1. Introduction
Internet of Things (IoT) is a centralized platform that provides reliable connectivity among objects, such as devices, sensors, machines, actuators, or things that can exchange information over the internet. IoT, together with its number of applications, offers several opportunities to manage and monitor the overall information exchange between hundreds of thousands of connected devices [
1,
2]. Among others, the available analytical features of the IoT empower useful actions on carried information, therefore are beneficial for several businesses to make highly intuitive decisions and actions accordingly. However, generally speaking, IoT is still a growing technology, in terms to manage an extensively large network and information exchange between a large number of connected devices, therefore leads the great challenges of, for example, scalability, privacy, and security issues [
2,
3]. Among other challenges [
3,
4,
5], privacy and security are the most common unaddressed issues of IoT, which, therefore, have harmful effects on the system or IoT network performance. Like in traditional networks, several vulnerabilities and threats have been examined in the IoT communication system, including denial-of-service (DoS) attack and distributed denial-of-service (DDoS) attack, which caused a great disruption between devices data exchanging [
4]. Thus, a weak, insecure, IoT platform leads to various potential cyber-attacks. As mentioned, scalability is considering a major challenge for IoT, scalability issues arising due to the massive congestion, for example, the growing number of devices connectivity; therefore, scalability can cause further issues of privacy, such as users/objects information protection, and security, such as authentication and authorization, which therefore are challenging tasks to be managed by the IoT centralized system. The cost will be necessarily increasing if IoT organizations start deploying an expensive, high computing server to manage and control massive traffic congestion, and to maintain privacy and security during information exchange. Conventionally, scalability is an inherent property of IoT; however, a scaled-IoT platform can cause several vulnerabilities with cyber-criminals, especially issues of privacy and security [
5,
6].
Supply chain management (SCM) systems are the most crucial parts of industries and organizations; a well-defined, effective SCM can directly influence operations, productions, and profitability of organizations [
7,
8,
9]. As the time past, to fulfill a massively growing demand of the supply chain over the world, industries, organizations, or firms, have been adopting the advanced technologies, such as radio frequency identification (RFID) and sensing solutions, artificial intelligence (AI), and cloud computing to manage the extensively large and complex operations of the modern supply chain ecosystem [
9,
10,
11,
12,
13]. Thus, gathering and managing large data in the complex and large-scale supply chain, in which entities and operations involved are distributed over various locations, undoubtedly is a big challenge. However, employing AI, machine learning, and big data in the supply chain can be solutions to address challenges of data collection, analyses, and processing [
10,
14,
15]. Through the integration of IoT, supply chain systems are much smarter than ever, as IoT smart sensing technology and devices connectivity enable the supply chain systems to generate and collect massive data and to monitor and control the overall supply chain ecosystem, therefore leveraging great transparency, tracking, and central security features [
16,
17]. In the past, a number of research studies have been conducted to use IoT solutions to manage the supply chain operations, workflow, and processing; the conducted research works are good enough to support the industrial productions and deliveries, in short, the ultimate target is to generate profit; however, there are limited concentrations paid to the main challenges: privacy, security, and scalability, associated to the supply chain or IoT integrated supply chain either. IoT distributive connectivity and centralized paradigms are not very supportive to provide and ensure system privacy and security of a large-scale supply chain system and its operations [
17,
18]. For example, IoT smart sensors and devices usually are low cost and have limited resources (e.g., limited energy consumption), design, and manufacture from distinct manufacturers whose main intensions are not to examine and embed the features of autonomous security and privacy for IoT open connectivity. IoT uses entirely different smart sensors, protocols, standards, and devices, from different manufacturers and firms, therefore, to attain performances of security and privacy are challenges for IoT platforms [
19,
20,
21]. All these gaps, such as security and privacy, can be bridged with various solutions: encryption and cryptography, digital signature schemes, anonymous identity, and location hiding solutions [
22,
23,
24,
25]. IoT, together with its advanced applications and analytical tools, enables an efficient, accurate, granular, and flexible SCM system to manage all its operations and workflows [
9,
16]. In short, IoT is an ultimate solution to the supply chain, a system that is fully operational and robust as according to modern demands of the current era; therefore, employing IoT solutions to SCM, organizations can save much cost that they are spending for granular and analytical data provision and are able to get direct access to their data with more accuracy and efficiency.
As mentioned in [
9,
18], several organizations have started employing the Internet of Things (IoT) to manage and monitor the whole supply chain ecosystem, for example, by tracking and monitoring assets and supplies in real time. With IoT enabled featuring, including analytical processing, supply chain systems become more efficient, however, there have been limited intentions paid to underlying main issues of privacy and security [
4,
19]. On the other side, IoT inherently lacks to provide significant enough information security and to keep the privacy among its numerous interconnecting objects and components, these issues may be arising more as consequences of IoT scalability and interoperability [
4,
26]. IoT is a central platform to manage its millions of connected objects, mainly under-designed distinct manufactures and suppliers, employing a variety of software applications to drive processing in the IoT platform. Therefore, there are numerous ways in which IoT can be affected by various threats, vulnerabilities, and cyberattacks [
6,
7]. The integration of IoT into the supply chain, therefore, comes with a new source of vulnerabilities and attacks, which therefore gives insight to have more robust and secure communication systems [
4,
5]. For example, the supply chain system is not a central computing system, its entities and operations are distributed across several locations, therefore taxonomy of potential risks is unknown and high in the supply chain ecosystem; adopting new technologies and applications, even integration of IoT, the small and large organizations should do a risk analysis before to update the existing infrastructures; IoT integrations always require system updates, e.g., hardware/software updates, to keep managing its network effectiveness time-to-time.
In this study, we first thoroughly examined the underlying potential issues, mainly concerned with privacy and security, of IoT and supply chain systems in terms of data collection, generation, and manipulation. Then, we implemented an IoT-based supply chain (IoT-SC) system, a model and design to provide IoT integration to end-to-end supply chain systems and used the Cloud SQL database to record each transaction. From the literature, we explicitly conclude that confidentiality, authentication, integrity, and non-repudiation are important services which develop employing cryptography and digital signature schemes, i.e., advanced encryption standard (AES), SHA-256, and RSA public-key cryptography algorithm, could conquer the main security challenges of IoT-SC; and we also conclude that identity and location are main privacy challenges in IoT-SC, which could resolve through using of cryptography and digital signature, anonymity and pseudonym, and location-based services, respectively. Later, formal proofs and conducted experimental results entirely examine the effectiveness of IoT-SC against the given security and privacy challenges.
