Idenx: A Blockchain-based Identity Management System for Supply Chain Attacks Mitigation in Smart Grids

摘要

As supply chain attacks such as forged certificates and modified software updates to smart grid remain a major challenge, blockchain has emerged as an attractive solution for enabling supply chain security due to its transparent, immutability, and decentralisation characteristics. These attacks, which focus on compromising smart grid components and services, can have a cascading effect on smart grid operations. A large number of interdependencies between the components and services and reliance on trusted third parties hinders the ability to safely and securely identify and authenticate the components and services. We propose Idenx, a blockchain-based identity management system for mitigating supply chain attacks. Idenx uses the Elliptic Curve Digital Signature Algorithm (ECDSA) to construct the identity of every component or service and further uses a Secure Pseudo-Random Function (PRF) with the identity to derive an attribute identifier for the component or service. Our approach for identifying and authenticating a component is based on Idenx smart contracts that facilitate supply chain security agreements without trusted third parties. We presented the security analysis of Idenx and the results show that it is resilient to supply chain attacks. Furthermore, we implemented a prototype of Idenx on Ethereum blockchain and evaluated it with respect to two real-world smart grid supply chain attacks.