Pan-European Privacy-Preserving Proximity Tracing

Last updated
Pan-European Privacy-Preserving Proximity Tracking
PEPP-PT Logo.png
Developed byPePP-PT e.V. i.Gr. [1]
IntroducedApril 1, 2020 (2020-04-01)
Industry Digital contact tracing
Compatible hardwareAndroid & iOS smartphones
Physical range~10 m (33 ft) [2]
Website www.pepp-pt.org

Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT/PEPP) is a full-stack open protocol [3] designed to facilitate digital contact tracing of infected participants. [4] The protocol was developed in the context of the ongoing COVID-19 pandemic. The protocol, like the competing Decentralized Privacy-Preserving Proximity Tracing (DP-3T) protocol, [5] makes use of Bluetooth LE to discover and locally log clients near a user. However, unlike DP-3T, it uses a centralized reporting server to process contact logs and individually notify clients of potential contact with an infected patient. [6] :section. 3.2 [7] It has been argued that this approaches compromises privacy, but has the benefit of human-in-the-loop checks and health authority verification. [7] While users are not expected to register with their real name, [8] :p. 13 the back-end server processes pseudonymous personal data that would eventually be capable of being reidentified. [9] It has also been put forward that the distinction between centralized/decentralized systems is mostly technical and PEPP-PT is equally able to preserve privacy. [10]

Contents

Technical specification

The protocol can be divided into two broad responsibilities: local device encounters and logging, and transmission of contact logs to a central health authority. These two areas will be referred to as the encounter handshake and infection reporting respectively. Additionally authentication, notification, and other minor responsibilities of the protocol are defined. [11]

Authentication

Authentication during registration is required to prevent malicious actors from creating a multiple false user accounts, using them to interfere with the system. In order to preserve the anonymity of the users, traditional authentication models using static identifiers such as email addresses or phone numbers could not be employed. Rather, the protocol uses a combination of a proof-of-work challenge and CAPTCHA. [8] :p. 11 The suggested proof-of-work algorithm is scrypt as defined in RFC7914, popularized in various blockchain systems such as Dogecoin [12] [13] and Litecoin. [14] Scrypt was chosen because it is memory bound rather than CPU bound. [15] Once a user registers with the app, they are issued a unique 128 bit pseudo-random identifier (PUID) by the server. It will be marked inactive until the app solves the PoW challenge with the input parameters of , a cost factor of 2, and a block size of 8. Once completed, OAuth2 credentials are issued to the client to authenticate all future requests. [16]

Encounter handshake

When two clients encounter each other, they must exchange and log identifying details. In order to prevent the tracking of clients over time through the use of static identifiers, clients exchange time sensitive temporary IDs issued by the central server. In order to generate these temporary IDs, the central server generates a global secret key , which is used to calculate all temporary IDs for a short timeframe . From this an Ephemeral Bluetooth ID (EBID) is calculated for each user with the algorithm where is the AES encryption algorithm. These EBIDs are used by the clients as the temporary IDs in the exchange. EBIDs are fetched in forward dated batches to account for poor internet access. [16]

Clients then constantly broadcast their EBID under the PEPP-PT Bluetooth service identifier, while also scanning for other clients. If another client is found, the two exchange and log EBIDs, along with metadata about the encounter such as the signal strength and a timestamp. [16]

Infection reporting

When a user, out of band, has been confirmed positive for infection the patient is asked to upload their contact logs to the central reporting server. If the user consents, the health authority issues a key authorizing the upload. The user then transmits the contact log over HTTPS to the reporting server to be processed. [16]

Once the reporting server has received a contact log, each entry is run through a proximity check algorithm to reduce the likelihood of false positives. The resulting list of contact is manually confirmed and they, along with a random sample of other users, are sent a message containing a random number and message hash. This message serves to wake up the client and have them check the server for new reports. If the client is on the list of confirmed users, the server will confirm potential infection to the client which will in turn warn the user. If a client is in the random sample, it will receive a response with no meaning. The reason a random sample of users is sent a message for every report is so that eavesdroppers are not able to determine who is at risk for infection by listening to communication between the client and server. [16]

