Smart Blockchains meet Connected Supply Chains
von Wolfgang Laier
Blockchain and Logistics – A contradiction? This is what many experts think, because blockchains are highly redundant data storages. To understand the mission of blockchain technologies in Logistics the talk will go down the rabbit hole of the underlying technologies and present the BoschSecure Use Case, which uses Crypto and Blockchain Technologies to provide Digital Security in all aspects of the CIA Triad as well as realtime data exchange with your customers, suppliers... and a lot more.
CIA Triad of Security
Security is an issue. What if your customer data leaked to your competitor. What if your goods are delivered to the wrong customer? What if an order cancellation would not reach your plant timely due to a network outage or a denial-of-service-Attack on your B2B gateway? Everybody dealing with logistics is aware of the severity of these issues, while most of the logistics professionals never heard of the CIA Triad.
The CIA Triad consists of the three fundamentals of IT-Security.
C – Confidentiality
C stands for Confidentiality. This is what most people are aware of. The leakage of confidential data can cause a lot of harm. The C is represented in our case by the question: “What if your customer data leaked to your competitor”. This issue is addressed by a whole bunch of IT-Tools like firewalls, VPNs and Extrusion Detection Systems – while C-Attacks are typically unnoticed.
I – Integrity
The lowest place on the security awareness list is the I. The Integrity. Integrity attacks mean tampering with data or sourcecode. We can boil that issue down to the question: “What if your goods are delivered to the wrong customer?” or “What if your customer gets a faulty product configuration?” Integrity attacks are very difficult to detect, since they are typically camouflaged as internal deficiencies and are often so-called “inside jobs”. It is general knowledge in security circles that there is one of a thousend employees receiving a double income. A very famous example for an inside job is the Sony attack. Here a quotation of the New York Post: “US cybersecurity experts say they have solid evidence that a former employee helped hack Sony Pictures Entertainment’s computer system — and that it was not masterminded by North Korean cyberterrorists. One leading cybersecurity firm, Norse Corp., said Monday it has narrowed its list of suspects to a group of six people — including at least one Sony veteran with the necessary technical background to carry out the attack, according to reports.” We should note, that the Sony-Attack was not an Integrity-Attack but a Confidentiality-Attack where video material leaked out of the company. (https://nypost.com/2014/12/30/new-evidence-sony-hack-was-inside-job-cyber-experts/)
A – Availability
The A is in the second place of the professional awareness. The Availability. The question:” What if an order cancellation would not reach your plant timely due to a network outage or a denial-of-service-Attack on your B2B gateway?” Servers being taken down by hackers got some fame in 2007 when cyberattacks hit Estonia. Here a Wikipedia quotation: ”A series of cyber-attacks began 27 April 2007 that swamped websites of Estonian organizations, including Estonian parliament, banks, ministries, newspapers and broadcasters… Most of the attacks that had … influence on the general public were distributed denial of service type attacks ranging from single individuals using various methods like ping floods to expensive rentals of botnets usually used for spam distribution. Spamming of bigger news portals commentaries and defacements including that of the Estonian Reform Party website also occurred.” (https://en.wikipedia.org/wiki/2007_cyberattacks_on_Estonia)
The Role of Blochchains in the Security Ecosystem
You might have noticed, that I gave you some examples of tools securing the Confidentiality aspect of digital security. It was not out of negligence, that tools for securing Data Integrity and Availability were omitted. They are simply missing! There is no Eugene Kaspersky or John McAfee selling to you a firewall or a virus scan tool which helps your company in protecting the Integrity or the Availability of your digital assets. The good news is: There is a technology out there, that covers those aspects. A technology called blockchain.
The Role of Blochchains in the Security Ecosystem
https://www.youtube.com/watch?v=biQImJmvQPQ - Jump to min 3:00 for a top-down explanation of why bitcoin cannot be controlled, hacked or taxed... IOTA is like Monero, but without a transaction fee...
This was John McAfee on Bitcoin. I chose to show to you this significant video instead of technically explaining, why the Blockchain Technology secures data – in the Bitcoin or Monero use case the digital ledger of a currency – against Tampering (Integrity) and Service Outages (Availability). The blockchain technology is not providing confidentiality of the data, which he made clear by the comparison of bitcoin and its usage against Monero – where Monero has built a technology stack on top of the blockchain technology to secure this currency against confidentiality attacks.
The Restriction of Blockchain Technologies in Logistics
Due to the short timeframe of this presentation, I am not capable of explaining the blockchain technology in depth, but I will give those new to the technology a short explanation of the underlying infrastructure using the example of crypto-currencies. Every bitcoin or monero user, should run a blockchain node on his computer to really “be his own bank”. The sourcecode implementing this user-operated node makes sure that all currency transactions are stored on each of the nodes. That means the data which is secured by a blockchain is highly redundant. The signing of the transactions with asymmetric cryptography makes sure, that transactions may not be altered and the blockchain itself provides a timestamp to each of the transactions, so that it is clear which transaction was first.
I hope this very short summary of the technology shows the main restriction of the usage of blockchains in logistics. You cannot secure the excessive amount of your logistics data by storing them in a blockchain – meaning by copying all your logistics data on all of the participating nodes.
IOTA – the IoT tangle – a blockchain evolution
The high redundancy of data in a blockchain is useful for crypto-currencies, since it ensures, that the currency exists until the last node is shut down. This is the reason, why all attacks on bitcoin have failed and will fail. This level of Integrity and Availability cannot be applied on excessive data which occur on IoT-Devices or in logistics. To balance the need of Data Integrity and Availability for bigger data a new technology named IOTA emerged out of the crypto space. IOTA stands for IoT Asset. The IOTA infrastructure replaces the blockchain technology by a tangle, meaning that the secured data is not redundantly copied to all IOTA nodes but only to a part of the nodes. Instead of a block-chain it provides a block-tangle where each IoT device stores its own data additionally to the data of its neighbours in the IOTA tangle.
I am aware that this very short explanation of IOTA raises even more questions, but I refer on these issues to the iota homepage: http://www.iota.org
Apart of the securing of data in the scope of the CIA triad IoT creates the need of smart accounting of all the seducing services of the little helpers. But also the big helpers like the connected industry machines and robot farms of the Industrie 4.0 world need worldwide realtime accounting without currency risks. Therefore IOTA is a cryptocurrency which allows micropayments without any transaction fees.