Decentralized Privacy-Preserving Proximity Tracing

Last updated

Decentralized Privacy-Preserving Proximity Tracing
DP-3T Logo.jpg
Developed by
IntroducedApril 4, 2020 (2020-04-04) [2]
Industry Digital contact tracing
Compatible hardwareAndroid & iOS smartphones
Physical range~10 m (33 ft) [3]
Website https://github.com/DP-3T/documents

Decentralized Privacy-Preserving Proximity Tracing (DP-3T, stylized as dp3t) is an open protocol developed in response to the COVID-19 pandemic to facilitate digital contact tracing of infected participants. [4] [5] The protocol, like competing protocol Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT), uses Bluetooth Low Energy to track and log encounters with other users. [6] [7] The protocols differ in their reporting mechanism, with PEPP-PT requiring clients to upload contact logs to a central reporting server, whereas with DP-3T, the central reporting server never has access to contact logs nor is it responsible for processing and informing clients of contact. [1] Because contact logs are never transmitted to third parties, it has major privacy benefits over the PEPP-PT approach; [8] [9] however, this comes at the cost of requiring more computing power on the client side to process infection reports. [10]

Contents

The Apple/Google Exposure Notification project is based on similar principles as the DP-3T protocol, and supports a variant of it since May 2020. [11] [12] [13] Huawei added a similar implementation of DP-3T to its Huawei Mobile Services APIs known as "Contact Shield" in June 2020. [14]

The DP-3T SDK and calibration apps intend to support the Apple/Google API as soon as it is released to iOS and Android devices. [15] [16]

On the 21 April 2020, the Swiss Federal Office of Public Health announced that the Swiss national coronavirus contact tracing app will be based on DP-3T. [17] On the 22 April 2020, the Austrian Red Cross, leading on the national digital contact tracing app, announced its migration to the approach of DP-3T. [18] Estonia also confirmed that their app would be based on DP-3T. [19] On April 28, 2020, it was announced that Finland was piloting a version of DP-3T called "Ketju". [20] In Germany, a national app is being built upon DP-3T by SAP SE and Deutsche Telekom alongside CISPA, one of the organisations that authored the protocol. [21] As of September 30, 2020, contact tracing apps using DP-3T are available in Austria, Belgium, Croatia, Germany, Ireland, Italy, the Netherlands, Portugal and Switzerland. [22]

Overview

The DP-3T protocol works off the basis of Ephemeral IDs (EphID), semi-random rotating strings that uniquely identify clients. [23] When two clients encounter each other, they exchange EphIDs and store them locally in a contact log. [24] Then, once a user tests positive for infection, a report is sent to a central server. Each client on the network then collects the reports from the server and independently checks their local contact logs for an EphID contained in the report. If a matching EphID is found, then the user has come in close contact with an infected patient, and is warned by the client. Since each device locally verifies contact logs, and thus contact logs are never transmitted to third parties, the central reporting server cannot by itself ascertain the identity or contact log of any client in the network. This is in contrast to competing protocols like PEPP-PT, where the central reporting server receives and processes client contact logs. [25]

Ephemeral ID

A diagram demonstrating how the different components of the Ephemeral ID algorithm feed into each other DP-3T Ephemeral ID.svg
A diagram demonstrating how the different components of the Ephemeral ID algorithm feed into each other

Similar to the TCN Protocol and its Temporary Contact Numbers, the DP-3T protocol makes use of 16 byte Ephemeral IDs (EphID) to uniquely identify devices in the proximity of a client. These EphIDs are logged locally on a receiving client's device and are never transmitted to third parties. [1]

To generate an EphID, first a client generates a secret key that rotates daily () by computing , where is a cryptographic hash function such as SHA-256. is calculated by a standard secret key algorithm such as Ed25519. The client will use during day to generate a list of EphIDs. At the beginning of the day, a client generates a local list of size new EphIDs to broadcast throughout the day, where is the lifetime of an EphID in minutes. To prevent malicious third parties from establishing patterns of movement by tracing static identifiers over a large area, EphIDs are rotated frequently. Given the secret day key , each device computes , where is a global fixed string, is a pseudo-random function like HMAC-SHA256, and is a stream cipher producing bytes. This stream is then split into 16-byte chunks and randomly sorted to obtain the EphIDs of the day. [1]

