SlideShare a Scribd company logo

Introduction to contact tracing apps and privacy issues

Christian Spolaore
Christian Spolaore

The document discusses various contact tracing protocols including DP3T, Google-Apple Standard, and PEPP-PT. DP3T and Google-Apple Standard are decentralized protocols that keep data localized on devices for privacy. PEPP-PT is a centralized protocol that shares more data with servers, compromising privacy but allowing more data sharing. Overall the document analyzes the security, privacy and technical implications of different contact tracing approaches.

Data & Analytics
1 of 34
Download to read offline
Introduction DP3T Google-Apple Standard PEPP-PT Conclusions 1 2 3 4 5 INDICE @2020 by Christian Spolaore
Introduction
Contact Tracing (CT) is a tracing method for human interactions. It was created with the purpose of monitoring people’s contacts with infected individuals and noticing them the risk. It allows epidemiological data gathering and the creation of proximity graph. This efficiently models interactions between infected and at-risk individuals. Thus, it is possible to better study virus spreading. WhatisContactTracing? @2020 by Christian Spolaore
Since smartphones are extensively used in our everyday life, they were thought to be the best solution for a simple and efficient Contact Tracing system. Interactions among individuals are surveyed, managed and recorded by an application. App activity is mediated/controlled by a remote server and includes periodic communication with Healthcare Authority (HA). Whydevelopinganapp? @2020 by Christian Spolaore
TheProtocols • These protocols leave to smartphones data elaboration regarding contacts between users: all sensitive data are stored exclusively in local memory. • DP3T • APPLE/GOOGLE STANDARD Decentralized Centralized • These protocols give the back-end server access to sensitive information and a greater decisional power. They share more data with epidemiologists and the Healthcare Authority, but they are also associated to a weaker privacy protection for users. • PEPP-PT @2020 by Christian Spolaore
DP3T https://github.com/DP-3T/documents/raw/master/DP3T%20White%20Paper.pdf
1. Ephimeral pseudo-random ID (EPHID) are generated by the smartphone via the application of a cryptographic function to a secret key. 2. Broadcast transmission to near devices and EPHID reception. 3. The infected user sends the EPHIDs to the server after HA authorization. 4. Server forwards those EPHIDs to all apps. 5. Each app periodically checks if it recorded some of the forwarded EPHIDs and, in case, the user receives a risk notification. Generalscheme @2020 by Christian Spolaore
• Fast notification. • Random contacts tracing. • Minimize the personnel. • Possibility of voluntarily sharing additional data with epidemiologists. • DO NOT trace infected or at-risk patients. • DO NOT locate hotspot. • DO NOT use geolocation. Purposes @2020 by Christian Spolaore
• Completeness • Precision • Confidentiality • Integrity • Notifications sending • Scalability • Interoperability Features @2020 by Christian Spolaore
DP3T protocol is distinguished into two distinct architectures: low-cost and unlinkable. Both models send EPHIDs through BLE beacons and ask user’s consent before sharing any data. The second one does not allow, not even locally, a direct connection between EPHIDs and the user possessing the smartphone which generated them. Low-cost design uses about 1 MB of storage per day but it is computationally heavier. Unlinkable design uses more memory (maximum of 110 MB per day), but consumes much less resources. Differentdesigns @2020 by Christian Spolaore
The system must be protected by the following kinds of attacks: • Eavesdropping • Bluetooth sniffing • Relay • DoS • Network study • back-end compromising Possibleattacks @2020 by Christian Spolaore
The simplest attack is performed locally: the attacker keeps a detailed record of the people he met and at what time. Several accounts on distinct devices will allow him to correlate risk notifications, thus identifying the infected individuals. The attacker can also exploit background knowledge such as users’ routines, thus increasing his correlation success probability. For a network attacker, it is easier to recover infected users’ identity by monitoring packets’ flow. Low-costdesign @2020 by Christian Spolaore
It makes any local attacker’s record useless. EPHIDs sent to the server have no explicit dependency on the epoch when they were used. EPHIDs of infected users are aggregated before being broadcast to all apps. Therefore, the attacker should install an antenna in a place visited by only a fixed number of people per time period. UnlinkableDesign @2020 by Christian Spolaore
Cryptography can mitigate these attacks to privacy. A TEE is a secure environment executing cryptographic operations. Nowadays most smartphones have one. EPHIDs of infected users are encrypted before being sent from server to smartphones. Decryption is performed inside the TEE. The attacker can no longer directly compare received and recorded EPHIDs. TEE:TrustedExecution Environment @2020 by Christian Spolaore
The priority is still avoiding precision and completeness loss due to attacker’s actions. A short-time or high-distance contact, should not allow an attacker to: • sniff the EPHIDs. • Amplify EPHIDs transmission range. • Locate EPHIDs origin through the installation of directional antennas. Localattacks @2020 by Christian Spolaore
Each EPHID could be divided into n BLE beacons. Each device must receive at least k<n beacons in order to succeed in recover the whole EPHID: • a low k ensures robustness; • a big k ensures better security. An attacker at distance or listening for just a short period of time, receives h<k beacons and does not manage to recover the EPHID. Eavesdropping, relay and sniffing attack are thus prevented. Asolution:secretsharing @2020 by Christian Spolaore
On the contrary, some attacks aiming at compromising the system cannot be avoided because of its own structure. The attacker can always: • generate false events or notifications with broadcast antennas (only in one precise epoch for the unlinkable design). • Sniff the packets sent by the server to smartphones, preventing notification of risk. • Destroy Bluetooth signal. Attackstothesystem @2020 by Christian Spolaore
Google-Apple Standard https://www.apple.com/covid19/contacttracing
