ContentslistsavailableatScienceDirect

Journal of Information Security and Applications

journalhomepage:www.elsevier.com/locate/jisa

Blockchain base d secure d information sharing protocol in supply chain management system with key distribution mechanism

Sanjeev Kumar Dwivedi, Ruhul Amin

^∗

, Satyanarayana Vollala

Department of Computer Science and Engineering, Dr. SPM International Institute of Information Technology, Naya Raipur, Naya Raipur-492 002, India

a rt i c l e i n f o

Keywords:

Pharmaceutical supply chain Blockchain

Secure information sharing

a b s t r a c t

The conceptof SupplyChain Management(SCM) is very imperative whilemoving sensitive products fromone entity to thenext entity until it reachestothe end-users toavoiddamage(s) inthe prod- uct.Inthetraditionalsupplychainmanagementsystem,severalseriousproblemssuchastamperingof products, delay,and fraud,etc. exist.It alsolacks proper authentication amongthe participants, data managementas wellasthe integrityofthe data.Theblockchain mechanismis capableofsolving the above-mentionedissuesduetoitsimportant featuressuchasdecentralization, transparency,trust-less environment,anonymity,and immutability.Thispaperdescribes howtheblockchain mechanismcom- bineswiththetraditionalpharmaceuticalsupplychainsystemandtoachieveabetterSCMsystem,we presentablockchain-basedschemeforinformationsharingsecurelyinthepharmaceuticalsupplychain systemwithsmartcontractsand consensusmechanism.Theproposedschemealsoprovidesamecha- nismtodistributerequiredcryptographickeystoalltheparticipantssecurelyusingthesmartcontract technique.Further,transactionand blockvalidationprotocolshave beendesignedinourprotocol.The securityanalysisensuresthatourprotocolisrobustandalsoachievesreasonableperformanceinterms ofcomputationandcommunicationoverheads.

© 2020ElsevierLtd.Allrightsreserved.

1. Introduction

Supplychainmanagement(SCM)isthemanagementoftheen- tireproduction,flowofgoods,data,andfinances,andoverseesthe processesuntilittransformsitintofinalproductsoritreachesits finaldestination.Itisthebackboneofcommerce.Bymanagingthe supplychain,theexcesscostofdeliveringtheproducttothecus- tomer reduces [1]. Forthe smooth functioningof anyindustry,a proper, and well-managed supply chain is very important. Little chaos inthe supplychaincan disruptthe wholemarket andcan cause huge financial loss to involve organizations. To detect the originofcounterfeitproductswhichsomehowhavereachedtothe customer, a well maintained, and immutable supply chain is re- quired[2].

Alot ofworkis going ontoidentify theproducts inthe SCM process. Generally, it uses barcodes andradio frequencyidentifi- cation(RFID)tags.Thetags usedintheSCMprocess arelow-cost andthe capabilitiesofthesetags are very limited. Therefore,the privacyandtransparencyoftheproductsareachallengingtaskin

∗ Corresponding author.

E-mail addresses: amin_ruhul@live.com , sanjeevdwivedi131988@gmail.com (S.K.

Dwivedi), amin_ruhul@live.com (R. Amin), ruhul@iiitnr.edu.in , satya4nitt@gmail.com (S. Vollala).

theSCMsystem. Additionally,italsosuffersfromthewell-known wirelessattacks(replyattacks,eavesdropping,etc.).Thetermprod- uctprivacy isveryimportant inSCM.It meansthat onlyauthen- ticated parties can access the private data of products, either it is stored in the private database or cloud so that intruders will not be ableto forge the product dataatany stage ofthe supply chainprocess.Theinteractionbetweenthesystemandthepartic- ipatingentitiesrequiresasecurechannel.Differentauthentication protocolsinthe differentareasincludingsupply chainsuch asin thehealthcare-services[3,4],intheagriculturalmonitoring[5],in thefieldofwirelesssensornetworks(WSN)[6–8],insupplychain [9,10],andinternet-of-things(IoT)domain[11,12]aresuggestedby thedifferentauthors.

1.1. Traditionalpharmaceuticalsupplychainmanagement(PSCM)

Thepharmaceuticalsupplychain(PSC)operatesverydifferently fromother supplychains in which delivery of products are sub- jectedtovariouskindofcomprehensiveregulationsandrules.But, therulesmustbestrictlyfollowed,andpropertransparencyalong withtrust aremaintained amongthe differentparticipantsofthe supply chain, asto deliver the product in duetime, and proper condition [13]. The major stakeholders of the PSC network are raw material suppliers, manufacturers, warehouse owners, retail- https://doi.org/10.1016/j.jisa.2020.102554

2214-2126/© 2020 Elsevier Ltd. All rights reserved.

Fig. 1. Working mechanisms of traditional pharmaceutical supply chain without blockchain.

ers,pharmacists,andtheend-usersorthecustomers.Thegeneral flowof thePSC is shownin Fig.1. Thegeneral workingsteps of traditionalpharmaceuticalsupplychainmanagement (PSCM)sys- temisasfollows:-

• Inthefirstphase,thegiantpharmamanufacturerscollecttheir rawmaterials fromdifferentsupplierstodevelop aproduct. A considerable amount of research and time is devoted to the propersynthesisofdrugs.

• Inthesecondphase,afterthedevelopmentoftheproduct,the manufacturer sends it to the warehouse. The company using a single unit of manufacturing requires only one warehouse, whereas the one with multiple unitsof manufacturing stores its product in differentwarehouses (centralor regionalware- houses)dependinguponthegeographicalconditions.

• In the third phase, the retailers receive theproduct and sup- plythemtothenextstakeholdersinthechainpharmacists,or othersimilarentitiessuchashospitals,healthcarecenters,and clinics. They usually order the products according to the de- mand,andneeds.

• Inthelast phase,thepharmacistssellthedrugsdirectlytothe patientsortheend-users.