The rest of the paper is organized as follows.
Section 2 conducts a detailed literature review on existing studies: supply chain management, IoT and supply chain management, and security and privacy challenges and developments.
Section 3 details a background study on IoT and the supply chain system.
Section 4 demonstrates a privacy and security analysis.
Section 5 designs and models an IoT-SC system, conducts a formal statement (or proofs) to examine privacy and security services, and highlights some main limitations and enhancements.
Section 6 details the results and makes discussions to evaluate the effectiveness of the proposed study. The overall study concludes in
Section 7, and
Section 8 provides some interesting future directions using blockchain technology.
2. Literature Survey
Privacy and security are the fundamental issues for a large-scale IoT system, as IoT objects are largely distributed in various locations, therefore IoT centric-computing platforms are inherently not very efficient to provide and manage these issues, e.g., while communicating to millions of objects [
4,
6]. In IoT smart home applications, sensors and devices are networked to generate data that is important to manipulate further to take actions; however, with information exchange between devices there are certainly several security risks: security and privacy issues [
2]. “GHOST (Safeguarding home IoT environments with personalized real-time risk control) project, or European research project GHOST”, was a large IoT project which mainly targeted to develop a reference architecture to address the cybersecurity issues to IoT networks [
27].
Considering the issues, such as information complexity and availability, in supply chain management, and to make the SCM smarter in information manipulation, a secure and effective SCM system is built using the Internet of Things (IoT) [
4]. Through IoT connectivity, information is traced at each stage of SCM applying RFID technology, e.g., an online system or web application is used that is accessed by both supplier and manager, and product scanning using embedded RFID tags is done to ensure traceability at each stage of the supply chain. Further, to examine the security in the SCM system, the analytics and evaluation methods, such as neutrosophic Decision Making Trial and Evaluation Laboratory (N-DEMATEL), are used [
4,
28]. Supply chain management is considered a complex system compared to other ICT systems, as it is comprising several entities and operations in the supply chain [
9]. Further, the complex structure of SCM and its interconnectivity through IoT, the possibility of threats, and risks, therefore, will be large [
17]. For that, potential security risks and challenges are examined for IoT-based supply chain systems [
4,
17]. Dos Santos and Canedo [
29] developed an IoT system that employs RFID tags embedded to objects to read information, cloud computing (i.e., Microsoft Azure) technology and microservices, and independent IoT services, to manage the scalable system and a large dataset generated from ultra-high frequency (UHF) RFID tags. The main challenges, such as collision, security, privacy, associated with RFID technology are examined in [
30]. IoT technology has great importance to boost the supply chain and further to make significant decisions on information carried from nodes, e.g., RFID tags and sensors [
31]. A study on logistic management, with the integration of IoT and cloud computing services, e.g., Software-as-a-Service (SaaS), was conducted as a practical implementation to build a manufacturing system and to carry its operations [
32]. In [
33], IoT uses a virtualization platform to facilitate the operations of the food supply chain, for that, a proof of concept implementation, i.e., considering a use case of a fish supply chain, is made to demonstrate the effects of autonomous operations, decision and learning supports of an IoT network. IoT virtualization, therefore, has better support to monitor perishable products during the supply chain remotely.
Increasing in the demands of supply in industries, supply chain systems have been evolving with new emerging technologies [
6,
9], for example, blockchain is one among them [
34]. Litke et.al. [
35] conducted a study to examine the blockchain and its applications, such as security and privacy through consensus mechanism, scalability, and other performances like transparency and traceability, which have importance to bridge the gaps in the SCM system, and to achieve better productions and profitability. Feng Tian [
36] used a term called “HACCP (Hazard Analysis and Critical Control Points)” and selected a use case to provide transparency in the food supply chain system, considering overall system entities, employing IoT and blockchain technologies. IoT and blockchain can support numerous features to the food supply chain to achieve better transparency, traceability, reliability, privacy, and security [
30]. IoT enabled technical features and connectivity using smart sensors, RFID and GPS provide a reliable platform to collect information having transparency in real time, and the information continuously stores into BigChainDB, which has similar characteristics of the distributed database, as well conventional blockchain. Food products are traced through embedded RFID tags, and the participants can check, add, and write information, by keeping their authorized identities, to the supply chain system [
9,
36]. Existing warehouse management systems are not much efficient and somehow inappropriate to conquer the increasing demands of customers and to provide a sound system that can reduce managing cost spend on large and complex inventory in warehouses [
32,
33]. In the past, several technological solutions have been developed for warehouse management, however, most of the solutions are not effective in management, lacking tracking mechanism, and undoubtedly require enough manpower, therefore degrading system performances [
37,
38]. IoT can be a better solution for warehouse management, which enables massive connectivity of objects, for example, connectivity to collect and exchange information of products or objects using RFID and sensing technologies [
38,
39]. By doing so, the warehouse management system can increase its visibility of products in real time, and enhance the processing speed through tracks, which therefore increases the system performance in more efficient ways [
38]. Blockchain provides great transparency for inventory management and counterfeiting [
40]. For IoT-based warehouse inventory management and the supply chain system [
41,
42], the issues of privacy and security can be solved by employing cryptography and information hiding mechanisms [
5,
6,
22,
23,
24,
25]. For IoT, cryptography solutions [
40,
43], such as symmetric and asymmetric solutions, are the best solutions to provide and gain security or confidentiality in unsecured transmission. Both solutions used complex encryption and decryption operations, having different key pairs and sizes, to secure transmission against vulnerabilities and attacks [
5,
40].
IoT adoption in various systems and applications has been increasing rapidly, a report stated that IoT objects connectivity will reach 21 billion by the year 2025 [
44]. IBM has built a generic IoT platform, incorporated with other evolutionary technologies like blockchain and artificial intelligence, this IoT platform can also be used with other technologies such as deep learning, future security designs, edge/fog computing, etc. [
45,
46].
4. Security and Privacy Analysis
IoT is a scalable platform, therefore scalability is considered one of the major challenges that still is required to settle down to stabilize the effectiveness and robustness in the IoT massively distributed platform. IoT provides a centric-computing paradigm to collect, monitor, and control information from its connected objects; the connectivity is distributive as the objects are connected across various locations, having distinct requirements of devices configurations, protocols, and communication standards. Therefore, because of these requirements and communication challenges, the IoT controller is usually unaware of what is happening at remote sites. For that, enormous applications and services installed as an add-in to IoT devices, e.g., edge/fog nodes, of which users are to supervisor some of the computation locally, without the supervision of the IoT controller [
3,
5]. Scaling the IoT networks can therefore equally increase security and as well as privacy issues [
6,
40]. For the scalable IoT system, the main security issues of confidentiality, integrity, and authentication, or CIA, are raised when IoT communicates to its objects having distinct configuration requirements, for example, large interoperability issues; on the other side, privacy issues mainly rising when there are no proper identifications of devices during communication, for example: one device is authorized to exchange its private information to another device, by keeping target device valid identity; the originator device can communicate to another, by keeping its identity anonymous or hidden.
For a large scale and distributive system, for example, the food supply chain management (SCM) system, where most of the participating entities are unknown to each other, but are known to the main controller. Thus, deploying IoT integration to the food supply chain can get great visibility, monitoring, controlling, and tracking in the entire supply chain ecosystem; however, IoT integration is not much effective to provide enough security and privacy measurements during information exchange in the supply chain systems. The SCM system is a concept of a large and complex system composed of several entities and operations, therefore, IoT integration moves the SCM system in a more scalable and complex system [
26]. So, we say that the Internet of Things (IoT) and supply chain systems both are scalable systems, composed of a number of devices, operations, applications, and services to manage the overall system performing tasks [
9,
36]. As time past, SCM systems were upgraded by employing new technologies such as RFID, sensing, and analytical processing; therefore, it is interesting and demanding to develop an SCM system, with end-to-end connectivity, employing IoT technology [
30,
33]. IoT provides several new features of collecting and examining information that surely improves SCM system performance. However, among others, integration of IoT with SCM, this integrated system may suffer from various possibilities of privacy and security issues; these issues can occur internally as parts of supply chain operations and occur by considering the specific cases of IoT open interconnectivity and information exchanging features to the supply chain. Therefore, it is important for the supply chain system to examine all possible issues of security and privacy before deploying new technologies, as SCM systems are already suffering from various challenges of traditional networks and communications [
4]. For example, in the case of IoT adaptability in SCM.
In this study, we examined that the IoT-based IoT supply chain (IoT-SC) system should require all essential security services such as authentication, integrity, confidentiality, and non-repudiation to combat the vulnerabilities and attacks, even these are important aspects that every internet-based system should adopt to attain its performance, for example, to ensure communication against unauthorized access and tampering. Another main issue we examined as part of the proposed study are privacy issues to the IoT-SC system. Privacy is a common challenge individually to IoT and SCM, such as privacy of user identity and location. Therefore, we targeted to examine and test these security and privacy challenges of the IoT-SC system. Considering this extensive scenario, there is essentially a requirement to have robust security and privacy models for the IoT-based supply chain (IoT-SC) system, where each node can communicate to the IoT-SC controller, or other nodes in the IoT-SC system, with proven of information security, i.e., CIA, and privacy of every node sensitive information, user/node identity, and location, are the common privacy issues in IoT-SC system.
5. System Design and Modeling
This study considers
number of nodes, these are IoT objects such as devices or smart sensors, represented by a set
,
, where
is a fixed value depending on the size of IoT-SC system, i.e.,
. Number of nodes in a set
are not autonomous nodes, these are managed and controlled by a number of edge nodes represented by a set
,
, where
is also a fixed value depending on the size of the IoT-SC system, i.e.,
. Meaning that, the number of edge nodes in a set
are directly proportional to entities, such as farmer, manufacture, warehouse, etc., associated to the IoT-SC system. These entities may belong to, or represent, one or more organizations that participate in the IoT-SC system. Edge nodes are partially autonomous nodes, which means that these nodes can provide some services, such as temporary data storage, error detection, and reporting, and nodes status check, and are also connected to the IoT-SC system. Edge nodes are limited in resources, such as computing power and storage, therefore, these nodes are configured and networked to process the collected information after a period of time to the IoT-SC controller
.
is superior in the IoT-SC system. Edge nodes perform a number of read
and write
transactions,
,
, representing a set
, i.e.,
, where
. Number of transactions
can be carried out by each edge node in a set
, each edge node can read transactions
from nodes in a set
, record all carried transactions, i.e., transactions
, into local temporary storage, and after a time period, these numbers of transactions
are written to
. However, edge nodes are only allowed to write transactions to
, and can receive instructions from
, but not allowed to read any information stored onto
[
51]. As per defined permission access rules, authorized entities can get and trace information through accessing the IoT-SC controller via some web applications. Web application and development is not under the scope of this study, as we can get and trace information through accessing locally to the IoT-SC controller. We assume that identity
and exact location
or GPS coordinates, such as latitude and longitude, of nodes in a set
and edge nodes in a set
are known and recorded onto
. As per communication rules,
allocates a specific number of nodes to specific edge nodes, by doing so, an edge node, e.g.,
, can keeps information on those specific nodes identities and exact locations; in other words,
writes information to a specific edge node. For example, if we set a value of
to 10 in a set
, to allocate 10 nodes, each node has a unique identity
and location
, i.e.,
, to
, thus
number of nodes are connected to
. Number of nodes identities and locations are composed in a set
, and a set
representing the number of edge nodes identities and locations, which are known to
. Even, in the situation of edge to edge communication, each edge node identity and location representing in
, i.e.,
, are not known to other edge nodes in a set
, because of privacy issues, each edge has to verify a valid identity and location of another edge node through the IoT-SC controller before initiating any transaction. For example, a receiving edge node can verify a valid identity of the originator through
.
Figure 1 demonstrates a detailed network architecture of the IoT-SC system.
To demonstrate the robustness of the IoT-SC system, considering potential cases of privacy and security, we set 6 main statements. Statement 1 is a privacy statement, detailed in
Figure 2, which proves and examines the privacy of the IoT-SC system using communication cases: case 1: nodes to edge communication, case 2: nodes to
communication, case 3: edge to edge communication, and case 4: edge to
communication. Statement 2 to 5 are the security statements, detailed in
Figure 3, which in turn prove and examine the security of the IoT-SC system using communication cases: case 5: edge to
communication, and case 6: edge to edge communication. For each case, we create a potential scenario where the adversary has some possibilities to interfere directly/indirectly into the communication and therefore violates the security and privacy of the IoT-SC system.
