Advertisement

Information Systems Frontiers

, Volume 17, Issue 3, pp 691–705 | Cite as

On achieving secure collaboration in supply chains

  • Sharad BarkatakiEmail author
  • Hassan Zeineddine
Article

Abstract

Security of private information is a critical requirement for information sharing in supply chains. Security is measured on a variety of metrics: participating suppliers in a supply chain process need guarantees on confidentiality, anonymity, and privacy; the purchaser needs assurance on verifiability and non-repudiation. Given the mutually exclusive nature of security metrics such as anonymity vs. non-repudiation, and confidentiality vs. verifiability, the challenge is to design a process that satisfies all these metrics. In this paper, we propose three major processes that enable secure information sharing and secure computation of arbitrary supply chain functions. We evaluate and compare the secure processes using a ranking method and score function, which we propose for that purpose. We find that certain processes will be preferred over other processes, depending on the environmental characteristics and user preferences. Thus, our secure processes aim to solve major collaboration issues in supply chains.

Keywords

Secure collaboration Secure information sharing Supply chain management Secure process management 

References

  1. Akintoye, A., McIntosh, G., & Fitzgerald, E. (2000). A survey of supply chain collaboration and management in the UK construction industry. European Journal of Purchasing and Supply Management, 6, 159–168.CrossRefGoogle Scholar
  2. Aouam, T., Chang, S., & Lee, E. (2003). Fuzzy MADM: an outranking method. European Journal of Operational Research, 145, 317–328.CrossRefGoogle Scholar
  3. Atallah, M., Elmongui, H., Deshpande, V., & Schwarz, L. (2003). Secure supply chain protocols. Proceedings of the IEEE Conference on E-Commerce, 293–302.Google Scholar
  4. Aviv, Y. (2002). Gaining benefits from joint forecasting and replenishment processes: the case of auto-correlated demand. Manufacturing and Service Operations Management, 4(1), 55–74.CrossRefGoogle Scholar
  5. Brakerski, Z., & Vaikuntanathan, V. (2011). Efficient fully homomorphic encryption from (standard) LWE. IEEE 52 annual Symposium on Foundations of computer Science, 97–106.Google Scholar
  6. Brakerski, Z., Gentry, C., & Vaikuntanathan, V. (2011). Fully homomorphic encryption without bootstrapping. Cryptology ePrint Archive, 2011/277.Google Scholar
  7. Brandt, F., & Sandholm, T. (2005). Efficient privacy preserving protocols for multi-unit Auctions. Proceedings of the 9th international conference on Financial Cryptography and Data Security, 298–312.Google Scholar
  8. Brandt, F., & Sandholm, T. (2008). On the existence of unconditionally privacy-preserving auction protocols. ACM Transactions on Information Systems Security, 11(2).Google Scholar
  9. Cachon, G., & Fisher, M. (2000). Supply chain inventory management and the value of shared information. Management Science, 46(8), 1032–1048.CrossRefGoogle Scholar
  10. Chaum, D. (1981). Untraceable electronic mail, return addresses, and digital pseudonyms. Communication of the ACM, 24(2), 84–88.CrossRefGoogle Scholar
  11. Chaum, D., Crepeau, C., & Damgard, I. (1998). Multiparty unconditionally secure protocols. ACM STOC, 1998, 11–19.Google Scholar
  12. Chen, F., Drezner, Z., Ryan, J. K., & Simchi-Levi, D. (2000). Quantifying the bullwhip effect in a simple supply chain: the impact of forecasting, lead times, and information. Management Science, 46(3), 436–443.CrossRefGoogle Scholar
  13. Danezis, G., & Diaz, C. (2008). A survey of anonymous communication channels. Microsoft Research Technical Report. http://research.microsoft.com/apps/pubs/default.aspx?id=70553.
  14. Deshpande, V., Schwarz, L., Atallah, M., Blanton, M., & Frikken, K. (2011). Outsourcing manufacturing: secure price-masking mechanisms for purchasing component parts. Production and Operations Management, 20(2), 165–180.CrossRefGoogle Scholar
  15. ElGamal, T. (1985). A public-key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 31(4), 469–472.CrossRefGoogle Scholar
  16. Fu, Y., & Piplani, R. (2004). Supply-side collaboration and its value in supply chains. European Journal of Operational Research, 152(1), 281–288.CrossRefGoogle Scholar
  17. Gentry, C. (2009). Fully homomorphic encryption using ideal lattices. Proceedings of the 41st ACM Symposium on Theory of Computing, 169–178Google Scholar
  18. Gentry, C., & Halevi, S. (2011). Implementing gentry’s fully-homomorphic encryption scheme. EUROCRYPT, Lecture Notes in Computer Science, 7237, 465–482.CrossRefGoogle Scholar
  19. Gentry, C., & Halevi, S. (2011b). Fully homomorphic encryption without squashing using depth-3 arithmetic circuits. Cryptology ePrint Archive, 2011/279.Google Scholar
