The major emphasis of this study is to minimize the information security risks and enhance information traceability in the e-commerce supply chain logistics. The manufacturer, wholesaler, and retailer in the SCLM system integrate dynamic IoT technology to provide comprehensive details namely quality, quantity, cost, and time of receiving. The data acquired by the IoT monitoring module is sent to the blockchain for storage. The smart contract module including functions namely get_supply_data(), get_manufacture_data(), get_wholesale_data(), get_retail_data(), and get_customer_data() is employed to activate data processing in blockchain. The data is encrypted using ILAES before storage in the blockchain. The block is created and validated using the PoLIS consensus algorithm and added to the blockchain. Figure 2 provides the overall flow of the proposed work.
a) IoT monitoring module
The E-commerce supply chain logistics system is comprised of raw material suppliers, manufacturers, retailers, and consumers. IoT monitoring module is present at the warehouses in the manufacturing site and retailer site. The IoT module is made up of a variety of data collection devices, including Radio Frequency Identification (RFID), GPS, sensors, and the networks that connect them. One of the most recent technological advancements in SCLM is the IoT. IoT is an infrastructure that allows items such as automobiles and building structures to gather and share data. An RFID scanner reads or writes data held in so-called RFID tags using radio waves, which is a means for automatically identifying items. Figure 3 illustrates the overall framework of SCLM using IoT and BT.
i) When the product manufacturing site places a purchase order to the raw material supplier through e-commerce websites, the supplier takes the order. Each package of raw materials will be tagged with an RFID tag with a unique code after packing is complete. The raw materials are transported to the manufacturer by transport trucks once the firm has paid the supplier. Transport trucks and warehouses are equipped with RFID readers. It will be immediately recognized when the RFID-tagged items arrive in the storage channel (material ID, material quantity, and price). There is a lot of labor saved and inventory consistency is improved by employing label information to finish the warehouse operation.
ii) Each package of manufactured items will be marked with a unique RFID tag with a code at the end of manufacturing by the producer. When the wholesaler places a purchase order to the manufacturer through e-commerce websites, the manufacturer takes the order. After payment is done by the wholesaler, the manufacturer sends the products to the wholesaler through transport vehicles. As soon as RFID-tagged items arrive at the wholesaler site, the warehouse's RFID readers will instantly recognize and locate the products' RFID tags (product ID, product quantity, and price). A similar process takes place between wholesalers and retailers.
c) Smart Contract module
In a smart contract, built-in software is used to automatically perform activities when specified conditions occur. A smart contract may be thought of as a computer program that can operate on its own in a blockchain. The smart contract is triggered and automatically performed when the requirements defined by the program are satisfied, accomplishing several tasks including data processing and management. The functions involved in the smart contract module in SCLM are described below.
The raw material provider node calls get_Supply_data() to record the material ID and description in the blockchain.
Get_Manufacturing_data(): Each box of goods has a unique product ID, as well as information about its manufacturer, supplier, and manufacturing date and batch. The Get_Manufacturing_data() method is executed by the product manufacturer node and is capable of publishing this information into the blockchain.
Get_Wholesale_data(): It is the product wholesaler node's responsibility to use Get Wholesale data() to save product IDs, product specifics, manufacturer details, wholesaler details, and purchase details on the blockchain.
Get_Retail_data(): It is triggered by retail shop nodes. After the box of products is acquired by retailers the system retrieves the unique number of each box of items and records the purchasing time, location, cost, and other information into the blockchain.
Get_consumer_data(): It is the consumer node that calls this function to scan the QR code on the packing box of items using a Smartphone to receive all the product details.
c) Data Encryption using Improved Logistic Advanced Encryption Standard (ILAES)
Other firms or node owners can get data from the consortium blockchain while it is being sent and stored by each member node. When it comes to the same kind of products, producers A and B would naturally like to keep their source, destination, and other business information private. This is the case with them both being in the same industry. Data encryption with ILAES is used to protect the confidentiality of network transactions to address the problem of data privacy. To ensure that only the people involved in the transaction can access the information, each box of goods is encrypted with a suitable key using ILAES.
