A new blockchain tool developed by a researcher at the University of Waterloo, Canada, and a collaborator at Airbus in Germany could make procurement of goods and services safer and more impartial.
The tool called Strain, a blockchain auction protocol that allows for safer and more secure bidding on contracts with companies, makes the online auction more difficult to hack or manipulate than conventional methods.
“The goal is to have something that is traceable, cannot be tampered with in any way, and is confidential except for absolutely necessary information that needs to be revealed,” said Florian Kerschbaum, a computer science professor and director of the Cybersecurity and Privacy Institute at the University of Waterloo. “While blockchain can provide a strong audit trail, it is slow and generally shares too much information.”
The researchers understood that the protocol needed to be fast and secure at the same time. Currently, blockchain message exchange can take up to an hour to correctly settle for consistency and to handle competing lines.
Protocols are not tuned for blockchain in auction situations, in general. In contrast, the new auction protocol Strain requires only four blocks: a commitment of a bid, a computation of the winner, a verification, and finally an opening of the winning bid. Strain protects the confidentiality of the bid against malicious parties using zero-knowledge proofs. This means that it reveals only that the computation is complete, but not the inputs or computational steps. It even offers an extension that would allow a vendor to participate in two auctions without revealing that they are the same bidder.
Ukraine is an example of a country that is using blockchain technology to hold auctions in a way that addresses concerns of nepotism and corruption.
Moving forward, Kerschbaum and his collaborator Erik-Oliver Blass at Airbus, would first like to further the performance and security of the protocol. They would also like to see if they can extend this to an open group of vendors as it has only been tested with a closed group.
The paper, Strain: A Secure Auction for Blockchains, appeared in the proceedings of the 23rd European Symposium on Research in Computer Security.
Brand protection and consumer connection company YPB Systems has joined GS1 Australia’s Alliance Partner Program as a Strategic Alliance Partner to combat counterfeiting.
GS1 is a not-for-profit organisation that provides GS1 standards and services to improve the efficiency, safety and visibility of supply chains across physical and digital channels in 25 sectors.
The YPB platform enables clients to protect their brands and vital documents from the risks of counterfeiting, product diversion and theft, while providing tools to connect directly with their customers.
CEO and executive chairman at YPB Group Ltd John Houston said: “Becoming a Strategic Alliance Partner signifies our commitment to GS1 compliance and alignment with GS1 initiatives across multiple industries. We are looking forward to bringing certainty of authenticity to brands to GS1 members in the Australian marketplace through our leading brand protection and customer engagement solutions.”
YPB works in partnership with customers to create and tailor security products to protect their brands against counterfeiting, preserve the integrity of products to verify its authenticity through the supply chain, and connect them with their customers to safeguard them from counterfeit products.
GS1 Australia’s manager – business development and partnerships Sean Sloan said: “YPB’s announcement to sign-up as a Strategic Alliance Partner is a significant local commitment to GS1 standards in association with its anti-counterfeiting technology. Brand protection is, now more than ever, a paramount issue, and any company that supports brands in this space is a welcome addition to the GS1 Alliance Partner Program.”
YPB customised security caters for governments, financial institutions and brands, preventing forgery, counterfeit and even theft.
“We look forward to working in partnership with YPB in the Australian marketplace, given their expertise in protecting brands using GS1 standards,” added Mr Sloan.
Aqualuma, expert in LED lighting solutions for commercial and marine applications, will exhibit at MEGATRANS2018 – a new trade show focusing on the national and international supply chain.
The business specialises in a range of LED products for the wider industrial sector, including for warehouses, cold stores and exterior applications to name a few.
Logistic and supply chain company DP World Australia, the Australian branch of DB Schenker and a major carrier company have partnered on a consortium backed by blockchain technology from blockchain start-up TBSx3.
The participants intend to use blockchain architecture developed by Australia-based TBSx3 to combat the global counterfeit goods industry, protect global supply chains and help companies restore consumer trust in supply chains.
The alliance tested and utilised technology developed by TBSx3 in Q2 2017 to complete a large global blockchain trial, which tracked the distribution of wines from Coonawarra, South Australia to the port of Qingdao in northeastern China and was verified by professional services firm KPMG.
