The document discusses various contact tracing protocols including DP3T, Google-Apple Standard, and PEPP-PT. DP3T and Google-Apple Standard are decentralized protocols that keep data localized on devices for privacy. PEPP-PT is a centralized protocol that shares more data with servers, compromising privacy but allowing more data sharing. Overall the document analyzes the security, privacy and technical implications of different contact tracing approaches.
4. Contact Tracing (CT) is a tracing method for
human interactions.
It was created with the purpose of monitoring
people’s contacts with infected individuals and
noticing them the risk.
It allows epidemiological data gathering and the
creation of proximity graph. This efficiently
models interactions between infected and at-risk
individuals.
Thus, it is possible to better study virus spreading.
WhatisContactTracing?
@2020 by Christian Spolaore
5. Since smartphones are extensively used in our
everyday life, they were thought to be the best
solution for a simple and efficient Contact Tracing
system.
Interactions among individuals are surveyed,
managed and recorded by an application.
App activity is mediated/controlled by a remote
server and includes periodic communication with
Healthcare Authority (HA).
Whydevelopinganapp?
@2020 by Christian Spolaore
6. TheProtocols
• These protocols leave to
smartphones data elaboration
regarding contacts between users:
all sensitive data are stored
exclusively in local memory.
• DP3T
• APPLE/GOOGLE STANDARD
Decentralized Centralized
• These protocols give the back-end
server access to sensitive information
and a greater decisional power. They
share more data with epidemiologists
and the Healthcare Authority, but
they are also associated to a weaker
privacy protection for users.
• PEPP-PT
@2020 by Christian Spolaore
8. 1. Ephimeral pseudo-random ID (EPHID) are
generated by the smartphone via the
application of a cryptographic function to a
secret key.
2. Broadcast transmission to near devices and
EPHID reception.
3. The infected user sends the EPHIDs to the
server after HA authorization.
4. Server forwards those EPHIDs to all apps.
5. Each app periodically checks if it recorded
some of the forwarded EPHIDs and, in case,
the user receives a risk notification.
Generalscheme
@2020 by Christian Spolaore
9. • Fast notification.
• Random contacts tracing.
• Minimize the personnel.
• Possibility of voluntarily sharing additional data
with epidemiologists.
• DO NOT trace infected or at-risk patients.
• DO NOT locate hotspot.
• DO NOT use geolocation.
Purposes
@2020 by Christian Spolaore
10. • Completeness
• Precision
• Confidentiality
• Integrity
• Notifications sending
• Scalability
• Interoperability
Features
@2020 by Christian Spolaore
11. DP3T protocol is distinguished into two distinct
architectures: low-cost and unlinkable.
Both models send EPHIDs through BLE beacons and
ask user’s consent before sharing any data.
The second one does not allow, not even locally, a
direct connection between EPHIDs and the user
possessing the smartphone which generated them.
Low-cost design uses about 1 MB of storage per day
but it is computationally heavier.
Unlinkable design uses more memory (maximum of
110 MB per day), but consumes much less resources.
Differentdesigns
@2020 by Christian Spolaore
12. The system must be protected by the following
kinds of attacks:
• Eavesdropping
• Bluetooth sniffing
• Relay
• DoS
• Network study
• back-end compromising
Possibleattacks
@2020 by Christian Spolaore
13. The simplest attack is performed locally: the
attacker keeps a detailed record of the people he
met and at what time. Several accounts on distinct
devices will allow him to correlate risk
notifications, thus identifying the infected
individuals.
The attacker can also exploit background
knowledge such as users’ routines, thus increasing
his correlation success probability.
For a network attacker, it is easier to recover
infected users’ identity by monitoring packets’ flow.
Low-costdesign
@2020 by Christian Spolaore
14. It makes any local attacker’s record useless.
EPHIDs sent to the server have no explicit
dependency on the epoch when they were used.
EPHIDs of infected users are aggregated before
being broadcast to all apps.
Therefore, the attacker should install an antenna in
a place visited by only a fixed number of people per
time period.
