On achieving secure collaboration in supply chains

Security of private information is a critical requirement for information sharing in supply chains. Security is measured on a variety of metrics: participating suppliers in a supply chain process need guarantees on confidentiality, anonymity, and privacy; the purchaser needs assurance on verifiability and non-repudiation. Given the mutually exclusive nature of security metrics such as anonymity vs. non-repudiation, and confidentiality vs. verifiability, the challenge is to design a process that satisfies all these metrics. In this paper, we propose three major processes that enable secure information sharing and secure computation of arbitrary supply chain functions. We evaluate and compare the secure processes using a ranking method and score function, which we propose for that purpose. We find that certain processes will be preferred over other processes, depending on the environmental characteristics and user preferences. Thus, our secure processes aim to solve major collaboration issues in supply chains.

[1]  Craig Gentry,et al.  Fully Homomorphic Encryption with Polylog Overhead , 2012, EUROCRYPT.

[2]  George Danezis,et al.  A Survey of Anonymous Communication Channels , 2008 .

[3]  Bart Goethals,et al.  On Private Scalar Product Computation for Privacy-Preserving Data Mining , 2004, ICISC.

[4]  Vinod Vaikuntanathan,et al.  Can homomorphic encryption be practical? , 2011, CCSW '11.

[5]  Florian Kerschbaum,et al.  Production , Manufacturing and Logistics Secure collaborative supply chain planning and inverse optimization – The JELS model , 2010 .

[6]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1998, IEEE J. Sel. Areas Commun..

[7]  Frank Y. Chen,et al.  Quantifying the Bullwhip Effect in a Simple Supply Chain: The Impact of Forecasting, Lead Times, and Information.: The Impact of Forecasting, Lead Times, and Information. , 2000 .

[8]  Suhong Li,et al.  Factors in the Adoption of Third-Party B2B Portals in the Textile Industry , 2016 .

[9]  Yossi Aviv,et al.  Gaining Benefits from Joint Forecasting and Replenishment Processes: The Case of Auto-Correlated Demand , 2001, Manuf. Serv. Oper. Manag..

[10]  Heng Xu,et al.  Information Privacy Research: An Interdisciplinary Review , 2011, MIS Q..

[11]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[12]  Felix Brandt,et al.  On the Existence of Unconditionally Privacy-Preserving Auction Protocols , 2008, TSEC.

[13]  Rajesh Piplani,et al.  Supply-side collaboration and its value in supply chains , 2004, Eur. J. Oper. Res..

[14]  Keith B. Frikken,et al.  Outsourcing Manufacturing: Secure Price‐Masking Mechanisms for Purchasing Component Parts , 2011 .

[15]  Michael Goul,et al.  An interorganizational knowledge-sharing security model with breach propagation detection , 2007, Inf. Syst. Frontiers.

[16]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[17]  Moni Naor,et al.  Privacy preserving auctions and mechanism design , 1999, EC '99.

[18]  Pauline Ratnasingam,et al.  Trust in inter-organizational exchanges: a case study in business to business electronic commerce , 2005, Decis. Support Syst..

[19]  Ji Hu,et al.  Derivation of trust federation for collaborative business processes , 2011, Inf. Syst. Frontiers.

[20]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[21]  Felix Brandt,et al.  Efficient Privacy-Preserving Protocols for Multi-unit Auctions , 2005, Financial Cryptography.

[22]  Ron Steinfeld,et al.  Faster Fully Homomorphic Encryption , 2010, ASIACRYPT.

[23]  Craig Gentry,et al.  Fully Homomorphic Encryption without Squashing Using Depth-3 Arithmetic Circuits , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[24]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[25]  A. Akintoye,et al.  A survey of supply chain collaboration and management in the UK construction industry , 2000 .

[26]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[27]  Kevin Zhu,et al.  Research Note - Do Electronic Linkages Reduce the Bullwhip Effect? An Empirical Analysis of the U.S. Manufacturing Supply Chains , 2012, Inf. Syst. Res..

[28]  Simon Fong,et al.  Optimizing dynamic supply chain formation in supply mesh using CSET model , 2012, Information Systems Frontiers.

[29]  Craig Gentry,et al.  Fully Homomorphic Encryption without Bootstrapping , 2011, IACR Cryptol. ePrint Arch..

[30]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[31]  Marshall L. Fisher,et al.  Supply Chain Inventory Management and the Value of Shared Information , 2000 .

[32]  Gang Li,et al.  Everything-as-a-service platform for on-demand virtual enterprises , 2014, Inf. Syst. Frontiers.

[33]  Tarik Aouam,et al.  Fuzzy MADM: An outranking method , 2003, Eur. J. Oper. Res..

[34]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[35]  Yixian Yang,et al.  Comment on Lee et al.’s group signature and e-auction scheme , 2013, Inf. Syst. Frontiers.

[36]  Steven Myers,et al.  Threshold Fully Homomorphic Encryption and Secure Computation , 2011, IACR Cryptol. ePrint Arch..

[37]  Christopher S. Tang,et al.  The Value of Information Sharing in a Two-Level Supply Chain , 2000 .

[38]  Hicham G. Elmongui,et al.  Secure supply-chain protocols , 2003, EEE International Conference on E-Commerce, 2003. CEC 2003..

[39]  Cheng-Chi Lee,et al.  A secure e-auction scheme based on group signatures , 2009, Inf. Syst. Frontiers.

[40]  Vinod Vaikuntanathan,et al.  Efficient Fully Homomorphic Encryption from (Standard) LWE , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[41]  Craig Gentry,et al.  Implementing Gentry's Fully-Homomorphic Encryption Scheme , 2011, EUROCRYPT.

[42]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[43]  Tal Rabin,et al.  A Simplified Approach to Threshold and Proactive RSA , 1998, CRYPTO.

[44]  Frederik Vercauteren,et al.  Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes , 2010, Public Key Cryptography.

[45]  Paul A. Pavlou,et al.  State of the information privacy literature: where are we now and where should we go? , 2011 .