Supply Chain Intelligence in Real Time

496
-1

Published on

Invited talk at Bayer BI Info Days, May 24, in Collogne.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
496
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Supply Chain Intelligence in Real Time

  1. 1. Supply Chain Intelligence in Real-time BI Info Days, Bayer Business Services May 24, 2012 Matthieu-P. Schapranow Hasso Plattner Institute Chair of Prof. Hasso Plattner
  2. 2. Agenda2 ■  Requirements of EPCglobal Networks ■  In-memory Building Blocks ■  Real-time Tracking and Tracing ■  Security Extensions for Reliable Exchange of Event Data Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012
  3. 3. European Pharmaceutical Industry Manufacturing3 Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012
  4. 4. European Pharmaceutical Industry Counterfeits4 Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012
  5. 5. European Pharmaceutical Industry Motivation5 ■  Increasing counterfeit rates in pharmaceutical industry ■  34 million fake drugs in only two months in Europe ■  Pharmaceuticals: 3rd place / 10% of all intercepted articles ■  Related work proposes Radio Frequency Identification (RFID) technology or data matrix for anti-counterfeiting □  RFID enables fine-grained tracking and tracing of each item □  Problem: Low-cost tags do not provide security mechanisms ■  EU: “Privacy by design” ■  BSI: “Minimize the use of personal data” Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012
  6. 6. European Pharmaceutical Industry Components for Anti-counterfeiting6 Supply Chain Participant R ■  Anti-counterfeiting service provider validates authenticity of concrete item Anti- R Discovery Counterfeiting for customers, e.g. in a pharmacy Service Provider Service R ■  EPC Discovery Service (EPCDS) supports identification of appropriate Electronic Product Code Information Services EPCIS EPCIS Repository (EPCIS) repository ■  EPCIS repository contains all event data R for handled products of a certain supply Middleware chain partner Reader tag Reader Tag RFID-enabled Company Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012
  7. 7. In-memory Building Blocks ● ● ● ● Read Event Read Event Verification Verification Repositories Repositories Services Services up to 8.000 read up to 8.000 read up to 2.000 up to 2.000 event notifications event notifications requests requests per second per second7 per second per second + Combined Minimal Any attribute Discovery Service column Discovery Service projections as index and row store Insert only Multi-core/ + for time travel Bulk load +++ parallelization SAP HANA SAP HANA P A Active/passive P A Lightweight A P data store Partitioning Compression Dynamic SQL Analytics on SQL interface multi- historical threading t on columns & data rows within nodes No aggregate Single and Reduction of x tables multi-tenancy x layers Object to +++ On-the-fly Text Retrieval extensibility relational T and Extraction mapping Map Group Key No disk reduce Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012
  8. 8. Real-time Tracking and Tracing In-Memory EPCDS8 ■  First EPCDS based on in-memory technology ■  Stores references to read events in distributed EPCIS repositories ■  Analyzes routes of products in real-time ■  Enables detection of counterfeits, e.g. at the checkout of the pharmacy Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012
  9. 9. Real-time Tracking and Tracing Architecture9 ● ● ●● ● ● Read Event Read Event Verification Verification Read Event Verification Bulk Loading Repositories Repositories Repositories Services Services Services up toto 8,000 read up 8.000 read upto 2.000 to 2,000 up to 2.000 Up to 50.000 records/s up to 8.000 read event notifications uprequests event notifications notifications eventper second requests requests persecond second per second per second per second per Discovery Service Discovery Service Discovery Service Compression 10 TB raw event data compressed to 600 GB (17:1) HANA SAP HANA SAP HANA SAP HANA Active vs. Passive Store A P PA A P Passive event data is transfered from main memory to SSDs for data retention Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012
  10. 10. Security Extensions Definitions10 ■  Specific security definitions for EPCglobal networks are missing Integrity Confidentiality Availability IT Security ■  IT Security := {confidentiality, integrity, availability} [4] ■  Confidentiality := prevent unauthorized reading of event data ■  Integrity := protect event data from being manipulated ■  Availability := provide access only to authorized parties Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012