UnlinkableDesign
@2020 by Christian Spolaore
15. Cryptography can mitigate these attacks to privacy.
A TEE is a secure environment executing
cryptographic operations. Nowadays most
smartphones have one.
EPHIDs of infected users are encrypted before
being sent from server to smartphones.
Decryption is performed inside the TEE.
The attacker can no longer directly compare
received and recorded EPHIDs.
TEE:TrustedExecution
Environment
@2020 by Christian Spolaore
16. The priority is still avoiding precision and
completeness loss due to attacker’s actions.
A short-time or high-distance contact, should not
allow an attacker to:
• sniff the EPHIDs.
• Amplify EPHIDs transmission range.
• Locate EPHIDs origin through the installation of
directional antennas.
Localattacks
@2020 by Christian Spolaore
17. Each EPHID could be divided into n BLE beacons.
Each device must receive at least k<n beacons in
order to succeed in recover the whole EPHID:
• a low k ensures robustness;
• a big k ensures better security.
An attacker at distance or listening for just a short
period of time, receives h<k beacons and does not
manage to recover the EPHID.
Eavesdropping, relay and sniffing attack are thus
prevented.
Asolution:secretsharing
@2020 by Christian Spolaore
18. On the contrary, some attacks aiming at compromising
the system cannot be avoided because of its own
structure.
The attacker can always:
• generate false events or notifications with
broadcast antennas (only in one precise epoch for
the unlinkable design).
• Sniff the packets sent by the server to smartphones,
preventing notification of risk.
• Destroy Bluetooth signal.
Attackstothesystem
@2020 by Christian Spolaore
20. WhyApple
andGoogle?
• According to the Big Data Institute of the University of
Oxford, an app would be efficient in slowing down virus
spreading only if at least 56% of the whole population used it.
• This is approximately 80% of smartphones’ possessors.
• iOS (Apple) manages 13.4% of smartphones.
• Android (Google) manages the remaining 86,6%.
https://www.bbc.com/news/technology-52294896
https://www.thelancet.com/action/showPdf?pii=S2214-109X%2820%2930074-7
@2020 by Christian Spolaore
21. WhyApple
andGoogle?
• At current state, iPhones do not allow background or
stand-by Bluetooth data transmissions to any app.
• Android, on the contrary, directly blocks a device if it is
recording too many attempts of Bluetooth connections.
• The two companies have proposed to add an on-purpose
app or at least a general framework in the next updates.
The tool is going to be deleted when the emergency will be
over.
https://venturebeat.com/2020/04/13/what-privacy-preserving-coronavirus-tracing-apps-need-to-succeed/
@2020 by Christian Spolaore
22. Thedesign
• It is a mixture between the two D3PT designs.
• EPHIDs are generated from a daily key, which is derived
from the secret master key. All the operations are carried
out through cryptographic operations.
• Data are exclusively processed in local.
• Every operation requires user’s consent.
• Epochs’ length varies between 10 and 20 minutes.
• Risk assessment is computed locally, but data delivered by
the server are not linkable.
@2020 by Christian Spolaore
23. Security
andPrivacy
• Considerations on many attacks on DP3T are still valid.
• Privacy is ensured by a wise use of cryptographic primitives.
• Sensitive data are not processed by Apple or Google. Trust is
on server’s administrators.
• Only one information is added to the records in order to
make local attacks even harder: proximity at reception
moment (via RSSI).
@2020 by Christian Spolaore
25. In the centralized Contact Tracing model, the
back-end server has a considerably higher
control on data flow. Actually, its functions are
the following:
• Maintaining a list of pseudonyms associated
to the users.
• Executing proximity tracing instead of
smartphones.
• Directly sending at-risk notifications.
• Sharing data with Healthcare Authority.
Acentralizedsolution
@2020 by Christian Spolaore
26. 1. User’s authentication.
2. EPHID generation from a cryptographic
primitive applied to a dynamic seed.
3. EPHIDs are exchanged among near
smartphones, as in the decentralized model.
4. Users with positive diagnosis give the
consent to upload to the server contact
records limited to contagious period.
5. The server evaluates the risk for each user
who had contacts with the infected
individual and sends the notification, if
necessary.
