Security and Privacy Threats and Requirements for the Centralized Contact Tracing System in Korea

Sungchae Park; Heung-Youl Youm

doi:10.3390/bdcc6040143

Big Data and Cognitive Computing (Nov 2022)

Security and Privacy Threats and Requirements for the Centralized Contact Tracing System in Korea

Sungchae Park,
Heung-Youl Youm

Affiliations

Sungchae Park: Department of Information Security Engineering, Soonchunhyang University, Asan-si 31538, Republic of Korea
Heung-Youl Youm: Department of Information Security Engineering, Soonchunhyang University, Asan-si 31538, Republic of Korea

DOI: https://doi.org/10.3390/bdcc6040143
Journal volume & issue: Vol. 6, no. 4
p. 143

Abstract

Read online

As COVID-19 became a pandemic worldwide, contact tracing technologies and information systems were developed for quick control of infectious diseases in both the private and public sectors. This study aims to strengthen the data subject’s security, privacy, and rights in a centralized contact tracing system adopted for a quick response to the spread of infectious diseases due to climate change, increasing cross-border movement, etc. There are several types of contact tracing systems: centralized, decentralized, and hybrid models. This study demonstrates the privacy model for a centralized contact tracing system, focusing on the case in Korea. Hence, we define security and privacy threats to the centralized contact tracing system. The threat analysis involved mapping the threats in ITU-T X.1121; in order to validate the defined threats, we used LIDDUN and STRIDE to map the threats. In addition, this study provides security requirements for each threat defined for more secure utilization of the centralized contact tracing system.

Published in Big Data and Cognitive Computing

ISSN: 2504-2289 (Online)
Publisher: MDPI AG
Country of publisher: Switzerland
LCC subjects: Technology
Website: http://www.mdpi.com/journal/BDCC

About the journal

Abstract

Keywords