Journal of Korea Society of Digital Industry and Information Management (디지털산업정보학회논문지)

Korea Society of Digital Industry and Information Management (디지털산업정보학회)
권호 표지
DOI QR코드

DOI QR Code

Comparing Zoom's Security Analysis and Security Update Results

줌의 보안 취약점 분석과 보안 업데이트 결과 비교

  • 김규형 (인제대학교 컴퓨터공학과, 영어영문학과) ;
  • 최윤성 (인제대학교 AI융합대학 산업보안전공)
  • Received : 2020.11.25
  • Accepted : 2020.12.15
  • Published : 2020.12.30
Download PDF
⟨ Previous Next ⟩

Abstract

As corona began to spread around the world, it had such a big impact on many people's lives that the word "Untact Culture" was born. Among them, non-face-to-face meetings naturally became a daily routine as educational institutions and many domestic and foreign companies used video conferencing service platforms. Among many video conferencing service platforms, Zoom, the company with the largest number of downloads, caused many security issues and caused many concerns about Zoom's security. In this paper, Zoom's security problems and vulnerabilities were classified into five categories, and Zoom's latest update to solve those problems and the 90-day security planning project were compared and analyzed. And the problem was solved and classified as unresolved. Three of the five parts have been resolved but are still described as how they should be resolved and improved in the future for the two remaining parts.

