Lennart Bader*, Jan Pennekamp*, Roman Matzutt, David Hedderich, Markus Kowalski, Volker Lücken, Klaus Wehrle:
In Information Processing & Management, Elsevier, 2021
* Equal Contribution
@article{bpm+21,
author = {Bader, Lennart and Pennekamp, Jan and Matzutt, Roman and Hedderich, David and Kowalski, Markus and L{\"u}cken, Volker and Wehrle, Klaus},
title = {{Blockchain-Based Privacy Preservation for Supply Chains Supporting Lightweight Multi-Hop Information Accountability}},
journal = {Information Processing {\&} Management},
year = {2021},
month = {05},
volume = {58},
number = {3},
publisher = {Elsevier},
issn = {0306-4573},
doi = {10.1016/j.ipm.2021.102529}
}
Abstract
The benefits of information sharing along supply chains are well known for improving productivity and reducing costs.
However, with the shift towards more dynamic and flexible supply chains, privacy concerns severely challenge the required information retrieval.
A lack of trust between the different involved stakeholders inhibits advanced, multi-hop information flows, as valuable information for tracking and tracing products and parts is either unavailable or only retained locally.
Our extensive literature review of previous approaches shows that these needs for cross-company information retrieval are widely acknowledged, but related work currently only addresses them insufficiently.
To overcome these concerns, we present PrivAccIChain, a secure, privacy-preserving architecture for improving the multi-hop information retrieval with stakeholder accountability along supply chains.
To address use case-specific needs, we particularly introduce an adaptable configuration of transparency and data privacy within our design.
Hence, we enable the benefits of information sharing as well as multi-hop tracking and tracing even in supply chains that include mutually distrusting stakeholders.
We evaluate the performance of PrivAccIChain and demonstrate its real-world feasibility based on the information of a purchasable automobile, the e.GO Life.
We further conduct an in-depth security analysis and propose tunable mitigations against common attacks.
As such, we attest PrivAccIChain's practicability for information management even in complex supply chains with flexible and dynamic business relationships.