WhyApple andGoogle? • According to the Big Data Institute of the University of Oxford, an app would be efficient in slowing down virus spreading only if at least 56% of the whole population used it. • This is approximately 80% of smartphones’ possessors. • iOS (Apple) manages 13.4% of smartphones. • Android (Google) manages the remaining 86,6%. https://www.bbc.com/news/technology-52294896 https://www.thelancet.com/action/showPdf?pii=S2214-109X%2820%2930074-7 @2020 by Christian Spolaore
WhyApple andGoogle? • At current state, iPhones do not allow background or stand-by Bluetooth data transmissions to any app. • Android, on the contrary, directly blocks a device if it is recording too many attempts of Bluetooth connections. • The two companies have proposed to add an on-purpose app or at least a general framework in the next updates. The tool is going to be deleted when the emergency will be over. https://venturebeat.com/2020/04/13/what-privacy-preserving-coronavirus-tracing-apps-need-to-succeed/ @2020 by Christian Spolaore
Thedesign • It is a mixture between the two D3PT designs. • EPHIDs are generated from a daily key, which is derived from the secret master key. All the operations are carried out through cryptographic operations. • Data are exclusively processed in local. • Every operation requires user’s consent. • Epochs’ length varies between 10 and 20 minutes. • Risk assessment is computed locally, but data delivered by the server are not linkable. @2020 by Christian Spolaore
Security andPrivacy • Considerations on many attacks on DP3T are still valid. • Privacy is ensured by a wise use of cryptographic primitives. • Sensitive data are not processed by Apple or Google. Trust is on server’s administrators. • Only one information is added to the records in order to make local attacks even harder: proximity at reception moment (via RSSI). @2020 by Christian Spolaore
PEPP-PT https://github.com/pepp-pt/pepp-pt-documentation
In the centralized Contact Tracing model, the back-end server has a considerably higher control on data flow. Actually, its functions are the following: • Maintaining a list of pseudonyms associated to the users. • Executing proximity tracing instead of smartphones. • Directly sending at-risk notifications. • Sharing data with Healthcare Authority. Acentralizedsolution @2020 by Christian Spolaore
1. User’s authentication. 2. EPHID generation from a cryptographic primitive applied to a dynamic seed. 3. EPHIDs are exchanged among near smartphones, as in the decentralized model. 4. Users with positive diagnosis give the consent to upload to the server contact records limited to contagious period. 5. The server evaluates the risk for each user who had contacts with the infected individual and sends the notification, if necessary. GeneralScheme @2020 by Christian Spolaore
• Smartphones never know which are the contacts with infected users, so a correlation attack is not possible. • Notifications are aggregated before being broadcast by the server, in order to prevent an eavesdropping attack. However: • The server can easily retrieve users’ identities from the pseudonyms. • The server explicitly knows infected users’ contacts. Securityanalysis @2020 by Christian Spolaore
WhataboutPrivacy? • Here the server has access to almost all processed sensitive data. In particular, those regarding at-risk individuals are disclosed to it with only the infected user’s consent. • Finally, the server can easily recover some information which is out of protocol’s declared purposes (also localization, with some constraints). • This appears to be in contrast with UE GDPR legislation, effective since 25 May 2018. Need-to-know principle – Each party involved in a protocol should have access only to information and resources which are necessary to carry out their own task. Every data protection policy grounds on this principle! @2020 by Christian Spolaore
Conclusions
ThechoicesofItalianGovernment «The app Immuni gives the citizens a possibility of having a quick notification in case of impending contact with an infected individual» Luigi di Maio, 24 April 2020 On April 16, after directions from the task force charged by Minister of Innovation Paola Pisano, Immuni development is assigned to Bending Spoons The reference protocol is claimed to be the controversial PEPP-PT On April 22, after 300 experts signed an open letter to highlight PEPP- PT discussed issues, the Government orders a decentralized protocol to be followed @2020 by Christian Spolaore
Disputes  In order to be efficient, the app must be ready before lockdown’s revocation, which is highly unlikely.  Both existing protocols are exposed to non-negligible attacks, considering the risk of compromising the whole system.  Besides, Bluetooth technology is sadly known for its several vulnerabilities.  A protection from false users’ declarations is still missing. @2020 by Christian Spolaore
Foodfor thought-I • Contact Tracing does not solve the problem. It can help to slow down virus spreading, but it must be adequately supported by an active policy aiming at hosting infected and at-risk people in proper structures and enforcing quarantine measures on them. • Otherwise, as it is already happening, the app can induce the transformation of households into the most dangerous hotspots for the contagion. @2020 by Christian Spolaore
Foodfor thought-II • Contrary to what declared on April 24 by Italian Minister of Foreign Affairs, the treatment of data which are processed by this kind of app arises several issues. • At the moment Google and Apple never know with whom we are interacting and are not able to recover the proximity graph of an individual. • For any abuse on sensitive data usage carried out by these companies, in- force privacy legislation safeguards the citizens. • What could potentially happen if such sensitive data were inappropriately used by the entities which already possess executive and legislative power? @2020 by Christian Spolaore
Usefullinks… …about the Italian situation: https://www.ilsole24ore.com/art/l-app-immuni-cambia-seguira-modello-decentralizzato-apple-e-google-ADcBF4L https://www.agendadigitale.eu/cultura-digitale/immuni-come-funziona-lapp-italiana-contro-il-coronavirus/ https://www.corriere.it/tecnologia/20_aprile_28/fase-2-riecco-app-arcuri-in-maggio-contact-tracing-giugno-diario- clinico-314f2944-893d-11ea-8073-abbb9eae2ee6.shtml https://www.ilsole24ore.com/art/in-arrivo-regole-privacy-tracciamento-la-app-ADHaVRN …to reflect: https://www.tagesspiegel.de/wissen/welche-technologie-soll-es-sein-das- gefaehrliche-chaos-um-die-corona-app/25755338.html https://www.theguardian.com/world/2020/apr/20/coronavirus-digital-contact- tracing-will-fail-unless-privacy-is-respected-experts-warn https://www.agendadigitale.eu/in-poche-parole/tracing-coronavirus-lignoranza- di-chi-non-capisce-che-serve-una-legge/ @2020 by Christian Spolaore

