Biblio

Blockchain has the potential to enhance supply chain management systems by providing stronger assurance in transparency and traceability of traded commodities. However, blockchain does not overcome the inherent issues of data trust in IoT enabled supply chains. Recent proposals attempt to tackle these issues by incorporating generic trust and reputation management methods, which do not entirely address the complex challenges of supply chain operations and suffers from significant drawbacks. In this paper, we propose DeTRM, a decentralised trust and reputation management solution for supply chains, which considers complex supply chain operations, such as splitting or merging of product lots, to provide a coherent trust management solution. We resolve data trust by correlating empirical data from adjacent sensor nodes, using which the authenticity of data can be assessed. We design a consortium blockchain, where smart contracts play a significant role in quantifying trustworthiness as a numerical score from different perspectives. A proof-of-concept implementation in Hyperledger Fabric shows that DeTRM is feasible and only incurs relatively small overheads compared to the baseline.

Blockchain has emerged as a leading technological innovation because of its indisputable safety and services in a distributed setup. Applications of blockchain are rising covering varied fields such as financial transactions, supply chains, maintenance of land records, etc. Supply chain management is a potential area that can immensely benefit from blockchain technology (BCT) along with smart contracts, making supply chain operations more reliable, safer, and trustworthy for all its stakeholders. However, there are numerous challenges such as scalability, coordination, and safety-related issues which are yet to be resolved. Multi-agent systems (MAS) offer a completely new dimension for scalability, cooperation, and coordination in distributed culture. MAS consists of a collection of automated agents who can perform a specific task intelligently in a distributed environment. In this work, an attempt has been made to develop a framework for implementing a multi-agent system for a large-scale product manufacturing supply chain with blockchain technology wherein the agents communicate with each other to monitor and organize supply chain operations. This framework eliminates many of the weaknesses of supply chain management systems. The overall goal is to enhance the performance of SCM in terms of transparency, traceability, trustworthiness, and resilience by using MAS and BCT.

Ensuring sustainable sourcing of crude materials and production of goods is a pressing problem in consideration of the growing world population and rapid climate change. Supply-chain traceability systems based on distributed ledgers can help to enforce sustainability policies like production limits. We propose two mutually independent distributed-ledger-based protocols that enable public verifiability of policy compliance. They are designed for different supply-chain scenarios and use different privacy-enhancing technologies in order to protect confidential supply-chain data: secret sharing and homomorphic encryption. The protocols can be added to existing supply-chain traceability solutions with minor effort. They ensure confidentiality of transaction details and offer public verifiability of producers' compliance, enabling institutions and even end consumers to evaluate sustainability of supply chains. Through extensive theoretical and empirical evaluation, we show that both protocols perform verification for lifelike supply-chain scenarios in perfectly practical time.

Counterfeit drugs are an immense threat for the pharmaceutical industry worldwide due to limitations of supply chain. Our proposed solution can overcome many challenges as it will trace and track the drugs while in transit, give transparency along with robust security and will ensure legitimacy across the supply chain. It provides a reliable certification process as well. Fabric architecture is permissioned and private. Hyperledger is a preferred framework over Ethereum because it makes use of features like modular design, high efficiency, quality code and open-source which makes it more suitable for B2B applications with no requirement of cryptocurrency in Hyperledger Fabric. QR generation and scanning are provided as a functionality in the application instead of bar code for its easy accessibility to make it more secure and reliable. The objective of our solution is to provide substantial solutions to the supply chain stakeholders in record maintenance, drug transit monitoring and vendor side verification.

Modern software development frequently uses third-party packages, raising the concern of supply chain security attacks. Many attackers target popular package managers, like npm, and their users with supply chain attacks. In 2021 there was a 650% year-on-year growth in security attacks by exploiting Open Source Software's supply chain. Proactive approaches are needed to predict package vulnerability to high-risk supply chain attacks. The goal of this work is to help software developers and security specialists in measuring npm supply chain weak link signals to prevent future supply chain attacks by empirically studying npm package metadata.

In this paper, we analyzed the metadata of 1.63 million JavaScript npm packages. We propose six signals of security weaknesses in a software supply chain, such as the presence of install scripts, maintainer accounts associated with an expired email domain, and inactive packages with inactive maintainers. One of our case studies identified 11 malicious packages from the install scripts signal. We also found 2,818 maintainer email addresses associated with expired domains, allowing an attacker to hijack 8,494 packages by taking over the npm accounts. We obtained feedback on our weak link signals through a survey responded to by 470 npm package developers. The majority of the developers supported three out of our six proposed weak link signals. The developers also indicated that they would want to be notified about weak links signals before using third-party packages. Additionally, we discussed eight new signals suggested by package developers.

