SECURE BLOCKCHAINS FOR THE SHIPPING INDUSTRY

During my first semester studying my masters degree in cybersecurity at Aalborg University, our team dove into one of the trickiest challenges in global shipping: how to make data more transparent, reliable, and secure. Our project, "Developing a Secure Blockchain System," explored how blockchain technology could tackle inefficiencies, fraud, and disputes that plague the cargo industry.

Shipping logistics often rely on scattered paperwork and manual processes, which can slow down operations and create trust issues between shippers, carriers, and customs authorities. Our goal was to design a system that makes it easier for all stakeholders to access the right information at the right time, while keeping data safe from tampering.

We built a blockchain-based solution that records every step of a shipment on an immutable ledger. Authorized users can access this data in real time, and thanks to the decentralized, peer-to-peer (P2P) network, it's almost impossible for anyone to manipulate the records without being noticed. Essentially, if a bad actor tries to alter the data, they'd need to control the majority of the network.

Components of the System

Blockchain Nodes each act as both a client and a server, storing a full copy of the blockchain and communicating with peers. If one node goes down, the rest of the network keeps running unaffected.

Webclient is a browser-based interface where users can create a wallet, upload documents, and manage transactions. Before a document is sent anywhere, it's encrypted end-to-end using AES-GCM encryption and signed with elliptic curve cryptography, so only the intended recipient can read it.

Miners are dedicated processes that validate pending transactions and package them into new blocks using a Proof of Work consensus mechanism. This makes it computationally expensive to tamper with the chain.

P2P Network is built on the libp2p library and handles encrypted communication between nodes. Two internal services keep everything in sync: a Gossip Service that rapidly propagates new blocks and transactions across the network, and a Synchronization Service that resolves conflicts when nodes briefly fall out of step with each other.

HTTP API is a REST API that allows both users and miners to interact with the blockchain, submitting transactions, querying blocks, and checking network status, without exposing internal node communication.

Security Testing

A major focus of the project was stress-testing the system against real-world attack scenarios. We simulated several types of cyber attacks and documented how the system held up:

A 51% attack, where a single entity gains majority control of the network's mining power, remains one of the most well-known threats to any blockchain. We found that the small scale of our network made this a genuine vulnerability, and we identified transitioning to a Proof of Stake mechanism and increasing network size as the most practical long-term mitigations.

We tested Denial of Service by writing a malicious node that flooded the network with expensive block requests every two seconds, quickly overwhelming the command queues of legitimate nodes. Solutions like rate limiting, round-robin command scheduling, and the Rate Limiting Nullifier (RLN) protocol were identified as promising countermeasures.

For XSS attacks targeting the webclient wallet, we implemented strict input sanitization on both the client and server side to prevent injection of malicious scripts that could steal private keys from browser storage.

We also documented the Man-in-the-Middle risk inherent to any asymmetric cryptography system, since there is currently no way to verify that a public key truly belongs to who it claims to. Storing public keys on-chain and using end-to-end hybrid encryption (AES-256 + ECC-256) were explored as mitigations.

Finally, a Sybil attack, where a single actor floods the network with fake identities to manipulate consensus, was analyzed alongside resource-constraint solutions like Proof of Work's computational requirements and reputation-based node selection systems.

What We Learned

The project confirmed that blockchain has genuine potential for the shipping industry. Immutability, decentralization, and cryptographic security address many of the trust and transparency problems that traditional centralized systems struggle with. But it also surfaced the real trade-offs: Proof of Work is energy-intensive, scalability is a hard problem, and a permissionless public blockchain introduces access control challenges that matter a lot in a real production environment.

Looking ahead, the most impactful next steps would be transitioning to a Proof of Stake consensus mechanism, implementing some form of authentication or role-based access control (moving toward a hybrid blockchain model), and integrating smart contracts to automate key shipping events like customs clearance or cargo handoffs. Post-quantum cryptography is also on the radar as quantum computing continues to mature.

This was a challenging and rewarding project that gave our team hands-on experience with distributed systems, applied cryptography, and the realities of building security into a product from day one rather than bolting it on afterward.