ForTrac: a Secure NFT-based Forward Traceability System for Providing Data Accuracy and Completeness

Traceability is one of the most sought-after properties for supply chains because it facilitates a plethora of use cases like food recalls, counterfeit detection, and quality improvement by tracing the history of a product. Recently proposed traceability solutions rely heavily on blockchain technology because it offers data immutability and transparency. However, these solutions suffer from two significant limitations. Firstly, they do not validate traceability data for accuracy and completeness. So, how can we be sure that the data on the blockchain is correct and complete? Secondly, they provide a limited threat model or none at all. So, how can we be sure that the trace for a product has not been altered by an adversary? To summarise, we propose ForTrac, an Ethereum-based forward traceability system for generic physical products. Each product is digitally represented as an ERC-721 token. In a forward traceability system, traces are built correctly by design. ForTrac uses a valid predicate that states the sequence of steps a product has to follow and how much time each step can maximally take. We show that ForTrac is secure. Unlike previous work, our security analysis is not restricted to only the blockchain component. It also includes the communication protocol between the product reader, server, and smart contract. We show that our communication protocol guarantees data agreement between the reader and smart contract using Scyther. Finally, we demonstrate that our prototype is feasible by assessing costs and performance. By using forward traceability and including a detailed security analysis we provide accuracy and completeness. Our valid predicate documents which events have to be collected for a trace to be complete. Data accuracy is provided by showing that the smart contract agrees with the data sent by the reader.