The trial used TBSx3’s blockchain logistics platform, which aims to defeat the threats of counterfeits through three layers of protection: cryptographic certainty, logistics tracking backed by artificial intelligence and the immutability of blockchain technology.
“Blockchain technology opens new possibilities for industry co-operation,” said Pieter Vandevelde, Chief Revenue Officer, TBSx3. “Our aim with forming this alliance is to reignite trust in every link in the supply chain and create a more transparent, ethical ecosystem of international trade.
“We are willing to do business with anyone serious about ridding the world of fake products and protecting consumer trust.”
Paul Scurrah, CEO of DP World Australia, noted: “I knew it was a great opportunity for DP World to become engaged in a new era of industry collaboration. The scale of the fake goods problem is staggering and our company is eager to work with TBSx3 and our industry partners to provide a lasting solution.”
Charlie Mcdonald, Chief Information Officer, DB Schenker, added, “Data security is the core to modern business risk management and we are excited by blockchain’s potential in this area. The concept of protecting that data through a distributed ledger system holds great promise.”
In early November, e-commerce company Amazon launched Amazon Key, an in-home delivery service enabling online shoppers to receive goods when not at home.
Amazon Key offers US members of Amazon’s premium Prime service free in-home delivery after installation of the Amazon Key kit, which includes the Amazon Cloud Cam to record entries and a range of lock systems.
After selecting the ‘in-home’ delivery option when shopping, Prime members can follow the order with real-time notifications, watch the delivery happening live via the Cloud Cam and later review the delivery.
“Amazon Key gives customers peace of mind knowing their orders have been safely delivered to their homes and are waiting for them when they walk through their doors,” said Peter Larsen, Vice President – Delivery Technology, Amazon. “Now, Prime members can select in-home delivery and conveniently see their packages being delivered right from their mobile phones.”
The technology doesn’t replace a key with a digital passcode, instead each time a delivery driver requests access to a customer’s home, Amazon verifies that the correct driver is at the right address, at the intended time, through an encrypted authentication process. Once this process is successfully completed, Amazon Cloud Cam starts recording and the door is then unlocked. Deliveries are also covered by Amazon’s Happiness Guarantee.
Amazon Key will also offer an option for residents keen to allow access to their property to friends and service providers when not at home.
Amazon Key has initially been made available in 37 cities across the US.
DHL Global Forwarding (Australia) has been granted full accreditation by the Department of Immigration and Border Protection (DIBP) under the Australian Trusted Trader Program, with the signing of a formal agreement on 5 September, 2017.
DHL has been involved with the government program since the initial pilot commenced in 2015 and is the largest service provider to be granted entry into the scheme.
Australian Trusted Trader is a voluntary trade facilitation initiative recognising businesses with a secure supply chain and compliant trade practices that rewards accredited businesses with a range of trade facilitation benefits. Australian Trusted Trader further supports and facilitates the handling of clients’ international supply chains by service providers.
Within Australia’s Authorised Economic Operator (AEO) programme, Trusted Traders work to secure the international supply chain, while facilitating the movement of legitimate trade. Australia is the only AEO programme to grant accreditation to service providers.
“The Australian Border Force is pleased to welcome globally recognised service providers like DHL Global Forwarding to the Australian Trusted Trader program,” said Sneha Chatterjee, Chief Superintendent, Australian Border Force.
“Trusted Traders receive a range of benefits, one of which is a seat at the table with the Department of Immigration and Border Protection. This is a forum to discuss issues and initiatives that directly affect trade communities, and provides an opportunity to shape the future direction of policy and programmes.”
Tony Boll, CEO, DHL Global Forwarding South Pacific, added: “This accreditation is recognition of the commitment DHL has made to supply chain security, high compliance standards and display of best industry practices as set by the DIBP.
“Government-led programs such as this are incredibly important for our industry and we are proud to be awarded Trusted Trader status.”
This interview first appeared in the August/September 2017 issue of Logistics & Materials Handling.
For many years now, images captured by closed-circuit television (CCTV) systems, whether on public or private property, have been used to secure convictions, establish timelines, and identify suspects after crimes have been committed.