Table 1 depicts some main terminologies used in the proposed system design and modeling.
5.1. Statement 1: IoT-BC Privacy
Privacy can be achieved by hiding sensitive information, a unique identity and location , so each node can communicate as a pseudonym, employing cryptography capabilities. For the certain defined communication cases, probability of , i.e., , of each successful attempt, is greater than probability of adversary , ; in other words, the for each successful attempt, is approximate zero, .
In the IoT-SC system, keeping a verifiable privacy , such as valid identity and location , of each node in sets and is the main concern, which means that each node’s privacy, , should be protected for every transaction in a set , , where . We used cryptography hashing the SHA-256 algorithm to compute a hash code on , and record on the IoT-SC controller. By doing so, a unique hash code is used as a pseudonym identity for each node in the IoT-SC system. In reality, as we also model our IoT-SC system, if we have of nodes in a , and have number of edge nodes , therefore, it is not possible to compute a unique hash code for each node/edge node of and , and record on the IoT-SC controller. A set , , representing each node’s identity and location of , representing each edge node’s identity and location of , and identity and location are uniform. Therefore, we can distinguish each node and edge unique identity and location by sets and . For a given problem, to compute and record a unique hash code, two possibilities exist:
In the first situation, the IoT-SC system models for some fixed number of nodes and edge nodes, such that values of are fixed and known to , then the system is much efficient to compute and record a unique hash code for a given value of and . Therefore, a system can examine the privacy of each node and edge node by verifying hash codes recorded on . If an adversary exists to steal the personal information, , of any node or edge node, and is very low or is approximately zero, therefore, an adversary may successful steal the hash code but not the actual information behind the hash code.
In the second situation, IoT-SC models as a partially autonomous system. This means that there are some fixed number of nodes and edge nodes, such that are some fixed values, which networked, and are known to . In addition, their hashes are also recorded onto . If there are some external nodes or partially autonomous nodes that wish to communicate into the IoT-SC system. These partially autonomous nodes can grant permissions, after recording of hashes, from . In a situation, an adversary , or any unknown node, acts to steal the personal information, , of another valid node or edge node, and is very low or is zero, adversary may successfully steal the hash code but not the actual information behind the hash code. However, in a situation, if a fully autonomous node wishes to initiate communication, and act as an adversary time-to-time to steal sensitive information from other valid nodes, of stealing information is still very low or is approximately zero, as adversary cannot steal actual information behind the hash code.
5.2. Statement 2: IoT-BC Confidentiality
A strong confidentiality can be attained for each transaction in a set , if there exists a unique shared key perform encryption and decryption , and satisfies the requirements of the communication system. If there exists an adversary and the probability of information leakage by is approximately zero, = 0 for each .
To demonstrate and examine the confidentiality of each transaction , . Two main communication cases exist: case 5: edge to communication, and case 6: edge to edge communication. For both cases, we assume that each transaction is a payload composed of random bits, and we use the symmetric algorithm, i.e., advanced encryption standard (AES), to perform encryption on and decryption when the information will be read as transaction , employing a unique key . For each in a set , the key is always a unique 256 bits key, generated through the randomization process, and shared securely at both sides of the transmission. Therefore, the encryption and decryption functions, employing a common unique 256 bits key, , are given as and (.
and simply demonstrate encryption and decryption functions, employing the symmetric algorithm, without detailing the complexities of encryption/decryption operations. Encryption is performed on is a payload that transmitted from edge nodes (any) in a set , and decryption is performed when information read as transaction by edge nodes (any) in a set or by , employing a unique shared .
Suppose that, an adversary
may have enough computing power, and has access to some tools or mechanisms to launch confidentiality attacks, such as eavesdropping and sniffing [
51]. An adversary
tries to launch a number of confidentiality attacks
, where c represents the possible number of confidentiality attacks, to interfere in transmission continuously and therefore to leak information, or transaction
, composed of random bits. In our case, a unique shared key
is important; as mentioned, for case 5 and 6,
is shared securely to perform encryption
and decryption
before to initialize any transaction
. However, there may some probability
exist that an adversary
can guess the keys to perform decryption, as unauthorize entity to leak transaction
, before an actual node read transaction
, followed by cases 5 and 6. Thus, we can examine the effectiveness of our security approach and the power of the adversary
, by estimating
of success and fail depending on the value of
. However, we do not care how many times an adversary
launched confidentiality attacks
and is successful, we do care how many times an adversary
succeeded to leak all or some of bits from each transaction
For example, if
is greater than limits of the lower bound, or
= 0 for each
, thus we may conclude that security solutions attained enough security in the IoT-SC system.
5.3. Statement 3: IoT-BC Integrity
is a fixed length, unchangeable hash value and computes on each transaction in a set , to verify the number of actual bits, and alteration bits, such that = . A condition = is true, if the computed individual hash value of and is the same, i.e., = , and the probability of information alteration by an adversary is approximately zero, == 0 for each .
Information integrity is an important security service for communication systems, for example, the IoT-SC system. For the IoT-SC system, to verify information or
, considering both defined cases: edge to edge and edge to
, is an important security challenge to overcome. Meaning that, by deploying the integrity mechanism, the IoT-SC system ensures that each transaction
, composed of random bits, has not been altered during transmission, and will be verified, i.e.,
=
. To achieve that, we use cryptography hashing
to compute an unchangeable hash value for each
, considering case 5 and case 6. For example, let us assume that
is the written transaction composed of random bits pattern
, i.e.,
, where b is some fixed value, and
(
is a hash of
, periodically transmits, and received. Meaning that,
(
will be unique for each written transaction
. Thus, for each transaction
,
(
is the computed hash of
,
(
is the computed hash of
, and both values are computed employing SHA-256. Therefore, we can say that,
=
(
and
=
(
. Similarly,
, this condition will be true if the contents of
have not been changed during communications, case 5 and case 6, and verified by computing
. In situations, when an adversary
is strong enough to intercept the communication systems, targeting is to launch some integrity
attacks
, where
represents the possible number of integrity attacks, such as man-in-the-middle attacks and packet injection, using some solutions or built-in tools [
43,
51]. Thus, the contents of
are maybe modified if the adversary
has enough computing power to compute the hash value equivalent to the original computed value as
, or
=
. Contrary, if hash values match,
, it means that adversary
was not succeeded to alter
. However, we can examine the effectiveness of our security approach and the power of the adversary
, by estimating
of success and failure depending on the value of
.