Critical infrastructure is a key area in cybersecurity. In the U.S., it was front and center in 1997 with the report from the President’s Commission on Critical Infrastructure Protection (PCCIP), and now affects countries worldwide. Critical Infrastructure Protection must address all types of cybersecurity threats - insider threat, ransomware, supply chain risk management issues, and so on. Unsurprisingly, in the past 25 years, the risks and incidents have increased rather than decreased and appear in the news daily. As an important component of critical infrastructure protection, secure supply chain risk management must be integrated into development projects. Both areas have important implications for security requirements engineering.

The revolution caused by the advanced analysis features of Internet of Things and big data have made a big turnaround in the digital world. Data analysis is not only limited to collect useful data but also useful in analyzing information quickly. Therefore, most of the variants of the shared system based on the parallel structural model are explored simultaneously as the appropriate big data storage library stimulates researchers’ interest in the distributed system. Due to the emerging digital technologies, different groups such as healthcare facilities, financial institutions, e-commerce, food service and supply chain management generate a surprising amount of information. Although the process of statistical analysis is essential, it can cause significant security and privacy issues. Therefore, the analysis of data privacy protection is very important. Using the platform, technology should focus on providing Advanced Cryptography Policy (ACP). This research explores different security risks, evolutionary mechanisms and risks of privacy protection. It further recommends the post-statistical modern privacy protection act to manage data privacy protection in binary format, because it is kept confidential by the user. The user authentication program has already filed access restrictions. To maintain this purpose, everyone’s attitude is to achieve a changing identity. This article is designed to protect the privacy of users and propose a new system of restoration of controls.

Logic locking is a holistic design-for-trust technique that aims to protect the design intellectual property (IP) from untrustworthy entities throughout the supply chain. Functional and structural analysis-based attacks successfully circumvent state-of-the-art, provably secure logic locking (PSLL) techniques. However, such attacks are not holistic and target specific implementations of PSLL. Automating the detection and subsequent removal of protection logic added by PSLL while accounting for all possible variations is an open research problem. In this paper, we propose GNNUnlock, the first-of-its-kind oracle-less machine learning-based attack on PSLL that can identify any desired protection logic without focusing on a specific syntactic topology. The key is to leverage a well-trained graph neural network (GNN) to identify all the gates in a given locked netlist that belong to the targeted protection logic, without requiring an oracle. This approach fits perfectly with the targeted problem since a circuit is a graph with an inherent structure and the protection logic is a sub-graph of nodes (gates) with specific and common characteristics. GNNs are powerful in capturing the nodes' neighborhood properties, facilitating the detection of the protection logic. To rectify any misclassifications induced by the GNN, we additionally propose a connectivity analysis-based post-processing algorithm to successfully remove the predicted protection logic, thereby retrieving the original design. Our extensive experimental evaluation demonstrates that GNNUnlock is 99.24% - 100% successful in breaking various benchmarks locked using stripped-functionality logic locking [1], tenacious and traceless logic locking [2], and Anti-SAT [3]. Our proposed post-processing enhances the detection accuracy, reaching 100% for all of our tested locked benchmarks. Analysis of the results corroborates that GNNUnlock is powerful enough to break the considered schemes under different parameters, synthesis settings, and technology nodes. The evaluation further shows that GNNUnlock successfully breaks corner cases where even the most advanced state-of-the-art attacks [4], [5] fail. We also open source our attack framework [6].

The aim of this study is to determine the current challenges related to security and trust issues in digital supply chains. The development of information and communication technologies (ICT) has improved the efficiency of supply chains, while creating new vulnerabilities and increasing the likelihood of security threats. Previous studies lack the physical security aspect, so the emphasis is on the security of cyber-physical systems. In order to achieve the goal of the study, traditional and digital supply chains, their security risks and main differences were examined. A security framework for cyber-physical risks in digital supply chains was developed.

