Assured Cyber Supply Chain Provenance Using Permissioned Blockchain

Summary Statement

The approach proposed in this activity focuses on customized consensus engine for cyber supply chain provenance and security mechanisms in permissioned blockchain platforms. We will develop a customized consensus engine which will not require participants in the cyber supply chain to make significant investment on computation and will balance the tradeoff between number of transactions processed, transaction validation time, incentives and security rules set by participators in the cyber supply chain.  We will develop a capability for encoding the electronic component’s firmware/software design into transactions while balancing tradeoff between validation accuracy and latency.  We will develop strategies to encode the firmware/software design and their computed hash values will be encoded in the blockchain. The hash values and the firmware/software designs will be delivered through the cyber supply chain and participators at every stage can ensure authenticity of the design by verifying the hash values. However, allocation of appropriate incentives for the participants is another emerging challenge where the trade-off between the incentive and cost of participation in consensus needs to be resolved. We will develop game theoretic based incentive mechanism to self-motivate participators in order to participate in the consensus. We will develop a layer for security assurance within the blockchain architecture to protect the business critical data. Data and transactions will be encrypted using threshold cryptography, such that multiple validating nodes must interact in order to decrypt and compute over this data. This will ensure that business critical data is not revealed even in the event that some number of the validating nodes are compromised.

Energy Delivery System (EDS) Gap Analysis

There is a lack of tools or technologies that can protect the entire cyber supply chain and ensure that all software and firmware verified for their trustworthiness before they are integrated into EDS OT.  We will develop permissioned blockchain based data provenance techniques to certify the software and firmware at all stages of an cyber supply chain in EDS so that the end-users can easily verify whether the purchased electronic component’s software or firmware is tampered with or not. We will develop integrity mechanisms for permissioned blockchain platforms so that critical data remains secure even in the presence of data breach attacks.

Reference the research activity fact sheet (PDF) for an extended gap analysis and bibliography.

How does this research activity address the Roadmap to Achieve Energy Delivery Systems Cybersecurity?
The proposed research supports the Roadmap strategy “Assess and Monitor Risk” and supports the strategy “Develop and Implement New Protective measures to Reduce Risk”. Additionally, with the requirement from FERC to establish a cyber supply chain for the electric grid; there is a need for technologies to ensure provenance and guarantee that the processes in the supply chain are functioning according the intended purpose

More Information

Research Posters:

• Assured Cyber Supply Chain Provenance Using Permissioned Blockchain (2020 Industry Workshop)
• Blockchain Based Cyber Supply Chain Provenance (2018 Industry Workshop)