1.2.Majorshortcomingsofexistingpharmaceuticalsupplychain management

There areseveraldrawbackspresentinthe existingPSCMsys- tem.Someofthemarelistedbelow[14,15]:

• LackofTransparency:lackofvisibilityinPSCMisthemainis- sueinthe industry.Million-dollarhavebeeninvested tosolve problems such as, to create a little more transparent supply chain, to identify each drug uniquely, and to solve the prob- lem ofcounterfeitdrugs.But,little successhasbeen achieved inthisarena.

• Product Traceability: In the traditional PSCM system, every stakeholdermaintainsits databasethat storesthe information of a particular product. As a result, predictive monitoring of products is a very challenging task and it incurs extra time anddelaytokeepamanualrecordofeveryproduct.Thisprob- lemcanbeeasilysolved bytheadoptionofasmartcontracts- enabledblockchain-basedPSCMsystem.

• Lack of Trust: The PSCM system involves a various number of participants until the product is delivered to the end-user.

Maintaining the trust amongthe participants in such a com- plex andhugeSCM isa challengingtask.Consequently, itcan alsoaffectthesmoothnessofthesupplychainprocess.

• Shipping of Expiry Products: Customers expect products, whicharenotexpiredbut,sometimesthesupplychainprocess consumes much amount oftime which results inrejection of thedrugsatthelaststage thus,makingthewholeprocessfu- tile.

• Cold-Chain Shipping: Most of the supply chain entities lack the equipment required to transport temperature-controlled drugs. And, the current pharma industry is facing upraise of thisformofthedrug,andthus,itcauseshugelossofthedrug productsandmoney.

• Counterfeit Products: Due to the lack of transparency, and out-datedinformation-sharingmechanismsinthesupplychain system, counterfeited products are delivered to the end-users whichaffectboththeeconomyanduserslife.Accordingtothe Economic Cooperation and Development Organization report, half-trilliondollarsoftheglobaleconomyhasbeenwastedper yearintheSCMprocess.

• Documentation and Regulatory Compliance: The existing supplychainsysteminvolvespaper-basedtrailsforownership- change, letters of credit, and complicated payment terms.

Therefore, traditional supply chain contracts become compli- cated and out-dated. The blockchain-based supply chain sys- temincorporates smart contracts that provide automationfor theabove-mentionedissues.

1.3. Pharmaceuticalsupplychainmanagementwithblockchain

Allthephasesofthesupplychainarerecordedinablockchain network.Everynewtransactionperforms inthenetworkisstored inanimmutableblock,andtime-stampedtokeeptrackofthespe- cificproductintheend-to-endchain[16],andassuresthatthede- tailspresentintheblockarenottempered[17,18].Alltheentities ofthenetwork canlogin tothenetwork, andverifythe authen- ticity,andhistoryofanydrug.The generaldiagramofPSCMwith blockchainisshowninFig.2.

Fig. 2. illustrates that how the different entities of the PSCM systeminteractandcooperate underthe smartcontractsenabled theblockchainnetwork.Eachparticipatingentitysubmitsitstrans- action (based on the completed activity) on the blockchain net- work. In the initial step, different suppliers deliver the raw ma- terials to the manufacturer and submittheir transactions on the blockchain network. This transaction includes the raw material name, quantity, andquality of material, location of the supplier, etc. Once the manufacturer gets the raw materials, smart con- tractsare automaticallyexecuted, andsuitable action(e.g.money isdirectlytransferred frommanufacturer tosupplier)isexecuted.

Smartcontractsarespecificrulesandregulationsthateverypartic- ipatingentitymustfollow[19].Everyparticipatingentitycanver- ifythe submittedtransaction ontheblockchain networkwhether the transaction is legitimate ornot? Similarly, on the next stage manufacturerhasaninteractionwiththenetwork,andsoon.

DeploymentofBlockchainnetworkalongwithsmartcontracts orsimilartechnologieswouldgreatlyhelptokeeppropertrackof the items, andtriggers the payment process automatically, when necessary.Smartcontractsaresimpleprograms,whichspecifythe conditionsforvalidationofaparticulartransaction[16,20]. 1.4. MajorbenefitsofPSCMusingblockchain

The blockchain-based PSCM system has several benefits over the traditionalPSCM system. It helpstoovercome thechallenges facedbythetraditionalmethod[15,20].PSCMwithblockchainof- fersthefollowingattractivebenefits:-

• End-to-End visibility: In the blockchain system, every stake- holdercanviewthechangesinthenetwork.Thistransparency

Fig. 2. Overview of pharmaceutical supply chain management system with blockchain.

increasestheefficiencyofthe supplychain,asit isconstantly monitored,andidentifyingtheissueswillbeeasier[21].

• Flexibility: Failure in a network should create a severe im- pact.Thesystemshouldbecapableofrespondingtoissuesand adapting them as well, without creating any hike on opera- tionalcost.Itisnecessarytosustaininthemarket.

• InferredTrust: Entitiesdo not need to trusteach other,they just need to trust security integrated into the system [22]. Permissioned blockchain-based systems have only authorized users.Thesystemwon’tallowanytransactionwhichcannotbe validatedbyallthenodes.Smartcontractstakecareoffailures, aswell.

• Control: The capability of monitoring the channel and rules whichgovernthesystemarethekeyfeatureoftheblockchain system. These features develop a sense of trust for the system.

1.5. FutureindustryofPSCMwithblockchain

Blockchaintechnologymayapplytomanyproblemsofthetra- ditionalSCMsystemsuchasfoodsupplychain,automotivesupply chain,seafoodverification,pharmaceutical,anddrugsupplychain, etc.Outofthese,thepharmaceuticalSCMsystemisthemajorcon- cerned for the industry.PSCM is one of the areas which can be benefited by the blockchain technology. In the present scenario, counterfeitdrugs areincreasing ata rapidrateasthe blackmar- ket provides drugs to innocentpeople without theknowledge of government.Humanlifeisindangerduetocounterfeitdrugs.Ac- cording to the world health organization (WHO) report, the sale

ofcounterfeit drugsis $75 billion in2010. The developing coun- triesare themajor sufferingpopulation dueto counterfeitdrugs.