The technology’s main limitation until now has been the quality of the video and images produced: these have often been inferior to the point they cannot clearly establish a chain of events, or positively identify a suspect to the standards required in courts of law. The cameras themselves have essentially been ‘dumb’ recorders of events, unable to identify or signal a security breach or incident in real time.
CCTV technology has now evolved to an almost unrecognisable state, says Chris Pearson, Managing Director of security consultant and design firm Quorum Security.
“Most people have no idea how smart and powerful CCTV camera systems can be, especially when connected to access control/alarm systems,” he adds.
“Cameras nowadays come with video analytics (VA) software that can identify if people or vehicles are moving in the wrong direction, if a truck has exceeded the site’s speed limit or if persons have entered a restricted area, or breached a perimeter when the facility is closed. There’s software coming out now that can recognise if workers aren’t wearing their full PPE (personal protective equipment), or have products or items in their hands when leaving the production area, to deter pilfering and theft.”
Ross Head, Managing Director at security technology company nXient, says, “A human security guard can be in the wrong place when an incident occurs, or make errors of judgement – they might even be bribed to ‘look the other way’. Once you’ve installed modern cameras, they work 24/7, and don’t take coffee breaks or make mistakes.”
Chris adds, “Corporates have long seen security as a grudge purchase, but there really are good business cases now for investing in quality, well-designed systems – benefits include higher efficiency, increased safety and proof of due diligence. Although we’re a security company, we’re also about risk management and proving due diligence for our clients.” A cut above
Although both nXient and Quorum Security are consulting, design and installation companies that offer a range of security products, Mobotix is the brand of choice for intelligent digital cameras (called IP, for ‘Internet Protocol’) for both men.
“Mobotix cameras are tougher than a Russian tank,” says Chris. “They operate on Antarctic bases, in deserts in the Middle East, are strapped to the under-wing of fighter jets – they’re incredibly resilient, and can easily cope in the harshest cold-storage or logistics environments.”
Ross notes that the Mobotix cameras also boast protection from the elements.
“All Mobotix cameras have no moving parts, and Mobotix outdoor cameras are completely sealed against water and dust,” he says, adding that they also offer a great feature set – the latest IP technology and an “incredibly high” resolution for a CCTV camera, six megapixels.
When implementing security systems, companies often think that any camera system will do, Ross adds.
“People understand brands and their relative value in fashion, cars and so on, but they are brand blind in a business like ours – they don’t know the difference between Mobotix and anything else on the market,” he says. “All they see is the price, but the truth is that the capability and quality differences in CCTV systems can be astounding.”
It was thanks to a request from a Quorum client that Chris and Ross now offer a unique combined CCTV and access management system.
“Martin Brower, global logistics provider for restaurant chain McDonalds, wanted its Mobotix CCTV cameras to be able to communicate with the Hirsch access control system,” says Ross.
“nXient’s engineers wrote an integration between Mobotix’s in-built video management system (VMS) and the Hirsch Velocity software,” he adds. “This allows the system to act as an intelligent outlier, sending alerts to a monitoring team when it senses unauthorised presence or motion.
“Mobotix and Hirsch each have their own language, so we created a middle language, or ‘middleware’, to allow them to interacttogether.”
This integrated system has enabled deliveries and pickups at Martin Brower to be organised much like an airport runway – if a truck tries to gain entry too early or too late for its pre-designated time slot, entry can be delayed or denied – and the driver may need to negotiate a new time slot, enabling greater dock turnaround efficiencies for the logistics firm.
The importance of homework
Chris believes that the first thing any company should do when considering a CCTV and/or access control solution is work out its true wants, needs, and pain points.
“It’s important to establish why you need a new system: whether it’s for safety compliance reasons; standard security concerns such as break-ins, theft and pilfering; or the need to restrict and control access for staff, visitors, contractors and drivers around a site – there could be dozens of different reasons” he says. “Next, you need to get a licensed security consultant in to help you design a fit-for-purpose solution.”
Ross adds that many security firms with licensed security consultants will undertake a comprehensive site security audit and write a detailed report at no cost, or a minimal cost for large sites, which can then be credited back if the consultant wins the project to install the recommended systems.
