Security of Blockchain-Based Supply Chain Management Systems: Challenges and Opportunities

Abstract

Blockchain is a revolutionary technology that is being used in many applications, including supply chain management. Although, the primary motive of using a blockchain for supply chain management is to reduce the overall production cost while providing the comprehensive security to the system. However, current blockchain-based supply-chain management (BC-SCM) systems still hold the possibility of cyber attacks. Therefore, the goal of this study is to investigate practical threats and vulnerabilities in the design of BC-SCM systems. As a starting point, we first establish key requirements for the reliability and security of supply chain management systems, i.e., transparency, privacy and traceability, and then discern a threat model that includes two distinctive but practical threats including computational (i.e., the ones that threaten the functionality of the application) and communication (i.e., the ones that threaten information exchange among interconnected services of the application). For investigation, we follow a unique approach based on the hypothesis that reliability is pre-requisite of security and identify the threats considering (i) design of smart contracts and associated supply chain management applications, (ii) underlying blockchain execution environment and (iii) trust between all interconnected supply management services. Moreover, we consider both academic and industry solutions to identify the threats. We identify several challenges that hinder to establish reliability and security of the BC-SCM systems. Importantly, we also highlight research gaps that can help to establish desired security of the BC-SCM. To the best of our knowledge, this paper is the first effort that identifies practical threats to blockchain-based supply chain management systems and provides their counter measures. Finally, this work establishes foundation for future investigation towards practical security of BC-SCM system.