Thepharmaceuticalcompanies,aswell asadistributor, mustim- prove the traceability and security of the pharmaceutical supply chainsystem. The blockchain technologyhas enough potential to resolve theproblem relatedto the PSCM system. Due to thede- centralized, distributed, and immutable nature of the blockchain technology,it provides the medicine traceability aswell assecu- rity ofthemedicine fromthemanufacturer tothe endcustomer.

Theblockchaintechnologyisusefulforthepharmaceuticalsupply chainindustryinmanyways:-

Medicine Tracking:- Largeorganizations are having lots of elements in its PSCM system. Tracking each, and every item or recordisalmostimpossiblefortheorganization.Withthehelpofa blockchain-basedPSCsystem,trackingofitemsorrecordsbecomes easy,andatthesametime,blockchain-basedPSCMcandetectthe fraudinthesupplychainsystem.

OperationalCostandTime:-Thesmartcontractsarespecial scriptsinablockchainenvironment,whichautomaticallytriggered when any specific action takes place [23]. It eliminates the role ofintermediariesandmiddle-man ascompared tothe traditional supply-chain system. Therefore,operationalcost andtime are re- duced.

Trust:- Every industry wants to create a good relationship withtheir customer.The blockchain is the promising technology thatprovidesthetrusttotheirendcustomer[23].Thedistributed, decentralized and immutable nature of blockchain has enough powertoprovidethetrust-relationshipbetweencustomer andin- dustry.

1.6.Discussionofexistingblockchain-basedSCM

Currently,all overtheworldmanycompaniesandstartupsuse the blockchain-based SCM system, to overcome the problems of the traditional supply chain system. Chronicled (san Francisco based)is theblockchain-based startupforthe pharmaceuticalin- dustry.In 2017, they launched the project to provide security to thesupplychainsystemforgold.Afterthat,theytookaninitiative calledthe mediledgerforthe drugsupplychainsystem.Theyare expandingtheir platform foragriculture supply chain, food sup- plychain,etc. Modum (swiss basedstart-up) withtheUniversity of Zurich, designed a platform for safe delivery of the pharma- ceuticalmedicine [13].Theyconductedtheir firstprojectin2016.

Gemalto[24]withaninsurancecompanylaunchedaproject,based onblockchaintechnology,forthedeliveryofthemedicinefromthe manufacturerstothehospitalswhicharelocatedinaveryhotcli- mate.Theyused digital thermometers to record the temperature ofthemedicineatregulartime-interval.

Maersk (Danish shipping company) successfully tested the blockchain tokeep trackof its shippingcontainers whichis pro- jected for international logistics. To understand the behavior of theirproject,they trackedashipment ofroses andavocadosfrom Africa to Europe. In the continuation of this, Maersk jointly op- erated with IBM in September 2016. They applied the proof- of-concept mechanism that tracked a container of flowers from Kenyan toRotterdam. In 2017-18,Lockheed Martin(defense con- tractingfirm)andtheVirginia-basedGuardTimeFederallauncha projectbased ontheblockchaintechnologyto overcomethesup- plychainrisk(focusedoncybersecurity-relatedinitiatives)[24].

Everledger(London-based start-up)adopted blockchainto ver- ifytheproductsprovenance(firstusedfordiamonds).Afterthispi- lotproject,they developedtheblockchain-basedsolution totrack wineswhicharefurtherbasedonRFIDtag.Toimprovefoodsafety in the SCM system, Walmart and IBM jointly worked on two projectsin 2016-17. The firstone involvestracking produce from AmericatotheU.Sandthesecondprojectincludestrackingofpork fromChinese farms toChinese stores.In May2017,they released the result of the food traceability protocol. According to them, their project reduces the time taken to track the foods (specifi- cally testedon Chinese pork)fromdays tominutes. Additionally, in2017,Intelprovidesablockchain-basedsolutionfortrackingthe seafoodsupplychain.

1.7.Majorcontributions

Tothebestofknowledge,integrationofblockchaininthesup- ply chain management systemis very imperative and necessary.

Themajorcontributionsofthisarticleareasfollows:

Wehaveproposedanarchitectureforpharmaceuticalsupply chainmanagement system, andalso shownhow the information isshared among all involved participants. Moreover, the concept ofblockchaintechnologyhasalsobeenintegrated.

We have also designed,and shown a smart contract mecha- nismforthesamearchitectureusingthestatemachinemodel,and furtherproposedanalgorithmforthesame.

Theconsensus algorithmisalsooneoftheimportantissues intheblockchain-based system.Wehavealsodesignedaconsen- susalgorithmforthesamearchitecture.

We have proposed a mechanism through which anew en- titycanjointhePSCMnetwork,underthepermissionofcertificate authority,anddiscussedhowthe existingentityknowsaboutthe newentity.Todothis, we develop newkeymanagement andits updationprotocolthroughsmartcontracts.

Theproposed smart contract isimplemented and evaluated intermsofcosts (e.g. transactioncost,executioncost). The com-

putationcost, communicationcost,andstorageoverheadare also discussedinthepaper.

Oursecurityanalysisshowsthattheprotocolisfreefromre- latedattacks, andachievesall the requiresaspects likeconfiden- tiality,integrity,authentication,etc.

1.8. Organizationofpaper

The rest of the paper is organized as follows: We have in- troduced our work in Section 1, and then we mentioned the background study of the work such as the overall concept of blockchain, types of blockchain, brief overview of smart con- tractsmechanism, andconsensus algorithm inSection 2. Thelit- erature review of this paper is also highlighted in Section 3. Section 4 deals with proposed architecture for PSCM using blockchain mechanismwithsmartcontracts, andconsensus algo- rithm.Thissectiondealswiththetransaction-messagegeneration, transaction validation,block creation, andblock validationproto- col.Section5dealswithkey-management insmartcontracts,and its updation.Section6 describestheinformal securityanalysisof theproposedprotocol.Section7Showstheevaluationofourpro- posed protocol andsmart contract. And finally, in Section 8, we concludeourpaperwithfuturescope.