Recommended

Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringLancope, Inc.
 
Anonymizers
AnonymizersAnonymizers
AnonymizersGregory Hanis
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityfrcarlson
 
Ransomware protection in loT using software defined networking
Ransomware protection in loT using software defined networking Ransomware protection in loT using software defined networking
Ransomware protection in loT using software defined networking IJECEIAES
 
Report of android hacking
Report of android hackingReport of android hacking
Report of android hackingdiv2345
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent ThreatAmmar WK
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 
Internet of Things: Challenges and Issues
Internet of Things: Challenges and IssuesInternet of Things: Challenges and Issues
Internet of Things: Challenges and Issuesrjain51
 

Recommended

Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringLancope, Inc.
 
Anonymizers
AnonymizersAnonymizers
AnonymizersGregory Hanis
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityfrcarlson
 
Ransomware protection in loT using software defined networking
Ransomware protection in loT using software defined networking Ransomware protection in loT using software defined networking
Ransomware protection in loT using software defined networking IJECEIAES
 
Report of android hacking
Report of android hackingReport of android hacking
Report of android hackingdiv2345
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent ThreatAmmar WK
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 
Internet of Things: Challenges and Issues
Internet of Things: Challenges and IssuesInternet of Things: Challenges and Issues
Internet of Things: Challenges and Issuesrjain51
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
SafetyScore
SafetyScoreSafetyScore
SafetyScoreTav .
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 
Honeypot Methods and Applications
Honeypot Methods and ApplicationsHoneypot Methods and Applications
Honeypot Methods and Applicationsijtsrd
 
SafetyScore
SafetyScoreSafetyScore
SafetyScoreTav .
 
Introduction to Honeypots
Introduction to HoneypotsIntroduction to Honeypots
Introduction to HoneypotsEmil Tan
 
Honeypot 101 (slide share)
Honeypot 101 (slide share)Honeypot 101 (slide share)
Honeypot 101 (slide share)Emil Tan
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynetsRasool Irfan
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)Network Intelligence India
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1samrat saurabh
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101Lookout
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876Momita Sharma
 
Praetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyPraetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyTyler Shields
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsPeter Wood
 
Network Vulnerability and Patching
Network Vulnerability and PatchingNetwork Vulnerability and Patching
Network Vulnerability and PatchingEmmanuel Udeagha B.
 
Dissecting internet of things by avinash sinha
Dissecting internet of things by avinash sinhaDissecting internet of things by avinash sinha
Dissecting internet of things by avinash sinhaAvinash Sinha
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network SecurityKirubaburi R
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesamit kumar
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointLancope, Inc.
 
Smart phone and mobile device security
Smart phone and mobile device securitySmart phone and mobile device security
Smart phone and mobile device securityCAS
 
Blockchain framework for detecting the infected cases of covid 19 pandemic
Blockchain framework for detecting the infected cases of covid 19 pandemicBlockchain framework for detecting the infected cases of covid 19 pandemic
Blockchain framework for detecting the infected cases of covid 19 pandemicAboul Ella Hassanien
 
Internet of things (IoT)
Internet of things (IoT)Internet of things (IoT)
Internet of things (IoT)GOPAL BASAK
 

More Related Content

What's hot

Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
SafetyScore
SafetyScoreSafetyScore
SafetyScoreTav .
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 
Honeypot Methods and Applications
Honeypot Methods and ApplicationsHoneypot Methods and Applications
Honeypot Methods and Applicationsijtsrd
 
SafetyScore
SafetyScoreSafetyScore
SafetyScoreTav .
 
Introduction to Honeypots
Introduction to HoneypotsIntroduction to Honeypots
Introduction to HoneypotsEmil Tan
 
Honeypot 101 (slide share)
Honeypot 101 (slide share)Honeypot 101 (slide share)
Honeypot 101 (slide share)Emil Tan
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynetsRasool Irfan
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101Lookout
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876Momita Sharma
 
Praetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyPraetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyTyler Shields
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsPeter Wood
 
Network Vulnerability and Patching
Network Vulnerability and PatchingNetwork Vulnerability and Patching
Network Vulnerability and PatchingEmmanuel Udeagha B.
 
Dissecting internet of things by avinash sinha
Dissecting internet of things by avinash sinhaDissecting internet of things by avinash sinha
Dissecting internet of things by avinash sinhaAvinash Sinha
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network SecurityKirubaburi R
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesamit kumar
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointLancope, Inc.
 
Smart phone and mobile device security
Smart phone and mobile device securitySmart phone and mobile device security
Smart phone and mobile device securityCAS
 

What's hot (20)

Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
 
SafetyScore
SafetyScoreSafetyScore
SafetyScore
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)
 
Honeypot Methods and Applications
Honeypot Methods and ApplicationsHoneypot Methods and Applications
Honeypot Methods and Applications
 
SafetyScore
SafetyScoreSafetyScore
SafetyScore
 
Introduction to Honeypots
Introduction to HoneypotsIntroduction to Honeypots
Introduction to Honeypots
 
Honeypot 101 (slide share)
Honeypot 101 (slide share)Honeypot 101 (slide share)
Honeypot 101 (slide share)
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynets
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876
 
Praetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyPraetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile Privacy
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
 
Network Vulnerability and Patching
Network Vulnerability and PatchingNetwork Vulnerability and Patching
Network Vulnerability and Patching
 
Dissecting internet of things by avinash sinha
Dissecting internet of things by avinash sinhaDissecting internet of things by avinash sinha
Dissecting internet of things by avinash sinha
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network Security
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantages
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the Endpoint
 
Smart phone and mobile device security
Smart phone and mobile device securitySmart phone and mobile device security
Smart phone and mobile device security
 

Similar to Introduction to contact tracing apps and privacy issues

Blockchain framework for detecting the infected cases of covid 19 pandemic
Blockchain framework for detecting the infected cases of covid 19 pandemicBlockchain framework for detecting the infected cases of covid 19 pandemic
Blockchain framework for detecting the infected cases of covid 19 pandemicAboul Ella Hassanien
 
Internet of things (IoT)
Internet of things (IoT)Internet of things (IoT)
Internet of things (IoT)GOPAL BASAK
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSomasundaram Jambunathan
 
Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Somasundaram Jambunathan
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data ProtectionUthsoNandy
 
Cyber security and Privacy Awareness manual
Cyber security and Privacy Awareness manual Cyber security and Privacy Awareness manual
Cyber security and Privacy Awareness manual Jay Nagar
 
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...APNIC
 
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...APNIC
 
Mobi hoc panel_arpanpal
Mobi hoc panel_arpanpalMobi hoc panel_arpanpal
Mobi hoc panel_arpanpalArpan Pal
 
Sophos Next-Generation Enduser Protection
Sophos Next-Generation Enduser ProtectionSophos Next-Generation Enduser Protection
Sophos Next-Generation Enduser ProtectionGiovanni Giovannelli
 
Internet of things, and rise of ibeacons
Internet of things, and rise of ibeaconsInternet of things, and rise of ibeacons
Internet of things, and rise of ibeaconsJanusz Chudzynski
 
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)Vince Verbeke
 
Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)SecPod Technologies
 
Security in the News
Security in the NewsSecurity in the News
Security in the NewsJames Sutter
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsVince Verbeke
 
Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Moon Technolabs Pvt. Ltd.
 
Third Annual Mobile Threats Report
Third Annual Mobile Threats ReportThird Annual Mobile Threats Report
Third Annual Mobile Threats ReportJuniper Networks
 

Similar to Introduction to contact tracing apps and privacy issues (20)

Blockchain framework for detecting the infected cases of covid 19 pandemic
Blockchain framework for detecting the infected cases of covid 19 pandemicBlockchain framework for detecting the infected cases of covid 19 pandemic
Blockchain framework for detecting the infected cases of covid 19 pandemic
 
Internet of things (IoT)
Internet of things (IoT)Internet of things (IoT)
Internet of things (IoT)
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of Things
 
Internet security
Internet securityInternet security
Internet security
 
Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data Protection
 
Cyber security and Privacy Awareness manual
Cyber security and Privacy Awareness manual Cyber security and Privacy Awareness manual
Cyber security and Privacy Awareness manual
 
Smartphone
SmartphoneSmartphone
Smartphone
 
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
 
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
 
Mobi hoc panel_arpanpal
Mobi hoc panel_arpanpalMobi hoc panel_arpanpal
Mobi hoc panel_arpanpal
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
Sophos Next-Generation Enduser Protection
Sophos Next-Generation Enduser ProtectionSophos Next-Generation Enduser Protection
Sophos Next-Generation Enduser Protection
 
Internet of things, and rise of ibeacons
Internet of things, and rise of ibeaconsInternet of things, and rise of ibeacons
Internet of things, and rise of ibeacons
 
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
 
Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)
 
Security in the News
Security in the NewsSecurity in the News
Security in the News
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and Tablets
 
Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it
 
Third Annual Mobile Threats Report
Third Annual Mobile Threats ReportThird Annual Mobile Threats Report
Third Annual Mobile Threats Report
 

Recently uploaded

NLP Project PPT: Flipkart Product Reviews through NLP Data Science.pptx
NLP Project PPT: Flipkart Product Reviews through NLP Data Science.pptxNLP Project PPT: Flipkart Product Reviews through NLP Data Science.pptx
NLP Project PPT: Flipkart Product Reviews through NLP Data Science.pptxBoston Institute of Analytics
 
Call Girls In Dwarka 9654467111 Escorts Service
Call Girls In Dwarka 9654467111 Escorts ServiceCall Girls In Dwarka 9654467111 Escorts Service
Call Girls In Dwarka 9654467111 Escorts ServiceSapana Sha
 
ASML's Taxonomy Adventure by Daniel Canter
ASML's Taxonomy Adventure by Daniel CanterASML's Taxonomy Adventure by Daniel Canter
ASML's Taxonomy Adventure by Daniel Cantervoginip
 
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degreeyuu sss
 
DBA Basics: Getting Started with Performance Tuning.pdf
DBA Basics: Getting Started with Performance Tuning.pdfDBA Basics: Getting Started with Performance Tuning.pdf
DBA Basics: Getting Started with Performance Tuning.pdfJohn Sterrett
 
GA4 Without Cookies [Measure Camp AMS]
GA4 Without Cookies [Measure Camp AMS]GA4 Without Cookies [Measure Camp AMS]
GA4 Without Cookies [Measure Camp AMS]📊 Markus Baersch
 
Amazon TQM (2) Amazon TQM (2)Amazon TQM (2).pptx
Amazon TQM (2) Amazon TQM (2)Amazon TQM (2).pptxAmazon TQM (2) Amazon TQM (2)Amazon TQM (2).pptx
Amazon TQM (2) Amazon TQM (2)Amazon TQM (2).pptxAbdelrhman abooda
 
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一F La
 
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档208367051
 
办理(UWIC毕业证书)英国卡迪夫城市大学毕业证成绩单原版一比一
办理(UWIC毕业证书)英国卡迪夫城市大学毕业证成绩单原版一比一办理(UWIC毕业证书)英国卡迪夫城市大学毕业证成绩单原版一比一
办理(UWIC毕业证书)英国卡迪夫城市大学毕业证成绩单原版一比一F La
 
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.pptdokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.pptSonatrach
 
Industrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdfIndustrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdfLars Albertsson
 
Top 5 Best Data Analytics Courses In Queens
Top 5 Best Data Analytics Courses In QueensTop 5 Best Data Analytics Courses In Queens
Top 5 Best Data Analytics Courses In Queensdataanalyticsqueen03
 
办理学位证纽约大学毕业证(NYU毕业证书)原版一比一
办理学位证纽约大学毕业证(NYU毕业证书)原版一比一办理学位证纽约大学毕业证(NYU毕业证书)原版一比一
办理学位证纽约大学毕业证(NYU毕业证书)原版一比一fhwihughh
 
RS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝Delhi
RS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝DelhiRS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝Delhi
RS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝Delhijennyeacort
 
PKS-TGC-1084-630 - Stage 1 Proposal.pptx
PKS-TGC-1084-630 - Stage 1 Proposal.pptxPKS-TGC-1084-630 - Stage 1 Proposal.pptx
PKS-TGC-1084-630 - Stage 1 Proposal.pptxPramod Kumar Srivastava
 
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)jennyeacort
 

Recently uploaded (20)

NLP Project PPT: Flipkart Product Reviews through NLP Data Science.pptx
NLP Project PPT: Flipkart Product Reviews through NLP Data Science.pptxNLP Project PPT: Flipkart Product Reviews through NLP Data Science.pptx
NLP Project PPT: Flipkart Product Reviews through NLP Data Science.pptx
 