5.4. Statement 4: IoT-BC Authentication
Authentication can be attained for each transaction in a set , if there exists a unique shared secret key and checksum to compute and ensure MAC (message authentication code) , and satisfy the requirements of the communication system. The condition = is true, if computed MAC values are the same, and the probability to intercept the by adversary is approximately zero, = 0, for each .
To deploy and examine an authentication security service in the IoT-SC system, by considering case 5 and case 6, we use a message authentication code (MAC), where the symmetric cryptography algorithm, to compute the checksum of each transaction in a set , i.e., . A unique secret key is generated and shared using a secure channel, meaning that key is assumed to be secured for each transaction . Let us consider case 5: edge to communication, we assume that , , is writing a transaction to the IoT-BC controller , to compute the MAC value or an encrypted checksums, is measured on , such that . Hash and MAC algorithms are relatively the same in their operations to compute arbitrary messages to some fixed size message, the only difference between them is that the MAC algorithm uses a key to generate compressed output. We suppose that is transmitted from in clear, our target is to perform authentication, not confidentiality which requires encryption function of . So, during transmission, computed is sent along with the original to . Upon receiving, uses an original received and a shared key to compute , such that . So, if computed of matches to received from , i.e., = , we conclude that the authenticity of has been transmitted from an authorized node or . Similarly, we can compute case 6: edge to edge communication.
In the case of an adversary
, the IoT-SC controller
can ensure the authenticity if the computed MAC value is not matched. However, in some cases, there is a probability
that
has not been sent from the originator
, or the basis on the adversary
computation power, and employing some intuitive attacks tools [
43,
51], an adversary
pretends himself as the originator of
, but indeed it is not an authorized node. Therefore, we can demonstrate potentials or any harmful effects of an adversary by examining the
and
, depending on the possible number of attacks
, where
represents the possible number of authentication attacks to the system. The MAC algorithm, as a part of the symmetric cryptography, is efficient in its computation to provide authenticity for our defined cases.
5.5. Statement 5: IoT-BC Non-Repudiation
Unbreakable, non-repudiation security can be achieved for each transaction in a set , if there exists a digital signature computing on a key pair , another key pair , a fixed-length hash value , and satisfies the requirements of the communication system. Digital signature can satisfy non-repudiation security , so the probability of interception by an adversary is exactly zero, = 0, for each .
For the IoT-SC system, considering case 5 and case 6, a requirement to implement and examine a non-repudiation security service is crucial, as probability of repudiation , i.e., , where r represents the possible number of non-repudiation attacks, an adversary acts to deny is assumed to be high. The IoT-SC system can use the public-key based digital signature scheme to effectively verify the non-repudiation security over exchanging of each transaction . We consider case 2 to compute a digital signature at the originator, we randomly selected the originator as , , which uses a key pair , such that , to perform the encryption operation employing RSA public-key cryptography algorithm and at the receiver side, uses another key pair , such that , to perform decryption operation employing the same RSA algorithm. We generated key pairs, such as and , locally through randomization, without the needs of a certificate authority (CA), and keys are distributed locally without the use of key distributive centers (KDC). In our study, public key of each node in a set is known to ; public key is a universal address of each node in the IoT-SC system. Thus, communication between the selective originator node or and , public keys are known in advanced before initiate communication, and privates keys as the name suggested, these are kept private and only know to and . For signing , first computes a hash value , and later encrypts the resulted hash value using its private key , the output will be a signature signed from . Thus, a signature appends with original is sent over an unsecured channel, and later, verified by . Upon receipt, uses received and inputs to the hash algorithm, i.e., SHA- 256 algorithms, to compute the output hash value. At the same time, the signature received is decrypted by the originator public key known to , this is actually a verification process done by the RSA algorithm, and output as hash value is then further compared with hash values computed on the original received from . If both hash values verified and match, we can surely conclude the originality of the originator (or . This also verifies that the originator could not repudiate signing and will not be repudiated signing future transactions. In reality, this is impossible that an adversary interception can effect non-repudiation security of IoT-SC, as a signature is created using the private key of the originator, so no one else knows its private key to perform verification; however, we imagine that this is possible in some cases when an adversary is unbelievably strong enough to act as a repudiator entity to the IoT-SC system. Therefore, we can demonstrate the harmful effects of an adversary by conducting some useful experimentations and examining the and , depending on the value of to the IoT-SC system. In similar manners, we can compute a digital signature by considering case 6: edge to edge communication.
5.6. Limitations and Enhancements
5.6.1. Identity
IoT comes with several inherent concerns of privacy, as IoT interconnectivity with no-proprietary hardware, devices and sensors, usage of various software, and communication protocols provides several vulnerabilities to leaking sensitive personal information of authorized users, e.g., personal information without any usage of encryption and cryptography mechanisms. In addition, the IoT platform is not much efficient to process a massive amount of data having user privacy concerns in mind [
19].
In an actual IoT platform where numerous objects are interconnected to exchange information, protecting each node identity is a great challenge, for example, commonly IoT sensors or devices exchange information, with some of their personal information, without consideration of privacy countermeasures [
52]. Among other solutions, the IoT-SC system can protect each node identity by hiding a real identity, for example, a real identity can replace as a pseudonym, such as in a form of random text or a fixed size code generated using a hashing algorithm, to exchange information. Whereas in some cases, when the authenticity of the nodes is required and nodes are communicating by their pseudonyms identities or by hiding their real identities, therefore, it could be a challenge to authenticate the originator of the message. To solve this issue, two solutions: (1) Pseudonym certification authority (PCA), is authorized to establish and issue pseudonym certificates, depending on anonymized credentials, to devices or nodes; (2) Anonymous authentication system, uses cryptography and digital signature scheme to enhance the user privacy and provides a solution to authenticate anonymity of the user: an anonymous user participating in the system [
53,
54,
55,
56]. IoT can use pseudonym certification authority (PCA) to attain the privacy of its objects during communication—a temporary credential, or one-time use anonymized credential, can be used as a pseudonym identity of a node to the system, or for a node that shows interest to join the network to exchange information. It is important that node anonymous credentials can be cryptographically proven before participating in the network. Therefore, by doing so, each node identity will not be disclosed to others, e.g., to unauthorized entities, adversaries, or third parties, and the IoT system can ensure node authenticity. Anonymized credential as pseudonyms should used once, therefore, to avoid any adversarial activities being linked to the system. Moreover, in a situation when nodes are connected as a standalone entity or nodes are associated to a single network group, for example, smart home application, it is also possible that each can participant anonymously in the system. Authentication through cryptography approaches, a node in a network can revoke the session key if there is another node behavior-changing exception. By doing this, the node can keep its privacy by not disclosing its identity to others.
