Invited talk at Bayer BI Info Days, May 24, in Collogne.

1. Supply Chain Intelligence in Real-time
BI Info Days, Bayer Business Services
May 24, 2012
Matthieu-P. Schapranow
Hasso Plattner Institute
Chair of Prof. Hasso Plattner

2. Agenda
2
■ Requirements of EPCglobal Networks
■ In-memory Building Blocks
■ Real-time Tracking and Tracing
■ Security Extensions for Reliable Exchange of Event Data
Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012

3. European Pharmaceutical Industry
Manufacturing
3
Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012

4. European Pharmaceutical Industry
Counterfeits
4
Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012

5. European Pharmaceutical Industry
Motivation
5
■ Increasing counterfeit rates in pharmaceutical industry
■ 34 million fake drugs in only two months in Europe
■ Pharmaceuticals: 3rd place / 10% of all intercepted articles
■ Related work proposes Radio Frequency Identification (RFID)
technology or data matrix for anti-counterfeiting
□ RFID enables fine-grained tracking and tracing of each item
□ Problem: Low-cost tags do not provide security mechanisms
■ EU: “Privacy by design”
■ BSI: “Minimize the use of personal data”
Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012

6. European Pharmaceutical Industry
Components for Anti-counterfeiting
6 Supply Chain
Participant
R
■ Anti-counterfeiting service provider
validates authenticity of concrete item Anti- R
Discovery
Counterfeiting
for customers, e.g. in a pharmacy Service Provider
Service
R
■ EPC Discovery Service (EPCDS) supports
identification of appropriate Electronic
Product Code Information Services EPCIS
EPCIS
Repository
(EPCIS) repository
■ EPCIS repository contains all event data
R
for handled products of a certain supply Middleware
chain partner
Reader tag
Reader Tag
RFID-enabled Company
Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012

7. In-memory Building Blocks
●
●
●
●
Read Event
Read Event Verification
Verification
Repositories
Repositories Services
Services
up to 8.000 read
up to 8.000 read up to 2.000
up to 2.000
event notifications
event notifications requests
requests
per second per second
7
per second per second
+ Combined Minimal Any attribute
Discovery Service
column
Discovery Service
projections as index
and row store
Insert only
Multi-core/
+ for time travel Bulk load
+++ parallelization
SAP HANA
SAP HANA
P A
Active/passive P A
Lightweight
A P data store Partitioning
Compression
Dynamic SQL
Analytics on SQL interface
multi- historical
threading t on columns &
data rows
within nodes
No aggregate Single and Reduction of
x
tables multi-tenancy
x
layers
Object to
+++ On-the-fly Text Retrieval
extensibility
relational T and Extraction
mapping
Map Group Key No disk
reduce
Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012

8. Real-time Tracking and Tracing
In-Memory EPCDS
8
■ First EPCDS based on in-memory technology
■ Stores references to read events in
distributed EPCIS repositories
■ Analyzes routes of products in real-time
■ Enables detection of counterfeits, e.g.
at the checkout of the pharmacy
Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012

9. Real-time Tracking and Tracing
Architecture
9
●
● ●●
●
●
Read Event
Read Event Verification
Verification
Read Event Verification
Bulk Loading Repositories
Repositories
Repositories
Services
Services
Services
up toto 8,000 read
up 8.000 read upto 2.000
to 2,000
up to 2.000
Up to 50.000 records/s up to 8.000 read
event notifications
uprequests
event notifications
notifications
eventper second requests
requests
persecond
second
per second
per second per second
per
Discovery Service
Discovery Service
Discovery Service
Compression
10 TB raw event data compressed to 600 GB (17:1)
HANA
SAP HANA
SAP HANA
SAP HANA
Active vs. Passive Store A
P
PA A
P
Passive event data is transfered from main
memory to SSDs for data retention
Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012

10. Security Extensions
Definitions
10
■ Specific security definitions for EPCglobal networks are missing
Integrity
Confidentiality Availability
IT Security
■ IT Security := {confidentiality, integrity, availability} [4]
■ Confidentiality := prevent unauthorized reading of event data
■ Integrity := protect event data from being manipulated
■ Availability := provide access only to authorized parties
Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012

11. Security Extensions
Access Control
11
■ Problem: Granularity of protection, e.g. event- vs. attribute-level
■ Hypotheses:
□ History-based access control while keeping the entire request
history is feasible
□ Validation of access rights is possible in real-time, i.e. <2s
□ Real-time access control stops access to data immediately
once data leakage was detected
□ Bivalent vs. continuous control of access
Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012

