Recommendation ITU-T X.1407 (01/2022) Security requirements for digital integrity proofing service based on distributed ledger technology
Summary
History
FOREWORD
Table of Contents
1 Scope
2 References
3 Definitions
     3.1 Terms defined elsewhere
     3.2  Terms defined in this Recommendation
4 Abbreviations
5 Conventions
6 Overview
7 Stakeholders and processes for DLT-based digital integrity proofing
     7.1  Stakeholders
          7.1.1  Internal stakeholders
          7.1.2  External stakeholders
     7.2  Processes of DLT-based digital integrity proofing
          7.2.1  Digital integrity proof registration
          7.2.2  Digital integrity proof provenance
8 Security threats for DLT-based digital integrity proofing
     8.1  Security threats w.r.t user
          8.1.1  User identity fraud
          8.1.2  Private key leakage
          8.1.3  Private key loss
          8.1.4  Privacy disclosure
     8.2  Security threats w.r.t proof registration
          8.2.1  Proof fraud
          8.2.2  Proof tampering
          8.2.3  Timestamp dependence attack
          8.2.4  51% attack
          8.2.5  Briber attack
          8.2.6  Block-withholding attack
          8.2.7  Chain-hopping attack
          8.2.8  Distributed denial of service attack
          8.2.9  BGP hijacking attack
     8.3  Security threats w.r.t proof provenance
          8.3.1  Malicious information writing attack
          8.3.2  Proof information disclosure
9 Security requirements for DLT-based digital integrity proofing
     9.1  Security requirements for a user
          9.1.1  Protection of user identity
          9.1.2  Private key protection
          9.1.3  Privacy protection
     9.2  Security requirements for proof registration
          9.2.1  Avoidance of proof fraud
          9.2.2  Avoidance of proof tampering
          9.2.3  Protection of proof registration
     9.3  Security requirements for proof provenance
          9.3.1  Prevention against malicious information writing
          9.3.2  Protection of proof information
Appendix I  Use case of e-invoice based on distributed ledger technology
Appendix II  Use case for verification of academic certificates based on distributed ledger technology
Bibliography
<\pre>