  11. 11. Security Extensions Access Control11 ■  Problem: Granularity of protection, e.g. event- vs. attribute-level ■  Hypotheses: □  History-based access control while keeping the entire request history is feasible □  Validation of access rights is possible in real-time, i.e. <2s □  Real-time access control stops access to data immediately once data leakage was detected □  Bivalent vs. continuous control of access Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012
  12. 12. Security Extensions Attack Scenarios12 Inside the Supply Chain Transition Zone Competitor Customer Supplier Supplier Manufacturer Wholesaler Retailer Outside the Supply Chain Counterfeiter Attacker ■  Inside the Supply Chain: controllable by supply chain participants ■  Outside the Supply Chain: vulnerable environment ■  Transition Zone: customer’s risk Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012
  13. 13. Security Extensions Continuous Control of Access13 ■  Access is controlled on inquirer basis ■  Event data is transparently filtered ■  Existing applications can consume data without modifications, e.g. FOSSTRAK query client ■  Builds on in-memory ported FOSSTRAK architecture Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012
  14. 14. Security Extensions Architecture Internet14 R R EPCIS of Event ACC ACS Supply Chain ■  Access Control Server (ACS): Party B Repository □  Logs inquirer and their R associated queries R TRS □  Analyzes query history, Inquirer A □  Retrieves event data from EPCIS repository, and □  Derives inquirer-specific access rights ■  Access Control Client (ACC): □  Guarantees integrity of exchange data □  Filters event data and enforces access rights from ACS ■  Trust Relationship Server (TRS): □  Store penalty for bad business behavior □  Provides initial scoring for unknown inquirers Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012
  15. 15. Security Extensions Authentication X.509 Cert A:15 Issuer: CN=HBAC-CA, ACC of Inquirer A Subject: CN=Inquirer A, Subject Public Key Info, R Validity X.509 Cert CA: X509v3 Basic Constraints: CA:TRUE, Issuer: CN=HBAC-CA, Subject: CN=HBAC-CA, CA CRL SSL Subject Public Key Info, Validity R X.509 Cert B: ACS of Issuer: CN=HBAC-CA, Manufacturer B Subject: CN=Manufacturer B, Subject Public Key Info, Validity ■  Public Key Infrastructure (PKI) is feasible to handle authentication requirement for pharmaceutical supply chains ■  Unique X.509 certificates of a trusted Certificate Authority (CA) per inquirer enable identification of inquirers and attack paths Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012
  16. 16. Security Extensions History-based Access Control (HBAC)16 ■  Role-based Access Control (RBAC): assigned to □  Inquirers are assigned to roles * * * □  Allowed actions are assigned ROLE RULE * * to roles instead of individual inquirers groups assigned to consists of ■  Rule-based Access Control (RuBAC): * * □  Rules consist of predicates USER 1 * ACL HISTORY □  Predicates can be obtained from 1 * 1 various sensors, e.g. IP address, belongs time, location, etc. used for linked to to enc. ■  HBAC * * * IDENTITY KEY * consists REQUEST □  Combines RBAC and RuBAC of * * RBAC RuBAC □  Enables continuous control performs [declined, granted] instead of bivalent {declined, granted} Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012
  17. 17. Security Extensions Trust Relationship Server17 Internet Internet R R Local Global Global Local ACC Scoring Scoring Scoring Scoring Engine Engine Engine Engine R ACS R Inquirer Data, Authorized Behavioral List of TRSs TRS Rules TRSs Inquirer Data TRS TRS Inquirer A Manufacturer B Known Business Partner ■  Local Scoring Engine: Contains rules for calculating specific trust score based on input from inquirer data ■  Global Scoring Engine: List of known TRSs to retrieve initial trust information about unknown inquirers Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012
  18. 18. Security Extensions In-memory Building Blocks18 ■  Combined Column and Row Store as foundation for Insert-Only and Partitioning ■  Insert-Only to keep complete query history ■  Lightweight Compression to reduce storage requirements and improve hardware usage ■  Partitioning as scalability factor and for aging ■  Multi-core/Parallelization to met response time requirements ■  Active/Passive Data Store to enable data retention management ■  Reduction of Layers to improve maintainability Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012
  19. 19. Thank you for your interest! Keep in contact with us.19 Matthieu-P. Schapranow, M.Sc. schapranow@hpi.uni-potsdam.de http://j.mp/schapranow Hasso Plattner Institute Enterprise Platform & Integration Concepts Matthieu-P. Schapranow August-Bebel-Str. 88 14482 Potsdam, Germany Real-time Sec. Ext. for EPCglobal Networks, Bayer BI Info Days, M. Schapranow, May 24, 2012
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×