Permissioned blockchain for data provenance in the supply chain with fine grained data authorisation

The sustainability of supply chains has become one of the critical focus of the 21st century. Consumers, investors and government regulators are increasingly scrutinising companies in terms of environmental impacts, fair trade, working conditions as well as compliance with international rules and re...

Full description

Saved in:
Bibliographic Details
Main Author: Huang, Elmo Xuyun
Other Authors: Lam Kwok Yan
Format: Thesis-Master by Research
Language:English
Published: Nanyang Technological University 2021
Subjects:
Online Access:https://hdl.handle.net/10356/148328
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
Description
Summary:The sustainability of supply chains has become one of the critical focus of the 21st century. Consumers, investors and government regulators are increasingly scrutinising companies in terms of environmental impacts, fair trade, working conditions as well as compliance with international rules and regulations. This issue is especially prevalent in the apparel industry. In recent years, some large apparel companies have outsourced production globally to sweatshops or factories with poor environmental standards, leading to boycotts by consumers and investors. This lack of transparency in modern supply chains is due to two significant technical challenges. With a globalised and integrated supply chain network, the flow of information is primarily controlled by large corporations in data silos. Consumers and regulators find it hard to obtain the track and trace the source of information as well as its accuracy. Consumers have to trust the manufacturers, while regulators have to do conduct long and expensive investigation to determine the compliance of such companies. However, malicious corporations often provide incomplete or inaccurate information. Secondly, with cross border trade and third-party outsourcing, a large amount of information is lost in the complex network. In cases, small third-party contractors do not have the proper IT infrastructure to support the exchange of information, leading to missing information at the lower level of the supply chain. Thus, there is a need to create a multi-party data-sharing platform which encompasses the complexity of the supply chain and increases its transparency through data provenance. The platform should also be immutable and somewhat decentralised to reduce the need to trust the manufacturer. Blockchain provides a novel method of recording and information storage in Merkle tree hashes, such that the stored information is immutable. By storing supply chain data on the blockchain, the transparency of the supply chain stakeholders can trace the provenance of the recorded data. Many blockchains attempt to increase transparency by using public blockchain along with smart contracts. However, public blockchains cannot handle a large volume of transactions in real-time and at a low cost. Secondly, implementations of permissioned blockchain for the supply chain focused primarily on the inventory management of large corporations and rarely considered the sustainability factor mentioned above. Moreover, these platforms also do not adequately address the privacy requirements of a supply chain blockchain platform, which are identities of the employees in the company and the transactional data. The privacy of the employees is regulation by privacy laws, and the transaction data such as type of product, raw material sources directly affects the competitiveness of the company. Existing methods such as Public Key Cryptography Standards are not practical in a multi-tier decentralised data-sharing platform and comes with considerable overhead. The platforms also failed to consider the problem of keys and access rights revocation when a new user or stakeholder joins or leaves the blockchain platform. There are two objectives of the thesis. The first objective is to design and implement a data-sharing platform where the NGOs and regulators are stakeholders in the blockchain such that information can be independently verified and traced to the origin. The second objective is to develop and integrate an efficient and flexible privacy protection mechanism with low computational overhead cost into the blockchain platform to protect the privacy of the stakeholders. To address the first objective, we propose a new permissioned blockchain platform and protocol with data provenance capability to address the lack of transparency of the apparel supply chain. Regulators, as well as third party certifying agencies in the blockchain platform, are required to sign off certain transactions and join into the proof of authority consensus protocol. Fraudulent information can thus be detected at the earliest stage, improving the data integrity and transparency of the data-sharing platform. A Ciphertext policy Attribute-based encryption protocol (CP-ABE) was proposed along the blockchain to allow data owners in the supply chain to perform fine grained authorisation based on the attributes of other stakeholders to meet the requirement of objective two. CP-ABE allows data owners to set access policy based on parameters such as time and attributes or issue new decryption keys without the need to perform new encryption. Also, the generation of keys does not require a trusted third party. Hence CP-ABE fulfils the requirements of an efficient, flexible, data protection mechanism which allows for fast and secure key issuing and revocation. Lastly, we implemented and presented the experimental results to show that the proposed platform and protocol can be implemented and is efficient.