Security and Privacy Threats and Requirements for the Centralized Contact Tracing System in Korea
Round 1
Reviewer 1 Report
I think this paper is interesting and some suggestions:
1 Overall this paper is on the more social sense, but you could be more technical on the Contact tracing system of Korea, in this way readers maybe more depth understand the security and privacy issues.
2 If possible, could you give a table on comparsion between contact tracing system in Korea and other contries, and which a table on comparsion between the security and privacy of these systems, in this way readers maybe be more convinced on your analysis.
Author Response
Response to Reviewer
Dear Reviewer,
We appreciate your precious time and effort reviewing our manuscript and providing valuable comments. Your valuable and insightful advice has led to possible improvements in our manuscript. We have carefully considered and tried our best to revise all comments brought up by you as a reviewer. We hope the careful revision meets your high standards.
Below we provide the point-by-point responses. The original comments are provided in black color, whereas our answers are written in blue.
We have also made corrections and refined the quality of the manuscript; these are also highlighted in yellow.
Sincerely,
Sungchae Park
Senior Researcher, Cybersecurity Emerging-Standards Center(CESC)
Soonchunhyang University, Korea
Heung Youl Youm, Professor and PhD
Professor, Department of Information Security Engineering
Soonchunhyang University, Korea
(Comments 1.)
I think this paper is interesting and some suggestions:
Overall this paper is on the more social sense, but you could be more technical on the Contact tracing system of Korea, in this way readers maybe more depth understand the security and privacy issues.
(Answer)
We thank you for your insightful suggestion. We have addressed the valuable reviewer's comments as below. It also has been provided in our revised manuscript on page 7.
In the case of Korea’s contact tracing system, it is not simply limited to the mobile app as a system. Korea’s contact tracing system, the COVID-19 Smart Management System(SMS), operates leveraging central data hub platform of Korean government, taking into account both the pre-confirmation status and the confirmed status.
The KCDC shares data and cooperates with central, municipal, or local governments, national health insurance agencies, and health care professionals and their associations as depicted in figure 2. This system enabled prompt delivery of data pertaining to the confirmed cases to relevant agencies immediately. Furthermore, the MOHW must release information such as the path and means of transportation of infected persons, and so on. on the internet or through a press release[7].
An example of the overall structure of the Korean contact tracing system is shown in the figure 2.
(Comments 2.)
If possible, could you give a table on comparsion between contact tracing system in Korea and other contries, and which a table on comparsion between the security and privacy of these systems, in this way readers maybe be more convinced on your analysis.
(Answer)
We also appreciate this comment.
In order to address the comparison of some contact tracing systems/applications between Korea and other counties, we have made the list in the table below, it also has been added in the manuscript, page 4.
Table 2. The examples of contact tracing systems/applications by countries/authors
|
Country or company of origin |
Examples of Contact tracing systems |
Approach |
|
Korea |
Korea COVID-19 smart management system Self-quarantine Safety Protection App |
Centralized |
|
UK |
NHS contact tracing protocol |
Centralized |
|
China |
Health Code |
Centralized |
|
Singapore |
TraceTogether (OpenTrace/BlueTrace) |
Centralized |
|
EU |
PEPP-PP |
Centralized |
|
EU, USA |
DP-3T |
Decentralized |
|
USA |
TCN, Whisper Tracing Protocol |
Decentralized |
|
Google/Apple |
Google-Apple Exposure Notification application programming interface(API) |
Decentralized |
|
Norway |
Smittestopp |
Decentralized |
|
Mahabir Prasad Jhanwar, |
PHyCT (Privacy preserving Hybrid Contact Tracing) |
Hybrid |
|
Sumanta Sarkar |
PIVOT(PrIVate and effective cOntact Tracing) |
Hybrid |
|
Giuseppe Garofalo, |
DESIRE (A Third Way for a European Exposure Notification System Leveraging the best of centralized and decentralized systems) |
Hybrid |
The NHS COVID-19 app uses Bluetooth Low Energy (BLE) to understand the distance, over time, between app users and send an exposure notification to someone who has close contact[12]. China government relies on Health Code, developed by Alipay and WeChat, for identifying people potentially exposed to COVID-19[13]. TraceTogether, is the first national deployment of a Bluetooth-based contact tracing system in the world. It was developed by Singapore government Technology Agency and the Ministry of Health to help the country better respond to epidemics[14]. The purpose of the Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) approach is to provide a common basis for management systems that can be integrated into national public health responses to the COVID-19 pandemic. The PEPP-PT approach is being created by a multi-national European team[15]. Whereas DP-3T is to determine who has been in close physical proximity to a COVID-19 positive person without revealing the contact’s identity or where the contact occurred and requiring a centralized database or server[16]. TCN is a protocol developed by the TCN Coalition that have jointly developed a common protocol between their apps[17]. Google-Apple Exposure Notification application programming interface(API) is the most representative example of the decentralized contact tracing system based on Bluetooth. This Exposure Notification app generates a random ID for mobile devices without tracking people’s location[18]. Norway released two typed of contact tracing applications based on the centralized for the first version and decentralized approaches for the second version. Its decentralized approach is based on the protocol for exposure notification by Apple and Google[19]. And hybrid model may have a component of both approaches, with some information handled on individual devices with a central server analyzing data and sending notifi-cations[4].
In Europe and North America, a decentralized contact tracing system was mainly preferred, and in Asia, a centralized contact tracing system was more used. Hybrid contact tracing systems have been introduced in journals and some technical reports. Not all the contact tracing systems or applications in the table above have been used, adopted successfully. The table 2 lists up some representative examples of contact training systems or applications during the Covid-19 pandemic.
