Latest news on next-gen authentication tech in Korea (June 2, 2021)

RAON
RAONSECURE
Published in
7 min readJun 2, 2021

Korean government supporting blockchain adoption via pilot projects

The Korean government is pursuing its efforts to understand how the blockchain technology can improve the daily life of its residents. With this aim, the government is regularly supporting blockchain-based pilot projects to assess in a progressive manner the impact of the implementation of such technologies in everyday life.

In this regard, the Korean Ministry of Science and ICT announced on May 27 that it will lead a program entitled ‘2021 blockchain pilot project’ in cooperation with the Korea Internet & Security Agency (KISA). Through this program, the government is planning to support 19 pilot projects selected following the completion of technical negotiations between private companies and relevant public institutions. As of May 27, 15 pilot projects have been selected, among which there are 9 general pilot projects, 2 Decentralized Identity-related projects, and 4 special-zone related projects.

Source: koreaherald.com

The ‘2021 blockchain pilot project’s program has been promoted by the Korean government as part of its ‘Digital New Deal Plan’ announced in July 2020 and of the ‘blockchain technology diffusion strategy’, aiming at nurturing the deployment and diffusion of blockchain technology in the Korean economy for enhancing the creation of innovative public services.

The selection process related to the ‘2021 blockchain pilot project’s program has been started at the beginning of this year with the participation of 55 consortiums gathering a total of 149 companies. These consortiums proposed pilot projects in a variety of areas such as digital identity and authentication, logistics, culture, etc.

Among the major pilot projects that have been selected, there is the development of a blockchain and DID(Decentralized Identifier)-based digital wallet service aiming at enhancing the welfare of military personnel, proposed by RaonSecure through a consortium. In particular, the digital wallet service aims at providing online financial welfare services to Koreans that must complete military service while enabling the implementation of a paperless administrative services by eliminating the paper-based administrative procedures.

The introduction of the DID-based digital wallet service will provide a variety of benefits to the Military Manpower Administration (a.k.a. MMA), which is the public institution that is being targeted in this pilot project. Through the adoption of this blockchain-based service, the cost and time associated to the administrative procedures are expected to decrease since paper-based processes (e.g., document management and storage, issuance of plastic certificates, etc.) will be removed. In addition, the MMA plans to enable not only the issuance of 28 types of military service-related digital documents (e.g., military service certificates, etc.) from the mobile digital wallet but also, the submission of such certificates to private services.

Among the other selected projects, the National Pension Service deployed the blockchain technology combined with decentralized Identity to provide a non-face-to-face national pension entitlement confirmation system that aims at enabling national pension’s beneficiaries living abroad to conveniently submit and verify proof of national pension entitlement without paper documents.

As of May 27, four pilot projects remain to be selected. According to the KISA, among the projects that are currently under review, there are 3 Decentralized Identity-based pilot projects. In particular, one of the projects is related to the COVID-19 vaccination certificate app service and is being developed in cooperation with the Korea Centers for Disease Control and Prevention Agency.

Our view: The ‘2021 blockchain pilot project’ program highlights the interest of the Korean government in the blockchain technology. By actively supporting private companies to develop services based on blockchain, the government is laying the groundwork for a major adoption of the technology in the entire Korean society. Also, the involvement of the government in the adoption of the blockchain provides food for thought. In a variety of government-supported pilot projects, blockchain enables to optimize administrative procedures while reducing associated costs and time, benefiting not only to the government but also to the residents. We can hope that in the future, the government leverages public blockchains to not only optimize the existing administrative processes but also to nurture the participation of the population in the political life. Eventually, looking at the pilot projects included in the ‘2021 blockchain pilot project’ program, a lot of these projects are building solutions based on a decentralized identity technology, reflecting the constant interest from Korean companies in this new identity paradigm. Most of these Korean companies are building decentralized identity-based solutions while referring to standards such as W3C DID. Therefore, there efforts are using the same ‘language’ than the one that is currently used in the world, actively contributing to the spread and the constant improvement of related technologies.

Please stay tuned to our blog if you are curious about the latest news on Decentralized Identity in Korea as Korea is one of the most active countries in this field.

Source: https://www.ajunews.com/view/20210527115918632

Cybersecurity threats to expect (and countermeasures) with the adoption of MyData

As the official opening of MyData Business Service is approaching quickly in Korea, there are growing concerns regarding the security of MyData services since these services will be based on sensitive personal information.

