University of Passau
Department of Informatics and Mathematics
IT-SEC 
   University of Passau  >  FIM  >  IT-SEC  >  Projects >  Former Projects > ReSCUeIT      SiteMapSitemap  Seitenende

ReSCUeIT: Robustes und verfügbares Supply-Chain-Managment - Unterstützende IT-Plattform

In ReSCUeIT an asset in a supply chain always has two representations: The physical asset as such and a set of representations in the logical world (such as a recipe or purchase order). Both these representations can be subject to (accidental or intentional) attacks. The goal of the ReSCUeIT project was to build a solution that can help to:

  • Visualize Safety & Security Threats in Supply Chains
  • Identify mitigating logical and physical controls
  • Identify and implement new types of logical security controls
  • Automatically configure and instantiate these controls
  • Allow for transformation of high-level supply chain models into detailed executable system models

The basis was a set of scenarios that were identified together with industrial partners representing the stakeholders in a typical food supply chain.

ReSCUeIT Project Details

Project Duration:
March 2010 - August 2013
Funding Agency:
BMBF (FKZ 13N10966) & Joint French Consortium by ANR
German Partners:
SAP AG, REWE Group, Eisbär Eis GmbH, BAAM Logistik, Dr. Oetker Frischeprodukte, Universität Passau, Universität Köln, Universität Siegen
French Partners:
SAP AG, LOGPRO-CONSEIL, Télécom SudParis, SOGET, Institut Supérieur d'Etudes Logistiques (ISEL), Kuehne+Nagel
Websites:
BMBF Flyer, sichere-warenketten.de

Main ReSCUeIT Achievments

  • Supply Chain Modelling: We build a high-level supply chain modeling tool that can be used to represent complex supply chains. On basis of a risk database  threats to this supply chain are automatically identified. Controls that mitigate these threats can then be dragged & dropped  onto the identified risk. Legal demands concerning food production, storage and handling as well as data security law and regulations concerning data storage are incorporated in order to ease legal and contractual compliance.
     
  • Security & Safety Controls: We initially did envision only basic controls such as a separation of duties, digital signatures or a sensor monitoring  the temperature of an asset. However throughout the course of the project several other types of controls were implemented including sanitizable signatures; lifecycle management of authenticity and integrity statements; unobservable communication; attribute-based authentication; a benchmarking service and prepared product recall procedures
     
  • Enforcement: All this is done on basis of a Coordination and Execution Platform. Monitoring of supply chain activities and automatic checks for validity of the process execution according the conceptually modeled supply chain are two key features for achieving security. This is realized by the Coordination and Execution Platform, which receives status information and interchanged electronic documents of the supply chain partners, and compares the received as-is information to the modeled to-be situation in the specified models. This way, anomalies in the process execution , e. g. wrong transport routes taken, or invalid entries in interchanged electronic document, can be detected, which previously would not have been taken notice of.

    The software making up the Coordination and Execution Platform is created using a model-transformation based approach . That means, it is not manually programmed. Instead, a transformation-procedure is created which converts supply-chain models to the software that makes up the Coordination and Execution Platform. Because the Coordination and Execution Platform is not programmed in a traditional way, its software functionality can be predicted from the transformation procedure, and, once the transformation has been certified to deliver the desired software result according to a given supply-chain model as input, the resulting software can be trusted to correctly reflect the supply-chain model content in the resulting software. The risk of unwanted programming mistakes or intended malicious behaviour of software is reduced by this approach.

    RFID sensors are attached to pallets which measure e. g. temperature, light and acceleration. While fluctuations of single sensor values alone might not be dangerous, a pattern of fluctuations in a certain time-frame  might be a hint towards greater threats such as intoxication of foods. E. g., an attacker intending to intoxicate goods in a truck might need to first open the truck door (which will trigger the light and temperature sensor) and then to open a box on the pallet (which will trigger the acceleration sensor). The process of detecting such patterns in streams of separated sensor events is called Complex Event Processing (CEP). ReSCUeIT offers CEP facilities which are automatically configured during the model transformation based upon the supply chain process. An extension of the classical CEP feature which was introduced in the frame of ReSCUeIT is event patterns which include physical as well as logical events in order to detect cyber-physical threats. E.g.  an attacker might attack the supply chain by detouring foods to a warehouse containing goods with emitting toxic vapors. In such a case the physical RFID sensors alone cannot detect the contamination, but the collocation of incompatible goods in terms of mutual contamination needs to be detected.

  • Secure Logging: Usual log files, even encrypted ones, do not offer facilities to protect their content against attacks such as removal of log entries, reordering of log entries, or inserting new log entries. Therefore, usual log files are not secure by means of IT forensics. Secure logging aims at providing facilities which protect log files against the aforementioned attacks and thus form the base for audit trails where no repudiation is possible  for the single stakeholders. Decrypting and verifying the validity of the log entries is only possible for the ReSCUeIT platform which is therefore viewed as a Trusted Third Party (TTP) for all stakeholders. In order to complicate inserting new log entries by attackers at the end of the log file, all observed systems are obliged to periodically report to the TTP with their current number of log entries.
     
