블록체인 기반 토큰증권의 취약점평가 및 보안요구사항에 관한 연구

This study aims to analyze the security of blockchain-based security tokens (ST) from the perspective of the Common Vulnerability Scoring System (CVSS). Recently, token securities are expected to bring innovation to the traditional financial market. Still, they face difficulties in commercialization due to uncertainty in related legal systems and regulations, technological limitations, investor protection, and lack of clear security regulations. To solve these problems, we analyzed security vulnerabilities and security requirements from the three perspectives of CIA (Confidentiality, Integrity, Availability) using the CVSS of the National Institute of Standards and Technology (NIST) centered on the ERC-3643 standard, namely, Registry, Identity Contract, Compliance, and Token, through the Delphi method for experts, and derived vulnerability impact assessments and security requirements. As a result of the research, the impact of security vulnerabilities was evaluated as High in the Identity Contract and Token aspects. The security requirements from the CIA perspective were evaluated as High in the Registry section, and the integrity and availability were High in the Identity Contract section. The significance of this study is that while previous studies were focused on defining or declaring security requirements, this study verified the requirements for the relevant content as requirements suitable for the token securities process and reflected the differentiation. This study will be applied to domestic financial institutions that issue and distribute token securities and to actual IT systems.