Technical specification

The DP-3T protocol is made up of two separate responsibilities, tracking and logging close range encounters with other users (device handshake), and the reporting of those encounters such that other clients can determine if they have been in contact with an infected patient (infection reporting). Like most digital contact tracing protocols, the device handshake uses Bluetooth Low Energy to find and exchange details with local clients, and the infection reporting stage uses HTTPS to upload a report to a central reporting server. Additionally, like other decentralized reporting protocols, the central reporting server never has access to any client's contact logs; rather the report is structured such that clients can individually derive contact from the report. [1]

Device handshake

In order to find and communicate with clients in proximity of a device, the protocol makes use of both the server and client modes of Bluetooth LE, switching between the two frequently. [26] In server mode the device advertises its EphID to be read by clients, with clients scanning for servers. [27] When a client and server meet, the client reads the EphID and subsequently writes its own EphID to the server. The two devices then store the encounter in their respective contact logs in addition to a coarse timestamp and signal strength. The signal strength is later used as part of the infection reporting process to estimate the distance between an infected patient and the user. [1]

Infection reporting

When reporting infection, there exists a central reporting server controlled by the local health authority. Before a user can submit a report, the health authority must first confirm infection and generate a code authorizing the client to upload the report. The health authority additionally instructs the patient on which day their report should begin (denoted as ). The client then uploads the pair and to the central reporting server, which other clients in the network download at a later date. By using the same algorithm used to generate the original EphIDs, clients can reproduce every EphID used for the period past and including , which they then check against their local contact log to determine whether the user has been in close proximity to an infected patient. [1]

In the entire protocol, the health authority never has access to contact logs, and only serve to test patients and authorize report submissions. [1] :p. 11

Epidemiological analysis

When a user installs a DP-3T app, they are asked if they want to opt in to sharing data with epidemiologists. If the user consents, when they are confirmed to have been within close contact of an infected patient the respective contact log entry containing the encounter is scheduled to be sent to a central statistics server. In order to prevent malicious third parties from discovering potential infections by detecting these uploads, reports are sent at regular intervals, with indistinguishable dummy reports sent when there is no data to transmit. [1]

Health authority cooperation

To facilitate compatibility between DP-3T apps administered by separate health authorities, apps maintain a local list of the regions a user has visited. Regions are large areas directly corresponding to health authority jurisdiction; the exact location is not recorded. The app will later connect these regions to their respective foreign central reporting server, and fetch reports from these servers in addition to its normal home reporting server. Apps will also submit reports to these foreign reporting servers if the user tests positive for infection. [1]

Attacks on DP-3T and criticism

Cryptography and security scholar Serge Vaudenay, analyzing the security of DP-3T [28] argued that:

some privacy protection measurements by DP3T may have the opposite affect [sic] of what they were intended to. Specifically, sick and reported people may be deanonymized, private encounters may be revealed, and people may be coerced to reveal the private data they collect.

Serge Vaudenay, [28] :p. 1

Vaudenay's work presents several attacks against DP-3T and similar systems. In response, the DP-3T group claim that out of twelve risks Vaudenay presents, eight are also present in centralized systems, three do not work, and one, which involves physical access to the phone, works but can be mitigated. [29] In a subsequent work [30] Vaudenay reviews attacks against both centralized and decentralized tracing systems and referring to identification attacks of diagnosed people concludes that:

By comparing centralized and decentralized architectures, we observe that attacks against decentralized systems are undetectable, can be done at a wide scale, and that the proposed countermeasures are, at best, able to mitigate attacks in a limited number of scenarios. Contrarily, centralized systems offer many countermeasures, by accounting and auditing.

Serge Vaudenay, [30] :p. 6

In the same work [30] Vaudenay advocates that, since neither the centralized nor the decentralized approaches offer sufficient level of privacy protection, different solutions should be explored, in particular suggesting the ConTra Corona, [31] Epione [32] and Pronto-C2 [33] systems as a "third way".

