PrivAccIChain (privacy chain): Privacy-preserving and Accountable multi-hop Information-sharing platform for supply Chains

About

This repository contains our fully-tested prototype of PrivAccIChain, which is a privcy-preserving supply chain information system that also supports (i) multi-hop information sharing, (ii) tracking, and (iii) tracing.

Journal paper (evaluation of a real-world supply chain)

The benefits of information sharing along supply chains are well known for improving productivity and reducing costs. However, with the shift towards more dynamic and flexible supply chains, privacy concerns severely challenge the required information retrieval. A lack of trust between the different involved stakeholders inhibits advanced, multi-hop information flows, as valuable information for tracking and tracing products and parts is either unavailable or only retained locally. Our extensive literature review of previous approaches shows that these needs for cross-company information retrieval are widely acknowledged, but related work currently only addresses them insufficiently. To overcome these concerns, we present PrivAccIChain, a secure, privacy-preserving architecture for improving the multi-hop information retrieval with stakeholder accountability along supply chains. To address use case-specific needs, we particularly introduce an adaptable configuration of transparency and data privacy within our design. Hence, we enable the benefits of information sharing as well as multi-hop tracking and tracing even in supply chains that include mutually distrusting stakeholders. We evaluate the performance of PrivAccIChain and demonstrate its real-world feasibility based on the information of a purchasable automobile, the e.GO Life. We further conduct an in-depth security analysis and propose tunable mitigations against common attacks. As such, we attest PrivAccIChain’s practicability for information management even in complex supply chains with flexible and dynamic business relationships.

Workshop paper (evaluation of a sample supply chain)

Today's supply chains are becoming increasingly flexible in nature. While adaptability is vastly increased, these more dynamic associations necessitate more extensive data sharing among different stakeholders while simultaneously overturning previously established levels of trust. Hence, manufacturers’ demand to track goods and to investigate root causes of issues across their supply chains becomes more challenging to satisfy within these now untrusted environments. Complementarily, suppliers need to keep any data irrelevant to such routine checks secret to remain competitive. To bridge the needs of contractors and suppliers in increasingly flexible supply chains, we thus propose to establish a privacy-preserving and distributed multi-hop accountability log among the involved stakeholders based on Attribute-based Encryption and backed by a blockchain. Our large-scale feasibility study is motivated by a real-world manufacturing process, i.e., a fine blanking line, and reveals only modest costs for multi-hop tracing and tracking of goods.

Publications

• Lennart Bader, Jan Pennekamp, Roman Matzutt, David Hedderich, Markus Kowalski, Volker Lücken, and Klaus Wehrle: Blockchain-Based Privacy Preservation for Supply Chains Supporting Lightweight Multi-Hop Information Accountability. Information Processing & Management, 58(3), Elsevier, 2021.

• Jan Pennekamp, Lennart Bader, Roman Matzutt, Philipp Niemietz, Daniel Trauth, Martin Henze, Thomas Bergs, and Klaus Wehrle: Private Multi-Hop Accountability for Supply Chains. In Proceedings of the 2020 IEEE International Conference on Communications Workshops (ICC Workshops '20), 1st Workshop on Blockchain for IoT and Cyber-Physical Systems (BIoTCPS '20), IEEE, 2020.

If you use any portion of our work, please cite our publication.

@inproceedings{bader2021privaccichain,
    author = {Bader, Lennart and Pennekamp, Jan and Matzutt, Roman and Hedderich, David and Kowalski, Markus and L{\"u}cken, Volker and Wehrle, Klaus},
    title = {{Blockchain-Based Privacy Preservation for Supply Chains Supporting Lightweight Multi-Hop Information Accountability}},
    journal = {Information Processing {\&} Management},
    year = {2021},
    volume = {58},
    number = {3},
    publisher = {Elsevier},
    month = {05},
    doi = {10.1016/j.ipm.2021.102529},
    issn = {0306-4573},
}

@inproceedings{pennekamp2020multihopaccountability,
    author = {Pennekamp, Jan and Bader, Lennart and Matzutt, Roman and Niemietz, Philipp and Trauth, Daniel and Henze, Martin and Bergs, Thomas and Wehrle, Klaus},
    title = {{Private Multi-Hop Accountability for Supply Chains}},
    booktitle = {Proceedings of the 2020 IEEE International Conference on Communications Workshops (ICC Workshops '20), 1st Workshop on Blockchain for IoT and Cyber-Physical Systems (BIoTCPS '20)},
    year = {2020},
    month = {06},
    doi = {10.1109/ICCWorkshops49005.2020.9145100},

Please, also take a look at our work on end-to-end-secured sensing in supply chains, which is conceptually compatible to PrivAccIChain.

License

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

If you are planning to integrate parts of our work into a commercial product and do not want to disclose your source code, please contact us for other licensing options via email at pennekamp (at) comsys (dot) rwth-aachen (dot) de

Acknowledgments

Funded by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany's Excellence Strategy – EXC-2023 Internet of Production – 390621612.

---

Installation

Preparation

• Clone this repository: git clone [email protected]:COMSYS/PrivAccIChain.git
• Update permissions (if needed): chmod -R 755 PrivAccIChain/
• Switch to the repository's directory: cd PrivAccIChain/

Docker Setup

• Install Docker
• If your version of Docker does not support the docker compose sub-commands:
  • Install docker-compose
  • Run the following commands with docker-compose instead of docker compose (mind the -)
• Run docker compose up --build -d in the cloned directory to build and run the docker in the background
  • In case of errors, building without the cache can solve issues: docker compose build --no-cache

The docker-compose.yml contains the environment container, which is build from the Dockerfile, and a mongodb container.

Install PrivAccIChain

• The Dockerfile should contain all dependencies that are needed to run the project and is based on this README
• Enter the Docker environment with docker exec -it privaccichain /bin/bash
• Install the python module python3.7 -m pip install -e .

Run and Evaluation

• Attach to the docker container: docker exec -it privaccichain /bin/bash
• [Optional]: Reset and initialize everything ./scripts/DEPLOY_ALL.sh
• For usage instructions on PrivAccIChain and details on how to run the evalation, please have a look at the dedicated README
• Create supply chain model: cd evaluation/scenarios/fineblanking/ && bash ./generate.sh && cd /app
• Run the evaluation: python3.7 evaluation/run_all.py evaluation/results/some-non-existent-folder/