Quality assurance and food safety are the most problem that the consumers are special care. To solve this problem, the enterprises must improve their food supply chain management system. In addition to tracking and storing orders and deliveries, it also ensures transparency and traceability of food production and transportation. This is a big challenge that the food supply chain system using the client-server model cannot meet with the requirements. Blockchain was first introduced to provide distributed records of digital currency exchanges without reliance on centralized management agencies or financial institutions. Blockchain is a disruptive technology that can improve supply chain related transactions, enable to access data permanently, data security, and provide a distributed database. In this paper, we propose a method to design a food supply chain management system base on Blockchain technology that is capable of bringing consumers’ trust in food traceability as well as providing a favorable supply and transaction environment. Specifically, we design a system architecture that is capable of controlling and tracking the entire food supply chain, including production, processing, transportation, storage, distribution, and retail. We propose the KDTrace system model and the Channel of KDTrace network model. The Smart contract between the organizations participating in the transaction is implemented in the Channel of KDTrace network model. Therefore, our supply chain system can decrease the problem of data explosion, prevent data tampering and disclosure of sensitive information. We have built a prototype based on Hyperledger Fabric Blockchain. Through the prototype, we demonstrated the effectiveness of our method and the suitability of the use cases in a supply chain. Our method that uses Blockchain technology can improve efficiency and security of the food supply chain management system compared with traditional systems, which use a clientserver model.

Cyber supply chain (CSC) security cost effectiveness should be the first and foremost decision to consider when integrating various networks in supplier inbound and outbound chains. CSC systems integrate different organizational network systems nodes such as SMEs and third-party vendors for business processes, information flows, and delivery channels. Adversaries are deploying various attacks such as RAT and Island-hopping attacks to penetrate, infiltrate, manipulate and change delivery channels. However, most businesses fail to invest adequately in security and do not consider analyzing the long term benefits of that to monitor and audit third party networks. Thus, making cost benefit analysis the most overriding factor. The paper explores the cost-benefit analysis of investing in cyber supply chain security to improve security. The contribution of the paper is threefold. First, we consider the various existing cybersecurity investments and the supply chain environment to determine their impact. Secondly, we use the NPV method to appraise the return on investment over a period of time. The approach considers other methods such as the Payback Period and Internal Rate of Return to analyze the investment appraisal decisions. Finally, we propose investment options that ensure CSC security performance investment appraisal, ROI, and business continuity. Our results show that NVP can be used for cost-benefit analysis and to appraise CSC system security to ensure business continuity planning and impact assessment.

Increasing consumer experience and companies inner quality presents a direct demand of different requirements on supply chain traceability. Typically, existing solutions have separate data storages which eventually provide limited support when multiple individuals are included. Therefore, the block-chain-based methods are utilized to defeat these deficiencies by generating digital illustrations of real products to following several objects at the same time. Nevertheless, they actually cannot identify the change of products in manufacturing methods. The connection between components included in the production decreased, whereby the ability to follow a product’s origin reduced consequently. In this paper, a methodology is recommended which involves using a Block-chain in Supply Chain Traceability, to solve the issues of manipulations and changes in data and product source. The method aims to improve the product’s origin transparency. Block-chain technology produces a specific method of storing data into a ledger, which is raised on many end-devices such as servers or computers. Unlike centralized systems, the records of the present system are encrypted and make it difficult to be manipulated. Accordingly, this method manages the product’s traceability changes. The recommended system is performed for the cheese supply chain. The result were found to be significant in terms of increasing food security and distributors competition.

In recent years, Counterfeit goods play a vital role in product manufacturing industries. This Phenomenon affects the sales and profit of the companies. To ensure the identification of real products throughout the supply chain, a functional block chain technology used for preventing product counterfeiting. By using a block chain technology, consumers do not need to rely on the trusted third parties to know the source of the purchased product safely. Any application that uses block chain technology as a basic framework ensures that the data content is “tamper-resistant”. In view of the fact that a block chain is the decentralized, distributed and digital ledger that stores transactional records known as blocks of the public in several databases known as chain across many networks. Therefore, any involved block cannot be changed in advance, without changing all subsequent block. In this paper, counterfeit products are detected using barcode reader, where a barcode of the product linked to a Block Chain Based Management (BCBM) system. So the proposed system may be used to store product details and unique code of that product as blocks in database. It collects the unique code from the customer and compares the code against entries in block chain database. If the code matches, it will give notification to the customer, otherwise it gets information from the customer about where they bought the product to detect counterfeit product manufacturer.

The supply chain has been much developed with the internet technology being used in the business world. Some issues are becoming more and more evident than before in the course of the fast evolution of the supply chain. Among these issues, the remarkable problems include low efficiency of communication, insufficient operational outcomes and lack of the credit among the participants in the whole chain. The main reasons to cause these problems lie in the isolated information unable to be traced and in the unclear responsibility, etc. In recent years, the block chain technology has been growing fast. Being decentralized, traceable and unable to be distorted, the block chain technology is well suitable for solving the problems existing in the supply chain. Therefore, the paper first exposes the traditional supply chain mode and the actual situation of the supply chain management. Then it explains the block chain technology and explores the application & effects of the block chain technology in the traditional supply chain. Next, a supply chain style is designed on the base of the block chain technology. Finally the potential benefits of the remolded supply chain are foreseen if it is applied in the business field.

With the rapid development of IoT in recent years, IoT is increasingly being used as an endpoint of supply chains. In general, as the majority of data is now being stored and shared over the network, information security is an important issue in terms of secure supply chain management. In response to cyber security breaches and threats, there has been much research and development on the secure storage and transfer of data over the network. However, there is a relatively limited amount of research and proposals for the security of endpoints, such as IoT linked in the supply chain network. In addition, it is difficult to ensure reliability for IoT itself due to a lack of resources such as CPU power and storage. Ensuring the reliability of IoT is essential when IoT is integrated into the supply chain. Thus, in order to secure the supply chain, we need to improve the reliability of IoT, the endpoint of the supply chain. In this work, we examine the use of IoT gateways, client certificates, and IdP as methods to compensate for the lack of IoT resources. The results of our qualitative evaluation demonstrate that using the IdP method is the most effective.

Focusing on security management for supply chain under emergencies, this paper analyzes the characteristics of supply chain risk, clarifies the relationship between business continuity management and security management for supply chain, organizational resilience and security management for supply chain separately, so as to propose suggestions to promote the realization of security management for supply chain combined these two concepts, which is of guiding significance for security management for supply chain and quality assurance of products and services under emergencies.

With the continuous development of world economy, the trade and connection between countries are getting closer, in which ports are playing an increasingly important role. However, due to the inherent complexity of port operational environment, ports are exposed to various types of hazards and more likely to encounter risks with high frequency and serious consequences. Therefore, proper and effective risk management of ports is particularly essential and necessary. In this research, literature from three aspects including risk assessment of port operations and service, safety management of dangerous goods, and port supply chain risk management was collected and investigated, in order to put forward the future research direction related to the risk management of port operations. The research results show that, firstly, most of the current research mainly focuses on the operational risk of traditional ports and a lot of relevant achievements have been seen. However, few scholars have studied the risk issues of smart ports which are believed to be the trend of future with the rapid development and application of high and new technologies. Thus, it is suggested that more attention should be shifted to the identification and assessment of operational risks of smart ports considering their characteristics. Secondly, although the risk evaluation systems of port operational safety have been established and widely studied, more efforts are still needed in terms of the suitability and effectiveness of the proposed indicators, especially when dangerous goods are involved. Thirdly, risk management of port supply chain is another popular topic, in which, one of the main difficulties lies on the collection of risk related statistics data due to the fact that port supply chain systems are usually huge and complex. It is inevitably that the evaluation results will lack objectivity to some extent. Therefore, it calls for more research on the risk assessment of port supply chains in a quantitative manner. In addition, resilience, as an emerging concept in the transportation field, will provide a new angle on the risk management of port supply chains.

To make supply chains sustainable and smart, companies can use information and communication technologies to manage procurement, sourcing, conversion, logistics, and customer relationship management activities. Characterized by profit, people, and planet, the supply chain processes of creating values and managing risks are expected to be digitally transformed. Once digitized, datafied, and networked, supply chains can account for substantial progress towards sustainability. Given the lack of clarity on the concepts of resilience and human rights for the supply chain, especially with the recent advancement of social media, big data, artificial intelligence, and cloud computing, the study conducts a scoping review. To identify the size, scope, and themes, it collected 180 articles from the Web of Science bibliographic database. The bibliometric findings reveal the overall conceptual and intellectual structure, and the gaps for further research and development. The concept of resilience can be enriched, for instance, by the environmental, social, and governance (ESG) concerns. The enriched notion of resilience can also be expressed in digitized, datafied, and networked forms.

With over 80% of goods transportation in volume carried by sea, ports are key infrastructures within the logistics value chain. To address the challenges of the globalized and competitive economy, ports are digitizing at a fast pace, evolving into smart ports. Consequently, the cyber-resilience of ports is essential to prevent possible disruptions to the economic supply chain. Over the last few years, there has been a significant increase in the number of disclosed cyber-attacks on ports. In this paper, we present the capabilities of a high-end hybrid cyber range for port cyber risks awareness and training. By describing a specific port use-case and the first results achieved, we draw perspectives for the use of cyber ranges for the training of port actors in cyber crisis management.