Tang [34] surveys the major digital contact tracing systems and shows that DP-3T is subject to what he calls "targeted identification attacks".

Theoretical attacks on DP-3T have been simulated [35] showing that persistent tracking of users of the first version of the DP-3T system who have voluntarily uploaded their identifiers can be made easy to any 3rd party who can install a large fleet of Bluetooth Low Energy devices. This attack leverages the linkability of a user during a day, and therefore is possible on within a day on all users of some centralized systems such as the system proposed in the United Kingdom, [36] but does not function on 'unlinkable' versions of DP-3T where infected users' identifiers are not transmitted using a compact representation such as a key or seed. [37]

See also

Related Research Articles

Kademlia is a distributed hash table for decentralized peer-to-peer computer networks designed by Petar Maymounkov and David Mazières in 2002. It specifies the structure of the network and the exchange of information through node lookups. Kademlia nodes communicate among themselves using UDP. A virtual or overlay network is formed by the participant nodes. Each node is identified by a number or node ID. The node ID serves not only as identification, but the Kademlia algorithm uses the node ID to locate values.

Threema is a paid cross-platform encrypted instant messaging app developed by Threema GmbH in Switzerland and launched in 2012. The service operates on a decentralized architecture and offers end-to-end encryption. Users can make voice and video calls, send photos, files, and voice notes, share locations, and make groups. Unlike many other popular secure messaging apps, Threema does not require phone numbers or email address for registration, only a one-time purchase that can be paid via an app store or anonymously with Bitcoin or cash.

James R. Larus is an American computer scientist specializing in the fields of programming languages, compilers, and computer architecture. He is currently at École Polytechnique Fédérale de Lausanne (EPFL) where he has served as the Dean of the School of Computer and Communication Sciences (IC) from 2014 until 2021.

<span class="mw-page-title-main">Signal (software)</span> Privacy-focused encrypted messaging app

Signal is an encrypted messaging service for instant messaging, voice, and video calls. The instant messaging function includes sending text, voice notes, images, videos, and other files. Communication may be one-to-one between users or may involve group messaging.

<span class="mw-page-title-main">Matrix (protocol)</span> Networking protocol for real-time communication and data synchronization

Matrix is an open standard and communication protocol for real-time communication. It aims to make real-time communication work seamlessly between different service providers, in the way that standard Simple Mail Transfer Protocol email currently does for store-and-forward email service, by allowing users with accounts at one communications service provider to communicate with users of a different service provider via online chat, voice over IP, and videotelephony. It therefore serves a similar purpose to protocols like XMPP, but is not based on any existing communication protocol.

Firebase Cloud Messaging (FCM), formerly known as Google Cloud Messaging (GCM), is a cross-platform cloud service for messages and notifications for Android, iOS, and web applications, which as of May 2023 can be used at no cost. Firebase Cloud Messaging allows third-party application developers to send notifications or messages from servers hosted by FCM to users of the platform or end users.

<span class="mw-page-title-main">COVID-19 apps</span> Mobile apps designed to aid contact tracing

COVID-19 apps include mobile-software applications for digital contact-tracing - i.e. the process of identifying persons ("contacts") who may have been in contact with an infected individual - deployed during the COVID-19 pandemic.

Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT/PEPP) is a full-stack open protocol designed to facilitate digital contact tracing of infected participants. The protocol was developed in the context of the ongoing COVID-19 pandemic. The protocol, like the competing Decentralized Privacy-Preserving Proximity Tracing (DP-3T) protocol, makes use of Bluetooth LE to discover and locally log clients near a user. However, unlike DP-3T, it uses a centralized reporting server to process contact logs and individually notify clients of potential contact with an infected patient. It has been argued that this approaches compromises privacy, but has the benefit of human-in-the-loop checks and health authority verification. While users are not expected to register with their real name, the back-end server processes pseudonymous personal data that would eventually be capable of being reidentified. It has also been put forward that the distinction between centralized/decentralized systems is mostly technical and PEPP-PT is equally able to preserve privacy.

