Advertisement

Towards a Reliable and Accountable Cyber Supply Chain in Energy Delivery System Using Blockchain

  • Xueping Liang
  • Sachin Shetty
  • Deepak Tosh
  • Yafei Ji
  • Danyi Li
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 255)

Abstract

The cyber supply chain arises as the emerging business model of today’s IT infrastructure in enterprise-level energy delivery system, which relies on different software or hardware vendors. Due to the heterogeneous services provided and various roles involved for each system entity to maintain the IT infrastructure, the attack surface expands dramatically, thus putting enterprise systems at high risks of data breaches or compromises. This paper firstly presents an overview of the typical cyber supply chain system, including system entities and processes, and then two attack scenarios are illustrated. Following the analysis of cyber supply chain security requirements and countermeasures, we integrate the power of blockchain technology that has a trustless and decentralized architecture, to the cyber supply chain to achieve reliability and accountability. A basic framework for blockchain assured energy delivery system is introduced as a case study to provide guidelines for future blockchain adoption in achieving provenance of cyber supply chain systems in any industries.

Keywords

Cyber supply chain Distributed ledger Reliability Accountability Energy delivery system 

Notes

Acknowledgment

This material is based on upon work supported by the Department of Energy under Award Number DE-OE0000780 and Office of the Assistant Secretary of Defense for Research and Engineering agreement FA8750-15-2-0120. The work was also supported by a grant from the National Key R&D Program of China (2016YFB0800500).

Disclaimer

This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof.