“Get somebody in who knows the environment and issues in your industry well, and who’s installed a lot of systems for similar companies to yours. They’ll be better able to understand your current and future needs,” he notes. “Both Chris’ company and my own regularly provide telephone advice to enquirers free of charge.”
After handing over its list of issues and requirements, as well as ‘pain points’ to the consultant, Ross advises that companies start asking hard questions.
“What’s the warranty, and what back-up resources are provided?” Chris suggests. “Will the system be compatible with future models? Are replacement parts stocked locally? Can you give me a list of reference sites I can talk to?”
Ross adds, “When choosing, it’s vital to go for something adaptable, as your needs today may change in the future. A flexible, expandable, feature-rich solution will service you better when the threat level changes and your needs expand. Sometimes our clients want to scale up their existing security system, but the product they are using is inferior, perhaps it’s not IP66 (all-weather) or safety compliant, or it simply cannot connect to modern systems.”
Chris says, “The vast majority of our clients will double the size of their camera systems within four years of the initial installation. They originally only want surveillance in the distribution centre, for example, but after seeing the value and the capability of Mobotix cameras, they want it in the loading dock, the office, production areas, entry/exit points – everywhere.”
The differences between low-cost camera systems and reputable models can be significant, Chris believes. “For example, low-light functionality (lux rating) is often all-important for clients, as it reduces the need for lighting large areas at night. A low-cost product may offer a certain lux rating, with a 23° field of view and an effective visible range of 20m, whereas a high-quality product may have a lux rating that’s ten times more effective than the cheap option, along with a high-resolution, 360° view and a clear visual range up to 40m. Price-based decisions are often a false economy, as a client may need up to three or four times the number of cheaper cameras to do the same job.”
Technology in camera systems has now made them intelligent enough to require less storage than their predecessors, Ross adds. “Memory used to be expensive, and cameras quickly filled hard drives. Now, memory is cheaper – we recommend saving a minimum of 30 days’ storage of images, for which companies with quite large CCTV systems will only need a few terabytes.
“Also, modern cameras are smart enough to only send images to the server/storage device when it’s necessary, so the required bandwidth on a client’s network is much lower – yet they’re sentient enough, for example, to instantly capture images of the driver and the number plate if a truck comes into the camera’s field of view. As a result of that, searching the database for a specific incident is now faster and simpler.
Once you’ve found a reputable system that offers the functionality you require and obtained a quote, it’s time to get more, Chris advises. “You must get competitive quotes, as with any business expenditure,” he says. “There’s no need to rush into an agreement, but it’s critical to ensure that you’re being quoted on a like-for-like system. Don’t only look at price – check out the experience, skills and reputation of the bidding company, and take this information on board as well when you make a decision.”
When the new security system is installed and up and running, companies should nominate an appropriate staff member to take ownership of, and champion, the system, Chris says. “With training, he or she can have a good understanding of how the system works,” he adds. “If that employee moves, a new employee should be nominated and trained, so that the site always has skills to operate the system when a security breach or WHS (Workplace Health and Safety) incident occurs – and these events often come with a requirement to move quickly to secure the images for analysis and review.
“We’re only really now beginning to see security camera technology show its potential,” says Ross. “Fifteen or 20 years ago, the public was largely against CCTV, due to concerns about privacy intrusion. That perception has changed – people now view it as technology that helps solve crimes and keeps everyone safe. Today, more than 80 per cent of major crimes are solved with the aid of CCTV images.”
Chris adds, “Just like the computer industry, CCTV system prices will continue to decrease, while their power and efficiency increase. I think the next big technology change for this industry will be video analytics integrating with AI (artificial intelligence).
“Cameras will be more useful in a preventative sense, alerting us to potential danger before it happens.”
As an example, Chris says that ‘thermographic’ cameras – which can instantaneously detect minute temperature changes – are already being used as preventative tools. “They monitor the temperature of generators and other heat-generating machines in factories, and send an alert if a change is detected, signalling the need for maintenance and reducing costly breakdowns,” he says. “Also, they’re being used in cold stores, to tell whether incoming or outgoing product is even a fraction of a degree outside of the mandated temperature range.”