<span class="mw-page-title-main">BlueTrace</span> COVID-19 contact tracing software

BlueTrace is an open-source application protocol that facilitates digital contact tracing of users to stem the spread of the COVID-19 pandemic. Initially developed by the Singaporean Government, BlueTrace powers the contact tracing for the TraceTogether app. Australia and the United Arab Emirates have already adopted the protocol in their gov apps, and other countries were considering BlueTrace for adoption. A principle of the protocol is the preservation of privacy and health authority co-operation.

TraceTogether was a digital system implemented by the Government of Singapore to facilitate contact tracing efforts in response to the COVID-19 pandemic in Singapore. The main goal was a quick identification of persons who may have come into close contact with anyone who has tested positive for COVID-19. The system helps in identifying contacts such as strangers encountered in public one would not otherwise be able to identify or remember. Together with SafeEntry, it allows the identification of specific locations where a spread between close contacts may occur.

<span class="mw-page-title-main">Exposure Notification</span> Initiative for mobile device-based privacy-preserving contact tracing

The (Google/Apple) Exposure Notification System (GAEN) is a framework and protocol specification developed by Apple Inc. and Google to facilitate digital contact tracing during the COVID-19 pandemic. When used by health authorities, it augments more traditional contact tracing techniques by automatically logging close approaches among notification system users using Android or iOS smartphones. Exposure Notification is a decentralized reporting protocol built on a combination of Bluetooth Low Energy technology and privacy-preserving cryptography. It is an opt-in feature within COVID-19 apps developed and published by authorized health authorities. Unveiled on April 10, 2020, it was made available on iOS on May 20, 2020 as part of the iOS 13.5 update and on December 14, 2020 as part of the iOS 12.5 update for older iPhones. On Android, it was added to devices via a Google Play Services update, supporting all versions since Android Marshmallow.

<span class="mw-page-title-main">COVIDSafe</span> Contact tracing app by the Australian Department of Health

COVIDSafe was a digital contact tracing app released by the Australian Government on 26 April 2020 to help combat the ongoing COVID-19 pandemic. The app was intended to augment traditional contact tracing by automatically tracking encounters between users and later allowing a state or territory health authority to warn a user they have come within 1.5 metres with an infected person for 15 minutes or more. To achieve this, it used the BlueTrace and Herald protocol, originally developed by the Singaporean Government and VMWare respectively, to passively collect an anonymised registry of near contacts. The efficacy of the app was questioned over its lifetime, ultimately identifying just 2 confirmed cases by the time it was decommissioned on 16 August 2022.

<span class="mw-page-title-main">TCN Protocol</span> Proximity contact tracing protocol

The Temporary Contact Numbers Protocol, or TCN Protocol, is an open source, decentralized, anonymous exposure alert protocol developed by Covid Watch in response to the COVID-19 pandemic. The Covid Watch team, started as an independent research collaboration between Stanford University and the University of Waterloo was the first in the world to publish a white paper, develop, and open source fully anonymous Bluetooth exposure alert technology in collaboration with CoEpi after writing a blog post on the topic in early March.

<span class="mw-page-title-main">Digital contact tracing</span> Method of contact tracing using mobile devices

Digital contact tracing is a method of contact tracing relying on tracking systems, most often based on mobile devices, to determine contact between an infected patient and a user. It came to public prominence in the form of COVID-19 apps during the COVID-19 pandemic. Since the initial outbreak, many groups have developed nonstandard protocols designed to allow for wide-scale digital contact tracing, most notably BlueTrace and Exposure Notification.

<span class="mw-page-title-main">Covid Watch</span> Open source nonprofit founded in February 2020

Covid Watch was an open source nonprofit founded in February 2020 with the mission of building mobile technology to fight the COVID-19 pandemic while defending digital privacy. The Covid Watch founders became concerned about emerging, mass surveillance-enabling digital contact tracing technology and started the project to help preserve civil liberties during the pandemic.

