Browse > Article
http://dx.doi.org/10.13089/JKIISC.2020.30.6.1151

Evaluation Criteria for COVID-19 Contact Tracing Technology and Security Analysis  

Lee, Hojun (Korea University School of Cybersecurity)
Kim, Seungjoo (Korea University School of Cybersecurity)
Lee, Sangjin (Korea University School of Cybersecurity)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.30, no.6, 2020 , pp. 1151-1166 More about this Journal
Abstract
To effectively prevent the spread of COVID-19 infections, contact tracing technology based on ICT technology is used and various types exist depending on the way they are tracked. However, these technologies are always exposed to security threats and each type of threat varies. In this paper, we identified processes that occur in common in various types of contact tracing technology and identified possible threats in this process. This resulted in a common evaluation criteria applicable to all types of contact tracing technologies and applied to actual published contact tracing technologies to perform comparative analysis by type. These studies can help select safe and effective contact tracing technologies through comparisons between different types.
Keywords
COVID-19; Contact Tracing; Threat Modeling; STRIDE; LINDDUN;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Claude Castelluccia, Nataliia Bielova, Antoine Boutet, Mathieu Cunche, C'edric Lauradoux, Daniel Le M'etayer, and Vincent Roca, "ROBERT: ROBust and privacy-presERving proximity Tracing," hal-02611265, May. 2020.
2 Fraunhofer AISEC, "Pandemic Contact Tracing Apps: DP-3T, PEPP-PT NTK, and ROBERT From A Privacy Perspective," IACR ePrint 2020-489, Apr. 2020.
3 Jason Bay, Joel Kek, Alvin Tan, Chai Sheng Hau, Lai Yongquan, Janice Tan and Tang Anh Quy, "BlueTrace: A privacy-preserving protocol for community-driven contact tracing across borders," Government Technology Agency-Singapore, Apr. 2020.
4 Carmela Troncoso, Mathias Payer, Jean-Pierre, et al, "Decentralized privacy-preserving proximity tracing," arXiv preprint arXiv:2005.12273, May. 2020.
5 Google & Apple, "Exposure Notification v1.2," https://covid19.apple.com/contacttracing, Apr. 2020.
6 Adam Shostack, "Threat Modeling", WILEY, pp. 109-160, 2014.
7 NIA, "Korean ICT services against COVID-19 pandemic", Apr. 2020.
8 Michael Howard, Steve Lipner, "The security development lifecycle", Microsoft Press, 2006.
9 Ruoxi Sun, Wei Wang, Minhui Xue, Gareth Tyson, Seyit Camtepe, Damith Ranasinghe, "Vetting Security and Privacy of Global COVID-19 Contact Tracing Applications," arXiv preprint arXiv:2006.10933, Jun, 2020.
10 DistriNet, https://linddun.org/linddun.php, Aug. 2018.
11 Yaron Gvili, "Security Analysis of The COVID-19 Contact Tracing Specifications by Apple Inc. and Google Inc.," Cryptology ePrint Archive: Report 2020/428, Apr. 2020.
12 Serge Vaudenay, "Analysis of DP3T Between Scylla and Charybdis", Cryptology ePrint Archive: Report 2020/399, Apr. 2020.
13 Serge Vaudenay, "Centralized or Decentralized? The Contact Tracing Dilemma," Cryptology ePrint Archive: Report 2020/531, May. 2020.
14 Archanaa S. Krishnan, Yaling Yang, Patrick Schaumont, "Risk and Architecture factors in Digital Exposure Notification," Cryptology ePrint Archive: Report 2020/582, May. 2020.
15 Oskari Teittinen, "Analysis of cheat detection and prevention techniques in mobile games," Aalto University, May. 2018.
16 Ellie Daw, "Component-Based Compariosn of Privacy-First Exposure Notification Protocols," Cryptology ePrint Archive: Report 2020/586, May. 2020.
17 Ben Seri, Alon Livne, "BlueBorne - Exploiting BlueBorne in Linux-based IoT devices', Armis, 2017.