Long Live Randomization: On Privacy-Preserving Contact Tracing in Pandemic

AuthorNguyen, Thien Duc; Miettinen, Markus; Sadeghi, Ahmad-Reza
TypeConference Proceedings
AbstractCaused by coronavirus SARS-CoV-2, the COVID-19 disease spreads particularly through direct contact between people. Health authorities face the challenge of identifying and isolating infection chains to prevent the pandemic from spreading further. To improve the efficiency and effectiveness of manual contact tracing, many countries have recently introduced digital contact tracing apps running on smartphones of users for helping to identify contacts between individual users. These apps are usually based on beaconing pseudonymous identifiers over a proximity communication protocol like Bluetooth LE. The identification of potentially critical contacts is then performed by comparing the identifiers emitted by persons reported as infected and the identifiers observed by other users of the system and issuing appropriate warnings to them in case a matching identifier is found. However, by beaconing identifiers into their proximity, individual users potentially become traceable by entities that systematically collect observations in various places. To preserve privacy of users and be compliant to various privacy regulations many proposed systems use ephemeral, pseudo-random identifiers that are more difficult to link together.In this paper, we briefly analyze and discuss privacy properties of a selected number of proposed contact tracing solutions and the impact of the applied randomization approaches. We also discuss the pros and cons of these tracing schemes.
ConferenceCCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security
InMTD'20: Proceedings of the 7th ACM Workshop on Moving Target Defense