<span class="mw-page-title-main">Carmela Troncoso</span> Spanish telecommunication engineer

Carmela González Troncoso is a Spanish telecommunication engineer and researcher specialized in privacy issues, and an LGBT+ activist. She is currently a tenure track assistant professor at École Polytechnique Fédérale de Lausanne (EPFL) in Switzerland and the head of the SPRING lab. Troncoso gained recognition for her leadership of the European team developing the DP-3T protocol that aims at the creation of an application to facilitate the tracing of COVID-19 infected persons without compromising on the privacy of citizens. Currently she is also member of the Swiss National COVID-19 Science Task Force in the expert group on Digital Epidemiology. In 2020, she was listed among Fortune magazine's 40 Under 40.

SwissCovid is a COVID-19 contact tracing app used for digital contact tracing in Switzerland. Use of the app is voluntary and based on a decentralized approach using Bluetooth Low Energy and Decentralized Privacy-Preserving Proximity Tracing (dp3t).

<span class="mw-page-title-main">COVID Tracker Ireland</span> Contact tracing application released by the Government of Ireland on 7 July 2020

COVID Tracker Ireland is a digital contact tracing app released by the Irish Government and the Health Service Executive on 7 July 2020 to prevent the spread of COVID-19 in Ireland. The app uses ENS and Bluetooth technology to determine whether a user have been a close contact of someone for more than 15 minutes who tested positive for COVID-19. On 8 July, the app reached one million registered users within 36 hours after its launch, representing more than 30% of the population of Ireland and over a quarter of all smartphone users in the country. As of August 2021, over 3,030,000 people have downloaded the app.

Michael Veale is a technology policy academic who focuses on information technology and the law. He is currently associate professor in the Faculty of Laws at University College London (UCL).

<span class="mw-page-title-main">Conversations (software)</span> Free software instant messaging client for the XMPP protocol

Conversations is a free software, instant messaging client application software for Android. It is largely based on recognized open standards such as the Extensible Messaging and Presence Protocol (XMPP) and Transport Layer Security (TLS).

