No Arabic abstract
Blockchain offers traceability and transparency to supply chain event data and hence can help overcome many challenges in supply chain management such as: data integrity, provenance and traceability. However, data privacy concerns such as the protection of trade secrets have hindered adoption of blockchain technology. Although consortium blockchains only allow authorised supply chain entities to read/write to the ledger, privacy preservation of trade secrets cannot be ascertained. In this work, we propose a privacy-preservation framework, PrivChain, to protect sensitive data on blockchain using zero knowledge proofs. PrivChain provides provenance and traceability without revealing any sensitive information to end-consumers or supply chain entities. Its novelty stems from: a) its ability to allow data owners to protect trade related information and instead provide proofs on the data, and b) an integrated incentive mechanism for entities providing valid proofs over provenance data. In particular, PrivChain uses Zero Knowledge Range Proofs (ZKRPs), an efficient variant of ZKPs, to provide origin information without disclosing the exact location of a supply chain product. Furthermore, the framework allows to compute proofs and commitments off-line, decoupling the computational overhead from blockchain. The proof verification process and incentive payment initiation are automated using blockchain transactions, smart contracts, and events. A proof of concept implementation on Hyperledger Fabric reveals a minimal overhead of using PrivChain for blockchain enabled supply chains.
Ride-sharing is a service that enables drivers to share their trips with other riders, contributing to appealing benefits of shared travel costs. However, the majority of existing platforms rely on a central third party, which make them subject to a single point of failure and privacy disclosure issues. Moreover, they are vulnerable to DDoS and Sybil attacks due to malicious users involvement. Besides, high fees should be paid to the service provider. In this paper, we propose a decentralized ride-sharing service based on public Blockchain, named B-Ride. Both riders and drivers can find rides match while preserving their trip data, including pick-up/drop-off location, and departure/arrival date. However, under the anonymity of the public blockchain, a malicious user may submit multiple ride requests or offers, while not committing to any of them, to discover better offer or to make the system unreliable. B-Ride solves this problem by introducing a time-locked deposit protocol for a ride-sharing by leveraging smart contract and zero-knowledge set membership proof. In a nutshell, both a driver and a rider have to show their commitment by sending a deposit to the blockchain. Later, a driver has to prove to the blockchain on the agreed departure time that he has arrived at the pick-up location. To preserve rider/driver location privacy by hiding the exact pick-up location, the proof is done using zero-knowledge set membership protocol. Moreover, to ensure a fair payment, a pay-as-you-drive methodology is introduced based on the elapsed distance of the driver and the rider. Also, we introduce a reputation-based trust model to rate drivers based on their past trips to allow riders to select them based on their history on the system. Finally, we implement B-Ride in a test net of Ethereum. The experiment results show the applicability of our protocol atop the existing real-world blockchain.
Supply chain applications operate in a multi-stakeholder setting, demanding trust, provenance, and transparency. Blockchain technology provides mechanisms to establish a decentralized infrastructure involving multiple stakeholders. Such mechanisms make the blockchain technology ideal for multi-stakeholder supply chain applications. This chapter introduces the characteristics and requirements of the supply chain and explains how blockchain technology can meet the demands of supply chain applications. In particular, this chapter discusses how data and trust management can be established using blockchain technology. The importance of scalability and interoperability in a blockchain-based supply chain is highlighted to help the stakeholders make an informed decision. The chapter concludes by underscoring the design challenges and open opportunities in the blockchain-based supply chain domain.
Radio Access Networks (RAN) tends to be more distributed in the 5G and beyond, in order to provide low latency and flexible on-demanding services. In this paper, Blockchain-enabled Radio Access Networks (BE-RAN) is proposed as a novel decentralized RAN architecture to facilitate enhanced security and privacy on identification and authentication. It can offer user-centric identity management for User Equipment (UE) and RAN elements, and enable mutual authentication to all entities while enabling on-demand point-to-point communication with accountable billing service add-on on public network. Also, a potential operating model with thorough decentralization of RAN is envisioned. The paper also proposed a distributed privacy-preserving P2P communication approach, as one of the core use cases for future mobile networks, is presented as an essential complement to the existing core network-based security and privacy management. The results show that BE-RAN significantly improves communication and computation overheads compared to the existing communication authentication protocols.
Innovative solutions addressing product anti-counterfeiting and record provenance have been deployed across todays internationally spanning supply chain networks. These product anti-counterfeiting solutions are developed and implemented with centralized system architecture relying on centralized authorities or any form of intermediaries. Vulnerabilities of centralized product anti-counterfeiting solutions could possibly lead to system failure or susceptibility of malicious modifications performed on product records or various potential attacks to the system components by dishonest participant nodes traversing along the supply chain. Blockchain technology has progressed from merely with a use case of immutable ledger for cryptocurrency transactions to a programmable interactive environment of developing decentralized and reliable applications addressing different use cases globally. In this research, so as to facilitate trustworthy data provenance retrieval, verification and management, as well as strengthening capability of product anti-counterfeiting, key areas of decentralization and feasible mechanisms of developing decentralized and distributed product anti-counterfeiting and traceability ecosystems utilizing blockchain technology, are identified via a series of security and threat analyses performed mainly against NFC-Enabled Anti-Counterfeiting System (NAS) which is one of the solutions currently implemented in the industry with centralized architecture. A set of fundamental system requirements are set out for developing a blockchain-enabled autonomous and decentralized solution for supply chain anti-counterfeiting and traceability, as a secure and immutable scientific data provenance tracking and management platform in which provenance records, providing compelling properties on data integrity of luxurious goods, are recorded and verified automatically, for supply chain industry.
Personally identifiable information (PII) can find its way into cyberspace through various channels, and many potential sources can leak such information. Data sharing (e.g. cross-agency data sharing) for machine learning and analytics is one of the important components in data science. However, due to privacy concerns, data should be enforced with strong privacy guarantees before sharing. Different privacy-preserving approaches were developed for privacy preserving data sharing; however, identifying the best privacy-preservation approach for the privacy-preservation of a certain dataset is still a challenge. Different parameters can influence the efficacy of the process, such as the characteristics of the input dataset, the strength of the privacy-preservation approach, and the expected level of utility of the resulting dataset (on the corresponding data mining application such as classification). This paper presents a framework named underline{P}rivacy underline{P}reservation underline{a}s underline{a} underline{S}ervice (PPaaS) to reduce this complexity. The proposed method employs selective privacy preservation via data perturbation and looks at different dynamics that can influence the quality of the privacy preservation of a dataset. PPaaS includes pools of data perturbation methods, and for each application and the input dataset, PPaaS selects the most suitable data perturbation approach after rigorous evaluation. It enhances the usability of privacy-preserving methods within its pool; it is a generic platform that can be used to sanitize big data in a granular, application-specific manner by employing a suitable combination of diverse privacy-preserving algorithms to provide a proper balance between privacy and utility.