DOI QR코드

DOI QR Code

Security Enhancements for Distributed Ledger Technology Systems Based on Open Source

오픈소스 기반 분산원장기술 시스템을 위한 보안 강화 방안

  • Received : 2019.05.13
  • Accepted : 2019.07.04
  • Published : 2019.08.31

Abstract

Distributed ledger technology, which is attracting attention as an emerging technology related to the 4th Industrial Revolution, is implemented as an open source based distributed ledger technology system and widely used for development with various applications (or services), but the security functions provided by the distributed general ledger system are very insufficient. This paper proposes security enhancements for distributed ledger technology systems based on open source. To do so, potential security threats that may occur under running an open source based distributed ledger technology systems are identified and security functional requirements against the security threats identified are provided by analyzing legislation and security certification criteria (ISMS-P). In addition, it proposes a method to implement the security functions required for an open source based distributed ledger technology systems through analysis of security functional components of Common Criteria (CC), an international standard.

Keywords

security;blockchain;distributed ledger technology (DLT) system;open source;blockchain platform;common criteria;security function

References

  1. Korea Communications Commission, "Act on promotion of information and communications network utilization and information protection, etc.," Jun. 2018
  2. Ministry of the Interior and Safety, "Personal information protection act," Jul. 2017
  3. Korea Communications Commission, "Criteria on technical and administrative security measures of personal information(Korea Communications Commission Notice No. 2015-3)," May 2015
  4. Ministry of the Interior and Safety, "Criteria on measures ensuring the safety of personal information(Ministry of the Interior and Safety Notice No. 2017-1)," Jul. 2017
  5. Financial Services Commission, "Electronic Financial Supervisory Regulations(Financial Services Commission Notice No. 2018-36)," Dec. 2018
  6. Ministry of the Interior and Safety, "Electronic government act," Oct. 2017
  7. Ministry of the Interior and Safety, "Enforcement Decree of Electronic Government Act," Dec. 2018
  8. Korea Internet & Security Agency, "Personal Information & Information Security Management System (ISMS-P) Certification Criteria," Jan. 2019
  9. National Security Research Institute, "Common Criteria for Information Technology Security Evaluation, Part 2: Security functional components, April 2017, Version 3.1 Revision 5, CCMB-2017-04-002," pp. 21-180, Apr. 2017
  10. Internet homepage of Hyperledger Fabric, "https://wiki.hyperledger.org/display/fabric/Hyperledger+Fabric," Mar. 2019
  11. Hyperledger Architecture Working Group, "Hyperledger Architecture Volume 1," Aug. 2017
  12. Internet homepage of Hyperledger Fabric, "https://hyperledger-fabric.readthedocs.io/en/latest/," Mar. 2019
  13. Internet homepage of Ethereum, "https://www.ethereum.org/," Mar. 2019
  14. Internet homepage of Ethereum Homestead Documentation, "http://www.ethdocs.org/en/latest/index.html," Mar. 2019

Acknowledgement

Grant : 차세대 ICT 환경에서의 보안 및 개인정보보호 기술 국제 표준화 추진

Supported by : 정보통신기획평가원