References

  1. 1 2 3 4 5 6 7 8 9 10 "DP-3T whitepaper" (PDF). GitHub. Retrieved 22 April 2020.
  2. "Initial commit". GitHub. 4 April 2020. Retrieved 22 April 2020.
  3. Sponås, Jon Gunnar. "Things You Should Know About Bluetooth Range". blog.nordicsemi.com. Retrieved 12 April 2020.
  4. "Rift Opens Over European Coronavirus Contact Tracing Apps". The New York Times. Reuters. 20 April 2020. ISSN   0362-4331 . Retrieved 21 April 2020.
  5. Troncoso, Carmela; Bogdanov, Dan; Bugnion, Edouard; Chatel, Sylvain; Cremers, Cas; Gürses, Seda; Hubaux, Jean-Pierre; Jackson, Dennis; Larus, James R.; Lueks, Wouter; Oliveira, Rui; Payer, Mathias; Preneel, Bart; Pyrgelis, Apostolos; Salathé, Marcel (19 August 2022). "Deploying decentralized, privacy-preserving proximity tracing". Communications of the ACM. 65 (9): 48–57. doi: 10.1145/3524107 . ISSN   0001-0782.
  6. Jason Bay, Joel Kek, Alvin Tan, Chai Sheng Hau, Lai Yongquan, Janice Tan, Tang Anh Quy. "BlueTrace: A privacy-preserving protocol for community-driven contact tracing across borders" (PDF). Government Technology Agency. Retrieved 12 April 2020.{{cite web}}: CS1 maint: multiple names: authors list (link)
  7. "Is Apple and Google's Covid-19 Contact Tracing a Privacy Risk?". Wired. ISSN   1059-1028 . Retrieved 18 April 2020.
  8. "Controversy around privacy splits Europe's push to build COVID-19 contact-tracing apps". Fortune. Retrieved 21 April 2020.
  9. "Rift opens over European coronavirus contact tracing apps". Reuters. 20 April 2020. Retrieved 21 April 2020.
  10. "DP-3T 3 page brief" (PDF). GitHub. Retrieved 22 April 2020.
  11. "Apple and Google update joint coronavirus tracing tech to improve user privacy and developer flexibility". TechCrunch. 24 April 2020. Archived from the original on 4 June 2021. Retrieved 26 April 2020.
  12. Farr, Christina (28 April 2020). "How a handful of Apple and Google employees came together to help health officials trace coronavirus". CNBC. Retrieved 29 April 2020.
  13. "Coronalert: A Distributed Privacy-Friendly Contact Tracing App for Belgium" (PDF). kuleuven.be. 5 August 2020. Retrieved 22 April 2023.
  14. "Huawei releases its "Contact Shield" API for COVID-19 contact tracing". xda-developers. 8 June 2020. Retrieved 7 October 2020.
  15. "DP3T-SDK for iOS". GitHub. Retrieved 6 May 2020.
  16. "DP3T-SDK for Android". GitHub. Retrieved 6 May 2020.
  17. swissinfo.ch, S. W. I.; Corporation, a branch of the Swiss Broadcasting. "Contact tracing app could be launched in Switzerland within weeks". SWI swissinfo.ch. Retrieved 21 April 2020.
  18. "Stopp Corona-App: Weiterentwicklung mit Hilfe der Zivilgesellschaft". OTS.at (in German). Retrieved 22 April 2020.
  19. "How do you trace Covid-19 while respecting privacy?". e-Estonia. 24 April 2020. Retrieved 26 April 2020.
  20. "Vaasa Central Hospital pilots the Ketju application for helping in the identification of coronavirus exposures". Sitra. 28 April 2020. Retrieved 29 April 2020.
  21. "Corona-Tracking: Helmholtz-Zentrum erwartet Start der Corona-App in den nächsten Wochen". www.handelsblatt.com (in German). Retrieved 29 April 2020.
  22. "FAQ - Does Coronalert also work abroad?". Coronalert. Retrieved 30 September 2020.
  23. "France's Inria and Germany's Fraunhofer detail their ROBERT contact-tracing protocol". TechCrunch. 20 April 2020. Retrieved 22 April 2020.[ permanent dead link ]
  24. "Protecting Lives & Liberty: How Contact Tracing Can Foil COVID-19 & Big Brother". ncase.me. Retrieved 19 April 2020.
  25. Liauw, 🇸🇬 Frank (9 April 2020). "TraceTogether: under the hood". Medium. Retrieved 18 April 2020.
  26. "DP-3T/dp3t-sdk-android/dp3t-sdk/sdk/src/main/java/org/dpppt/android/sdk/internal/TracingService.java". GitHub. Retrieved 24 April 2020.
  27. "What is a client and server in BLE?". Nordic DevZone. 2 July 2013. Retrieved 24 April 2020.
  28. 1 2 "Analysis of DP3T Between Scylla and Charybdis" (PDF). IACR ePrint archive. Retrieved 7 May 2020.
  29. The DP-3T Project (23 April 2020). "Response to 'Analysis of DP3T: Between Scylla and Charybidis'" (PDF). GitHub .{{cite web}}: CS1 maint: numeric names: authors list (link)
  30. 1 2 3 "Centralized or Decentralized? The Contact Tracing Dilemma" (PDF). IACR ePrint archive. Retrieved 7 May 2020.
  31. "ConTra Corona: Contact Tracing against the Coronavirus by Bridging the Centralized Decentralized Divide for Stronger Privacy". IACR ePrint archive. Retrieved 9 May 2020.
  32. Trieu, Ni; Shehata, Kareem; Saxena, Prateek; Shokri, Reza; Song, Dawn (2020). "Lightweight Contact Tracing with Strong Privacy". arXiv: 2004.13293 [cs.CR].
  33. "Towards Defeating Mass Surveillance and SARS-CoV-2: The Pronto-C2 Fully Decentralized Automatic Contact Tracing System". IACR ePrint archive. Retrieved 7 May 2020.
  34. Tang, Qiang (2020). "Privacy-Preserving Contact Tracing: current solutions and open questions". arXiv: 2004.06818 [cs.CR].
  35. "BLE contact tracing sniffer PoC". github. Retrieved 7 May 2020.
  36. "NHS COVID App: Application and system architecture" (PDF). github. Retrieved 8 May 2020.
  37. "Privacy and Security Attacks on Digital Proximity Tracing Systems" (PDF). github. Retrieved 8 May 2020.