2. Backgroundstudy 2.1. Basicsofblockchain

Blockchain is, in the easiest of terms, an arrangement of un- changing records of information along with time-stamp that is overseen by a group of PCs also known as network entities (or nodes)whicharenotownedbyanysingleentity[25].Theblocks (setoftransactions)intheblockchain networkareverifiedbythe majorityofnodes.Aftertheverification,theblockisaddedtothe chainwhichis commontoall thenodesina network[26].Tam- pering with a single data means that altering the entire chain consisting of thousands of instances that consume a lot of ef- fort,andtime, thusmakingitimpossible[27].The datastoredon the blockchain is presentasa shared, andcontinually reconciled database. The decentralization- nature of blockchain reduces the chanceofsecuritybreach[28].Themainfeaturesoftheblockchain mechanismaredecentralization,transparency,traceability,andim- mutability,etc.

Public, private, and consortium (or Federated) blockchain are three typesof blockchain [29]. Inthe public blockchain network, the stored data is public i.e visible to everyone within the net- work. A few examples of public blockchains are ethereum, and bitcoin [30]. In the case of a private blockchain, only the desig- nated users are allowed to get full access or to operate within thenetwork. Hyperledgerfabric, corda, andripple-cryptocurrency are based onprivate blockchain. FederatedBlockchains work un- der the authority of a certain number of users. Unlike a public blockchain,theydon’tenableanyindividualtotakepartinthever- ificationprocess. Federatedblockchainsarefasterascompared to theothertwo,andalsoaremoreefficientintermsofprivacy,and verification[31].

The smart contract concept was introduced by Nick Szabo in 1994. According to NickSzabo, smart contractsare “a computer- ized transaction protocol which executes the term of contracts”.

Smartcontractsareapieceofcodes(programorscripts)writtenin ahigh-levelprogramminglanguage[32]suchasJava,C++,NodeJS, Python, Go,Solidity, etc. Various blockchain platforms use differ- enthigh-level programminglanguagesforthe executionofsmart contracts [33]. Hyperledger fabric platform uses NodeJS, Python, Go programming language, on the other side ethereum uses so- lidityprogramminglanguagefortheirsmartcontracts[34].Acopy

Fig. 3. Applications of blockchain.

ofsmart contractsis availablewithevery peerintheblockchain- based network.The smart contract scriptsare executed automat- ically, independently,andtransparently. Itisalways executedina secureenvironmentthatprovidesthecorrectnessofexecution,and integrityofcodeanddata[35,36].

The consensus algorithm decides the block-validation process, anditprovidesconsensusamongallthenodes,whichareavailable across the decentralized network [37]. For the blockchain-based system, a suitable consensus algorithm is requiredso that a ma- licious usercan not temper theblock, after its execution. Gener- ally, the consensus algorithm is the setof rules to reach a com- monviewpointoragreement[38].Thepermissionlessblockchain- based systemsuse proof-of-work(PoW),andproof-of-stake (PoS) consensus algorithm, whereas thepermissioned blockchain-based systems use byzantine fault tolerance (BFT),andpractical byzan- tinefaulttolerance(PBFT)consensusalgorithm[39,40].

2.2. Applicationsofblockchain

The blockchain can be applied in several application areas.

Blockchainiscapableofstoring,historyofdatainamoreefficient manner.Becauseofitsdecentralizationinnature,transparency,im- mutabilityproperties,itcanbe appliedindiversefields[27,41,42]. Someoftheimportantareaswhereblockchaincanbeappliedare showninFig.3andthesameisexplainedbelow:

• Finance:The mostpopularexampleof blockchaininthe field offinanceisbitcoin,whichwasinventedbyNakamotoin2008 [43].Hyperledgerisanopen-sourceblockchainplatformstarted byLinuxfoundationin2015 whichhasbroughta tremendous revolutionontraditionalfinancial,andbusinessservices.

• Internet-of-Things(IoT): Blockchaintechnologyprovides alot ofversatile,anddecentralizedplatformsforIoTdevicesandits applications[31].IoTgivesvastopendoorsfororganizationsto executetasksmorebrilliantly.

• ReputationSystem:Therearenumerouslimitationstonewon- line reputation platforms. Because of the absence of a severe confirmation mechanism,itfailstogain theclient’strust [44]. Adecentralizedreputation platformwouldalmost certainlyfix alltheloopholes, andestablishtrustamongclients,andtrans- parency.

• Public andSocialService: The primary pointof theadminis- tration is to keep up a piece of authentic information about people, associations, resources, and activities. A huge amount

ofcash isspenttokeeptherecord ofbirth,anddemisedates, marital status,business records,propertyexchanges, orcrime, etc. Dealingwiththisinformationisexceptionallyriotous, and unwieldy.Hence,blockchaingivesasimpleyetviableapproach tooversee,andcontroleverypartofinformation[45].

3. Studyofexistingworks

Intheblockchain-basedsystem,blocksareconnectedwiththe previous block, using the hash value of previous blocks. Due to this, blockchain provides the immutable blocks, and this is the reason to apply the blockchain mechanism in the PSCM system.

Chenetal.[46]proposedtheblockchain-basedsupplychainqual- ityframework.Intheirframework,theyincludeIoTdevices,smart contracts,distributedledger,andbusinesslayers.IoT Devicesgen- eratethedataformonitoringthequalityoftheassets.Smartcon- tractshandletheprivacyofdataandpredicttheend-userrequire- ments. The business layer includes a business enterprise. Bocek etal.[20] proposed themodum.io, a blockchain-based startupto control the quality of the PSC System. Their framework uses IoT devicestomonitor,andmeasurethetemperatureoftheproducts.

Authors utilizetheethereum based platformforthe executionof smartcontracts.Thesmartcontractsarewritteninasoliditypro- gramminglanguage.

Kim et al. [47] applied ontologies for the supply chain using the blockchain mechanism. The required ontology axiomsrepre- sentedintheformoffirst-orderlogic,andlateritisconvertedinto theethereumbasedsmartcontracts(soliditybased)toprovidethe tracesofgoods.Figurilietal.[48]appliedAzureblockchainwork- bench to trace the woods from raw material to the final prod- uct. In their work, they utilize the RFID sensor devices to cap- ture the data. Mitsuaki [49] proposed a blockchain-based solu- tiontosolvethe informationasymmetry anddoublemarginaliza- tionproblemsofthesupplychainmanagementsystem.Theirwork utilizes the homomorphic encryption method to provide the se- curity of the user data with blockchain. Smart contractsmecha- nism and other legal issues were not discussed by the authors.

