.dhimmel.com/bitcoin-whitepaper

  69. NCC Group: Decentralized Application Security Project (DASP) - Top 10 (2018). https://dasp.co/

  70. Niu, J., Feng, C.: Selfish mining in Ethereum. CoRR abs/1901.04620 (2019). https://arxiv.org/abs/1901.04620

  71. Palladino, S.: The parity wallet hack explained - OpenZeppelin blog (2017). https://blog.openzeppelin.com/on-the-parity-wallet-multisig-hack-405a8c12e8f7/

  72. Perez, D., Livshits, B.: Smart contract vulnerabilities: vulnerable does not imply exploited. In: 30th USENIX Security Symposium (USENIX Security 2021), pp. 1325–1341. USENIX Association, August 2021. https://www.usenix.org/conference/usenixsecurity21/presentation/perez

  73. Rossella, M., Cédric, L.: Methodologies for the identification of critical information infrastructure assets and services. European Union Agency for Network and Information Security (ENISA), Brussels (2015)

    Google Scholar 

  74. Saad, M., Njilla, L., Kamhoua, C., Kim, J., Nyang, D., Mohaisen, A.: Mempool optimization for defending against DDoS attacks in PoW-based blockchain systems. In: 2019 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), pp. 285–292 (2019). https://doi.org/10.1109/BLOC.2019.8751476

  75. Saad, M., et al.: Exploring the attack surface of blockchain: a systematic overview. CoRR abs/1904.03487 (2019). https://arxiv.org/abs/1904.03487

  76. Secureum: Web3 Security Perspectives - Secureum #0. https://secureum.substack.com/p/web3-security-perspectives-secureum

  77. Sguanci, C., Spatafora, R., Vergani, A.M.: Layer 2 blockchain scaling: a survey. CoRR abs/2107.10881 (2021). https://arxiv.org/abs/2107.10881

  78. Shakhbulatov, D., Medina, J., Dong, Z., Rojas-Cessa, R.: How blockchain enhances supply chain management: a survey. IEEE Open J. Comput. Soc. 1, 230–249 (2020). https://doi.org/10.1109/OJCS.2020.3025313

    Article  Google Scholar 

  79. Sharma, T., Zhou, Z., Huang, Y., Wang, Y.: “It’s a blessing and a curse”: unpacking creators’ practices with non-fungible tokens (NFTs) and their communities (2022). https://doi.org/10.48550/ARXIV.2201.13233. https://arxiv.org/abs/2201.13233

  80. Szabo, N.: Smart contracts: building blocks for digital markets. https://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/smart_contracts_2.html

  81. Vessenes, P.: Deconstructing the DAO attack: a brief code tour (2016). https://vessenes.com/deconstructing-thedao-attack-a-brief-code-tour/

  82. Waas, M.: Understanding the world of automated smart contract analyzers. https://soliditydeveloper.com/smart-contract-security-analyzers

  83. Entriken, W., Shirley, D., Evans, J., Sachs, N.: EIP-721: ERC-721 non-fungible token standard. https://eips.ethereum.org/EIPS/eip-721

  84. Xia, P., Wang, H., Yu, Z., Liu, X., Luo, X., Xu, G.: Ethereum name service: the good, the bad, and the ugly. CoRR abs/2104.05185 (2021). https://arxiv.org/abs/2104.05185

Download references

Author information

Authors and Affiliations

  1. Singapore University of Technology and Design, Singapore, Singapore

    Yong Zhi Lim & Jianying Zhou

  2. TÜV SÜV Asia Pacific, Digital Service Centre of Excellence, Singapore, Singapore

    Yong Zhi Lim & Martin Saerbeck

Authors
  1. Yong Zhi Lim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianying Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Martin Saerbeck
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yong Zhi Lim .

Editor information

Editors and Affiliations

  1. Singapore University of Technology and Design, Singapore, Singapore

    Jianying Zhou

  2. University of Bristol, Bristol, UK

    Sridhar Adepu

  3. University of Malaga, Malaga, Spain

    Cristina Alcaraz

  4. Radboud University Nijmegen, Málaga, The Netherlands

    Lejla Batina

  5. Sapienza University of Rome, Rome, Roma, Italy

    Emiliano Casalicchio

  6. Singapore University of Technology and Design, Singapore, Singapore

    Sudipta Chattopadhyay

  7. Centrum Wiskunde & Informatica, Amsterdam, The Netherlands

    Chenglu Jin

  8. University of Science and Technology of China, Hefei, China

    Jingqiang Lin

  9. University of Padua, Padua, Italy

    Eleonora Losiouk

  10. Concordia University, Montreal, QC, Canada

    Suryadipta Majumdar

  11. Technical University Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  12. Delft University of Technology, Delft, The Netherlands

    Stjepan Picek

  13. Zhejiang Gongshang University, Hangzhou, China

    Jun Shao

  14. University of Aizu, Aizu-Wakamatsu, Japan

    Chunhua Su

  15. City University of Hong Kong, Hong Kong, Hong Kong

    Cong Wang

  16. Delft University of Technology, Delft, The Netherlands

    Yury Zhauniarovich

  17. Rutgers University, Piscataway, NJ, USA

    Saman Zonouz

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Lim, Y.Z., Zhou, J., Saerbeck, M. (2022). SuppliedTrust: A Trusted Blockchain Architecture for Supply Chains. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2022. Lecture Notes in Computer Science, vol 13285. Springer, Cham. https://doi.org/10.1007/978-3-031-16815-4_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-16815-4_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-16814-7

  • Online ISBN: 978-3-031-16815-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation