Secure Supply Chain Collaboration - PowerPoint PPT Presentation

1 / 21

About This Presentation

Title:

Secure Supply Chain Collaboration

Description:

Smaller entities could collaborate to do the same. Share capacity and workload information ... Collaboration beneficial. But information disclosure has costs ... – PowerPoint PPT presentation

Number of Views:129

Avg rating:3.0/5.0

Slides: 22

Provided by: clif7

Category:

more less

Transcript and Presenter's Notes

Title: Secure Supply Chain Collaboration

1
Secure Supply Chain Collaboration

Chris Clifton

2
Supply Chain Information Security

Making the supply chain work requires information
Need to keep the information secure
What does this mean?
Nobody sees anything they shouldnt
What you see is correct
You get what you need in time

3
Example Order Planning

Goal Reduce inefficiency by reducing inventory,
out of stock
Inventory costs (interest, storage) significant
Information sharing can solve the problem
Walmart demands everyones information
Result improved efficiency ? lower prices
Who wins?
We need fair knowledge sharing

4
Tradeoff Vertical Integration

Vertical integration solves the information
sharing problem
All participants have the same bottom line
Common authority/purpose
But comes at a cost
Loss of flexibility
Lost opportunities for economies of scale
Can we get both?

5
Goal Share Capacitywithout sharing information

Large Corporations achieve economies of scale
Lots of capacity
Lots of work
Enables smoothing out the rough spots
Smaller entities could collaborate to do the same
Share capacity and workload information
But knowledge is power (competitive advantage)
We face a tradeoffrevealing secrets vs.
enhanced efficiency
Or do we?

6
Confidential Computation

Idea Many parties have components of the input
to a function
Want to get the function result
But not reveal your input component
Preserves confidentiality of the data
Unless disclosure inherent in the result
Example Secure Sum

7
Gold StandardTrusted Third Party
8
Secure Multiparty Computation

Collaboration beneficial
But information disclosure has costs
Goal Collaboration without Disclosure
Trusted third-party model

9
Secure Multiparty ComputationIt can be done!

Goal Compute function when each party has some
of the inputs
Yaos Millionaires problem (Yao 86)
Secure computation possible if function can be
represented as a circuit
Idea Securely compute gate
Continue to evaluate circuit
Works for multiple parties as well (Goldreich,
Micali, and Wigderson 87)

10
Others you should talk to

Mike Atallah (ComputerScience /CERIAS)
Ananth Iyer (Krannert)

VinayakDeshpande(Krannert)
Lee Schwarz (Krannert)

11
Routes of Great Eastern
Routes of Western Trucking
Chicago
South Bend
Western Trucking
Gary
Great Eastern
Ft. Wayne
12
Example Transportation

Two trucking companies wish to share deliveries
Swap deliveries so each gets a shorter route
But dont want to reveal customers
What is the minimum that must be disclosed?
Swapped customers!
Can we do this without revealing more?

13
Traveling Salespeople
14
After swapping customers
New route of A
New route of B
Original customers of A
Original customers of B
New customers of A (swapped from B)
New customers of B (swapped from A)
15
Space Filling Curve Approach

For each customer, via a space filling curve,
calculate a corresponding position on an
interval.
Securely find the median on the interval.
Salesman A doesnt know how may customers
salesman B has and vice versa.
They only know the customers swapped and
additional information induced from the traded
customers.
Swap customers so that all customers of A are on
one side of the median and all customers of B on
the other side of the median.
Find a route for each salesman via the same space
filling curve.