Tian[50] used RFIDalong witha blockchain mechanismto pro- vide atraceability systemforan agri-foodsupply chaininChina.

The author claims that their system provides information trac- ing, guarantee freshness of products, and transparency of prod- uct information.Toachieve both anonymity andregulationprop- erties, Lin et al. [51] proposed a conditional anonymous pay-

Fig. 4. Proposed architecture.

mentschemeanduseditconstructedthe firstdecentralizedcon- ditional anonymous payment system. Comparisons with that of Zerocash show the proposed system is practical for real-world deployment.

4. ProposedarchitectureforPSCM 4.1.High-leveldescription

As shown inFig. 4,the proposed blockchain-based PSCM sys- temconsistofsuppliers(S_i),manufacturers(M_j),warehouses(W_k), retailers(Rm),pharmacists(Pn),andend-users(U_l).Thevariousno-

tations used in the proposed blockchain-based PSCM system are illustratedinTable1.

The entire PSCM is divided into multiple groupsaccording to its services.Forexample,all thesuppliersareinthe samegroup.

The entities within the same group create a decentralized peer- to-peernetwork. In each group, two typesof nodesare present:

normal nodes andvalidator nodes.The validatornodes have the highcomputingpowerthannormalnodesthatareresponsiblefor thegenerationoftransactionmessage

^Tr_i

^{aswellasvalidationof}

transactionandblock

^Tri,B_i

^{.Thenormalnodeshavelesscompu-}

tationalpower,andtheyarenotparticipatinginthevalidationpro- cess.Thesesetofvalidatornodescreateaseparatevalidatorgroup forthevalidationoftransactionandablock

^Tri,B_i

^.Theproposed

Table 1

Descriptions of various notations used in proposed scheme.

Notations Description ( S i) Supplier ( S i) ( M j) Manufacturer ( M j) ( W k) Warehouse ( W k) ( R m) Retailer ( R m) ( P n) Pharmacist ( P n) ( U l) End user ( U l) L v Leader-validator node L v

V x Remaining validators V xwhere (x = 1 , 2 , 3 . . . n ) ( W z) Warehouse ( W z)

(T ri) Transaction (T ri)

T idi Transaction id T idi corresponding to (T ri) ID Si Identity of ( S i)

ID Wz Identity of ( W z) P ULv Public-key of L v

P RLv Private-key of L v

P UWz Public-key of W z

P RWz Private-key of W z

P UCA Public-key of ( CA ) P rCA Private-key of ( CA ) B i Block Number ( i )

H ( ·) Cryptographic hash function E ( ·) Encryption function D ( ·) Decryption function Concatenation operator

system comprises a globalblockchain and a local blockchain for each group. The global blockchain is maintained by all the enti- tiesinthesystem,whereaseachlocalblockchainismaintainedby entitiesofaparticulargroup.

The proposed blockchain scheme for a secure information sharing system for PSCM is shown in Fig. 5. The system com- prisesthefollowingphases:transactionmessagegeneration,trans- action message validation, block creation, and block validation.

The detail description of all the these phases are given in the Section4.2–4.5.

All the entities of the network are downloaded and updated withthe mostrecent copyof theblockchain. Inour scheme,the blockchain actsasa distributedpublicledger,whichstorestrans- action of all the entities of the network. Whenever any entity of the network performs a transaction

^Tri

^{with any other en-}

tity, theinitiatingentitystoresthetransaction

^Tri

,andforwards the same transaction to the leader-validator node

^Lv

^{[52] for}

transaction-validation. If transaction-validation is successful, the leader-validatornode createsanewblock

^Bi

^{.Theremainingval-}

idatornodes

^Vx

^{validatethisnewblock}

^Bi

^.Ifblock-validationis successful, thenonlytheleader-validatoraddsthenewblockinto theblockchainnetwork.Allotherentitiesofthenetwork,synchro- nizewiththeleader-validatornode,togetthemostupdatedcopy oftheblockchain.

4.2. Transactionmessagegeneration

The system considers both local, as well as global transac- tions. Local transactions (for example: supplier (S₁) to supplier (S₂))are storedin the localblockchain, while globaltransactions (for example: supplier (S_i) to warehouse (W_j)) are stored in the global blockchain. Wheneverone entityperforms the transaction with any other entity, the same transaction also sends to the leader-validator node for the transaction-validation. The leader- validator node first verifies the transaction based on the signa- ture of initiator-node, and with some other parameters such as transaction-ID, the identity of initiator-node. Ifthe transaction is verified correctly, the leader-validator node creates a new block, otherwisediscards thetransactionwithanerrormessage:“trans- actionwasnotverifiedcorrectly”.

Fig. 5. Flow chart model of the proposed PSCM.

4.3.Transactionmessagevalidation We assume that, the transaction T_r

i was exchanged from the supplier (S₁) to supplier (S₂). To validate the transaction Tr_i, the Validator Selection Algorithm (VSA) [52] selects the leader- validatornode Lv amongall the validatornodesVx,and dissemi- natesthesameinthelocalgroupofsuppliersS_i.Theaboveprocess ensuresthat everyentityinthegroup knowstheleader-validator

Fig. 6. Structure of block in blockchain.

node Lv. The initiatornode S₁ sends the same transaction Tr_i to theleader-validator node Lvfor transaction-validation.Thefollow- ing sequenceof steps are carried out, to validate the transaction Tr_i.

Step1.S₁performstheH(.)onTr_i,T_id

i,ID_S1,andcomputesthe parameterX=H(^Tr_i

^Tid_i

^IDS₁)^.

Step 2. Now,S₁ performs digital signatureon Tr_i, andapplies the encryptoperation E(.)onit byusing publickey P_UL

v of leader-validatornodetogettheparameterY.

