6.2.2. Strengthened Security Considerations

Given the security considerations deployed to different possible validation mechanisms of any product record validation operation to improve data integrity, and according to the findings from the threat analysis performed against NAS, a variety of security attacks existed in NAS are no longer valid. Those attacks could well be prevented with errors thrown if they are detected before a state transition could be completed on a specific product record.

Any state transition on product records is required on-chain and off-chain validations performed against the data of product records, with respective transactions also validated by other blockchain nodes running on the same blockchain network. These validation steps of product record validation operation are now required to include signature generation and signing procedures, with key managemen<sup>t</sup> modules offered to users, on any attempted state transition on product records. Regarding security considerations applied to the deployed smart contracts, which will be required if any blockchain 2.0 implementation is adopted to decentralize the supply chain anti-counterfeiting and traceability, multiple validation syntax on specific conditions are developed and included in different methods of smart contracts. This would prevent the system from being manipulated by potential attacks, such as reapplication attacks in which the on-chain write count and its counterpart stored off-chain do not actually match.

Design patterns with the role restriction concept of the deployed smart contract could also be introduced, so as to enable access authorization for authenticated node accounts held by specific entities of supply chain industry, to different methods defined in the deployed smart contracts. The security model on data integrity of NAS is currently based only on operations before the point of purchase. It could further be extended when the supply chain anti-counterfeiting and traceability functions are properly decentralized, as long as the post-purchase wine consumers of consumer-to-consumer market are also registered entities or even running nodes in the decentralized solutions.

### 6.2.3. High Availability of System Functionalities

Ensuring high-level operational performance of different system components to maintain system functionalities for different product record operations is key to the system implementation of NAS or any other supply chain anti-counterfeiting and traceability systems. With opportunities of system security and data integrity on product record now highly dependent on the system decentralization, the availability of data and states stored, as well as those decentralized system components, becomes more significant to the overall availability of system functionalities.

Regarding the decentralized solutions, the availability and resilience on data and states stored on blockchain network or any other decentralized system components are assured and can even be enhanced with increasing number of blockchain nodes running on the blockchain network owing to the fact that each node of these networks keeps the copy of the states stored in persistent volume dedicated to these distributed nodes. Availability of the blockchain network would also be enhanced with increased amount of blockchain nodes running on the blockchain network in which availability could be preserved as long as there is at least a blockchain node running on the network.

Dedicated persistent volume storage could also be assigned to each node instance running on the blockchain network to store blockchain states and individual chain data, so as to benefit from faster synchronization and data recovery on states to any new blockchain nodes connected to the network. This will then assure the availability of blockchain nodes and the blockchain network as a whole, as failed blockchain nodes could be reconnected to synchronize and process transactions sent to the network immediately. Nonetheless, availability of the data stored on-chain will be preserved with the smart contracts deployed to the blockchain network as long as it is actively running and mining new blocks constantly. The off-chain database and the app-backend service could also be made distributed with individual instances with which every participant under the decentralized solutions could now host their own instance of the supply chain anti-counterfeiting and traceability ecosystems.

### *6.3. Potential Concerns on Development of Decentralized Solutions*

According to the summary of vulnerabilities on centralized system architecture, with opportunities of developing the decentralized solutions also identified, a set of fundamental system requirements of a decentralized version of NAS, namely, the Decentralized NFC-Enabled Anti-Counterfeiting System (dNAS), is also proposed with potential concerns on developing such decentralized solutions elaborated in the following.
