Browse > Article
http://dx.doi.org/10.13089/JKIISC.2019.29.4.919

Security Enhancements for Distributed Ledger Technology Systems Based on Open Source  

Park, Keundug (Seoul University of Foreign Studies)
Kim, Dae Kyung (Soonchunhyang University)
Youm, Heung Youl (Soonchunhyang University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.29, no.4, 2019 , pp. 919-943 More about this Journal
Abstract
Distributed ledger technology, which is attracting attention as an emerging technology related to the 4th Industrial Revolution, is implemented as an open source based distributed ledger technology system and widely used for development with various applications (or services), but the security functions provided by the distributed general ledger system are very insufficient. This paper proposes security enhancements for distributed ledger technology systems based on open source. To do so, potential security threats that may occur under running an open source based distributed ledger technology systems are identified and security functional requirements against the security threats identified are provided by analyzing legislation and security certification criteria (ISMS-P). In addition, it proposes a method to implement the security functions required for an open source based distributed ledger technology systems through analysis of security functional components of Common Criteria (CC), an international standard.
Keywords
security; blockchain; distributed ledger technology (DLT) system; open source; blockchain platform; common criteria; security function;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Internet homepage of Ethereum Homestead Documentation, "http://www.ethdocs.org/en/latest/index.html," Mar. 2019
2 Internet homepage of Ethereum, "https://www.ethereum.org/," Mar. 2019
3 Korea Communications Commission, "Act on promotion of information and communications network utilization and information protection, etc.," Jun. 2018
4 Ministry of the Interior and Safety, "Personal information protection act," Jul. 2017
5 Korea Communications Commission, "Criteria on technical and administrative security measures of personal information(Korea Communications Commission Notice No. 2015-3)," May 2015
6 Ministry of the Interior and Safety, "Criteria on measures ensuring the safety of personal information(Ministry of the Interior and Safety Notice No. 2017-1)," Jul. 2017
7 Financial Services Commission, "Electronic Financial Supervisory Regulations(Financial Services Commission Notice No. 2018-36)," Dec. 2018
8 Ministry of the Interior and Safety, "Electronic government act," Oct. 2017
9 Ministry of the Interior and Safety, "Enforcement Decree of Electronic Government Act," Dec. 2018
10 Korea Internet & Security Agency, "Personal Information & Information Security Management System (ISMS-P) Certification Criteria," Jan. 2019
11 National Security Research Institute, "Common Criteria for Information Technology Security Evaluation, Part 2: Security functional components, April 2017, Version 3.1 Revision 5, CCMB-2017-04-002," pp. 21-180, Apr. 2017
12 Internet homepage of Hyperledger Fabric, "https://wiki.hyperledger.org/display/fabric/Hyperledger+Fabric," Mar. 2019
13 Internet homepage of Hyperledger Fabric, "https://hyperledger-fabric.readthedocs.io/en/latest/," Mar. 2019
14 Hyperledger Architecture Working Group, "Hyperledger Architecture Volume 1," Aug. 2017