Step3.S₁ sendstheparameters

^X,Y,T_id

i,ID_S

1

^{toLvpublicly.}

Step4. Onreceivingtheparameters

^X,Y,T_id

i,ID_S1

,Lvapplies the decrypt operation D(.) on

^Y

^{. After} decrypting, due to the signatureof S₁ on theTr_i,Lv validates that S₁ initiates Tr_i.

Step 5. Lv computes X = H(^Tr_i

^Tid_i

^IDS₁), and checks whether received parameter

^X

^{is same as calculated pa-}

rameter

^X

^ornot?

Step 6.IfX = Xis correct, Lv creates anew block

^Bi

^based

on theTr_i andT_id

i, Otherwisediscardsthe transactionwith errormessage:“transactionvalidationisnotsuccessful”.

Proofforthecondition(X =X):Inourproposed protocol,S₁ forwardsthe

^X,Y,T_id

i,IDS₁

^{parameters to Lv.To dothis, S}1 first usesthe standard digitalsignaturemethod on

^Tri

^{andthen ap-}

pliestheE(.)onitbyusingtheP_UL

v togettheparameter

^Y

^.The

parameter

^X

^dependsonthe

^Tr_i,T_id

i,ID_S

1

^{andH(.)operationof}

^Tri,T_id

i,ID_S

1

^provides

^X

^{.In orderto providethe} correctnessof thecondition,weassumethatanattackerchangesthefewparam- etersfrom

^X,Y,T_id

i,IDS₁

^{andtheupdatedvalueis}

^X,Y,T_id

i,ID_S

1

^.

Onreceiving the parameters

^X,Y,T_id

i,ID_S

1

,Lv performs the D(.) operation on

^Y

^{by using the P}R_Lv to get

^Tri

^{. After getting the}

^Tri

, Lv performs the H(.) operation on

^Tri,T_id

i,ID_S

1

^{and gets}

value(X).Asaresulttheequalitycondition(X=X)doesnothold andLvknowsthat

^Tri,T_id

i

^isnotavalidtransaction.

4.4.Blockcreation

After the transaction-validationprocedure,the leader-validator node (Lv) creates a newblock

^Bi

^{. Theblock consistsofa block}

header,andablockbody.Blockheadercontainsthepreviousblock hash(P_h), merkle root(Mr), nonce (N), time-stamp (T_i) forblock creation,block version(B_V),arandomdifficultnumber(d) forde- sired target value, andblock body contains the transaction (^Tr_i)

with transaction-ID (^Tid_i) ^{as shown in Fig. 6. The merkle tree} whichisbinarytree,iscreatedbyusingthetransaction(^Tr_i),and transaction-ID(^Tid_i),androotvalueofthemerkletreeisstoredon the block header forfurther computation. The (Lv) computesthe currentblockhash(C_h)foranewblock

^Bi

^{basedontheprevious}

block hash(P_h), merkleroot(Mr), nonce(N),andtime-stamp(T_i).

Themathematicalformulatoachievethisis:

(

^Ch

)

=H

((

^Ph

) (

^Mr

) (

^N

) (

^Ti

))

⁽¹⁾

Initially, nonce value sets to zero, and at each iteration, it is incremented by one. The block values (P_h), (Mr), (T_i) are re- peatedly hashed withdifferent values of (N) to createa suitable current hash index (C_h), which satisfies the difficulty-target (d).

The structure of both local, and global blockchains is the same.

A transaction message is stored in the local blockchain if and only if, a transaction occurs between the entities of the same group,otherwisethetransactionisstoredintheglobalblockchain network.

4.5. Blockvalidation

Once the new block

^Bi

^{has created by the} leader-validator node (Lv), the (Lv) sends encrypted block

^Bi

^{to the remain-}

ing validator nodes for the block-validation. The other validator nodes verify

^Bi

^{and respond with the} acknowledgment mes- sage, either0 or1 to theleader-validator node. Weassume that 0standsfornegativeacknowledgmenti.e.

^Bi

^{isnotverifiedcor-}

rectly by the other validator nodes, whereas 1 stands for posi- tiveacknowledgmenti.e.

^Bi

^{isverifiedcorrectlybytheotherval-}

idator nodes. If more number of validator nodes verify

^Bi

^cor-

rectly, then

^Bi

^{isacceptedby (L}v),whichisshowninFig.4. Af- tervalidationof

^Bi

^,(Lv)adds

^Bi

^{intheblockchain network,ei-}

ther in a local or global blockchain network, based on the local or global transaction. All the remaining entities of the network synchronize with the (Lv) to get the most updated copy of the blockchain.

The followingsequence ofsteps iscarried out,to validate the newblock

^Bi

^.

Step1.(Lv) performstheE(.)operationon

^Ch,Mr,d, T_i

^using

P_RL

v,andsendstotheotherremainingvalidatornodes(Vx).

Step 2. The other validator nodes (Vx) (where x=1,2,3...n) performtheD(.)operationon

^Ch,Mr,d,T_i

^usingPU_Lv.

Step 3. After getting

^{Mr, d, T}i

parameters, all the (Vx) com- pute (^Ch)=H((^Ph)

(^Mr)

(^N)

(^Ti))^{. The value of (N) is} chosensuchthatitsatisfies(d).

Step 4.If (^C_h) = (C_h) is correct, all the(V_x) respond withac- knowledgement(either0or1)to(Lv).