Keywords

References

  1. Kandukuri, Balachandra Reddy, and Atanu Rakshit, "Cloud security issues," IEEE International Conference on Services Computing, 2009, p.p.517-520.
  2. Kalaiprasath.R. Elankavi.Dr. R. Udayakumar, "CLOUD SECURITY AND COMPLIANCE - A SEMANTIC APPROACH IN END TO END SECURITY," International Journal of Mechanical Engineering and Technology, Vol.8, Issue 5, 2017, pp.987-994.
  3. Thierry Le Pennec, Inter-Network and inter-protocol video ocnference privacy method, apparatus, and computer program product, United States Patent(US 7474326B2), 2009.
  4. 양정모, "클라우드 컴퓨팅의 신뢰성 향상 방안에 관한 연구," 디지털산업정보학회 논문지, 제8권, 제4호, 2012, pp.107-113.
  5. 최은정, 아이뉴스24, 줌 회원정보 수만건 다크웹서 유출 주의, 2020.
  6. Sarah Young, "Zoombombing Your Toddler: User Experience and the Communucation of Zoom's Ptivacy Crisis," Journal of Business and Technical Communication, Vol.35, 2020, pp.147-153. https://doi.org/10.1177/1050651920959201
  7. 양환석, "공격정보 수집을 이용한 클라우드 서비스의 안전성 향상에 관한 연구," 디지털산업정보학회 논문지, 제9권, 제2호, 2013, pp.73-79.
  8. 이정애, 한겨레신문, 수업 도중 음란물·욕설 '줌폭격' 이뤄질라...뉴욕시 화상회의 플랫폼 '줌' 퇴출, 2020.
  9. 정혜인.김성준, "개인정보관리체계계(PIMS)를 이용한 클라우드컴퓨팅 개인정보 보안 개선 방안 연구," 디지털산업정보학회 논문지, 제12권, 제3호, 2016, pp.133-155.
  10. 지윤성, 뉴스톱, 줌(Zoom) 화상회의, 보안상 안전하지 않다 지윤성 팩트체커, 2020.
  11. THECITIZENLAB, Bill Marczak and John Scott-Railton, Move Fast and Roll Your Own Crypto 'A Quick Look at the Confidentiality of Zoom Meetings', 2020.
  12. 이상영.이윤현.이윤석, 이식성을 위한 메타데이터 기반의 CDSS 구축, 디지털산업정보학회 논문지, 제8권, 제1호, 2012, pp.221-229.
  13. Howard M. Zeidler.Palo Alto, Calif, END-TO-END ENCRYPTION SYSTEM AND METHOD OF OPERATION, United States Patent(US4578530), 1986.
  14. 이정태, AI타임스, Zoom(줌) 개인정보 보호 및 보안 문제 20가지, 2020.
  15. Deshpande, Ashwini M., Mangesh S. Deshpande, and Devendra N. Kayatanavar, "FPGA implementation of AES encryption and decryption," 2009 International Conference on Control, Automation, Communication and Energy Conservation. IEEE, 2009, p.p.1-6.
  16. 애드 테크 101, 줌 보안 이슈:위험성,문제점,대안, https://adtechnow.tistory.com/33, 2020.
  17. Weaver, Jesse, and Paul Tarjan, "Facebook linked data via the graph API," Semantic Web, 4, 2013, pp.1245-250.
  18. Burkhardt, Marcus, et al, "THE EVOLUTION OF FACEBOOK'S GRAPH API," AoIR The 21stAnnual Conference of the Association of Internet Researchers, AoIR2020, 2020.
  19. 유혜정, "프라이버시를 제공하는 저작권 보호 프로토콜," 디지털산업정보학회 논문지, 제4권, 제2호, 2008.
  20. 신문과 방송, 언텍트(Untact, 비대면), 한국진흥재단, 5월호, 2020.
  21. 네이버 개인정보보호, 화상회의 앱 '줌(ZOOM)'의 프라이버시 논란과 보안 이슈, 2020, https://blog.naver.com/n_privacy/221924299386.
  22. Kristin Finklea, Dark Web, Comgressional Research Service, 2017.
  23. Michael Chertoff.Tobby Simon, "The Impact of the Dark Web," Global Com,ission on Internet Governance, NO.6, 2015.
  24. Zoom Official Blog, 90-Day Security Plan Progress Report: April 29, 2020, https://blog.zoom.us/ko/90-day-security-plan-progress-report-april-29/.
  25. Zoom Official Blog, 90-Day Security Plan Progress Report: June 3, 2020, https://blog.zoom.us/ko/90-day-security-plan-progress-report-june-3/.
  26. Zoom Official Blog, Zoom's Use of Facebook's SDK in iOS Client, 2020, https://blog.zoom.us/ko/zoom-use-of-facebook-sdk-in-ios-client/.
  27. Zoom Official Blog, Secure Your Zoom Account with Two-Factor Authentication, 2020, https://blog.zoom.us/ko/secure-your-zoom-account-with-two-factor-authentication/.
  28. AEP코리아네트 블로그, Zoom에서 지원하는 E2EE(End-to-End Encryption), 2020, https://blog.naver.com/aepkoreanet/222121234397.
  29. Zoom Official Blog, Webinar Recap - Ask Me Anything with Eric Yuan & Zoom Leadership: Oct. 21, 2020, https://blog.zoom.us/webinar-recap-ask-me-anything-with-eric-yuan-oct-21/.
  30. Zoom Official Blog, Zoom Rolling Out End-to-End Encryption Offering, 2020, https://blog.zoom.us/zoom-rolling-out-end-to-end-encryption-offering/.
  31. Blum, Josh, et al. "E2E Encryption for Zoom Meetings," 2020.
  32. Mehmet Balasaygun, Freehold, NJ(US); Jean Meloche, Madison, NJ (US); Heinz Teutsch, Green Brook, NJ (US); stani Yajnik, Berkeley Heights, NJ(US), System and method for end-to-end encryption and security indication at an endpoint, United States Patent, US 9,356,917 B2, 2016.
  33. 최아름, 정보통신신문, '줌' 보안취약점 확인...정부차원 대책 마련 시급, 2020.
  34. Zoom Official Blog, CEO 보고서: 90일 완료 후 Zoom의 계획, 2020, https://blog.zoom.us/ko/ceo-report-90-days-done-whats-next-for-zoom/.
  35. Erastus Karanja, "The role of the chief information security officer in the management of IT security," Information & Computer Security, Vol.25, No.3, 2017, pp.300-329. https://doi.org/10.1108/ICS-02-2016-0013