Call Girls In Dwarka 9654467111 Escorts Service
Call Girls In Dwarka 9654467111 Escorts ServiceCall Girls In Dwarka 9654467111 Escorts Service
Call Girls In Dwarka 9654467111 Escorts Service
 
ASML's Taxonomy Adventure by Daniel Canter
ASML's Taxonomy Adventure by Daniel CanterASML's Taxonomy Adventure by Daniel Canter
ASML's Taxonomy Adventure by Daniel Canter
 
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
 
DBA Basics: Getting Started with Performance Tuning.pdf
DBA Basics: Getting Started with Performance Tuning.pdfDBA Basics: Getting Started with Performance Tuning.pdf
DBA Basics: Getting Started with Performance Tuning.pdf
 
GA4 Without Cookies [Measure Camp AMS]
GA4 Without Cookies [Measure Camp AMS]GA4 Without Cookies [Measure Camp AMS]
GA4 Without Cookies [Measure Camp AMS]
 
Amazon TQM (2) Amazon TQM (2)Amazon TQM (2).pptx
Amazon TQM (2) Amazon TQM (2)Amazon TQM (2).pptxAmazon TQM (2) Amazon TQM (2)Amazon TQM (2).pptx
Amazon TQM (2) Amazon TQM (2)Amazon TQM (2).pptx
 
E-Commerce Order PredictionShraddha Kamble.pptx
E-Commerce Order PredictionShraddha Kamble.pptxE-Commerce Order PredictionShraddha Kamble.pptx
E-Commerce Order PredictionShraddha Kamble.pptx
 
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
 
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档
 
办理(UWIC毕业证书)英国卡迪夫城市大学毕业证成绩单原版一比一
办理(UWIC毕业证书)英国卡迪夫城市大学毕业证成绩单原版一比一办理(UWIC毕业证书)英国卡迪夫城市大学毕业证成绩单原版一比一
办理(UWIC毕业证书)英国卡迪夫城市大学毕业证成绩单原版一比一
 
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.pptdokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
 
Industrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdfIndustrialised data - the key to AI success.pdf
Industrialised data - the key to AI success.pdf
 
Top 5 Best Data Analytics Courses In Queens
Top 5 Best Data Analytics Courses In QueensTop 5 Best Data Analytics Courses In Queens
Top 5 Best Data Analytics Courses In Queens
 
办理学位证纽约大学毕业证(NYU毕业证书)原版一比一
办理学位证纽约大学毕业证(NYU毕业证书)原版一比一办理学位证纽约大学毕业证(NYU毕业证书)原版一比一
办理学位证纽约大学毕业证(NYU毕业证书)原版一比一
 
RS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝Delhi
RS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝DelhiRS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝Delhi
RS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝Delhi
 
PKS-TGC-1084-630 - Stage 1 Proposal.pptx
PKS-TGC-1084-630 - Stage 1 Proposal.pptxPKS-TGC-1084-630 - Stage 1 Proposal.pptx
PKS-TGC-1084-630 - Stage 1 Proposal.pptx
 
Deep Generative Learning for All - The Gen AI Hype (Spring 2024)
Deep Generative Learning for All - The Gen AI Hype (Spring 2024)Deep Generative Learning for All - The Gen AI Hype (Spring 2024)
Deep Generative Learning for All - The Gen AI Hype (Spring 2024)
 
Call Girls in Saket 99530🔝 56974 Escort Service
Call Girls in Saket 99530🔝 56974 Escort ServiceCall Girls in Saket 99530🔝 56974 Escort Service
Call Girls in Saket 99530🔝 56974 Escort Service
 