 

Role of University of Passau in ReSCUeIT

Our chair has lead the security workpackage and contributed the design and development of the integrity and authenticity mechanisms for ReSCUeIT. In particular:

  • Sanitizable signatures enable to verify the authenticity of signed documents even if trade secrets or personally identifying information have been removed. Thus, they allow sharing integrity protected supply chain documents with a verifiable origin, such as orders or lab-reports more freely among the partners of a supply chain. This exchange creates a more transparent supply-chain among the partners while respecting each partner’s individual privacy requirements (trade secrets / employee data protection regulations). Utilized to the full extend this would allow technically to identify all the ingredients of any product. This data in the hands of consumers increases confidence and allows identifying potentially risky products.
  • Sanitizable Signatures have extensively been researched in RESCUE IT with respect to their speed PDF , their applicability to the XML domain PDF and in particular their legal PDF implications PDF. This resulted in numerous adjustments of cryptographic properties to fulfil the high legal requirements for digital signatures of EU regulations to the highest possible extend allowing RESCUE IT participants to generate sanitizable signatures with a high value of legal evidence. All the methods have been cryptographically proven to be as strong as the underlying unforgeable signature scheme, i.e., RSA-PSS.

    We have implemented them all as Web Services allowing for an easy integration and flexible deployment. We build an individual prototype with a web-based GUI to showcase the generation of a classical signature on a purchase order PDF and we can also show the generation of a sanitizable signature on a report of a laboratory PDF, as well as the lifecycle management components PDF, in more detail.

  • We provide services for lifecycle management of authenticity and integrity statements. The generation of a signature over a document represents an endorsement of the signed contents by the signer. However, this happens at the time of signature generation. If at a later time the signer does not want to continue this endorsement he needs to recall the signature. In most cases he does not want to invalidate the whole signature but rather indicate that a certain signed value, which represent a produced physical good’s condition, i.e. frozenness, is no longer endorsed. This update is possible with ReSCUeIT, such that it allows the signer to ‘revoke’ his statement and allows others on verification of the signed document to query the current status of each endorsed value. ReSCUeIT calls them ‘certified property states’ and building upon existing standard technologies for certificate revocation ReSCUeIT offers a secure, verifiable and efficient state management and retrieval system . ReSCUeIT enhanced the standardized Online Certificate Status Protocol (OCSP) and facilitates X.509 compatible certificates to enable this functionality. Both technologies are reliable and secure, e.g. they are used in the Internet for SSL webserver certificates. All functions have been implemented as Web Services  and their interworking is best shown in our dedicated demonstrator web-based GUI . Additionally, the use of these services has been documented with code snippets in JAVA and as BPEL process models.
The ReSCUeIT consortium contained the following partners: SAP AG, REWE Informationssysteme, Universität zu Köln, Universität Siegen, Baam, Eisbär Eis GmbH and the University of Passau.