5.6.2. Location
In IoT, even in this study, location is a position of objects, e.g., edge nodes, device/sensors, or person, geographical positions. IoT and its applications have been extensively employed for tracking and monitoring of various objects remotely in real time. In the IoT-SC system, specifically for the cold food supply, real-time monitoring of information using sensors is crucial for the effective end-to-end supply chain. Tacking of products in warehouses and during transportation are important concerns and can be accomplished efficiently through IoT: tracking and monitoring of goods remotely. However, in the IoT-SC system, location access services open new privacy challenges, or threats, such as localization, profiling, and identification, to reveal the personal sensitive information of users, devices, and sensors distributed across several locations and connecting over the internet. To protect location privacy, several solutions have been conducted in [
24,
56,
57,
58], which can be employed in IoT case studies, e.g., the IoT-SC system. Cloaking, a location anonymity mechanism, employs to hide a person’s original location to protect location privacy [
25]; location obfuscation, the mechanism, such as pseudonyms, rounding, or spatial/invisible cloaking, employs in location-based services to protect location privacy through changing the actual location of the user [
24]; dummy-based mechanism, protects user location privacy by allowing the user to send numerous dummy position coordinates instead of the actual location, therefore an adversary cannot link to the actual location of the user [
57]; false-based location mechanism, allowing the user to send false or fake location information instead of reallocation, to protect the location privacy that can be leaked by the adversary [
58].
5.6.3. Confidentiality
In the situation of IoT, e.g., the IoT-SC system, numerous devices and sensors are installed and networked to pre-processed data periodically to the IoT server for storage and further analysis. Therefore, collecting information from IoT objects is sensitive and important to keep secure, not to be leaked maliciously; ensuring the confidentiality of information is important for IoT. In literature [
3,
6,
43,
51], numerous solutions, especially cryptography algorithms as strong security solutions, are used to enhance various security challenges of IoT; cryptography encryption operations are significant to protect IoT sensitive information from adversaries. However, for IoT, a network composes a massive number of objects, it is difficult to protect the confidentiality of information from millions of objects, even with edge/fog connectivity, employing cryptography encryption algorithms [
51,
59]. Among others, the IoT central platform is not able to generate and manage a large number of keys for millions of transactions; further, the IoT platform relies on thirty party certificate author (CA) for digital certification and key distribution center (KDC) for keys exchanging and minimizing their risks. Similarly, for the IoT-SC system, the information generates and collects, having a number of keys, from a large number of objects, both asymmetric and asymmetric cryptography mechanisms used to attain information confidentiality, is challenging.
5.6.4. Authentication
Like traditional systems, IoT indeed must have a robust authentication mechanism(s): the IoT-SC system acknowledges that information received from nodes is authentic, or participant nodes are real or are authentic users. In cases of the potential adversary impersonating as an authorized user to the IoT-SC system, it is critical to authentic information or the sender that the user is communicating with other valid entities, not with adversaries. Therefore, this is important for the IoT-SC system to share information with authentic nodes only, if IoT-SC is not sure about the objects its connecting with, IoT-SC enables the protection of its sensitive information that is shared or received from adversaries. Numerous security solutions, including authentication protocols, have been deployed to authenticate information and users as valid entities [
22,
59]. Mainly the solutions are concerned to authenticate a user using passwords to login to the system, employing transport layer security (TLS)/Secure Sockets Layer (SSL) protocol, tokenization, and public-key cryptography. These solutions and their developments are good enough for several applications, and systems including web browsers, and are commonly used by IoT. However, the evolution of advanced technologies and available computing powers, like conventional communication systems, IoT is also suffering from vulnerabilities and potentials authenticate attacks, therefore, to provide authentication for an IoT-scale platform is relatively more challenging than traditional systems [
6,
40].
5.6.5. Non-Repudiation
For the IoT-SC system, the MAC algorithm, or other symmetric algorithms including hashing, is not able to provide non-repudiation security service, among others [
40,
51]. To achieve effectiveness in the IoT-SC communication system, a non-repudiation security service, confirmation, or guarantee that any node in a set cannot repudiate or contradict any prior transmitted transaction and this security service is very useful for a complex and scaled IoT network. Alone, symmetric encryption, asymmetric encryption, or hashing are not much efficient to provide the non-repudiation security service to the IoT-SC system, for example, if there is a dispute among nodes over origination, no one indeed can prove the who is a real originator of the transaction. Specifically, in the case of IoT massive connectivity, where nodes autonomously exchange information, it is almost impossible that the IoT-centric computing server leverages a non-repudiation security service among massively connected nodes. For example, if the originator node continually opposes transactions and states that the receiving node already copied transaction fraudulently, therefore, in this critical situation, it is not possible to decide who is a real originator of the transaction or who is acting fraudulently. Therefore, to provide a non-repudiation security service where an originator does not contradict the transaction, public cryptography digital signature schemes can be solutions to these issues [
60]. Employing a digital signature scheme, a real identity of the originator is bind with a transaction that a sender indents to transmit, and later will be validated independently at the receiving side or in the case of third-party verification.
6. Results and Discussion
The IoT-SC system and its components, such as nodes, edge nodes, and a controller, are programmed using visual studio C#, i.e., net core is used to program a complete IoT-SC system, and Azure SQL data or Azure cloud is used to record every transaction. In the IoT-SC system, IoT nodes, such as IoT-Enabled RFID active readers, are assumed to be connected through Raspberry Pi RFID RC522 and is connected to C# GUI. In the IoT-SC system, eight main commands are used to perform system operations or transactions, and are detailed in
Table 2.