Controversy

The Helmholtz Center for Information Security (CISPA) confirmed in a press release on April 20, 2020 that it was withdrawing from the consortium, citing a 'lack of transparency and clear governance' as well as data protection concerns around the PEPP-PT design. [17] The École Polytechnique Fédérale de Lausanne, ETH Zurich, KU Leuven and the Institute for Scientific Interchange withdrew from the project in the same week. [18] [19] [20] This group was also responsible for the development of the competing Decentralized Privacy-Preserving Proximity Tracing protocol. [21]

On 20 April 2020, an open letter was released signed by over 300 security and privacy academics from 26 countries criticising the approach taken by PEPP-PT, stating that 'solutions which allow reconstructing invasive information about the population should be rejected without further discussion'. [18] [20] [19] [22] [23] [ excessive citations ]

See also

Related Research Articles

Litecoin is a decentralized peer-to-peer cryptocurrency and open-source software project released under the MIT/X11 license. Inspired by Bitcoin, Litecoin was among the earliest altcoins, starting in October 2011. In technical details, the Litecoin main chain shares a slightly modified Bitcoin codebase. The practical effects of those codebase differences are lower transaction fees, faster transaction confirmations, and faster mining difficulty retargeting. Due to its underlying similarities to Bitcoin, Litecoin has historically been referred to as the "silver to Bitcoin's gold." In 2022, Litecoin added optional privacy features via soft fork through the MWEB upgrade.

<span class="mw-page-title-main">Matrix (protocol)</span> Networking protocol for real-time communication and data synchronization

Matrix is an open standard and communication protocol for real-time communication. It aims to make real-time communication work seamlessly between different service providers, in the way that standard Simple Mail Transfer Protocol email currently does for store-and-forward email service, by allowing users with accounts at one communications service provider to communicate with users of a different service provider via online chat, voice over IP, and videotelephony. It therefore serves a similar purpose to protocols like XMPP, but is not based on any existing communication protocol.

Eddystone was a Bluetooth Low Energy beacon profile released by Google in July 2015. In December 2018 Google stopped delivering both Eddystone and Physical Web beacon notifications. The Apache 2.0-licensed, cross-platform, and versioned profile contained several frame types, including Eddystone-UID, Eddystone-URL, and Eddystone-TLM. Eddystone-URL was used by the Physical Web project, whereas Eddystone-UID was typically used by native apps on a user's device, including Google's first party apps such as Google Maps.

The Signal Protocol is a non-federated cryptographic protocol that provides end-to-end encryption for voice and instant messaging conversations. The protocol was developed by Open Whisper Systems in 2013 and was first introduced in the open-source TextSecure app, which later became Signal. Several closed-source applications have implemented the protocol, such as WhatsApp, which is said to encrypt the conversations of "more than a billion people worldwide" or Google who provides end-to-end encryption by default to all RCS-based conversations between users of their Google Messages app for one-to-one conversations. Facebook Messenger also say they offer the protocol for optional Secret Conversations, as does Skype for its Private Conversations.

Wire is an encrypted communication and collaboration app created by Wire Swiss. It is available for iOS, Android, Windows, macOS, Linux, and web browsers such as Firefox. Wire offers a collaboration suite featuring messenger, voice calls, video calls, conference calls, file-sharing, and external collaboration – all protected by a secure end-to-end-encryption. Wire offers three solutions built on its security technology: Wire Pro – which offers Wire's collaboration feature for businesses, Wire Enterprise – includes Wire Pro capabilities with added features for large-scale or regulated organizations, and Wire Red – the on-demand crisis collaboration suite. They also offer Wire Personal, which is a secure messaging app for personal use.

