Secure Alert Tracking in Supply Chain

Mehdi Khalfaoui, Refik Molva, Laurent Gomez

2013

Abstract

Risk management practices, techniques and tools with respect to companies’ supply chains have begun to receive more attention recently, as the need to improve supply chain performances has increased in order to keep the balance between financial considerations and those of the customer interests. With the multiplication of intermediate actors, a single threat at one point might compromise the safety of the all actors involved in the supply chain process. Therefore, there is a clear need for product tracking in order to trace anomalies for mitigation of potential threats in the future. Traditional approaches rely on operator-assisted verification procedures that mainly suffer from the lack of global coverage. In this paper, we propose an automated process to securely trace the supply chain actors that interact with the product, as well as the operations that were performed, and the alerts that got raised. The core component of this process is wireless sensor nodes attached to the product. Empowered with sensing capabilities, wireless sensor nodes are meant to raise alert in case of detection of an anomaly. Our solution allows for tracing the path taken by a product and the recording of the alerts that got raised, while preserving the actors’ privacy. The solution combines a polynomial path encoding technique, together with additive homomorphic encryption to ensure the correctness of the path taken by a product, and to preserve the privacy of the actors, respectively.

References

  1. Bellare, M., Canetti, R., and Krawczyk, H. (1996). Keying hash functions for message authentication. In Advances in CryptologyCRYPTO96, pages 1-15. Springer.
  2. Biagioni, E. and Bridges, K. (2002). The application of remote sensor technology to assist the recovery of rare and endangered species. International Journal of High Performance Computing Applications, 16(3):315-324.
  3. Blass, E., Elkhiyaoui, K., and Molva, R. (2011). Tracker : security and privacy for rfid-based supply chains. In NDSS'11, 18th Annual Network and Distributed System Security Symposium, 6-9 February 2011, San Diego, California, USA, ISBN 1-891562-32-0.
  4. Burrell, J., Brooke, T., and Beckwith, R. (2004). Vineyard computing: Sensor networks in agricultural production. Pervasive Computing, IEEE, 3(1):38-45.
  5. Casino (2013). Casino group.
  6. Francillon, A. and Castelluccia, C. (2007). Tinyrng: A cryptographic random number generator for wireless sensors network nodes. In Modeling and Optimization in Mobile, Ad Hoc and Wireless Networks and Workshops, 2007. WiOpt 2007. 5th International Symposium on, pages 1-7. IEEE.
  7. Gaubatz, G., Kaps, J., and Sunar, B. (2005). Public key cryptography in sensor networksrevisited. Security in Ad-hoc and Sensor Networks, pages 2-18.
  8. Gennaro, R., Krawczyk, H., and Rabin, T. (1997). RSAbased undeniable signatures. Advances in CryptologyCRYPTO'97, pages 132-149.
  9. Gibbons, P., Karp, B., Ke, Y., Nath, S., and Seshan, S. (2003). Irisnet: An architecture for a worldwide sensor web. Pervasive Computing, IEEE, 2(4):22-33.
  10. Gomez, L., Gaci, O., Deutsch, J., and El-Khoury, E. (2012). Sensor based risk assessment for the supply of dangerous products. In SENSORCOMM 2012, The Sixth International Conference on Sensor Technologies and Applications, pages 342-348.
  11. Gomez, L., Khalfaoui, M., El-Khoury, E., Ulmer, C., Deutsch, J., Chettouh, O., Gaci, O., Mathieu, H., ElMoustaine, E., Laurent, M., et al. (2011). Rescueit: securisation de la chaine logistique orientee service depuis le monde des objets jusqua lunivers informatique. In Workshop Interdisciplinaire sur la Securite Globale.
  12. Hempstead, M., Lyons, M., Brooks, D., and Wei, G. (2008). Survey of hardware systems for wireless sensor networks. Journal of Low Power Electronics, pages 11- 20.
  13. http://www.atmel.com/Images/doc2467.pdf. 01/06/2012.
  14. http://www.phidgets.com/. Last access: 12/06/2011.
  15. http://www.xbow.com/. Last access: 01/06/2012.
  16. Khalfaoui, M., Molva, R., and Gomez, L. (2012). Secure product tracking in supply chain. In INSCRYPT 2012, 8th International Conference on Information Security and Cryptology, 28-30 November 2012, Pekin, China, Pekin, CHINA.
  17. Khune and Nagel (2013). Khune and nagel group.
  18. Noubir, G., Vijayananda, K., and Nussbaumer, H. (1998). Signature-based method for run-time fault detection in communication protocols . Computer Communications, pages 405-421.
  19. Ouafi, K. and Vaudenay, S. (2009). Pathchecker: An RFID Application for Tracing Products in Supply-Chains. In International Conference on RFID Security. Citeseer.
  20. Paillier, P. (1999). Public-key cryptosystems based on composite degree residuosity classes. In Advances in Cryptology, EUROCRYPT99, pages 223- 238. Springer.
  21. Rabin, M. (1979). Digitalized signatures and public-key functions as intractable as factorization.
  22. Son, J.-H., Lee, J.-S., and Seo, S.-W. (2010). Topological key hierarchy for energy-efficient group key management in wireless sensor networks. Wirel. Pers. Commun., 52(2):359-382.
  23. Swift, T. (2001). Trust, reputation and corporate accountability to stakeholders. Business Ethics: A European Review, 10(1):16-26.
  24. Szewczyk, R., Osterweil, E., Polastre, J., Hamilton, M., Mainwaring, A., and Estrin, D. (2004). Habitat monitoring with sensor networks. Communications of the ACM, 47(6):34-40.
  25. Trejo-Pech, C. J., Weldon, R. N., House, L. A., and Gunderson, M. A. (2009). The accrual anomaly financial problem in the food supply chain. Agribusiness, 25(4):520-533.
  26. Werner-Allen, G., Johnson, J., Ruiz, M., Lees, J., and Welsh, M. (2005). Monitoring volcanic eruptions with a wireless sensor network. In Wireless Sensor Networks, 2005. Proceeedings of the Second European Workshop on, pages 108-120. IEEE.
  27. Williams, E. S., Panko, J., and Paustenbach, D. J. (2009). The european union's reach regulation: a review of its history and requirements. Critical reviews in toxicology, 39(7):553-575.
Download


Paper Citation


in Harvard Style

Khalfaoui M., Molva R. and Gomez L. (2013). Secure Alert Tracking in Supply Chain . In Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013) ISBN 978-989-8565-73-0, pages 219-229. DOI: 10.5220/0004532102190229


in Bibtex Style

@conference{secrypt13,
author={Mehdi Khalfaoui and Refik Molva and Laurent Gomez},
title={Secure Alert Tracking in Supply Chain},
booktitle={Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)},
year={2013},
pages={219-229},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004532102190229},
isbn={978-989-8565-73-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)
TI - Secure Alert Tracking in Supply Chain
SN - 978-989-8565-73-0
AU - Khalfaoui M.
AU - Molva R.
AU - Gomez L.
PY - 2013
SP - 219
EP - 229
DO - 10.5220/0004532102190229