Security

Security Architecture

Trust is the foundation of supply chain transparency. If the data can be tampered with, transparency is theater. Here's how we ensure integrity at every layer.

threat model

What We Defend Against

Data Tampering

Actors modifying historical records to hide cold chain failures, fake certifications, or alter origin data.

Device Spoofing

Counterfeit sensors or compromised devices sending false readings to game the system.

Replay Attacks

Reusing valid old data to create fake journey events or duplicate legitimate readings.

Insider Threats

Malicious employees with system access attempting to modify records or extract sensitive data.

defense in depth

Security Layers

Device-Level Security

Every IoT sensor has a unique Ed25519 keypair provisioned during manufacturing. Private key stored in secure element, never exposed. All readings signed before transmission.

Hardware Security Ed25519

Transport Security

TLS 1.3 for all network communication. Certificate pinning in mobile apps. Mutual TLS between services. No plaintext data in transit.

TLS 1.3 mTLS

Application Security

Multi-signature requirements for critical operations. Role-based access control. Audit logging of all administrative actions. Regular penetration testing.

RBAC Audit Logs

Data Integrity

Append-only event log. Hash chains linking events. Merkle trees for efficient verification. Database-level encryption at rest.

Immutable Log Merkle Trees

Blockchain Anchoring

Merkle roots anchored to Blockchain every 60 seconds. Once anchored, historical data cannot be modified without detection. Public verifiability.

Blockchain Tamper-Evident
cryptography

Cryptographic Primitives

Digital Signatures

Ed25519 for all signatures. 128-bit security level. Fast signing and verification. Deterministic signatures prevent implementation vulnerabilities.

Hashing

SHA-256 for Merkle trees and content addressing. BLAKE3 for performance-critical paths. Collision resistance essential for data integrity.

Encryption

AES-256-GCM for data at rest. ChaCha20-Poly1305 for mobile apps. X25519 for key exchange. Perfect forward secrecy for all sessions.

Key Management

AWS KMS for master keys. Hardware security modules for signing operations. Automatic key rotation. Shamir's Secret Sharing for recovery keys.

verification

Merkle Proof System

Every event can be verified against the blockchain without downloading the entire chain state. Here's how it works.

Verification Flow

  1. Consumer scans QR code, requests journey data
  2. Server returns journey events + Merkle proof for each
  3. Client fetches anchored root hash from Blockchain
  4. Client verifies each event against root using proof
  5. If verification passes, data is provably untampered

Key insight: Proof size is O(log n) regardless of total events. Verify one event among billions with <1KB proof. 

// Verify a journey event
const eventHash = sha256(eventData);
const rootHash = await blockchain.getAnchoredRoot(batchId);
const isValid = merkle.verify(eventHash, proof, rootHash);

if (isValid) {
  // Event is cryptographically proven to be
  // part of the anchored batch - untampered
}
physical

Physical Security

Tamper-Evident Sensors

Physical tamper detection circuits. Opening the device case triggers permanent flag. Detected tampering invalidates all subsequent readings.

Secure Manufacturing

Key provisioning happens in certified facility. Chain of custody documented. Each device has unique identity burned into secure element.

Lifecycle Management

Device health monitoring. Battery level, sensor drift detection. End-of-life decommissioning with key revocation.

Anti-Cloning

Physically unclonable functions (PUF) for device authentication. Cloned devices detected during registration.

compliance

Security Compliance

  • SOC 2 Type II: Annual audit of security controls
  • ISO 27001: Information security management system
  • GDPR: Data protection for EU data subjects
  • FDA 21 CFR Part 11: Electronic records compliance
  • Penetration Testing: Annual third-party testing by NCC Group
  • Bug Bounty: Responsible disclosure program on HackerOne

Security Whitepaper: Detailed cryptographic specifications and security analysis available under NDA for enterprise customers.

future

Coming: Zero-Knowledge Proofs

Phase 3 introduces ZK proofs for privacy-preserving verification.

Use Cases

  • Prove organic certification without revealing supplier identity
  • Verify cold chain compliance without exposing route details
  • Confirm origin country without disclosing specific farm
  • Demonstrate compliance without sharing proprietary processes

Currently evaluating Groth16 and PLONK proof systems. Targeting sub-second verification times on mobile devices.

learn more

Security Resources

System Architecture Report Vulnerability