References

  1. 1.
    Chainpoint: A scalable protocol for anchoring data in the blockchain and generating blockchain receipts. http://www.chainpoint.org/
  2. 2.
  3. 3.
  4. 4.
    Abeyratne, S.A., Monfared, R.P.: Blockchain ready manufacturing supply chain using distributed ledger (2016)CrossRefGoogle Scholar
  5. 5.
    Awaysheh, A., Klassen, R.D.: The impact of supply chain structure on the use of supplier socially responsible practices. Int. J. Oper. Prod. Manag. 30(12), 1246–1268 (2010)CrossRefGoogle Scholar
  6. 6.
    Basnight, Z., Butts, J., Lopez, J., Dube, T.: Firmware modification attacks on programmable logic controllers. Int. J. Crit. Infrastruct. Prot. 6(2), 76–84 (2013)CrossRefGoogle Scholar
  7. 7.
    Boyson, S., Corsi, T.: Building a cyber supply chain assurance reference model (2009)Google Scholar
  8. 8.
    Brewster, C.: Semantic blockchains in the supply chainGoogle Scholar
  9. 9.
    Cachin, C.: Architecture of the hyperledger blockchain fabric. In: Workshop on Distributed Cryptocurrencies and Consensus Ledgers (2016)Google Scholar
  10. 10.
  11. 11.
    Chen, Y., Venkatesan, R., Cary, M., Pang, R., Sinha, S., Jakubowski, M.H.: Oblivious hashing: a stealthy software integrity verification primitive. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 400–414. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36415-3_26CrossRefGoogle Scholar
  12. 12.
    Dhillon, V., Metcalf, D., Hooper, M.: The hyperledger project. Blockchain Enabled Applications, pp. 139–149. Apress, Berkeley, CA (2017).  https://doi.org/10.1007/978-1-4842-3081-7_10CrossRefGoogle Scholar
  13. 13.
    Douligeris, C., Mitrokotsa, A.: Ddos attacks and defense mechanisms: classification and state-of-the-art. Comput. Netw. 44(5), 643–666 (2004)CrossRefGoogle Scholar
  14. 14.
    English, S.M., Nezhadian, E.: Application of bitcoin data-structures & design principles to supply chain management. arXiv preprint arXiv:1703.04206 (2017)
  15. 15.
    Gallay, O., Korpela, K., Tapio, N., Nurminen, J.K.: A peer-to-peer platform for decentralized logistics. Epublication (2017)Google Scholar
  16. 16.
    Graunke, G., Rozas, C.: Method and apparatus for integrity verification, authentication, and secure linkage of software modules. US Patent 6,105,137, 15 August 2000. https://www.google.com/patents/US6105137
  17. 17.
    Group ESCSW, et al.: Roadmap to achieve energy delivery systems cybersecurity. Energetics Inc. (2011). https://energy.gov/oe/downloads/roadmap-achieve-energy-delivery-systems-cybersecurity-2011
  18. 18.
    Hardjono, T., Pentland, A.S.: Verifiable anonymous identities and access control in permissioned blockchainsGoogle Scholar
  19. 19.
    Ilgun, K., Kemmerer, R.A., Porras, P.A.: State transition analysis: a rule-based intrusion detection approach. IEEE Trans. Softw. Eng. 21(3), 181–199 (1995)CrossRefGoogle Scholar
  20. 20.
    Threat Intelligence: Dragonfly: cyber attacks on the energy sector (2017). https://www.symantec.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks
  21. 21.
  22. 22.
  23. 23.
    Kaku, E.: Using blockchain to support provenance in the internet of things. Ph.D. thesis (2017)Google Scholar
  24. 24.
    Kim, H.M., Laskowski, M.: Towards an ontology-driven blockchain design for supply chain provenance (2016)Google Scholar
  25. 25.
    Kshetri, N.: 1 blockchain’s roles in meeting key supply chain management objectives. Int. J. Inf. Manag. 39, 80–89 (2018)CrossRefGoogle Scholar
  26. 26.
    Liang, X., Shetty, S., Tosh, D., Kamhoua, C., Kwiat, K., Njilla, L.: ProvChain: a blockchain-based data provenance architecture in cloud environment with enhanced privacy and availability. In: Proceedings of the 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, pp. 468–477. IEEE Press (2017)Google Scholar
  27. 27.
    Liang, X., Zhao, J., Shetty, S., Li, D.: Towards data assurance and resilience in IoT using blockchainGoogle Scholar
  28. 28.
    Liang, X., Zhao, J., Shetty, S., Liu, J., Li, D.: Integrating blockchain for data sharing and collaboration in mobile healthcare applicationsGoogle Scholar
  29. 29.
    Mackey, T.K., Nayyar, G.: A review of existing and emerging digital technologies to combat the global trade in fake medicines. Expert Opin. Drug Saf. 16(5), 587–602 (2017)CrossRefGoogle Scholar
  30. 30.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)Google Scholar
  31. 31.
    Nicoletti, B.: The future: procurement 4.0. Agile Procurement, pp. 189–230. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-61085-6_8CrossRefGoogle Scholar
  32. 32.
    Ornaghi, A., Valleri, M.: Man in the middle attacks. In: Blackhat Conference Europe (2003)Google Scholar
  33. 33.
    Sean, B., Earl, C., Erick, G., Christopher, M., Marshall, J.: Attack on critical infrastructure leverages template injection (2017). http://blog.talosintelligence.com/2017/07/template-injection.html
  34. 34.
    Seller, C., Murphy, J.: Cyber supply chain risk management (2017)Google Scholar
  35. 35.
    Shackleford, D.: Combatting cyber risks in the supply chain. SANS.org (2015)Google Scholar
  36. 36.
    Skipper, J.B., Hanna, J.B.: Minimizing supply chain disruption risk through enhanced flexibility. Int. J. Phys. Distrib. Logistics Manage. 39(5), 404–427 (2009)CrossRefGoogle Scholar
  37. 37.
    National Institute of Standards and Technology: Cyber supply chain risk management (2017). https://csrc.nist.gov/projects/supply-chain-risk-management/
  38. 38.
    Tankard, C.: Advanced persistent threats and how to monitor and deter them. Netw. Secur. 2011(8), 16–19 (2011)CrossRefGoogle Scholar
  39. 39.
    Tian, F.: A supply chain traceability system for food safety based on HACCP, blockchain & Internet of Things. In: 2017 International Conference on Service Systems and Service Management (ICSSSM), pp. 1–6. IEEE (2017)Google Scholar
  40. 40.
    Tomlin, B.: On the value of mitigation and contingency strategies for managing supply chain disruption risks. Manage. Sci. 52(5), 639–657 (2006)MathSciNetCrossRefGoogle Scholar
  41. 41.
    Toyoda, K., Mathiopoulos, P.T., Sasase, I., Ohtsuki, T.: A novel blockchain-based product ownership management system (POMS) for anti-counterfeits in the post supply chain. IEEE Access (2017)Google Scholar
  42. 42.
    Urciuoli, L.: Cyber-resilience: a strategic approach for supply chain management. Technol. Innov. Manage. Rev. 5(4), 13 (2015)CrossRefGoogle Scholar
  43. 43.
    Voyatzis, G., Pitas, I.: The use of watermarks in the protection of digital multimedia products. Proc. IEEE 87(7), 1197–1207 (1999)CrossRefGoogle Scholar
  44. 44.
    Waalewijn, D.: Cyber security in the supply chain of industrial embedded devices (2014)Google Scholar
  45. 45.
    William, J.: RSA confirms its tokens used in Lockheed hack (2011)Google Scholar
  46. 46.
    Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Proj. Yellow Pap. 151 (2014)Google Scholar
  47. 47.
    Wu, H., Li, Z., King, B., Ben Miled, Z., Wassick, J., Tazelaar, J.: A distributed ledger for supply chain physical distribution visibility. Information 8(4), 137 (2017)CrossRefGoogle Scholar
  48. 48.
    Xu, L., Chen, L., Gao, Z., Lu, Y., Shi, W.: CoC: secure supply chain management system based on public ledger. In: 2017 26th International Conference on Computer Communication and Networks (ICCCN), pp. 1–6. IEEE (2017)Google Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018

Authors and Affiliations

  • Xueping Liang
    • 1
    • 2
    • 3
  • Sachin Shetty
    • 1
  • Deepak Tosh
    • 4
  • Yafei Ji
    • 2
  • Danyi Li
    • 2
  1. 1.Virginia Modeling Analysis and Simulation CenterOld Dominion UniversityNorfolkUSA
  2. 2.Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  3. 3.School of Cyber SecurityUniversity of Chinese Academy of SciencesBeijingChina
  4. 4.Department of Computer ScienceNorfolk State UniversityNorfolkUSA

Personalised recommendations