Smart city technologies promise reduced congestion by optimizing transportation movements. Increased connectivity, however, may increase the attack surface of a municipality's critical functions. Increased supply chain attacks (up nearly 80 % in 2019) and municipal ransomware attacks (up 60 % in 2019) motivate the need for holistic approaches to risk assessment. Therefore, we present a methodology to quantify the degree to which supply-chain movements may be observed or disrupted via compromised smart-city devices. Our data-processing pipeline uses publicly available datasets to model intermodal commodity flows within and surrounding a municipality. Using a hierarchy tree to adaptively sample spatial networks within geographic regions of interest, we bridge the gap between grid- and network-based risk assessment frameworks. Results based on fieldwork for the Jack Voltaic exercises sponsored by the Army Cyber Institute demonstrate our approach on intermodal movements through Charleston, SC and San Diego, CA.

The international Supply Chains (SC) have expanded rapidly over the decades and also consist of many entities and business partners. The increasing complexity of supply chain makes it more vulnerable to a security threat. Therefore, it is necessary to evaluate security management systems to ensure the flow of goods in SC. In this paper we used international standards to assess the security of the company's supply chain compliance with ISO 28001. Supply chain security that needs to be assessed includes all inbound logistics activities to outbound logistics. The aim of this research is to analyse the security management system by identifying security threat, consequences, and likelihood to develop adequate countermeasures for the security of the company's supply chain. Security risk assessment was done using methodology compliance with ISO 28001 which are identify scope of security assessment, conduct security assessment, list applicable threat scenario, determine consequences, determine likelihood, determine risk score, risk evaluation using risk matrix, determine counter measures, and estimation of risk matrix after countermeasures. This research conducted in one of the leather factory in Indonesia. In this research we divided security threat into five category: asset security, personnel security, information security, goods and conveyance security, and closed cargo transport units. The security assessment was conducted by considering the performance review according to ISO 28001: 2007 and the results show that there are 22 security threat scenarios in the company's supply chain. Based upon a system of priorities by risk score, countermeasures are designed to reduce the threat into acceptable level.

Business's strength arises from the strength of its supply chain. Therefore, a proper supply chain management is vital for business continuity. One of the most challenging parts of SCM is the contract negotiation, and one main aspect of the negotiation is to know the risk associated with each range of quantity agreed on. Currently Managers assess the quantity to be supplied based on a binary way of either full or 0 supply, This paper aims to assess the corresponding quantities risks of the suppliers on a multilayer basis. The proposed approach uses fuzzy logic as an artificial intelligence tool that would develop the verbal terms of managers into numbers to be dealt with. A company that produces fresh frozen vegetables and fruits in Egypt who faces the problem of getting the required quantities from the suppliers with a fulfilment rate of 33% was chosen to apply the proposed model. The model allowed the managers to have full view of risk in their supply chain effectively and decide their needed capacity as well as the negotiation terms with both suppliers and customers. Future work should be the use of more data in the fuzzy database and implement the proposed methodology in an another industry.

This article analyzes the basic concepts of supply chain finance, participating institutions, business methods, and exposure to risks. The author combined the basic content of the Internet of Things and block chain technology to carry out research. This paper studies the specific applications of the Internet of Things and block chain technology in supply chain financial risk identification, supply chain financial risk assessment, full-process logistics supervision, smart contract transaction management, corporate financial statement sorting, and risk prevention measures. The author's purpose is to improve the financial risk management level of the enterprise supply chain and promote the stable development of the enterprise economy.

The modern electronics supply chain is a globalized marketplace with the increasing threat of counterfeit integrated circuits (ICs) being installed into mission critical systems. A number of methods for detecting counterfeit ICs exist; however, effective test and evaluation (T&E) methods to assess the confidence of detecting recycled ICs are needed. Additionally, methods for the trustworthy tracking of recycled ICs in the supply chain are also needed. In this work, we propose a novel methodology to address the detection and tracking of recycled ICs at each stage of the electronics supply chain. We present a case study demonstrating our assessment model to calculate the confidence levels of authentic and recycled ICs, and to confidently track these types of ICs throughout the electronics supply chain.

Securing the supply chain of information and communications technology (ICT) has recently emerged as a critical concern for national security and integrity. With the proliferation of Internet of Things (IoT) devices and their increasing role in controlling real world infrastructure, there is a need to analyze risks in networked systems beyond established security analyses. Existing methods in literature typically leverage attack and fault trees to analyze malicious activity and its impact. In this paper, we develop RIoTS, a security risk assessment framework borrowing from system reliability theory to incorporate the supply chain. We also analyze the impact of grouping within suppliers that may pose hidden risks to the systems from malicious supply chain actors. The results show that the proposed analysis is able to reveal hidden threats posed to the IoT ecosystem from potential supplier collusion.