Reviewer 2 Report
Apart from centralised and decentralised approached to contact tracing there are some hybrid solutions too. The authors fail to cover/mention this category. The majority of solutions in Europe used a solution built on the DP3T protocol. This has not been mentioned at all, as well as any centralised solution ROBERT adopted by France, or any of the hybrid solutions such as PIVOT, DESIRE, ...
The security analyses are too generic and does not provide any novel insights.
Author Response
Dear Reviewer,
We appreciate your precious time and effort reviewing our manuscript and providing valuable comments. Your valuable and insightful advice has led to possible improvements in our manuscript. We have carefully considered and tried our best to revise all comments brought up by you as a reviewer. We hope the careful revision meets your high standards.
Below we provide the point-by-point responses. The original comments are provided in black color, whereas our answers are written in blue.
We have also made corrections and refined the quality of the manuscript; these are also highlighted in yellow.
Sincerely,
Authors
(Comments 1.)
Apart from centralised and decentralised approached to contact tracing there are some hybrid solutions too. The authors fail to cover/mention this category. The majority of solutions in Europe used a solution built on the DP3T protocol. This has not been mentioned at all, as well as any centralised solution ROBERT adopted by France, or any of the hybrid solutions such as PIVOT, DESIRE, ..
(Answer)
We thank you for your insightful suggestion. We have addressed the valuable reviewer's comments as below. It also has been provided in our revised manuscript on page 1~2.
Page 1 (Abstract)
Abstract: As COVID-19 became a pandemic worldwide, contact tracing technologies and information systems have been developed for quick control of infectious diseases in both the private and public sectors. This study aims to strengthen the data subject's security, privacy and rights in a centralized contact tracing system adopted for a quick response to the spread of infectious dis-eases due to climate change, increasing cross-border movement, etc.
There are several types of contact tracing systems, centralized, decentralized, and hybrid models. This study demonstrates the privacy model for the centralized contact tracing system focusing on the case in Korea. Hence, we define security and privacy threats to the centralized contact tracing system. The threats analysis involved mapping the threats in ITU-T X.1121; in order to validate the defined threats, we used LIDDUN and STRIDE to map the threats. In addition, this study provides security requirements for each threat defined for more secure utilizing of the centralized contact tracing system.
Page 1~2 (Introduction)
- There are several types of contact tracing systems; apart from centralized and de-centralized models, a hybrid way has been approached.
- ROBERT(ROBust and privacy-presERving proximity Tracing) protocol is an example of the centralized contact tracing system adopted by France and Europe. ROBERT is a joint contribution in the framework of the PEPP-PT(Pan European Privacy-Preserving Proximity Tracing) initiative, which aims to enable the development of interoperable contact tracing solutions that comply with European data protection, privacy and security standards as part of a more comprehensive response to the pandemic[1].
- In the example of a decentralized contact tracing system, it is the DP-3T; a decentralized, privacy-preserving proximity tracing system. DP-3T aims to minimize privacy and security risks for individuals and communities and guarantee the highest level of data protection[3]. A hybrid architecture may have a component of both approaches, with some information handled on individual devices with a central server analyzing data and sending notifications[4]. PIVOT(PrIVate and effective cOntact Tracing) and DESIRE, A Third Way for a European Exposure Notification System Leveraging the best of centralized and decentralized systems, have been known as representative examples of the hybrid approached contact tracing systems. In particular, DESIRE is based on the same architecture than ROBERT but implements major privacy improvements[5].
(Comments 2.)
The security analyses are too generic and does not provide any novel insights.
(Answer)
We also thank for your valuable comment regarding the security analyses.
We provide security threats and privacy threats as well including their security requirements for each of threats. In addition, new security threats and the requirements were added by reflecting the comment.
We defined security threats in ITU-T X.1121, and added threats applicable to the contact tracing system. The threat is regarding the lost or stolen terminal(such as user mobile devices) in section 4.1.
|
Threats Requirement |
Eavesdropping |
Communication jamming |
Shoulder surfing |
Lost/Stolen terminal |
Unprepared shutdown |
Misreading/ Input error |
|
Identity management |
X |
|
|
|
|
|
|
Communication data confidentiality |
X |
|
|
|
|
|
|
Stored data confidentiality |
|
|
|
X |
|
|
|
Communication data integrity |
|
|
|
|
|
|
|
Stored data integrity |
|
|
|
X |
|
|
|
Entity authentication |
|
|
|
X |
|
|
|
Message authentication |
|
|
|
|
|
|
|
Access control |
|
|
|
X |
|
|
|
Non-repudiation |
|
|
|
|
|
|
|
Anonymity |
|
|
|
X |
|
|
|
Privacy |
X |
|
X |
X |
|
|
|
Usability |
|
|
|
|
|
X |
|
Availability |
|
X |
|
|
X |
|
We compared the security threats of the ITU-T X.1121 and the threats derived by this paper. And we could find additional threats to loss of terminals. Moreover, the security requirement for this additional threat were also addressed.
- Additional threat: Lost/Stolen terminal
- Corresponding requirement: If lose the terminal, people will not be able to receive the information related to it when they become a close contact. Therefore, various notification methods for the recipient, that is, the closer contact, are improved such as e-mail notification, and so on.
(Additional revised works)
We appreciate all your comments to improve our manuscript. We have checked and modified them by reflecting your comments.
- We have all modified tables, figure numbers and checked references to make them correct.
- Three types of contact tracing systems have been added in introduction.
- Some representative examples of centralized, decentralized and hybrid contact tracing system/applications are listed up page 4 to provide more information.
- We have also demonstrated the overall structure of the Korean contact tracing system, for example, to explain how the centralized basis system has been working on and Korea has been struggling against the contagion rapidly.
Round 2
Reviewer 2 Report
The authors have addressed the comments raised.