Ross concludes, “In the future, we’re going to see cameras used as a multi-purpose tool in almost every area of life – public safety, commerce and industry, healthcare, transport, retail environments and in homes or apartments – and these systems will not just record events, but also monitor situations and signal necessary changes or problems in real time. Exciting times lie ahead.”
In recent months, the WannaCry and Petya outbreaks caused widespread disruption and losses for businesses and public-sector bodies around the world, highlighting the vulnerable position of businesses when it comes to cyber security. Many are still failing to undertake urgently required remediation, experts have warned, and it is feared a new wave of targeted cyber crime is coming.
Experts at a security roundtable event in Sydney on 11 July agreed urgent action was required by Australian businesses of all sizes to ensure they were as prepared as possible before the next wave of attacks occurs.
“Business owners are understandably focused on the day-to-day challenges of running their business,” said David Cohen, Founder and Managing Director, SystemNet. “But unfortunately this means they are not paying sufficient attention to cyber security.
“Many might be aware of the risks, but have not considered the impact a ransomware attack could have on their operations. Effects could range from mild inconvenience to a data loss so significant it puts them out of business.”
Monica Schlesinger, Principal, Advisory Boards Group International, noted that the situation is not confined to small businesses, in fact many large organisations are also vulnerable to attack. She pointed to the most recent Petya attack that caused significant disruption for global firms such as advertising giant WPP, legal company DLA Piper and Danish shipping giant Maersk.
“Every business needs to have a clear strategy in place when it comes to cyber security, and formation of that strategy has to start at board level,” she said. “The strategy must take into account the evolving threat environment and clearly outline the steps that will be taken to minimise the risk of attack.”
Schlesinger said that, traditionally, IT challenges tended to not be well understood at board level, however the current environment had made cyber security an issue that required constant oversight by senior management.
“It needs to be seen as special risk,” she added. “When you suffer an attack it can happen very quickly and can destroy your company. It’s not a case of ‘if’ an attack will happen but ‘when’ and the board needs to be sure all required steps have been taken.”
Roundtable participants discussed the ramifications of the Notifiable Data Breaches Bill that will come into force in February 2018. The bill requires companies to report security breaches where there has been unauthorised access, disclosure or loss of personal information held by a company that is likely to result in ‘serious harm to any of the individuals to whom the information relates’.
“This means the impact of attacks can no longer be swept under the carpet,” said David Higgins, ANZ Country Manager, WatchGuard Technologies. “Senior management has to be aware of its responsibilities and realise that security can no longer simply be left to the IT team. They have to take a top-down approach.”
Although the recent ransomware attacks have served to increase awareness of the challenge, roundtable participants agreed more education was required for Australian business leaders. Many were still not taking basic steps such as deploying software patches that could significantly reduce their level of risk.
“There is also a need for ongoing education of staff around IT best practices,” said Cohen. “They must be aware of the risks associated with opening emails from unknown parties, visiting suspect websites and installing software from unknown sources.”
Higgins agreed, saying IT security was the responsibility of everyone in a business and all had a part to play in ensuring defences are as robust and effective as possible.
“Awareness and action has to extend from the managing director or board through to the most junior staff member,” he said. “By taking a holistic approach, businesses can ensure they have both the tools and behaviours in place that are needed to counter the threat.”
While ransomware has captured the bulk of attention when it comes to cyber crime, the panel speakers emphasised that there are other trends that should also be on the radar screens of Australian businesses. The trends include:
Evolving Attacks: Attackers do not remain stagnant and, as new technologies emerge, they evolve their tactics to be more effective. Ensuring robust security will involve monitoring a shifting target.
Authentication: One of the foremost tenants of security is trust, and trust is based on authentication. Unfortunately, the primary mechanism used for authentication – passwords – is no longer sufficient. New methods must be quickly found and put into use.
Everyone is a target: there is a misconception among small- and medium-sized businesses that, because they don’t have huge amounts of intellectual property, they won’t be attacked, but that’s a fallacy. Bad guys don’t always want to steal data, and in the case of a ransomware attack, they don’t want the data at all – they just want the victim to want it badly enough to pay to get it back. Everyone is a target.