To conduct the experimentation and performance results, we limit the number of nodes and edge nodes in sets
and
, such that,
and
. Numbers of edge nodes in
, where
, are designated to carry the operations of supply chain entities: farmer, manufacturer, warehouse, retailer, and transporter. Here, we do not use the customer entity because this entity can only view the product information and is not connected to the IoT-SC system. Therefore, to perform the operations of each supply chain entity, the total are five entities, we designate
to farmer,
to manufacturer,
to the warehouse,
to retailer, and
to transporter. Means that, edge nodes in a set
,
, are designed to carry the operations of supply chain entities, for example, each edge node reads transactions from IoT-enabled RFID readers, and recorder onto its local storage. We assumed that
to
are distributed across various locations, with unknown location coordinates, and are linked to the IoT-SC controller via the internet. However,
is a moving entity, so its location coordinates changing time-to-time while carrying transportations. Each edge node in a set
is connected to two IoT-enabled RFID active readers, to carry supply chain operations. Operations are the number of transactions carried by each edge node and then, written to the IoT-SC controller, as edges are only authorized to write transactions, not to read. However, supply chain entities or users can view or read transactions, for example, to trace record history by requesting or/and accessing the IoT-SC controller. In a set
,
to
are connected to two IoT objects: IoT-enabled RFID active readers;
is connected to an IoT-enabled RFID active reader and an IoT-enabled GPS device, it is useful as
geographical location changes time-to-time, for example, during transportations between supply chain entities; we assumed that geographical locations of
to
are fixed, and their individual fixed positional coordinates (longitude and attitude) are unknown and recorded on the IoT-SC controller. Meaning that, each edge node works as an intermediary node between nodes and IoT-SC controller, and has small memory storage, enough computation power for processing information, and a reliable internet connection; unfortunately, analytical capabilities are not available locally in edge nodes, however, IoT-SC controller provides analytical capabilities to process information and takes corresponding actions accordingly. We assume that nodes in a set
are representing nine IoT-enabled RFID active readers, and one IoT-enabled GPS device, installed and networked in the IoT-SC system. Such that,
and
are represented as IoT-enabled RFID active readers, and connected to
,
; similarly, we can assume that,
,
,
, and
,
is an IoT-enabled GPS device.
Figure 4 illustrates a setup and nodes connectivity of the IoT-SC system.
As mentioned, edge nodes carry the specific operations of supply chain entities: farmer, manufacturer, warehouse, retailer, and transporter; however, the details of operations performed by supply chain entities are not under the scope of this study; at the present, we are only interested in collecting and processing information from nodes to edge nodes to the IoT-SC controller, or depending on the defined communication cases, which are:
At the farmer side, reads information from and , and then writes to the IoT-SC controller. collects information via active RFID tag fixed to raw material. We assume that raw material, a quantity of 100 Kgs, is stored in a big cotton bag, which means each bag can store 100 Kgs of weight and is tagged to prove its identity in the supply chain.
At the manufacturer, reads information from and , and then writes to the IoT-SC controller. collects information via active RFID tag fixed to packets. We assume that raw material assembles to fixed-size packets, each packet size is only 1 Kg, and packed to a cotton box. Each cotton box can contain 10 packets. Each packet is tagged, including labeling the detail of manufacture date, expiry date, and ingredients.
At the warehouse side, reads information from and and then writes to the IoT-SC controller. Similarly, collects information via active RFID tag fixed to cotton boxes or pallets. In general, the warehouse is responsible to manage an effectivity inventory. Inventory management is a complex process in a medium and large size warehouse. IoT is an ultimate solution for warehouse and inventory management, however, these features are not under the scope of this study. For instance, we are interested to read information from and via will further process to the IoT-SC controller.
At the retailer side, reads information from and and then writes to the IoT-SC controller. For example, the retailer opens the boxes or pallets received from the warehouse, read tags information, and writes to the IoT-SC controller via .
The transportation entity is common among all other entities, as its performance transports between entities. In our case, transportation is installed with and . Every time, material or boxes, or pallets are loaded/unloaded to/from transportation in a supply chain, reads information from , with information of location coordinates via , and uploads to the IoT-SC controller.
To examine the effectiveness of the proposed implementation, this study defines communication rules and cases to measure and evaluate the performance results in the IoT-SC system. For that, six communication cases, having specific rules, are defined to test and examine the performances of proposed privacy and security statements. In total, there are five statements: statement 1 is a privacy statement, and statements 2 to 5 are the security statements. For simplicity, four communications cases, i.e., case 1 to 4, define and consider in turn to test and examine privacy statement, and the remaining 2 communication cases, i.e., case 5 and 6, are defined and considered in turn to test and examine security statements: Statement 1: Confidentiality, Statement 2: Integrity, Statement 3: Authentication, and Statement 4: Non-repudiation. Note that, for all communications cases, i.e., case 1 to 6, the IoT-SC controller is superior, as it registers all the nodes and edge nodes, sets communication rules for each defined case, and can alter the rules based on the communication requirements. The IoT-SC controller uses each node/edge node real identity, e.g., node ID or address, node type, node model, manufacture ID, and firmware version, and location coordinates, as each node/edge node information is known and recorded on the IoT-SC controller, to generate a fixed-size hash code that is used as a pseudonym to hide each node/edge node real identity. SC is responsible to perform these tasks, including to write new pseudonyms to each node firmware, or to update the firmware with a new hash code. Communication cases, i.e., cases 1 to 6, are detailed as follows:
Case 1: nodes to edge communication—Nodes are the actual IoT objects installed and networked to get measurements, for example, to read RFID active tag information and write to edge nodes continuously. For privacy measurements, , we allocate two nodes to an edge node, i.e., and so on, meaning that only and are allowed writing transaction to . In open network connectivity, for each transaction , every node in a set , conceals its real identity and location, through initiating communication with a pseudonym to edge nodes in a set , . A pseudonym is a unique hash code the represents a node’s identity, including its location, instead of its real identity. As mentioned, the IoT-SC controller always keeps a record of nodes and edge nodes, and their unique hash codes as a pseudonym. For communication case 1, each edge node keeps a replicate copy of the hash codes of its belonging nodes; in other words, the IoT-SC controller writes the hash codes of selective nodes to a specific edge node. So, during communication, nodes use their pseudonyms to hide their actual identities, and on the other side, a specific edge node can verify the identities of the nodes, as authorized identities to the system, by matching their hash codes recorded onto the edge node.
Case 2: nodes to SC communication—This communication case is unusual and occurs when every edge node in a set , is offline continuously or is not able to verify the originator, thus, a node in a set , can use its pseudonym to initiate and write the transaction to the IoT-SC controller. The IoT-SC controller verifies the originator of the transaction by matching the hash code.
