Andrea De Salve
Laura Ricci
ABSTRACT
Internet made it easier for organizations and individuals to collaborate with each other in different activities in order to provide new goods and services to their customers. As for example, e-commerce facilitates the discovery of new partners and allows companies to conduct business. However, in such open environment ensuring transparency of the supply chain activities and privacy of the customers is a challenging task. Indeed, individuals do not know each other and the centralized architecture of Internet services does not allow individuals to control their credentials. To overcome this challenge, this paper exploits the concept of Self Sovereign Identity (SSI) for providing digital identity, trust, and privacy in the context of a Shipping Verification System, a very important activity in supply chain management. In particular, the proposed system relies on decentralized identifiers, verifiable credentials, and blockchain to allow customers to monitor the shipment of items by a shipping deliverer, on behalf of a marketplace. We implemented an instance of the proposed system, and we show that it achieves good performance results in two popular deployment configurations: a Local Indy Pool (consisting of 4 nodes) and the Sovrin BuilderNet (a developer test network consisting of 17 node).
- A. Preukschat and D. Reed, Self-sovereign identity. Manning Publications, 2021Google Scholar
- A. Abid, S. Cheikhrouhou, S. Kallel, and M. Jmaiel, “Novidchain: Blockchain-based privacy-preserving platform for covid-19 test/vaccine certificates,” Software: Practice and Experience, 2021.Google Scholar
- D. W. Chadwick, R. Laborde, A. Oglaza, R. Venant, S. Wazan, and M. Nijjar, “Improved identity management with verifiable credentials and fido,” IEEE Communications Standards Magazine, vol. 3, no. 4, pp. 14–20, 2019Google ScholarCross Ref
- A. Queiruga-Dios, J. Jos ́e Bull ́on P ́erez, and L. Hern ́andez Encinas, “Self-sovereign identity in university context,” in 2022 31st Conference of Open Innovations Association (FRUCT), 2022, pp. 259–264Google ScholarCross Ref
- H. Narumanchi, L. P. Maddali, and N. Emmadi, “Privacy enabled immunity credential system on blockchain,” in 2022 14th International Conference on COMmunication Systems & NETworkS (COMSNETS). IEEE, 2022, pp. 1–6Google ScholarCross Ref
- L. Stockburger, G. Kokosioulis, A. Mukkamala, R. R. Mukkamala, and M. Avital, “Blockchain-enabled decentralized identity management: The case of self-sovereign identity in public transportation,” Blockchain: Research and Applications, vol. 2, no. 2, p. 100014, 2021Google Scholar
- L. Cocco, R. Tonelli, and M. Marchesi, “Blockchain and self sovereign identity to support quality in the food supply chain,” Future Internet, vol. 13, no. 12, p. 301, 2021Google ScholarCross Ref
- K. Li, J.-Y. Lee, and A. Gharehgozli, “Blockchain in food supply chains: a literature review and synthesis analysis of platforms, benefits and challenges,” International Journal of Production Research, pp. 1–20, 2021Google Scholar
- G. Blossey, J. Eisenhardt, and G. Hahn, “Blockchain technology in supply chain management: An application perspective,” in Proceedings of the 52nd Hawaii International Conference on System Sciences, 2019.Google ScholarCross Ref
- K. Stouffer, M. Pease, J. Lubell, E. Wallace, H. Reed, V. L. Martin, Granata, A. Noh, and C. Freeberg, “Blockchain and related technologies to support manufacturing supply chain traceability,” National Institute of Standards and Technology, vol. NISTIR, no. 8419, 2022Google Scholar
- H. Indy, “Transactions,” https://hyperledger-indy.readthedocs.io/projects/node/en/latest/transactions.html [Accessed on 4 May 2022], 2018, [Hyperledger Revision ebf330f8].Google Scholar
- Hyperledger, “Indy Plemnum: Audit Ledger,” Online https://hyperledger-indy.readthedocs.io/projects/plenum/en/latest/audit_ledger.html [Accessed on 4 May 2022]Google Scholar
- H. Indy, “Plenum Byzantine Fault Tolerant Protocol,” https://github.com/hyperledger/indy-plenum [Accessed on 4 May 2022]Google Scholar
- P.-L. Aublin, S. B. Mokhtar, and V. Qu ́ema, “Rbft: Redundant byzantine fault tolerance,” in 2013 IEEE 33rd International Conference on Distributed Computing Systems. IEEE, 2013, pp. 297–306Google ScholarDigital Library
- M. Sporny, D. Longley, and D. Chadwick, “Verifiable credentials data model v1.1 (W3C proposed recommendation 03 august 2021),” Online https://www.w3.org/TR/vc-data-model/ [Accessed on 4 May 2022]Google Scholar
- P. C. Bartolomeu, E. Vieira, S. M. Hosseini, and J. Ferreira, “Self-sovereign identity: Use-cases, technologies, and challenges for industrial iot,” in 2019 24th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA), 2019, pp. 1173–1180Google ScholarDigital Library
- Y. Kortesniemi, D. Lagutin, T. Elo, and N. Fotiou, “Improving the privacy of iot with decentralised identifiers (dids),” Journal of Computer Networks and Communications, vol. 2019, 2019Google ScholarDigital Library
- J. Eberhardt and S. Tai, “On or off the blockchain? insights on off-chaining computation and data,” in Service-Oriented and Cloud Computing, F. De Paoli, S. Schulte, and E. Broch Johnsen, Eds. Cham: Springer International Publishing, 2017, pp. 3–1Google ScholarCross Ref
- I. A. Omar, R. Jayaraman, M. S. Debe, H. R. Hasan, K. Salah, and M. Omar, “Supply chain inventory sharing using ethereum blockchain and smart contracts,” IEEE Access, vol. 10, pp. 2345–2356, 2021Google ScholarCross Ref
- F. Mizutani and S. Uranishi, “The post office vs. parcel delivery companies: competition effects on costs and productivity,” Journal of Regulatory Economics, vol. 23, no. 3, pp. 299–319, 200Google ScholarCross Ref
Index Terms
- Self-Sovereign Identity for Privacy-Preserving Shipping Verification System
Recommendations
Criteria for Evaluating the Privacy Protection Level of Identity Management Services
SECURWARE '09: Proceedings of the 2009 Third International Conference on Emerging Security Information, Systems and TechnologiesIdentity Management is the one of web services that manages the digital identity and the personally identifiable information of the user who subscribed for various web services in Internet. It was developed to provide user with an easy way to use and ...
Privacy-Preserving eID Derivation for Self-Sovereign Identity Systems
Information and Communications SecurityAbstractAs centralized identity management solutions amass identity data, they increasingly become attractive targets for cyber attacks, which entail consequences for users that range from service disruptions to exposure of sensitive user data. Self-...
PrivIdEx: Privacy Preserving and Secure Exchange of Digital Identity Assets.
WWW '19: The World Wide Web ConferenceUser's digital identity information has privacy and security requirements. Privacy requirements include confidentiality of the identity information itself, anonymity of those who verify and consume a user's identity information and unlinkability of ...
Comments