Step5.If(

(^N/2)

+1)^numberof(Vx)respondwiththetrust- worthyacknowledgementmessageto(L_v),then(L_v) accepts

^Bi

^,andaddsthe

^Bi

^{intheblockchainnetwork.}

Proof forthe condition (^C_h = C_h):In our proposed protocol, Lvforwardsthe

^Ch,Mr,d,T_i

^{parameterstoalltheremaining(Vx)}

whichexistinthenetwork.Todothis,LvappliestheE(.)operation on

^Ch,Mr,d,T_i

^byusingthePR_Lv.Inordertoprovidethecorrect- nessofthecondition,weassumethatanattackerchangesthefew parametersfrom

^Ch,M_r,d,T_i

^{andtheupdatedvaluesare}

^Ch,M_r, d,T_i

^{.Aftergetting}

^Ch,Mr,d,T_i

parameters,theremaining(Vx) performthe H(.)operationon

^Ch,Mr,N,T_i

^{.Thevalue ofNde-}

pendsond.Sincedischangedbytheattacker,correspondinglyN isalsochangedandweassumethatnewvalueis(N).Asaresult, equalitycondition(^C_h =C_h) doesnotholdandall the(Vx) know that

^Bi

^{isnotavalidblock.}

4.6. Smartcontractmechanismforproposedblockchain-basedPSCM

Smart contractsare the programs (scripts) that are writtenin the high-level programminglanguage. Thesescripts are storedin everynodeoftheblockchain-basednetwork.Ifanynodewantsto performatransactionwithanyothernode,smartcontractscheck whetherthe transactionis accordingto predefinedrules (scripts) ornot. Ifit is accordingtorules (scripts), thenthe node can ex- ecute his/her transaction otherwise, the system throws an error message, statingthat “transactions cannot be completed”. Gener- ally,smartcontractsarebasedonthestate-machinemodel,which follows the deterministic approach. The deterministic state ma- chine model is represented by a directed graph, where vertices (node) represents the state of the machine, and an edge repre- sents the transitions fromone state to another state. The smart contract algorithm for proposed Blockchain-based PSCM is given asAlgorithm1.

Ourproposedsmartcontractswhicharebasedonthestatema- chinemodelconsistsof6states:labeledasstate0,state1,state2, state 3,state 4,andstate 5.Thesestatesrepresentdifferententi- ties. state0representsthemanufacturerentity,state 1represents the warehouse entity, state 2 represents the retailer entity, state 3 represents the pharmacist entity, state 4 represents the end- userentity,andstate5representsthedeadstate.Inourproposed model,variousactionsaredefined.Theseactionsareusedastran- sitionsfromonestatetoanotherstate.SetofactionsarePurchase, Delivery, Demand, Supply, No action, andViolation. Forexample, if themachine isin state 1, andaction is delivery then the ma- chineautomatically movesfromstate1 tostate2.Ifthemachine isinstate3,andactionisaviolationthenthemachinemovesfrom state3tostate5withanerrormessage.Ifthemachineisinstate 4, andaction is demand then the systemmoves fromstate 4 to state 3, andso on. According to the state of the machine, own- ershipof the assetwill be changed. The proposed state machine modelisshowninFig.7.

4.7. Consensus mechanism for proposed blockchain-based PSCM

Theconsensusmechanismisthesetofrulestoprovide,acom- monagreement amongnodes.Generally,theconsensus algorithm isdesignedinsuchawaythatafterexecutingthenewblock,the majorityof nodesinthenetwork agreethat newblock isa valid block, andcan beincludedintheblockchain network.Once,they reachintotheconsensus, thenodescannotchangetheir decision.

Algorithm 1 Smartcontract algorithm forproposed blockchain- basedPSCM.

Input: Actions such as Purchase,Delivery, Demand,Supply, NoAc- tion,Violation

Output: MessagessuchasOwnershipofProduct,Errorandabort,No Actionrequired

1: if(f(Action) == Purchase)then 2: if(Productisavailable)then 3: fun(Action)=Delivery;

4: else

5: Reportwithmessage,productisnotavailable 6: endif

7: endif

8: if(f(Action) == Delivery)then

9: if(^Deli

v

ery_Date<Expiry_Date)^then

10: if(^Deli

v

ery_Date<Prede fined_Time_Deli

v

ery)^then

11: Provide the product to other entity and change the ownershipoftheproduct;

12: else

13: Reportwithmessage,productisnotdelivered;

14: endif

15: else

16: Reportwitherrormessage,productwasexpired;

17: endif 18: endif

19: if(f(Action) == Demand)then 20: if(Productisavailable)then

21: if(^Deli

v

ery_Date<Expiry_Date)^then

22: fun(Action)=Supply;

23: else

24: Reportwithmessage,productwasexpired;

25: endif

26: else

27: Reportwithmessage,productisnotavailable;

28: endif 29: endif

30: if(f(Action) == Supply)then 31: if(Productisavailable)then

32: Delivertheproducttoenduserandchangetheownership oftheproduct;

33: else

34: Reportwithmessage,productisnotavailable;

35: endif 36: endif

37: if(f(Action) == No Action)then

38: Print:Entitywillremaininthesamestate;

39: endif

40: if(f(Action) == Violation)then

41: Print:Reportwitherrormessageshowingthat wrongoper- ationshasbeenperformed;

42: endif

FortheproposedblockchainbasedPSCM,wedesignedaconsensus mechanism forthe validation of transaction and new block. The validationofthe transactionisdone by theleader-validator node asperdiscussion inSection 4.3. Oncethevalidationprocedure is successful, theleader-validator nodecreates anewblock. The re- mainingvalidatornodesperformtheblock-validationprocedureas perdiscussioninSection4.5.Theconsensusmechanismisgivenin Algorithm2.

Algorithm2 Consensusalgorithmforproposedblockchain-based PSCM.

Input: Newtransaction= Tr_i, BlockChain Length=BC[l], BC[l]=B₀, Difficulty_Target

Output: new block=

^Bi

^{, Current hash of new block=}

^Ch

^{, Cur-}

rent Blockchain length BC[l], Nonce 1: PerformtransactionTr_i;

2: Check_ValidationofTr_i; 3: if(Validation==TRUE)then

4: Print:ValidationofTr_i issuccessful;

5: Leader-validatornode(^Lv)^{createsanewblock}

^Bi

^;

6: else

7: Print:Generateanerrormessage:“validationisnotsuccess- ful”;

8: endif

9: Compute

^Ch

^of

^Bi

^;

10: Check_Validationof

^Bi

^;

11: if(Validation==TRUE)then

12: Print:Validationof

^Bi

^issuccessful;

13: else

14: Print:Generateanerrormessage:“validationisnotsuccess- ful”;

15: endif

16: while(TRUE)do

17: if(

^Ch

== Difficulty_Target)then 18: AddBC(new_block);

19: BC[l]=BC[l]+1; 20: else

21: Change(Nonce);