16
Space-Filling Curve
Median
17
For each customer of salesman A, calculate a
corresponding position on an interval.
1
2
6
5
3
4
8
7
9
14
13
10
12
15
11
16
18
For each customer of salesman B, calculate a
corresponding position on an interval
19
lbound 0, ubound
i 1
lbound 1, ubound
i 2
lbound 2, ubound
i 4
lbound 2, ubound 4
i 3
lbound 3, ubound 4
i 3
1
11
13
15
3
20
lbound 0, ubound
i 1
lbound 1, ubound
i 2
lbound 2, ubound
i 4
lbound 2, ubound 4
i 3
lbound 3, ubound 4
i 3
1
5
7
9
11
13
15
3
21
i 1
i 2
i 4
Lbound 2, ubound 4
i 3
Lbound 3, ubound 4
22
(No Transcript)
23
Algorithm One Dimensional Secure Relative
Outlier Detection
24
Oblivious Transfer

What is it?
A has inputs ai
B makes choice
A doesnt know choice, B only sees chosen value.
How?
A sends public key p to B
B selects k random values b
encrypts (only) bchoice with fp, sends all to A
A decrypts all with private key, sends to B ci
ai ? e(fp-1(bi))
B outputs cchoice ? e(bchoice) achoice ?
e(fp-1(fp(bchoice))) ? e(bchoice)
Slightly more complicated if B might cheat
E.g., B encrypts all with fp,

25
Oblivious Transfer

? generates and publishes three numbers
p a large prime number (all randoms in 1, ,
p-1)
C a random number
g the generator of ps multiplicative group,
i.e., every number between 1 and p-1 can be
written as gk mod p for some k
? picks random k sets Ps gk P1-s C/Ps
sends P0 to ?
? sets P1 C/P0 chooses random r0, r1 sets
E0 (gr0, H((P0)r0) ? B0)
E1 (gr1, H((P1)r1) ? B1)
sends E0, E1 to ?
? computes Bs H(Ps)rs) ? Es

26
Oblivious Transfer

What is it?
A has inputs ai
B makes choice
A doesnt know choice, B only sees chosen value.
How?
A sends public key p to B
B selects 4 random values b
encrypts (only) bchoice with fp, sends all to A
A decrypts all with private key, sends to B ci
ai ? e(fp-1(bi))
B outputs cchoice ? e(bchoice) achoice ?
e(fp-1(fp(bchoice))) ? e(bchoice)

27
(No Transcript)
28
Is it Secure?

Oblivious transfer secure even in malicious
model
Extends to comparison
Full protocol
Given final result, result of each comparison
known
Is this enough?
No!
But neither is trusted third party / malicious
model
Dishonest party falsifies input

29
SolutionIncentive Compatibility

Cheating party will be worse off than being
honest
True if cheating results in
Longer travel for cheater
Getting caught
Protocol gives optimal answer

30
Incentive Compatible (cont.)

Protocol gives optimal answer
If cheating gives different comparison, cant
arrive at optimal answer
If cheating gives same comparison, no knowledge
gained
Protocol is incentive compatible!

31
Does it Work?Trials on Actual Logistics Data
32
Does it Work?Trials on Actual Logistics Data
33
Ideas

Reha Assymetry small suppliers, large
customers
Needs to be easy to use for suppliers
Subcontractors
Need to ascertain process
Process improvements possible?
Vendor-managed inventory
Customer only gets combined information
Vendors dont see each others information
Avoid disclosing promotions at different levels
of supply chain
Issue Repetitive work may reveal information
will this only work for one-time issues?
Sales through third-party distributors likely
market
Reluctance to share with distributors and
vice-versa
How to get information to customer, and from
customer?
Sharing distribution facilities / cross-docking
without revealing customers

34
Secure Multiparty ComputationIt can be done!

Goal Compute function when each party has some
of the inputs
Yaos Millionaires problem (Yao 86)
Secure computation possible if function can be
represented as a circuit
Idea Securely compute gate
Continue to evaluate circuit
Works for multiple parties as well (Goldreich,
Micali, and Wigderson 87)

35
How does it work?
b1
a1
b2
a2
Aa1a2
Bb1b2

Each side has input, knows circuit to compute
function
Add random value to your input, give to other
side
Each side has share of all inputs
Compute share of output
Add results at end
XOR gate just add locally
AND gate send your share encoded in truth table
Oblivious transfer allows other side to get only
correct value out of truth table