12. Security Extensions
Attack Scenarios
12 Inside the Supply Chain Transition
Zone
Competitor
Customer
Supplier
Supplier Manufacturer Wholesaler Retailer
Outside the Supply Chain Counterfeiter Attacker
■ Inside the Supply Chain: controllable by supply chain participants
■ Outside the Supply Chain: vulnerable environment
■ Transition Zone: customer’s risk
Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012

13. Security Extensions
Continuous Control of Access
13
■ Access is controlled on
inquirer basis
■ Event data is
transparently filtered
■ Existing applications
can consume data
without modifications,
e.g. FOSSTRAK
query client
■ Builds on in-memory ported FOSSTRAK architecture
Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012

14. Security Extensions
Architecture
Internet
14
R R EPCIS of
Event
ACC ACS Supply Chain
■ Access Control Server (ACS): Party B
Repository
□ Logs inquirer and their R
associated queries R
TRS
□ Analyzes query history, Inquirer A
□ Retrieves event data from EPCIS repository, and
□ Derives inquirer-specific access rights
■ Access Control Client (ACC):
□ Guarantees integrity of exchange data
□ Filters event data and enforces access rights from ACS
■ Trust Relationship Server (TRS):
□ Store penalty for bad business behavior
□ Provides initial scoring for unknown inquirers
Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012

15. Security Extensions
Authentication
X.509 Cert A:
15 Issuer: CN=HBAC-CA,
ACC of
Inquirer A Subject: CN=Inquirer A,
Subject Public Key Info,
R Validity
X.509 Cert CA:
X509v3 Basic Constraints: CA:TRUE,
Issuer: CN=HBAC-CA,
Subject: CN=HBAC-CA, CA CRL SSL
Subject Public Key Info,
Validity
R X.509 Cert B:
ACS of Issuer: CN=HBAC-CA,
Manufacturer B Subject: CN=Manufacturer B,
Subject Public Key Info,
Validity
■ Public Key Infrastructure (PKI) is feasible to handle authentication
requirement for pharmaceutical supply chains
■ Unique X.509 certificates of a trusted Certificate Authority (CA)
per inquirer enable identification of inquirers and attack paths
Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012

16. Security Extensions
History-based Access Control (HBAC)
16 ■ Role-based Access Control (RBAC):
assigned
to
□ Inquirers are assigned to roles * *
*
□ Allowed actions are assigned
ROLE RULE
* *
to roles instead of individual
inquirers groups
assigned
to
consists
of
■ Rule-based Access Control (RuBAC):
* *
□ Rules consist of predicates USER
1 *
ACL HISTORY
□ Predicates can be obtained from 1 * 1
various sensors, e.g. IP address,
belongs
time, location, etc. used for linked to
to
enc.
■ HBAC * * *
IDENTITY KEY * consists
REQUEST
□ Combines RBAC and RuBAC
of
* *
RBAC
RuBAC
□ Enables continuous control performs
[declined, granted] instead of bivalent {declined, granted}
Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012

17. Security Extensions
Trust Relationship Server
17 Internet Internet
R
R
Local Global Global Local
ACC Scoring Scoring Scoring Scoring
Engine Engine Engine Engine
R
ACS
R
Inquirer Data, Authorized Behavioral
List of TRSs
TRS Rules TRSs Inquirer Data
TRS TRS
Inquirer A Manufacturer B Known Business Partner
■ Local Scoring Engine: Contains rules for calculating specific trust
score based on input from inquirer data
■ Global Scoring Engine: List of known TRSs to retrieve initial trust
information about unknown inquirers
Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012

18. Security Extensions
In-memory Building Blocks
18
■ Combined Column and Row Store as foundation for Insert-Only
and Partitioning
■ Insert-Only to keep complete query history
■ Lightweight Compression to reduce storage requirements and
improve hardware usage
■ Partitioning as scalability factor and for aging
■ Multi-core/Parallelization to met response time requirements
■ Active/Passive Data Store to enable data retention
management
■ Reduction of Layers to improve maintainability
Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012

19. Thank you for your interest!
Keep in contact with us.
19
Matthieu-P. Schapranow, M.Sc.
schapranow@hpi.uni-potsdam.de
http://j.mp/schapranow
Hasso Plattner Institute
Enterprise Platform & Integration Concepts
Matthieu-P. Schapranow
August-Bebel-Str. 88
14482 Potsdam, Germany
Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012