Securing Blockchain-Based Supply Chain Workflow against Internal and External Attacks

Abstract

Read online

Blockchain is a revolutionary technology that is being used in many applications, including supply chain management. The primary goal of using a blockchain for supply chain management is to reduce the overall production cost while providing comprehensive security to the system. However, current blockchain-based supply-chain workflow(s) (BSW) are still susceptible to various cyber threats due to evolving business processes of different stakeholders involved in the process. In fact, current BSW protects the supply chain process based on the rules that have been implemented in the corresponding smart contracts. However, in practice, the requirements for the process keep evolving due to several organizational policies and directives of the involved stakeholders; therefore, current blockchain-based solutions fail to protect the supply chain process against attacks that exploit the process-related information that is not protected by smart contracts. Therefore, the goal of this work was to develop a methodology that enhances the protection of BSW against various internal (e.g., Stuxnet) and external (e.g., local data breach of a stakeholder) cyber threats through monitoring the stakeholder business process. Our methodology complements the blockchain-based solution because it protects the stakeholder’s local process against the attacks that exploit the process information that is not protected in the smart contracts. We implemented a prototype and demonstrated its application to a typical supply chain workflow example application by successfully detecting internal and external attacks to the application.

Keywords

• supply chain workflow
• internal attacks
• external attacks
• blockchain
• smart contract