<span class="mw-page-title-main">COVID-19 apps</span> Mobile apps designed to aid contact tracing

COVID-19 apps include mobile-software applications for digital contact-tracing - i.e. the process of identifying persons ("contacts") who may have been in contact with an infected individual - deployed during the COVID-19 pandemic.

<span class="mw-page-title-main">BlueTrace</span> COVID-19 contact tracing software

BlueTrace is an open-source application protocol that facilitates digital contact tracing of users to stem the spread of the COVID-19 pandemic. Initially developed by the Singaporean Government, BlueTrace powers the contact tracing for the TraceTogether app. Australia and the United Arab Emirates have already adopted the protocol in their gov apps, and other countries were considering BlueTrace for adoption. A principle of the protocol is the preservation of privacy and health authority co-operation.

TraceTogether was a digital system implemented by the Government of Singapore to facilitate contact tracing efforts in response to the COVID-19 pandemic in Singapore. The main goal was a quick identification of persons who may have come into close contact with anyone who has tested positive for COVID-19. The system helps in identifying contacts such as strangers encountered in public one would not otherwise be able to identify or remember. Together with SafeEntry, it allows the identification of specific locations where a spread between close contacts may occur.

<span class="mw-page-title-main">Exposure Notification</span> Initiative for mobile device-based privacy-preserving contact tracing

The (Google/Apple) Exposure Notification System (GAEN) is a framework and protocol specification developed by Apple Inc. and Google to facilitate digital contact tracing during the COVID-19 pandemic. When used by health authorities, it augments more traditional contact tracing techniques by automatically logging close approaches among notification system users using Android or iOS smartphones. Exposure Notification is a decentralized reporting protocol built on a combination of Bluetooth Low Energy technology and privacy-preserving cryptography. It is an opt-in feature within COVID-19 apps developed and published by authorized health authorities. Unveiled on April 10, 2020, it was made available on iOS on May 20, 2020 as part of the iOS 13.5 update and on December 14, 2020 as part of the iOS 12.5 update for older iPhones. On Android, it was added to devices via a Google Play Services update, supporting all versions since Android Marshmallow.

<span class="mw-page-title-main">COVIDSafe</span> Contact tracing app by the Australian Department of Health

COVIDSafe was a digital contact tracing app released by the Australian Government on 26 April 2020 to help combat the ongoing COVID-19 pandemic. The app was intended to augment traditional contact tracing by automatically tracking encounters between users and later allowing a state or territory health authority to warn a user they have come within 1.5 metres with an infected person for 15 minutes or more. To achieve this, it used the BlueTrace and Herald protocol, originally developed by the Singaporean Government and VMWare respectively, to passively collect an anonymised registry of near contacts. The efficacy of the app was questioned over its lifetime, ultimately identifying just 2 confirmed cases by the time it was decommissioned on 16 August 2022.

<span class="mw-page-title-main">TCN Protocol</span> Proximity contact tracing protocol

The Temporary Contact Numbers Protocol, or TCN Protocol, is an open source, decentralized, anonymous exposure alert protocol developed by Covid Watch in response to the COVID-19 pandemic. The Covid Watch team, started as an independent research collaboration between Stanford University and the University of Waterloo was the first in the world to publish a white paper, develop, and open source fully anonymous Bluetooth exposure alert technology in collaboration with CoEpi after writing a blog post on the topic in early March.

<span class="mw-page-title-main">Digital contact tracing</span> Method of contact tracing using mobile devices

Digital contact tracing is a method of contact tracing relying on tracking systems, most often based on mobile devices, to determine contact between an infected patient and a user. It came to public prominence in the form of COVID-19 apps during the COVID-19 pandemic. Since the initial outbreak, many groups have developed nonstandard protocols designed to allow for wide-scale digital contact tracing, most notably BlueTrace and Exposure Notification.