People involved

Research assistants

Students

Publications related to ReSCUeIT

  • C. Brzuska, H. C. Pöhls and K. Samelin. Efficient and Perfectly Unlinkable Sanitizable Signatures without Group Signatures. In Proc. of the 10th European Workshop: Public Key Infrastructures, Services and Applications (EuroPKI 2013), pages 12-30, Springer Berlin Heidelberg, 2013.  This is an preliminary version of the original publication. The original publication is available at springerlink.com. doi...  pdf...  bibtex ...
  • H. de Meer, H. C. Pöhls, J. Posegga and K. Samelin. Scope of Security Properties of Sanitizable Signatures Revisited. In Proc. of the 8th International Conference on Availability, Reliability and Security (ARES 2013), pages 188-197, IEEE, Sept, 2013.  This is an preliminary version of the original publication. The original publication is available at ieeexplore.ieee.org. doi...  pdf...  bibtex ...
  • H. C. Pöhls, S. Peters, K. Samelin, J. Posegga and H. de Meer. Malleable Signatures for Resource Constrained Platforms. In Information Security Theory and Practice. Security of Mobile and Cyber-Physical Systems (WISTP 2013), pages 18-33, Springer-Verlag, 2013.  This is an preliminary version of the original publication. doi...  pdf...  bibtex ...
  • H. C. Pöhls. Contingency Revisited: Secure Construction and Legal Implications of Verifiably Weak Integrity. In Trust Management VII (IFIP TM 2013), pages 136-150, Springer Berlin Heidelberg, 2013.  This is the preliminary version of the original publication. doi...  pdf...  bibtex ...
  • C. Brzuska, H. C. Pöhls and K. Samelin. Non-Interactive Public Accountability for Sanitizable Signatures. In Proc. of the 9th European PKI Workshop: Research and Applications (EuroPKI 2012), pages 178, Springer-Verlag, 2012.  This is an extended and revised version of the original publication. pdf...  bibtex ...
  • H. de Meer, M. Liedel, H. C. Pöhls, J. Posegga and K. Samelin. Indistinguishability of One-Way Accumulators. Technical Report of Faculty of Computer Science and Mathematics (FIM), University of Passau, Number MIP-1210, 2012. pdf...  bibtex ...
  • K. Samelin, H. C. Pöhls, J. Posegga and H. de Meer. Redactable vs. Sanitizable Signatures. Technical Report of Faculty of Computer Science and Mathematics (FIM), University of Passau, Number MIP-1208, 2012. bibtex ...
  • H. C. Pöhls, K. Samelin, J. Posegga and H. de Meer. Transparent Mergeable Redactable Signatures with Signer Commitment and Applications. Technical Report of Faculty of Computer Science and Mathematics (FIM), University of Passau, Number MIP-1206, August, 2012. pdf...  bibtex ...
  • H. C. Pöhls, K. Samelin, J. Posegga and H. de Meer. Length-Hiding Redactable Signatures from One-Way Accumulators in O(n). Technical Report of Faculty of Computer Science and Mathematics (FIM), University of Passau, Number MIP-1201, 2012. pdf...  bibtex ...
  • F. Höhne, H. C. Pöhls and K. Samelin. Rechtsfolgen editierbarer Signaturen. In Datenschutz und Datenrecht (DuD), Volume 36 (6): 485-491, Juni, 2012. pdf...  bibtex ...
  • H. C. Pöhls, K. Samelin, J. Posegga and H. de Meer. Flexible Redactable Signature Schemes for Trees --- Extended Security Model and Construction. In Proc. of the International Conference on Security and Cryptography (SECRYPT 2012), pages 113-125, SciTePress, 2012. pdf...  bibtex ...
  • H. C. Pöhls and F. Höhne. Sticky Signatures: Legal Advantages of Redactable Signatures and Credentials in the Food Supply Chain. In Proc. of the 5th Interdisciplinary Conference on Current Issues in IT Security 2012, Dunker & Humblot, Berlin, 2012. bibtex ...
  • K. Samelin, H. C. Pöhls, A. Bilzhause, J. Posegga and H. de Meer. On Structural Signatures for Tree Structured Data. In Proc. of the 10th International Conference on Applied Cryptography and Network Security (ACNS 2012), Springer, 2012.  This is an extended and revised version of the original publication. The original publication is available at www.springerlink.com doi...  pdf...  bibtex ...
  • K. Samelin, H. C. Pöhls, A. Bilzhause, J. Posegga and H. de Meer. Redactable Signatures for Independent Removal of Structure and Content. In Proc. of the 8th International Conference on Information Security Practice and Experience (ISPEC 2012), Springer, April, 2012. pdf...  bibtex ...
  • H. C. Pöhls and F. Höhne. The Role of Data Integrity in EU Digital Signature Legislation - Achieving Statutory Trust for Sanitizable Signature Schemes. In Proc. of 7th International Workshop on Security and Trust Management (STM 2011), pages 175-192, Springer, June, 2012. pdf...  bibtex ...
  • H. C. Pöhls, A. Bilzhause, K. Samelin and J. Posegga. Sanitizable Signed Privacy Preferences for Social Networks. In Proc. of GI Workshop on Privacy and Identity Management for Communities - Communities for Privacy and Identity Management (DICCDI 2011), GI, October, 2011. pdf...  bibtex ...
  • H. C. Pöhls, K. Samelin and J. Posegga. Sanitizable Signatures in XML Signature - Performance, Mixing Properties, and Revisiting the Property of Transparency. In Proc. of 9th International Conference on Applied Cryptography and Network Security (ACNS 2011), Springer, June, 2011. pdf...  bibtex ...
  • H. C. Pöhls. Why Showing one TLS Certificate is not enough? Towards a Browser Feedback for Multiple TLS Certificate Verifications. In Proc. of GI Sicherheit 2010 - Gesellschaft für Informatik, GI, October, 2010. pdf...  bibtex ...
  • F. Höhne and H. C. Pöhls. Staatliche Schutzpflichten für die IT-Infrastruktur. In Proc. of D-A-CH Security 2010, September, 2010. bibtex ...
  • F. Höhne and H. C. Pöhls. Grund und Grenzen staatlicher Schutzpflichten für die IT-Infrastruktur. In Tagungsband der 11. Herbstakademie der Deutschen Stiftung für Recht und Informatik (DSRI): Digitale Evolution - Herausforderungen für das Informations- und Medienrecht, OlWIR Oldenburger Verlag für Wirtschaft, Informatik und Recht, September, 2010. bibtex ...
  • R. Herkenhöner, M. Jensen, H. C. Pöhls and H. de Meer. Towards Automated Processing of the Right of Access in Inter-Organizational Web Service Compositions. In IEEE 2010 International Workshop on WebService and Business Process Security (WSBPS 2010), IEEE, Juli, 2010. doi...  pdf...  bibtex ...
  Impressum Last modified: 24/02/2015 - 18:13:30 by hcp  Seitenanfang