SCout: Prying Into Supply Chains via a Public Query Interface

The distribution network, including its flow information, in a supply chain system is usually a business secret to ensure the supply chain security and hold on to a favorable position in commercial competition. When more and more organizations deploy tracking systems to facilitate users, most of them focus much on the business growth but ignore the protection for the secrets. This paper therefore shows how we can pry into supply chains based on publicly acquired data via a public query interface. We design SCout, which crawls messages in social network services (SNSs) to acquire tracking numbers of an express company, and automatically retrieve the supply information from a public query interface, and then set up the distribution network of the target express company. SCout can also provide the flow information between any two distribution points. Furthermore, based on these obtained data, we analyze the relationship between the number of tracking numbers and the information of a distribution network. These experiments show that some express companies need to improve their awareness of data security. In particular, poor coding rules of tracking numbers can help adversaries obtain more tracking numbers easily. Thus, we provide some security countermeasures for express companies to defend from the above snooping. To the best of our knowledge, this paper is the first research to study the data security issue of logistics query systems from the business aspect.

[1]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[2]  D. Lambert,et al.  Supply Chain Management: Implementation Issues and Research Opportunities , 1998 .

[3]  Jian Huang,et al.  An approach to security and privacy of RFID system for supply chain , 2004, IEEE International Conference on E-Commerce Technology for Dynamic E-Business.

[4]  Yingjiu Li,et al.  Protecting RFID communications in supply chains , 2007, ASIACCS '07.

[5]  Hau L. Lee,et al.  SUPPLY CHAIN SECURITY WITHOUT TEARS. , 2003 .

[6]  Bingguang Li A study of critical factors of customer satisfaction in parcel delivery service , 2002 .

[7]  Weili Han,et al.  Role mining algorithm evaluation and improvement in large volume android applications , 2013, SESP '13.

[8]  D. Lambert,et al.  SUPPLY CHAIN MANAGEMENT -- MORE THAN A NEW NAME FOR LOGISTICS , 1997 .

[9]  Christopher S. Tang Robust strategies for mitigating supply chain disruptions , 2006 .

[10]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[11]  Hau L. Lee,et al.  Higher supply chain security with lower cost: Lessons from total quality management , 2005 .

[12]  Refik Molva,et al.  Tracker: Security and Privacy for RFID-based Supply Chains , 2010, NDSS.

[13]  D. Lambert,et al.  Issues in Supply Chain Management , 2000 .

[14]  Li-Rong Zheng,et al.  Technologies, applications, and governance in the Internet of Things , 2011 .

[15]  Y. Sheffi Supply Chain Management Under The Threat Of International Terrorism , 2001 .

[16]  M. D. Webber,et al.  Supply-chain management: logistics catches up with strategy , 1982 .

[17]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[18]  Maged N Kamel Boulos,et al.  Web GIS in practice III: creating a simple interactive map of England's Strategic Health Authorities using Google Maps API, Google Earth KML, and MSN Virtual Earth Map Control , 2005, International journal of health geographics.

[19]  Onna,et al.  Privacy-Preserving Mining of Association Rules from Outsourced Transaction Databases , 2015 .

[20]  Bernardo A. Huberman,et al.  What Trends in Chinese Social Media , 2011, ArXiv.

[21]  M. Cooper,et al.  CHARACTERISTICS OF SUPPLY CHAIN MANAGEMENT AND THE IMPLICATIONS FOR PURCHASING AND LOGISTICS STRATEGY. , 1993 .