22: endif 23: endwhile

5. Key-Managementinsmartcontracts

The proposedblockchain-based PSCMsystemconsistsofmany entities such as suppliers (S_i), manufacturers (M_j), warehouses (W_k), retailers (Rm), pharmacists (Pn), and end users (U_l). If any new entity (Wz) wants to join the PSCM, (Wz) requests to (CA) forissuing the certificate. To do this, (CA) first verifies the (Wz) basedon theencryptedparameters, which (W_z) sent to(CA). Af- tertheverificationprocedure,(CA)checks

^PU_Wz

corresponding to

^IDWz

^{inits databaseasshowninFig. 8.If}

^PU_Wz

corresponding to

^IDW_z

^{isnot exist,thenonly(CA) issuethecertificate}(^CERW_z) to(Wz).The certificatecontainsthename of(Wz),Wz publickey

^PU_Wz

,Wzidentity

^IDWz

,certificatevalidationdate,versionnum- ber,(CA)name,and(CA)digitalsignature.Once(Wz)gets(^CERW_z), (Wz)forwards the(^CERWz)^{to (L}v)publicly forcertificateverifica- tion, whether (CA) is generated (^CERW_z) ^{or not? This certificate} verificationensuredthat(CA)isgenerated(^CERW_z)^to(Wz).

If verification of (^CERWz) ^{is correct, then (L}v) believes that

^PU_Wz

^{is correct, and it belongs to (Wz). After this, (Lv) updates}

thesmartcontractswithpublic key

^PU_Wz

corresponding to(Wz) identity

^IDWz

^{.The remaining(Vx),andentities}synchronizewith the(Lv)togetthemostupdatedcopyofsmartcontracts.Thetasks involvedinupdating thesmart contractsmodulewithnewblock creationfor PSCM system are shownin Fig. 8. The following se- quence of steps are carried out, if (Wz) wants to join the PSCM network:

Step 1. (Wz) chooses

^IDWz

, and generates a pair of keys

^PU_Wz,P_R

Wz

^{using public key generator (PKG). (W}z) keeps

^PR_Wz

^.

Step2.(Wz)performstheH(.)operationon(ID_Wz,P_U

Wz,Ts)and computestheparameterA=H(^IDWz

^PU_Wz

^Ts),where(Ts) isthetimewhenpairofkeysaregenerated.

Step3.(Wz)performs theE(.)operation on

^IDW_z,P_U

Wz,Ts, A

usingPU_CA,andsendstothe(CA)publicly.

Step4.Onreceivingtheencryptedparameters,(CA)appliesD(.) operationon

^IDWz,P_U

Wz,Ts, A

^usingPR_CA.

Step 5. (CA) computes A = H(^IDW_z

^PU_Wz

^Ts), and checks whether received parameter

^A

^{is same ascalculated pa-}

rameter

^A

^ornot?

Step6.IfA=Aiscorrect,then(CA)recognizesthatthe

^PU_Wz

belongsto(Wz),andissuethe(^CERWz)^to(Wz).

Step7.(W_z) forwardsthe (^CERW_z) ^to(Lv) forcertificate verifi- cation.

Step8.(Lv)performstheD(.)operationon(CA)digitalsignature usingP_U

CA togettheoriginalmessagedigest.

Step9.Aftertheaboveprocedure,(Lv)performs theH(.)oper- ationonthenameof(Wz),

^PU_Wz

,

^IDWz

,certificatevalida- tiondate,versionnumber,(CA)name,parameterstogetthe anothermessagedigest.

Step 10. If the original message digest is same as calculated one,then(L_v)recognizesthat(CA)istheissuerof(^CERW_z)^. Step11. After theverificationprocedure, (Lv) addsP_U

Wz inthe smartcontractsmodule.

Proof for the condition (A = A): In our proposed protocol, (Wz) forwards the

^IDW_z, P_U

Wz, Ts, A

^{parameters to (CA). To do}

this,(Wz)appliestheE(.)operationon

^IDWz,P_UW

z,Ts, A

^byusing

P_U

CA. The parameter (A) depends on the

^IDW_z,P_U

Wz, T_s

^andH(.)

operationof

^IDWz,P_U

Wz,Ts

^{provides (A).In ordertoprovidethe}

correctnessofthe condition,we assume thatan attackerchanges thefewparametersfrom

^IDW_z,P_U

Wz,Ts, A

^{andtheupdatedvalues}

are

^IDW_z,P_U

Wz,T_s,A

^{.Aftergettingtheparameters}

^IDW_z,P_U

Wz,T_s, A

^{,(CA) performs the H(.) operationon}

^IDW_z, P_U

Wz, T_s

^andgets

thevalue(A).Asaresult,theequalitycondition(A=A)doesnot holdand(CA)doesnotissuethe(^CERW_z)^to(Wz).

We assume that, the generation of

^PU_Wz

^{by (Wz) isalso one}

transaction.Thesametransactionisfirstverifiedbythe(Lv)asper discussion inSection 4.3.After thetransaction-verification proce- dure,(Lv)createsanewblock

^Bj

^{asperdiscussioninSection4.4.}

Once(Lv)creates

^Bj

^{,remaining(Vx)verifythe}

^Bj

^asperdiscus-

sion inSection 4.5.If theblock-validation issuccessful, then (L_v) addsthe

^Bj

^{inglobalblockchainnetwork.Alltheremainingenti-}

tiesknowthatnewentity(Wz)joinsthenetwork,andtheyupdate their smart contracts module. The benefit ofthis scheme is that every participatingentityof thenetwork knowsaboutremaining entitiesandtheir publickeys whichisbeneficialforfuturetrans- actions.

6. Securityanalysisofourproposedprotocol

Inthissection, weanalyzewhetheran adversaryAcanlaunch attacksornot,basedonourprotocol.

In our protocol, S₁ forwards

^X,Y,T_id,ID_S

1

^{to L}v publicly. We assume thatadversaryAgets

^X,Y,T_id,ID_S

1

^{frompublicnetwork,}

whereX=H(^Tr_i

^Tid

^IDS