Privacy and Transparency in Digital Supply Chains

Master Thesis, Communication and Distributed Systems, RWTH Aachen University, 2020


In contrast to traditionally well-established, long-termed, and trust-based business relationships, today's digitized supply chain structures tend to short-term business relationships that enable dynamic reaction to changes in supply capabilities and customer demands. The increased flexibility is achieved at the cost of reduced trust between business partners, such that new techniques for accountable information provision along the supply chain become necessary. While information provision allows identifying problems with products and business partners, revelation of business information and production data can also contradict the providing business's interests. %Consequentially, an appropriate trade-off between data transparency and data privacy is required for collaboration in digitized supply chain structures. In this thesis, we propose an architecture that achieves accountable multi-hop information sharing between direct and indirect business partners, but enables companies to fine-granularly define those partners they want to share information with. Besides classical access control, we present a hybrid encryption scheme that utilizes attribute-based encryption to define distributed encryption policies. In combination with signatures on provided data and a blockchain-backed accountability system, we protect provided data against manipulation. We conduct a large-scaled study on the performance and security of our architecture based on a real-world supply chain scenario and achieve adequate operation durations for provision and (multi-hop) retrieval of information as well as tunable resistance against various attacks.