Contact Tracing Project

Mobile Apps for Contact Tracing

Using advanced digital tracing apps on mobile devices can help reduce manual effort and significantly increase tracing accuracy. However, these tracking technologies collect highly sensitive data from individuals, mandating the use of strong privacy protections for these data. Many proposed approaches for contact tracing have, however significant deficiencies in this respect.

Tracing Apps are Only a Part of the Solution to COVID-19

In addition, for efficient response to the spread of the pandemic, a tracing app alone is not sufficient. A comprehensive ecosystem of services to address the questions and problems of people affected with the COVID-19 disease is required to help people to cope with the situation, and gather useful information about the dynamism of the pandemic and its societal effects in a privacy-preserving manner.

Goals and contributions

The goal of this project is to investigate the technologies used for contact tracing and determine the requirements for a pandemic information platform to be used in connection with mobile contact tracing. We investigate technologies and designs required to enable a controlled exposure of data ranging from the desired complete anonymity of tracing, to required identification and authentication for personal health services.

In particular, the project seeks to investigate privacy and security requirements for tracing apps and evaluate the effectiveness of different designs to meet these requirements in particular with regard to aspects related to security and user privacy and anonymity.

Long Live Randomization: On Privacy-Preserving Contact Tracing in Pandemic

Authors: Thien Duc Nguyen, Markus Miettinen and Ahmad-Reza Sadeghi
Conference: Proceedings of the 7th ACM Workshop on Moving Target Defense, Virtual Event, USA , November 2020

Abstract: Caused by coronavirus SARS-CoV-2, the COVID-19 disease spreads particularly through direct contact between people. Health authorities face the challenge of identifying and isolating infection chains to prevent the pandemic from spreading further. To improve the efficiency and effectiveness of manual contact tracing, many countries have recently introduced digital contact tracing apps running on smartphones of users for helping to identify contacts between individual users. These apps are usually based on beaconing pseudonymous identifiers over a proximity communication protocol like Bluetooth LE. The identification of potentially critical contacts is then performed by comparing the identifiers emitted by persons reported as infected and the identifiers observed by other users of the system and issuing appropriate warnings to them in case a matching identifier is found. However, by beaconing identifiers into their proximity, individual users potentially become traceable by entities that systematically collect observations in various places. To preserve privacy of users and be compliant to various privacy regulations many proposed systems use ephemeral, pseudo-random identifiers that are more difficult to link together.In this paper, we briefly analyze and discuss privacy properties of a selected number of proposed contact tracing solutions and the impact of the applied randomization approaches. We also discuss the pros and cons of these tracing schemes.

Mind the GAP: Security & Privacy Risks of Contact Tracing Apps

Authors: Lars Baumgärtner, Alexandra Dmitrienko, Bernd Freisleben, Alexander Gruler, Jonas Höchst, Joshua Kühlberg, Mira Mezini, Richard Mitev, Markus Miettinen, Anel Muhamedagic, Thien Duc Nguyen, Alvar Penning, Dermot Frederik Pustelnik, Filipp Roos, Ahmad-Reza Sadeghi, Michael Schwarz and Christian Uhl
Conference: The 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom 2020), Guangzhou, China, December 29, 2020.

Abstract: Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy, the so-called “Google/Apple Proposal”, which we abbreviate by “GAP”. We demonstrate that in real-world scenarios the current GAP design is vulnerable to (i) profiling and possibly de-anonymizing infected persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts with the potential of affecting the accuracy of an app-based contact tracing system. For both types of attack, we have built tools that can easily be used on mobile phones or Raspberry Pis (e.g., Bluetooth sniffers). The goal of our work is to perform a reality check towards possibly providing empirical real-world evidence for these two privacy and security risks. We hope that our findings provide valuable input for developing secure and privacy-preserving digital contact tracing systems.