[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content

Privacy-Preserving Contact Tracing Protocol for Mobile Devices: A Zero-Knowledge Proof Approach

  • Conference paper
  • First Online:
Information Security Practice and Experience (ISPEC 2021)

Abstract

In this paper, we propose a privacy-preserving contact tracing protocol for smart phones, and more specifically Android and iOS phones. The protocol allows users to be notified, if they have been a close contact of a confirmed patient. The protocol is designed to strike a balance between privacy, security, and scalability. Specifically, the app allows all users to hide their past location(s) and contact history from the Government, without affecting their ability to determine whether they have close contact with a confirmed patient whose identity will not be revealed. A zero-knowledge protocol is used to achieve such a user privacy functionality. In terms of security, no user can send fake messages to the system to launch a false positive attack. We present a security model and formally prove the security of the protocol. To demonstrate scalability, we evaluate an Android and an iOS implementation of our protocol. A comparative summary shows that our protocol is the most comprehensive and balanced privacy-preserving contact tracing solution to-date.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 51.99
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 64.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://www.technologyreview.com/2021/01/05/1015734/singapore-contact-tracing-police-data-covid/, last accessed January 13, 2021.

  2. 2.

    \(\mathcal {GV}\) may record the related identification information (e.g., name, phone, email)of the user if this is a first-time registration.

References

  1. Apple Inc and Google Inc., Contact tracing Bluetooth specification v1.1 (2020). https://www.blog.google/documents/58/Contact_Tracing_-_Bluetooth_Specification_v1.1_RYGZbKW.pdf. Accessed 30 Apr 2020

  2. Apple Inc and Google Inc., Contact tracing cryptography specification (2020). https://www.blog.google/documents/56/Contact_Tracing_-_Cryptography_Specification.pdf. Accessed 30 Apr 2020

  3. Au, M.H., et al.: A general framework for secure sharing of personal health records in cloud system. J. Comput. Syst. Sci. 90, 46–62 (2017)

    Article  MathSciNet  Google Scholar 

  4. Avitabile, G., Friolo, D., Visconti, I.: TEnK-U: terrorist attacks for fake exposure notifications in contact tracing systems. Cryptology ePrint Archive, Report 2020/1150 (2020). https://eprint.iacr.org/2020/1150

  5. Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 614–629. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_38

    Chapter  Google Scholar 

  6. Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_4

    Chapter  Google Scholar 

  7. Chan, J., et al.: PACT: privacy sensitive protocols and mechanisms for mobile contact tracing (2020)

    Google Scholar 

  8. Chen, Z., et al.: Verifiable keyword search for secure big data-based mobile healthcare networks with fine-grained authorization control. Future Gener. Comput. Syst. 87, 712–724 (2018)

    Article  Google Scholar 

  9. Chetty, R., Friedman, J.N., Hendren, N., Stepner, M., et al.: How did COVID-19 and stabilization policies affect spending and employment? A new real-time economic tracker based on private sector data. Technical report, National Bureau of Economic Research (2020)

    Google Scholar 

  10. Danz, N., Derwisch, O., Lehmann, A., Puenter, W., Stolle, M., Ziemann, J.: Security and privacy of decentralized cryptographic contact tracing. Cryptology ePrint Archive, Report 2020/1309 (2020). https://eprint.iacr.org/2020/1309

  11. Dawsey, J., Dawsey, J., Abutaleb, Y., Stanley-Becker, I., Achenbach, J.: Little evidence that White House has offered contact tracing, guidance to hundreds potentially exposed (2020). https://www.washingtonpost.com/health/white-house-covid-contact-tracing/2020/10/03/2a6b8e2a-05a1-11eb-897d-3a6201d6643f_story.html. Accessed 5 Oct 2020

  12. Ferretti, L., et al.: Quantifying SARS-CoV-2 transmission suggests epidemic control with digital contact tracing. Science 368(6491) (2020)

    Google Scholar 

  13. Gentry, C.: Practical identity-based encryption without random oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 445–464. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_27

    Chapter  Google Scholar 

  14. Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)

    Article  MathSciNet  Google Scholar 

  15. Gvili, Y.: Security analysis of the COVID-19 contact tracing specifications by Apple Inc. and Google Inc. Cryptology ePrint Archive, Report 2020/428 (2020). https://eprint.iacr.org/2020/428

  16. He, K., Weng, J., Liu, J.K., Zhou, W., Liu, J.-N.: Efficient fine-grained access control for secure personal health records in cloud computing. In: Chen, J., Piuri, V., Su, C., Yung, M. (eds.) NSS 2016. LNCS, vol. 9955, pp. 65–79. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46298-1_5

    Chapter  Google Scholar 

  17. Hellewell, J., et al.: Feasibility of controlling COVID-19 outbreaks by isolation of cases and contacts. Lancet Glob. Health 8(4), e488–e496 (2020)

    Article  Google Scholar 

  18. Liu, J., Huang, X., Liu, J.K.: Secure sharing of personal health records in cloud computing: ciphertext-policy attribute-based signcryption. Future Gener. Comput. Syst. 52, 67–76 (2015)

    Article  Google Scholar 

  19. Liu, J.K., et al.: Privacy-preserving COVID-19 contact tracing app: a zero-knowledge proof approach. Cryptology ePrint Archive, Report 2020/528 (2020). https://eprint.iacr.org/2020/528

  20. Pietrzak, K.: Delayed authentication: preventing replay and relay attacks in private contact tracing. Cryptology ePrint Archive, Report 2020/418 (2020). https://eprint.iacr.org/2020/418

  21. Rivest, R., et al.: The pact protocol specification (2020). https://pact.mit.edu/wp-content/uploads/2020/04/The-PACT-protocol-specification-ver-0.1.pdf

  22. Salathé, M., et al.: COVID-19 epidemic in Switzerland: on the importance of testing, contact tracing and isolation. Swiss Med. Weekly 150(11–12), w20225 (2020)

    Google Scholar 

  23. Troncoso, C., et al.: Decentralized privacy-preserving proximity tracing (2020). https://github.com/DP-3T/documents/blob/master/DP3T20%White%20Paper.pdf. Accessed 30 Apr 2020

    Google Scholar 

  24. Vaudenay, S.: Analysis of DP3T. Cryptology ePrint Archive, Report 2020/399 (2020). https://eprint.iacr.org/2020/399

  25. Warren, M., Liptak, K., Shallwani, P.: White House’s inept ‘contact tracing’ effort leaves the work to others (2020). https://www.cnn.com/2020/10/04/politics/white-house-contact-tracing-covid/index.html. Accessed 5 Oct 2020

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Joseph K. Liu .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Liu, J.K. et al. (2021). Privacy-Preserving Contact Tracing Protocol for Mobile Devices: A Zero-Knowledge Proof Approach. In: Deng, R., et al. Information Security Practice and Experience. ISPEC 2021. Lecture Notes in Computer Science(), vol 13107. Springer, Cham. https://doi.org/10.1007/978-3-030-93206-0_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-93206-0_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-93205-3

  • Online ISBN: 978-3-030-93206-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics