Orchestrating product provenance story: When IOTA ecosystem meets electronics supply chain space

Trustworthy data is the fuel for ensuring transparent traceability, precise decision-making, and cogent coordination in the Supply Chain (SC) space. However, the disparate data silos act as a trade barrier in orchestrating the provenance of the product lifecycle; starting from the raw materials to end products available for customers. Besides product traceability, the legacy SCs face several other problems including data validation, data accessibility, security, and privacy issues. In this regard, Blockchain-an advanced Distributed Ledger Technology (DLT) works well to address these challenges by linking fragmented and siloed SC events in an immutable audit trail. However, the underlying challenges with blockchain such as scalability, inability to access off-line data, vulnerability to quantum attacks, and high transaction fees necessitate a new solution to overcome the inefficiencies of the current blockchain design. In this regard, IOTA (the third generation of DLT) leverages a Directed Acyclic Graph (DAG)-based data structure in contrast to linear data structure of blockchain to address such challenges and facilitate a scalable, quantum-resistant, and miner-free solution for the Internet of Things (IoT). After realizing the crucial requirement of traceability and considering the limitations of blockchain in SC, in this work, we propose a provenance-enabled framework for the Electronics Supply Chain (ESC) through a permissioned IOTA ledger. To that end, we construct a transparent product ledger based on trade event details along with time-stamped SC processes to identify operational disruptions or counterfeiting issues. We further exploit the Masked Authenticated Messaging (MAM) protocol provided by IOTA that allows the SC players to procure distributed information while keeping confidential trade flows, ensuring restrictions on data retrieval, and facilitating the integration of fine-grained or coarse-grained data accessibility. Our experimental results show that the time required to construct secure provenance data aggregated from multiple SC entities takes 3 s (on average) for a local node and 4 s for a remote node, which is justifiable. Furthermore, we perform experiments on Raspberry Pi 3B to verify that the estimated energy consumption at resource-constrained devices is tolerable while implementing the proposed scheme. (c) 2020 Elsevier B.V. All rights reserved.