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
 

Introduction to contact tracing apps and privacy issues

  • 1.
  • 4. Contact Tracing (CT) is a tracing method for human interactions. It was created with the purpose of monitoring people’s contacts with infected individuals and noticing them the risk. It allows epidemiological data gathering and the creation of proximity graph. This efficiently models interactions between infected and at-risk individuals. Thus, it is possible to better study virus spreading. WhatisContactTracing? @2020 by Christian Spolaore
  • 5. Since smartphones are extensively used in our everyday life, they were thought to be the best solution for a simple and efficient Contact Tracing system. Interactions among individuals are surveyed, managed and recorded by an application. App activity is mediated/controlled by a remote server and includes periodic communication with Healthcare Authority (HA). Whydevelopinganapp? @2020 by Christian Spolaore
  • 6. TheProtocols • These protocols leave to smartphones data elaboration regarding contacts between users: all sensitive data are stored exclusively in local memory. • DP3T • APPLE/GOOGLE STANDARD Decentralized Centralized • These protocols give the back-end server access to sensitive information and a greater decisional power. They share more data with epidemiologists and the Healthcare Authority, but they are also associated to a weaker privacy protection for users. • PEPP-PT @2020 by Christian Spolaore
  • 8. 1. Ephimeral pseudo-random ID (EPHID) are generated by the smartphone via the application of a cryptographic function to a secret key. 2. Broadcast transmission to near devices and EPHID reception. 3. The infected user sends the EPHIDs to the server after HA authorization. 4. Server forwards those EPHIDs to all apps. 5. Each app periodically checks if it recorded some of the forwarded EPHIDs and, in case, the user receives a risk notification. Generalscheme @2020 by Christian Spolaore
  • 9. • Fast notification. • Random contacts tracing. • Minimize the personnel. • Possibility of voluntarily sharing additional data with epidemiologists. • DO NOT trace infected or at-risk patients. • DO NOT locate hotspot. • DO NOT use geolocation. Purposes @2020 by Christian Spolaore
  • 10. • Completeness • Precision • Confidentiality • Integrity • Notifications sending • Scalability • Interoperability Features @2020 by Christian Spolaore
  • 11. DP3T protocol is distinguished into two distinct architectures: low-cost and unlinkable. Both models send EPHIDs through BLE beacons and ask user’s consent before sharing any data. The second one does not allow, not even locally, a direct connection between EPHIDs and the user possessing the smartphone which generated them. Low-cost design uses about 1 MB of storage per day but it is computationally heavier. Unlinkable design uses more memory (maximum of 110 MB per day), but consumes much less resources. Differentdesigns @2020 by Christian Spolaore
  • 12. The system must be protected by the following kinds of attacks: • Eavesdropping • Bluetooth sniffing • Relay • DoS • Network study • back-end compromising Possibleattacks @2020 by Christian Spolaore
  • 13. The simplest attack is performed locally: the attacker keeps a detailed record of the people he met and at what time. Several accounts on distinct devices will allow him to correlate risk notifications, thus identifying the infected individuals. The attacker can also exploit background knowledge such as users’ routines, thus increasing his correlation success probability. For a network attacker, it is easier to recover infected users’ identity by monitoring packets’ flow. Low-costdesign @2020 by Christian Spolaore
  • 14. It makes any local attacker’s record useless. EPHIDs sent to the server have no explicit dependency on the epoch when they were used. EPHIDs of infected users are aggregated before being broadcast to all apps. Therefore, the attacker should install an antenna in a place visited by only a fixed number of people per time period. UnlinkableDesign @2020 by Christian Spolaore
  • 15. Cryptography can mitigate these attacks to privacy. A TEE is a secure environment executing cryptographic operations. Nowadays most smartphones have one. EPHIDs of infected users are encrypted before being sent from server to smartphones. Decryption is performed inside the TEE. The attacker can no longer directly compare received and recorded EPHIDs. TEE:TrustedExecution Environment @2020 by Christian Spolaore
  • 16. The priority is still avoiding precision and completeness loss due to attacker’s actions. A short-time or high-distance contact, should not allow an attacker to: • sniff the EPHIDs. • Amplify EPHIDs transmission range. • Locate EPHIDs origin through the installation of directional antennas. Localattacks @2020 by Christian Spolaore
  • 17. Each EPHID could be divided into n BLE beacons. Each device must receive at least k<n beacons in order to succeed in recover the whole EPHID: • a low k ensures robustness; • a big k ensures better security. An attacker at distance or listening for just a short period of time, receives h<k beacons and does not manage to recover the EPHID. Eavesdropping, relay and sniffing attack are thus prevented. Asolution:secretsharing @2020 by Christian Spolaore
  • 18. On the contrary, some attacks aiming at compromising the system cannot be avoided because of its own structure. The attacker can always: • generate false events or notifications with broadcast antennas (only in one precise epoch for the unlinkable design). • Sniff the packets sent by the server to smartphones, preventing notification of risk. • Destroy Bluetooth signal. Attackstothesystem @2020 by Christian Spolaore
  • 20. WhyApple andGoogle? • According to the Big Data Institute of the University of Oxford, an app would be efficient in slowing down virus spreading only if at least 56% of the whole population used it. • This is approximately 80% of smartphones’ possessors. • iOS (Apple) manages 13.4% of smartphones. • Android (Google) manages the remaining 86,6%. https://www.bbc.com/news/technology-52294896 https://www.thelancet.com/action/showPdf?pii=S2214-109X%2820%2930074-7 @2020 by Christian Spolaore
  • 21. WhyApple andGoogle? • At current state, iPhones do not allow background or stand-by Bluetooth data transmissions to any app. • Android, on the contrary, directly blocks a device if it is recording too many attempts of Bluetooth connections. • The two companies have proposed to add an on-purpose app or at least a general framework in the next updates. The tool is going to be deleted when the emergency will be over. https://venturebeat.com/2020/04/13/what-privacy-preserving-coronavirus-tracing-apps-need-to-succeed/ @2020 by Christian Spolaore
  • 22. Thedesign • It is a mixture between the two D3PT designs. • EPHIDs are generated from a daily key, which is derived from the secret master key. All the operations are carried out through cryptographic operations. • Data are exclusively processed in local. • Every operation requires user’s consent. • Epochs’ length varies between 10 and 20 minutes. • Risk assessment is computed locally, but data delivered by the server are not linkable. @2020 by Christian Spolaore
  • 23. Security andPrivacy • Considerations on many attacks on DP3T are still valid. • Privacy is ensured by a wise use of cryptographic primitives. • Sensitive data are not processed by Apple or Google. Trust is on server’s administrators. • Only one information is added to the records in order to make local attacks even harder: proximity at reception moment (via RSSI). @2020 by Christian Spolaore
  • 25. In the centralized Contact Tracing model, the back-end server has a considerably higher control on data flow. Actually, its functions are the following: • Maintaining a list of pseudonyms associated to the users. • Executing proximity tracing instead of smartphones. • Directly sending at-risk notifications. • Sharing data with Healthcare Authority. Acentralizedsolution @2020 by Christian Spolaore
  • 26. 1. User’s authentication. 2. EPHID generation from a cryptographic primitive applied to a dynamic seed. 3. EPHIDs are exchanged among near smartphones, as in the decentralized model. 4. Users with positive diagnosis give the consent to upload to the server contact records limited to contagious period. 5. The server evaluates the risk for each user who had contacts with the infected individual and sends the notification, if necessary. GeneralScheme @2020 by Christian Spolaore
  • 27. • Smartphones never know which are the contacts with infected users, so a correlation attack is not possible. • Notifications are aggregated before being broadcast by the server, in order to prevent an eavesdropping attack. However: • The server can easily retrieve users’ identities from the pseudonyms. • The server explicitly knows infected users’ contacts. Securityanalysis @2020 by Christian Spolaore
  • 28. WhataboutPrivacy? • Here the server has access to almost all processed sensitive data. In particular, those regarding at-risk individuals are disclosed to it with only the infected user’s consent. • Finally, the server can easily recover some information which is out of protocol’s declared purposes (also localization, with some constraints). • This appears to be in contrast with UE GDPR legislation, effective since 25 May 2018. Need-to-know principle – Each party involved in a protocol should have access only to information and resources which are necessary to carry out their own task. Every data protection policy grounds on this principle! @2020 by Christian Spolaore
  • 30. ThechoicesofItalianGovernment «The app Immuni gives the citizens a possibility of having a quick notification in case of impending contact with an infected individual» Luigi di Maio, 24 April 2020 On April 16, after directions from the task force charged by Minister of Innovation Paola Pisano, Immuni development is assigned to Bending Spoons The reference protocol is claimed to be the controversial PEPP-PT On April 22, after 300 experts signed an open letter to highlight PEPP- PT discussed issues, the Government orders a decentralized protocol to be followed @2020 by Christian Spolaore
  • 31. Disputes  In order to be efficient, the app must be ready before lockdown’s revocation, which is highly unlikely.  Both existing protocols are exposed to non-negligible attacks, considering the risk of compromising the whole system.  Besides, Bluetooth technology is sadly known for its several vulnerabilities.  A protection from false users’ declarations is still missing. @2020 by Christian Spolaore
  • 32. Foodfor thought-I • Contact Tracing does not solve the problem. It can help to slow down virus spreading, but it must be adequately supported by an active policy aiming at hosting infected and at-risk people in proper structures and enforcing quarantine measures on them. • Otherwise, as it is already happening, the app can induce the transformation of households into the most dangerous hotspots for the contagion. @2020 by Christian Spolaore
  • 33. Foodfor thought-II • Contrary to what declared on April 24 by Italian Minister of Foreign Affairs, the treatment of data which are processed by this kind of app arises several issues. • At the moment Google and Apple never know with whom we are interacting and are not able to recover the proximity graph of an individual. • For any abuse on sensitive data usage carried out by these companies, in- force privacy legislation safeguards the citizens. • What could potentially happen if such sensitive data were inappropriately used by the entities which already possess executive and legislative power? @2020 by Christian Spolaore
  • 34. Usefullinks… …about the Italian situation: https://www.ilsole24ore.com/art/l-app-immuni-cambia-seguira-modello-decentralizzato-apple-e-google-ADcBF4L https://www.agendadigitale.eu/cultura-digitale/immuni-come-funziona-lapp-italiana-contro-il-coronavirus/ https://www.corriere.it/tecnologia/20_aprile_28/fase-2-riecco-app-arcuri-in-maggio-contact-tracing-giugno-diario- clinico-314f2944-893d-11ea-8073-abbb9eae2ee6.shtml https://www.ilsole24ore.com/art/in-arrivo-regole-privacy-tracciamento-la-app-ADHaVRN …to reflect: https://www.tagesspiegel.de/wissen/welche-technologie-soll-es-sein-das- gefaehrliche-chaos-um-die-corona-app/25755338.html https://www.theguardian.com/world/2020/apr/20/coronavirus-digital-contact- tracing-will-fail-unless-privacy-is-respected-experts-warn https://www.agendadigitale.eu/in-poche-parole/tracing-coronavirus-lignoranza- di-chi-non-capisce-che-serve-una-legge/ @2020 by Christian Spolaore