“Cyber attacks are going to become more sophisticated and, unfortunately, more effective,” said Higgins. “By having a multi-layered defence strategy in place, applying patches and educating staff, businesses can be best placed to withstand the threats that will have to be faced in the future.”
Thousands of Australians servicing aviation, including freight forwarders and airport staff, will soon be subject to federal background checks, with new laws covering US-bound cargo coming into effect on 1 July 2017.
Since 2005, individuals working unescorted in airport security zones have been required to obtain and display Aviation Security Identification Cards (ASIC) as proof of having undergone a valid background check.
New Federal laws coming into effect on 1 July will require many new classifications of workers supporting the aviation industry – such as freight forwarders and known consigners – to possess higher level security ID, if operations involve US-bound air cargo.
Australian technology company Veritas has received Federal Government authorisation to provide ASICs for individuals supporting the aviation sector.
Stephen Inouye, Managing Director, Veritas, said, “This milestone enables Veritas to extend our technology-enabled security registration services from the maritime and offshore sectors to the aviation sector, thereby helping companies achieve compliance with minimal impacts to operations.”
Inouye noted that from July, only white ASIC holders will be permitted to handle and screen Australian cargo bound for the US.
“Veritas has the systems in place ready to assist thousands of airport staff and freight contractors who, potentially, now need to urgently undertake background checks in order to receive their white ASIC to make sure freight is on planes bound for the US in time,” he said.
“The Office of Transport Security – administered by the Federal Government’s Department of Infrastructure and Regional Development – has identified 11,000 companies which could be impacted. Many Australian employees, particularly of logistics companies and transport operators, may now need white ASIC cards.”
The Commonwealth Scientific and Industrial Research Organisation’s (CSIRO) Data61 has delivered a comprehensive review of how blockchain technology could be adopted across government and industry in Australia to deliver productivity benefits and drive local innovation.
In 2008, blockchain emerged as a technology to support digital currencies and it has quickly generated interest for its broad application offering secure transactions across various domains such as provenance of data, health records, banking, voting and government services.
Over the past year, CSIRO’s Data61 Australia’s data innovation group has engaged with industry and government to deliver two reports on the regulatory, technical and societal implications of using blockchain-based systems across various industries.
“The pace of change we are experiencing as a nation is exponential and we can’t afford to be followers in the adoption of emerging technology like blockchain,” said Adrian Turner, CEO of CSIRO’s Data61.
“It has potential to reframe existing industries like financial services and seed new ones like food provenance and personalised health.”
The Treasurer, the Hon Scott Morrison MP, said the reports would help Australia build on its existing position as a leader in developing blockchain technology.
“It will give decision-makers in business and government guidance on matters they need to consider in developing a system that uses blockchain technology,” he said.
“The reports demonstrate the benefits of this technology could be profound – delivering productivity, security and efficiency gains.
“We should all be interested in blockchain developments and its potential application, right across our economy.”
The first report developed by Rob Hanson and Dr Stefan Hajkowicz in Data61’s Strategic Insight Team explores four plausible adoption scenarios of blockchain technology in Australia in 2030 including: aspirational, transformative, new equilibrium and collapse.
“Scenarios allow decision-makers to consider, if similar possibilities were to occur, what should they do to prepare for the future ahead of time,” Hanson said.
“Most importantly, each scenario examines the aspects of critical uncertainty for the use of blockchain technologies: human behaviour, technology and development, regulation and user adoption.”
The second report takes a technical approach by exploring design alternatives for blockchain systems in three illustrative use cases: remittance payments, open data registries and agricultural supply chains.
“Looking at the range of critical requirements in these specific context helps us understand how blockchain-based systems can support new markets and business models,” said Dr Mark Staples, Group Leader, CSIRO’s Data61.
The study highlighted that the path towards widespread adoption is still not clear.
It was recommended that further trials of blockchain systems should demonstrate responses to ‘rainy day’ scenarios when problems arise like disputed transactions, incorrect addresses, exposure or loss of private keys.