  20. Gentry, C., Halevi, S., & Smart, N. P. (2012). Fully Homomorphic Encryption with Polylog Overhead. Advances in Cryptology – EUROCRYPT 2012 Lecture Notes in Computer Science, 7237, 465–482.Google Scholar
  21. Goethals, B., Laur, S., Lipmaa, H., & Mielikainen, T. (2004). On private scalar product computation for privacy-preserving data mining. Proceedings of the 7th Annual International Conference in Information Security and Cryptology, 2004.Google Scholar
  22. Hu, J. (2011). Derivation of trust federation for collaborative business processes. Information Systems Frontiers, 13(3), 305–319.CrossRefGoogle Scholar
  23. Lauter, K., Naehrig, M., & Vaikuntanathan, N. (2011). Can homomorphic encryption be practical? Cryptology ePrint Archive, Report, 2011/405Google Scholar
  24. Lee, H., So, K. C., & Tang, C. (2000). The value of information sharing in a two level supply chain. Management Science, 46(5), 626–643.CrossRefGoogle Scholar
  25. Lee, C., Ho, P., & Hwang, M. (2009). A secure e-auction scheme based on group signatures. Information Systems Frontiers, 11(3), 335–343.CrossRefGoogle Scholar
  26. Li, G., & Wei, M. (2012). Everything-as-a-service platform for on-demand virtual enterprises. Information Systems Frontiers, published online April 2012.Google Scholar
  27. Myers, S., Sergi, M., & Shelat, A. (2011). Threshold fully homomorphic encryption and secure Computation. Cryptology ePrint Archive, 2011/454.Google Scholar
  28. Naor, M., Pinkas, B., & Summer, R. (1999). Privacy preserving auctions and mechanism design. Proceedings of the 1st ACM Conference on Electronic Commerce, 129–139.Google Scholar
  29. Paillier, P. (1999). Public-key cryptosystems based on composite degree residuosity classes. EUROCRYPT, 1999, 223–238.Google Scholar
  30. Pavlou, P. (2011). State of the information privacy literature: where are we now and where should we go? MIS Quarterly, 35(4), 977–988.Google Scholar
  31. Pibernik, R., Zhang, Y., Kerschbaum, F., & Schropfer, A. (2011). Secure collaborative supply chain planning and inverse optimization—the JELS model. European Journal of Operational Research, 208(1), 75–85.CrossRefGoogle Scholar
  32. Rabin, T. (1998). A simplified approach to threshold and proactive RSA. Crypto’98, Lecture Notes in Computer Science, 1462, 89–104.CrossRefGoogle Scholar
  33. Ratnasingam, P. (2005). Trust in inter-organizational exchanges: a case study in business to business electronic commerce. Decision Support Systems, 39, 525–544.CrossRefGoogle Scholar
  34. Reed, M. G., Syverson, P. F., & Goldschlag, D. M. (1998). Anonymous connections and onion routing. IEEE Journal on Selected Areas in Communications, 16(4), 482–494.CrossRefGoogle Scholar
  35. Rivest, R., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120–126.CrossRefGoogle Scholar
  36. Smart, N. P., & Vercauteren, F. (2010). Fully homomorphic encryption with relatively small key and ciphertext sizes. Public Key Cryptography, Lecture Notes in Computer Science, 6056, 420–443.CrossRefGoogle Scholar
  37. Smith, J. (2011). Information privacy research: an interdisciplinary review. MIS Quarterly, 35(4), 989–1015.Google Scholar
  38. Soper, D., Demirkan, H., & Goul, M. (2007). An interorganizational knowledge sharing security model with breach propagation detection. Information Systems Frontiers, 9(5), 469–479.CrossRefGoogle Scholar
  39. Stehle, D., & Steinfeld, R. (2010). Faster fully homomorphic encryption. ASIACRYPT, Lecture Notes in Computer Science, 6477, 377–394.CrossRefGoogle Scholar
  40. Sun, Y., Sun, Y., Mingxing, L., & Gu, L. (2013). Comment on Lee et al.’s group signature and e-auction scheme. Information Systems Frontiers, 15(1), 133–139.CrossRefGoogle Scholar
  41. Van Dijk, M., Gentry, C., Halevi, S., & Vaikuntanathan V. (2010). Fully homomorphic encryption over the integers. EUROCRYPT, 6110, 24–43.Google Scholar
  42. Yang, H., & Fong, S. (2012). Optimizing dynamic supply chain formation in supply mesh using CSET model. Information Systems Frontiers, published online September 2012.Google Scholar
  43. Yao, A. C. (1986). How to generate and exchange secrets. IEEE annual Symposium on Foundations of computer Science, 162–167.Google Scholar
  44. Yao, Y., & Zhu, K. (2012). Do electronic linkages reduce the bullwhip effect? An empirical analysis of the U.S. manufacturing supply chains. Information Systems Research, 23(2), 1042–1055.CrossRefGoogle Scholar
  45. Zhang, C., & Li, S. (2006). Secure information sharing in internet based supply chains. Journal of Computer Information Systems, 46(4), 18–24.Google Scholar

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  1. 1.American University in DubaiDubaiUnited Arab Emirates

Personalised recommendations