Case 3: edge to edge communication—In the IoT-SC system, edge nodes in a set , are not known to each other, thus an edge node, e.g., , can use its pseudonym to initiate communication to another edge node, e.g., . In this case, can only verify the originator via the IoT-SC controller. To conduct the privacy measurements, , we assume that each edge node in a set , keeps a copy of the hash codes of other edge nodes.
Case 4: edge to communication—Like case 1, each edge node in a set , can use its pseudonym to initiate and write the transaction to the IoT-SC controller. The IoT-SC controller verifies the originator of a transaction by matching the hash code.
Case 5: edge to communication—In general, edge nodes are efficient in computation power, increasing response time, reducing bandwidth, and may have analytical capabilities. However, in our case, these nodes are limited in their computation power, storage, and have null analytical capabilities; due to these limitations, each transaction , for example, after a while or after 1–2 h, recorded on edge will be shifted to the IoT-SC controller, for permanent storage and further analytical purposes. There is some probability that storage will be lost because of some obstacles and hardware errors. So, while transferring information in an open network, edge nodes can exchange information securely by deploying and examining security statements 2 to 5.
Case 6: edge and edge communication—This communication case is critical and occurs when one edge node may behave abnormally or in a situation with an edge node being offline continuously due to some issues. For example, has been reading transaction from and , i.e., , and after a time period, writing transaction to IoT-SC controller, continuously. Over a time period, stopped writing transaction , or in situation IoT-SC control requests for transaction but status is offline continuously. Therefore, to provide reliable communication, the IoT-SC controller redirects communication from to other closer edge node; means that, nodes connected to are redirected or allocated to another edge node, e.g., . Nodes, i.e., , are also updated with new edge node or configuration if there are any. However, there may be an effect on the throughput if it has been already overloaded with transactions from and So, while transferring information in an open network, security statements 2 to 5 are deployed to exchange information securely to the IoT-SC controller.
In general, this is not possible for IoT objects to be installed with security mechanisms like cryptography mechanisms, which require enough computational power and complex operations to attain security, specifically for encryption and decryption operations. However, lightweight cryptography and other security mechanisms can be solutions to this problem to install security solutions as parts of smart objects [
5,
40]. In this study, we consider a similar approach where nodes connected to the system are not installed with any security solution or any security service 2 to 5, but these nodes can execute privacy statements as a solution to hide their real identities, for that, hash codes are used.
To test and examine the privacy, considering communication cases 1 to 4, a number of experiments are conducted to measure the performance results. Among other several experiments, optimal successful experiments are selected, their measurements, the throughputs as rates of privacy
are carefully observed, and are illustrated in
Figure 4. During experimentation, we assume that the whole IoT-SC network is up, there are no network issues and other communication obstacles. For that, we conducted an experiment 0 illustrated in
Figure 4, which demonstrates that the IoT-SC network is working well and up for communication cases 1 to 4. Considering communication cases, we transmit a null payload for each successful experiment, as our intention is to verify the privacy of each valid node/edge node and to measure the rate
of privacy
, i.e., high or low, at the received end, for examples: (1) considering communication case 1, we transmitted a null payload a number of times from randomly selective nodes, using pseudonyms instead of the real identities, and measured by the rate
of privacy
at the IoT-SC controller; (2) Considering communication case 2 and 3, edge nodes will be measured by the rate
of privacy
, depending upon payload (null) successfully received from nodes, and their hashes verified, however communication case 3 may vary in the situations; (3) Similarly, considering communication case 4, we transmit a null payload a number of times from randomly selective edge nodes, using pseudonyms instead of their real identities, and measured the rate
of privacy
at the IoT-SC controller. Meaning that, the rate
of privacy
is either low or high, high rate
can be computed if the receiver-end received a payload (null) from a transmitter, considering cases 1 to 4, and its pseudonym matches to the hash code recorded on the receiver end, otherwise, the rate will be low
as hash codes are not verifiable or not valid hash codes. As parts of
Figure 5:
Figure 5a demonstrates the optimal successful experiments and throughputs, rate
of privacy
, considering commination case 1; similarly,
Figure 5b–d demonstrates the optimal successfully experiments and throughputs, considering commination cases 2, 3, and 4. For a better representation of
and
, we assume that 0.5 is a calculated average rate
, a lower bound value
is set on 0.4, and an upper bound value
is set on
= 0.5; therefore, rate
of privacy
is assumed to be high or
, if probability
of each transaction
in a set
lies between 0.5 and 1.0, otherwise considered as
For security measurements, average optimal numbers of successful experiments are selected, and throughputs: latency and rate of security
, are carefully observed, considering communication cases 5 and 6. Latency is the time interval when each transaction
writes from edge node and successfully received or read by IoT-SC controller and similarly rate of security
is computed when IoT-SC successfully verifies the security, i.e., confidentiality
, integrity
, authentication
, and non-repudiation
of each write transaction
from edge nodes. We merge communication cases 5 and 6 or consider these cases as one communication case, because in both communication cases, each transaction writes from edge nodes to the IoT-SC controller. We assume that a number of transactions from nodes are successfully carried out, without any issues of network connectivity, communication obstacles, and are recorded on edge nodes, i.e.,
and so on.
Figure 6 exhibits the average latency of a selective number of transactions done, considering communication cases 5 and 6.
Figure 7 illustrates security services, such as confidentiality, integrity, authentication, and non-repudiations, are tested to measure the latency, and
Figure 8 illustrates to examine the rate of security
based on
Figure 7 performance results, form edge nodes to the IoT-SC controller. The performance results in
Figure 6,
Figure 7 and
Figure 8 are measured in absences of network issues and any communication obstacles, and each edge node in a set
,
is randomly selected to write a transaction
in turn to the IoT-SC controller, not in a batch.
Figure 9 shows the average latency or time an IoT-SC controller requires to redirect the communication from one edge node to other; however, average latency will be increased as increasing a number of nodes to edge nodes; in other words, the IoT-SC controller requires more time to redirect the communication if there are a number of nodes connected to the offline edge node.
Forming the given proofs of privacy and security statements and examining of privacy and security rates, we conclude that probability of adversaries: the probability of the attacker on privacy
, probability of the attacker on confidentiality
, probability of the attacker on integrity
, probability of the attacker on authentication
, probability of the attacker on non-repudiation
, are assumed to be very low, or approximately equal to zero.
Table 3 depicts the results of validation against the probability of adversaries.