<span class="mw-page-title-main">Decentralized Privacy-Preserving Proximity Tracing</span> Proximity contact tracing protocol

Decentralized Privacy-Preserving Proximity Tracing is an open protocol developed in response to the COVID-19 pandemic to facilitate digital contact tracing of infected participants. The protocol, like competing protocol Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT), uses Bluetooth Low Energy to track and log encounters with other users. The protocols differ in their reporting mechanism, with PEPP-PT requiring clients to upload contact logs to a central reporting server, whereas with DP-3T, the central reporting server never has access to contact logs nor is it responsible for processing and informing clients of contact. Because contact logs are never transmitted to third parties, it has major privacy benefits over the PEPP-PT approach; however, this comes at the cost of requiring more computing power on the client side to process infection reports.

On April 16, 2020, Nodle released The Whisper Tracing Protocol white paper and the Coalition App on Android. The protocol is intended to be a privacy first Digital contact tracing tool developed for the 2020 COVID-19 pandemic. The project has been spun off into The Coalition Foundation. The protocol is being used for the Government of Senegal's Daancovid19 mobile contact tracing app initiative. Daancovid19 is the Senegalese digital response against the coronavirus. It was started by a handful of digital professionals and subsequently brought together nearly 500 volunteer experts from the private, public, and civil society. The respective Coalition App has been promoted by the City of Berkeley, California to their residents.

<span class="mw-page-title-main">NZ COVID Tracer</span> Mobile software application

NZ COVID Tracer is a mobile software application that enables a person to record places they have visited, in order to facilitate tracing who may have been in contact with a person infected with the COVID-19 virus. The app allows users to scan official QR codes at the premises of businesses and other organisations they visit, to create a digital diary. It was launched by New Zealand's Ministry of Health on 20 May 2020, during the ongoing COVID-19 pandemic. It can be downloaded from the App Store and Google Play.

<span class="mw-page-title-main">Covid Watch</span> Open source nonprofit founded in February 2020

Covid Watch was an open source nonprofit founded in February 2020 with the mission of building mobile technology to fight the COVID-19 pandemic while defending digital privacy. The Covid Watch founders became concerned about emerging, mass surveillance-enabling digital contact tracing technology and started the project to help preserve civil liberties during the pandemic.

<span class="mw-page-title-main">Carmela Troncoso</span> Spanish telecommunication engineer

Carmela González Troncoso is a Spanish telecommunication engineer and researcher specialized in privacy issues, and an LGBT+ activist. She is currently a tenure track assistant professor at École Polytechnique Fédérale de Lausanne (EPFL) in Switzerland and the head of the SPRING lab. Troncoso gained recognition for her leadership of the European team developing the DP-3T protocol that aims at the creation of an application to facilitate the tracing of COVID-19 infected persons without compromising on the privacy of citizens. Currently she is also member of the Swiss National COVID-19 Science Task Force in the expert group on Digital Epidemiology. In 2020, she was listed among Fortune magazine's 40 Under 40.

<span class="mw-page-title-main">COVID Tracker Ireland</span> Contact tracing application released by the Government of Ireland on 7 July 2020

COVID Tracker Ireland is a digital contact tracing app released by the Irish Government and the Health Service Executive on 7 July 2020 to prevent the spread of COVID-19 in Ireland. The app uses ENS and Bluetooth technology to determine whether a user have been a close contact of someone for more than 15 minutes who tested positive for COVID-19. On 8 July, the app reached one million registered users within 36 hours after its launch, representing more than 30% of the population of Ireland and over a quarter of all smartphone users in the country. As of August 2021, over 3,030,000 people have downloaded the app.

Mathias Payer is a Liechtensteinian computer scientist. His research is invested in software and system security. He is Associate Professor at the École Polytechnique Fédérale de Lausanne (EPFL) and head of the HexHive research group.

Michael Veale is a technology policy academic who focuses on information technology and the law. He is currently associate professor in the Faculty of Laws at University College London (UCL).