There are two sets of 256-bit data and keys in ILAES. It's a symmetric block cipher, so that's why it's called that. To encrypt and decrypt data, both the sender and the recipient must use the same key. Bytes are processed in this method, and the cipher text that is generated is the result of this process. Figure 4 provides the steps involved in ILAES encryption. It consists of sixteen rounds of byte processing. The bytes in the data are mapped logistically into a state array. In each round, different functions are used to modify the bytes in the product/material data. The different functions used in ILAES are Sub_Bytes(), Shift_Row(), Mix_Column(), and Add_Round_key(). But in the last round of ILAES, all functions except Mix_Column() are executed.
i) Sub_Bytes()
Sub_Bytes() implements the substitution process in the state array. A 16 by 16 matrix of bytes known as an S-box is all that is required for its output. Each byte of the state array is translated into a new array by substituting its actual bytes with other new bytes.
ii) Shift_Row()
Shift_Row() function executes the cyclic shifting of rows. The moving of rows in this manner is done in a clockwise direction to the left. When a row is shifted, it is shifted by one byte, two bytes, and so on, depending on the number of rows that have been shifted. The first row will not be altered in any way. To make the system more secure, this transformation is usually performed on the matrix, which is composed of rows and columns.
iii) Mix_Column()
Most of the time, this process is done one column at a time. It is at this stage that all four bytes of each column are combined to produce a new value for each byte in the column. This transformation may be defined by multiplying the State array's matrices together. As a consequence, the total of the products of the values in each row and column is equal to the value of each element in the product matrix.
iv) Add_Round_Key()
The state is bitwise XORed with the 128-bit round key in this example. Column-wise operation is used here, although byte-level action may be conducted between the four bytes of the status column and a single word of the round key.
The encrypted logistic information at each node in the supply chain is sent for block creation. In the end, the members of the IoT-blockchain network will be distributed with the encrypted key. When a member of supply chain logistics requires details regarding the product, the member can use the ILAES symmetric key to decrypt the data into original data. The decryption process using ILAES is similar to the ILAES encryption process but the functions used in decryption are inverse to the encryption functions. The functions used in ILAES decryption are Inv_Sub_Bytes(), Inv_Shift_Row(), Inv_Mix_Column(), and Inv_Add_Round_Key(). Inv_Sub_Bytes() applied inverse S-box lookup table for inverse substitution. Using Inv_Shift_Row(), rows are cyclically moved to the right, making this transformation the inverse of the forward shift row transformation. Even in this case, the first row remains unchanged, the second row is moved one byte to the right, the third row is moved two bytes to the right, the fourth row is moved three bytes to the right, and so on. The amount of shifting that occurs depends on the matrix that is being used. To multiply the whole state array by a pre-defined matrix, known as the inverse polynomial matrix, the Inv_Mix_Column() is used. Inv_Add_Round_Key() used the XOR technique between the cipher text and the extended key that corresponds to that specific iteration. The sixteen rounds of the decryption process using ILAES convert the cipher text into plain text which can be read by the requested member of supply chain logistics.
d) Block Validation using PoLIS protocol
The encrypted logistics information is stored in the new block. Data recordings known as blocks are connected and safeguarded in the blockchain, a peer-to-peer decentralized or distributed database. All nodes in the decentralized network are notified of new data that has been added to the block. Blocks in the blockchain include two components, known as header blocks and transaction sections. The nonce, timestamp, hash value of the block to which it is previously linked, and version are usually included in the block header.
After data block creation, the PoLIS consensus protocol is employed in this work to validate the newly created data block. The pseudocode of PoLIS is provided in algorithm 1. The steps involved in block validation using PoLIS are as follows. Initially, the honest or trusted nodes are selected for block validation based on the honest index. The honest index for each node participating in the data validation process is calculated. To participate in block validation, a node must have an honest index that is larger than or equal to the allocated threshold index. Otherwise, the node will be excluded from the block validation process, which is used to sort out fraudulent nodes. Thus the honest nodes for block validation are selected. Then the transaction to be validated is sent to these selected honest nodes. The selected honest nodes crosscheck the transactions and provide votes. The vote is assigned one if it is correct or zero if it is incorrect. The total correct votes are counted for each transaction. Following this, adaptive weight is determined for each transaction depending on the total correct votes. If the transaction's adaptive weight is greater than the assigned threshold weight, then the transaction is valid and added to the existing blockchain. If the transaction’s adaptive weight is lesser than the assigned threshold weight, then the transaction is invalid and not added to the existing blockchain. Thus the valid transactions are attached to the overall blockchain.
Algorithm 1 Proof of Logistic Information Share (PoLIS) protocol
Initialize the nodes (g1, g2, …, gn) for validation of the new block
Assume the threshold value of the honest index as HITh and of the transaction's adaptive weight as AWTh
For each validating node (gi)
Determine the Honest_Index
If Honest_Index \(\ge\)HITh
Allow gi in block validation
Else
Reject gi
Assume each transaction’s adaptive weight to 0
Let the transactions arrive be (T1, T2, … Tj}
Count the votings for each transaction
Determine the adaptive weight of transaction depending on valid miner's vote
If the transaction’s adaptive weight after voting > AWTh
The transaction is valid
Else
The transaction is invalid
Determine each miner’s lost weight ratio (LWR)
$$LWR=1-\left(\frac{NumberofCorrectvotes}{TotalNumberofvotes}\right)$$
Update miner’s honest index depending on LWR