GeneralScheme
@2020 by Christian Spolaore
27. • Smartphones never know which are the contacts
with infected users, so a correlation attack is not
possible.
• Notifications are aggregated before being
broadcast by the server, in order to prevent an
eavesdropping attack.
However:
• The server can easily retrieve users’ identities
from the pseudonyms.
• The server explicitly knows infected users’
contacts.
Securityanalysis
@2020 by Christian Spolaore
28. WhataboutPrivacy?
• Here the server has access to almost all
processed sensitive data. In particular,
those regarding at-risk individuals are
disclosed to it with only the infected user’s
consent.
• Finally, the server can easily recover some
information which is out of protocol’s
declared purposes (also localization, with
some constraints).
• This appears to be in contrast with UE
GDPR legislation, effective since 25 May
2018.
Need-to-know principle – Each party involved in
a protocol should have access only to
information and resources which are necessary
to carry out their own task.
Every data protection policy
grounds on this principle!
@2020 by Christian Spolaore
30. ThechoicesofItalianGovernment
«The app Immuni gives the
citizens a possibility of
having a quick notification
in case of impending
contact with an infected
individual»
Luigi di Maio, 24 April 2020
On April 16, after
directions from the task
force charged by Minister
of Innovation Paola
Pisano, Immuni
development is assigned
to Bending Spoons
The reference protocol is
claimed to be the
controversial PEPP-PT
On April 22, after 300
experts signed an open
letter to highlight PEPP-
PT discussed issues, the
Government orders a
decentralized protocol to
be followed
@2020 by Christian Spolaore
31. Disputes
In order to be efficient, the app must be
ready before lockdown’s revocation,
which is highly unlikely.
Both existing protocols are exposed to
non-negligible attacks, considering the
risk of compromising the whole system.
Besides, Bluetooth technology is sadly
known for its several vulnerabilities.
A protection from false users’
declarations is still missing.
@2020 by Christian Spolaore
32. Foodfor
thought-I
• Contact Tracing does not solve the
problem. It can help to slow down virus
spreading, but it must be adequately
supported by an active policy aiming at
hosting infected and at-risk people in
proper structures and enforcing
quarantine measures on them.
• Otherwise, as it is already happening,
the app can induce the transformation
of households into the most dangerous
hotspots for the contagion.
@2020 by Christian Spolaore
33. Foodfor
thought-II
• Contrary to what declared on April 24
by Italian Minister of Foreign Affairs,
the treatment of data which are
processed by this kind of app arises
several issues.
• At the moment Google and Apple never
know with whom we are interacting
and are not able to recover the
proximity graph of an individual.
• For any abuse on sensitive data usage
carried out by these companies, in-
force privacy legislation safeguards the
citizens.
• What could potentially happen if such
sensitive data were inappropriately
used by the entities which already
possess executive and legislative
power?
@2020 by Christian Spolaore
34. Usefullinks…
…about the Italian situation:
https://www.ilsole24ore.com/art/l-app-immuni-cambia-seguira-modello-decentralizzato-apple-e-google-ADcBF4L
https://www.agendadigitale.eu/cultura-digitale/immuni-come-funziona-lapp-italiana-contro-il-coronavirus/
https://www.corriere.it/tecnologia/20_aprile_28/fase-2-riecco-app-arcuri-in-maggio-contact-tracing-giugno-diario-
clinico-314f2944-893d-11ea-8073-abbb9eae2ee6.shtml
https://www.ilsole24ore.com/art/in-arrivo-regole-privacy-tracciamento-la-app-ADHaVRN
…to reflect:
https://www.tagesspiegel.de/wissen/welche-technologie-soll-es-sein-das-
gefaehrliche-chaos-um-die-corona-app/25755338.html
https://www.theguardian.com/world/2020/apr/20/coronavirus-digital-contact-
tracing-will-fail-unless-privacy-is-respected-experts-warn
https://www.agendadigitale.eu/in-poche-parole/tracing-coronavirus-lignoranza-
di-chi-non-capisce-che-serve-una-legge/
@2020 by Christian Spolaore