References

  1. "DATENSCHUTZ | Pepp-Pt". Pepp Pt (in German). Archived from the original on 2020-04-20. Retrieved 2020-04-20.
  2. Sponås, Jon Gunnar. "Things You Should Know About Bluetooth Range". blog.nordicsemi.com. Retrieved 2020-04-12.
  3. "PEPP-PT License". GitHub. 2020-04-19. Retrieved 2020-04-22.
  4. "Europe's PEPP-PT COVID-19 contacts tracing standard push could be squaring up for a fight with Apple and Google". TechCrunch. 17 April 2020. Retrieved 2020-04-20.[ permanent dead link ]
  5. "DP-3T whitepaper" (PDF). GitHub. Retrieved 2020-04-22.
  6. "PEPP-PT High Level Overview" (PDF). GitHub. Retrieved 2020-04-20.
  7. 1 2 Jason Bay, Joel Kek, Alvin Tan, Chai Sheng Hau, Lai Yongquan, Janice Tan, Tang Anh Quy. "BlueTrace: A privacy-preserving protocol for community-driven contact tracing across borders" (PDF). Government Technology Agency. Retrieved 2020-04-12.{{cite web}}: CS1 maint: multiple names: authors list (link)
  8. 1 2 "PEPP-PT Data Protection Information Security Architecture" (PDF). GitHub. Retrieved 2020-04-20.
  9. "Security and privacy analysis of the document 'PEPP-PT: Data Protection and Information Security Architecture'" (PDF). GitHub . 19 April 2020.
  10. "ROBERT-proximity-tracing/documents". GitHub. Retrieved 2020-09-06.
  11. pepp-pt/pepp-pt-documentation, PEPP-PT, 2020-06-16, retrieved 2020-06-24
  12. "Dogecoin (DOGE) Mining Profitability Calculator". shyminer.com. Retrieved 2022-04-14.
  13. "Dogecoin mining calculator - Scrypt ⛏️". minerstat. Retrieved 2020-04-20.
  14. Asolo, Bisola (2018-03-29). "Litecoin Scrypt Algorithm Explained". Mycryptopedia. Retrieved 2020-04-20.
  15. Jo¨el Alwen, Binyi Chen, Krzysztof Pietrzak, Leonid Reyzin, and Stefano Tessaro (2016). "Scrypt is Maximally Memory-Hard" (PDF). Retrieved 2020-04-21.{{cite web}}: CS1 maint: multiple names: authors list (link)
  16. 1 2 3 4 5 "pepp-pt/pepp-pt-documentation/blob/master/10-data-protection/PEPP-PT-data-protection-information-security-architecture-Germany.pdf" (PDF). GitHub. Retrieved 2020-06-24.
  17. sebastian.kloeckner (2020-04-20). "Contact Tracing App for the SARS-CoV-2 pandemic". Helmholtz Center for Information Security (CISPA). Retrieved 2020-04-20.
  18. 1 2 Dalg, Paul; Rusch, Lina; Schröder, Miriam; Voß, Oliver (20 April 2020). "Das gefährliche Chaos um die Corona-App". Der Tagesspiegel Online (in German). Retrieved 2020-04-20.
  19. 1 2 "Projekt Pepp-PT: Den Tracing-App-Entwicklern laufen die Partner weg - DER SPIEGEL - Netzwelt". Der Spiegel (in German). 20 April 2020. Retrieved 2020-04-20.
  20. 1 2 "ZEIT ONLINE | Lesen Sie zeit.de mit Werbung oder imPUR-Abo. Sie haben die Wahl". www.zeit.de. Retrieved 2020-04-20.
  21. "DP-3T whitepaper" (PDF). GitHub. Retrieved 2020-04-22.
  22. Zeitung, Süddeutsche (20 April 2020). "Corona-App: Streit um Pepp-PT entbrannt". Süddeutsche.de (in German). Retrieved 2020-04-20.
  23. editor, Alex Hern Technology (2020-04-20). "Digital contact tracing will fail unless privacy is respected, experts warn". The Guardian. ISSN   0261-3077 . Retrieved 2020-04-20.{{cite news}}: |last= has generic name (help)
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.