MyData (MyData Business Service) is a new business service fostered by the Financial Services Commission aiming at allowing selected companies (MyData Providers) to manage personal information in the financial, medical, and public sectors. The Financial Services Commission has already selected 28 companies, including banks and fintech. Through the introduction of MyData, it is expected that more innovative personalized services will be provided in various fields such as finance, medical care, and education.

That said, given that this is a service based on users’ sensitive data, companies allowed to offer MyData services have to comply with high security requirements. In particular, one of the purposes of the MyData Business Service is to break down boundaries between various services and bring convergence by allowing MyData Providers to manage a wide range of sensitive personal information. Any security issues such as data leakage or data misuse in the process of managing and transferring these data can cause critical damages not only to the MyData Providers but also to their end-users. Therefore, preparing preemptive security measures is of paramount importance for MyData Providers that should internalize security while enhancing the security awareness of their users.

To prevent such security issues, RaonWhiteHat, a subsidiary of Raon that provides security vulnerability diagnosis services for MyData Providers, reviewed on May 21 the possible security threats related to MyData services while introducing security measures ahead of the opening of the full-scale opening of MyData in August 2021. In particular, RaonWhiteHat flagged three main security threats that may occur with the launch of the MyData Business Service.

(1) If security vulnerabilities are neglected prior to the launch of the MyData Business Service, there is a high probability that the corresponding MyData Provider’s IT infrastructure (e.g., databases, servers, etc.) in which sensitive personal data are stored, will be the target of various advanced cyberattacks.

(2) If personal information leaked through a cyberattack is not encrypted, data re-identification may be possible by malicious hackers, which can generate massive leakage and misuse of personal data. In other words, such personal data leakage can cause critical social and economic damages to the MyData Providers and their end-users.

(3) Malicious hackers can send a web page link or a mobile app disguised as the MyData service through phishing or smishing, and induce users to install it. When users enter their credentials on a fake website or mobile app, malicious hackers can steal it and leverage these credentials to steal financial assets or sell these data to other cybercriminals.

RaonWhiteHat highly recommend to introduce a set of security measures to prevent the above security issues. This is also the stance of the public institution in charge of the establishment of this service. In accordance with the Credit Information Act, companies that have obtained MyData’s license from the Financial Services Commission must secure the level of security of their MyData-related services, and shall conduct security vulnerability checks once a year.

In this regard, RaonWhiteHat explained that MyData Providers can prevent above-mentioned security issues by taking a variety of initiatives. In particular, RaonWhiteHat highly recommends MyData Providers to:

(1) Prepare for cyberattacks by building strong access control systems with professional and objective security vulnerability diagnosis.

(2) Strengthen self-authentication methods in the process of transmitting personal information and thoroughly manage the security of authentication information. They should also secure encryption and de-identification methods when transferring and storing personal data.

(3) Comply with the security rules at the personal level of MyData service users while enhancing security education for MyData service users. In addition, MyData Providers should encourage their users to conduct regular mobile antivirus scans while avoiding suspicious messages or links.

“Various cyberattacks targeting MyData related services are expected upon the official opening of the MyData Business Service in August” said Jeong-ah Lee, CEO of RaonWhiteHat. She added that “A secure MyData market environment can be built by preparing comprehensive security measures for MyData Providers, strengthening users’ security awareness, sharing information on MyData security and expanding cooperation among private and public institutions.”

Our view: MyData will officially start in August, increasing the expectations of the private sectors. A variety of companies have decided to participate in this new service given that it will allow them join the data-driven market. That said, a lot of them are still far from being prepared in a cybersecurity perspective. By allowing MyData providers to manage a broad range of sensitive information, it’s odds on that the number of cyberattacks will increase dramatically in Korea following the introduction of the MyData Business Service. That said, following recommendations from cybersecurity experts such as RaonWhiteHat should provide a strong shield against related attacks.

Interested in RaonWhiteHat? Have a look at our website to see how our solutions can fit your needs.

Source: http://it.chosun.com/site/data/html_dir/2021/05/21/2021052101128.html

--

--

RAON
RAONSECURE

A leading IT integrated security and authentication group publicly traded in Korea, providing solutions and services to + 1,000 organizations.