A Privacy-Preserving Solution for Proximity Tracing Avoiding Identifier Exchanging

Buccafurri, Francesco; Angelis, Vincenzo De; Labrini, Cecilia

doi:10.1109/cw49994.2020.00045

Cited by 7 publications

(15 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Global Positioning System, or GPS, as one of the most widely adopted location data technologies, is also embedded in CTAs and has been critiqued for its potential risks to health surveillance, for recording users' exact locations, for threatening location privacy, and for exposing personal data [ 45 ]. While Bluetooth-enabled CTAs compromise privacy through the exchange of identifiers, GPS-enabled solutions violate privacy primarily through mass tracing [ 46 ].…”

Section: Co-occurrence Analysis Of Abstract and Content Analysis Of T...mentioning

confidence: 99%

Delineating privacy aspects of COVID tracing applications embedded with proximity measurement technologies & digital technologies

Saheb

Sabour

Qanbary

2022

Technology in Society

View full text Add to dashboard Cite

Section: Co-occurrence Analysis Of Abstract and Content Analysis Of T...mentioning

confidence: 99%

Delineating privacy aspects of COVID tracing applications embedded with proximity measurement technologies & digital technologies

Saheb

Sabour

Qanbary

2022

Technology in Society

View full text Add to dashboard Cite

“…Pinkas and Ronen [19], building upon a design similar to DP-3T, proposed a system with an improved resilience to relay attacks and a better verification of risks. Buccafurri et al proposed an alternative protocol that completely avoids the exchange of identifier over BLE and instead relies on GPS [7]. Public-key cryptography.…”

Section: A Related Workmentioning

confidence: 99%

“…By using blind signatures based on RSA [6] with a length of 2048 bits for the modulus, the size of downloaded data is about 177MB 7 . The vast majority of daily downloaded data comes from the anonymous calls needed to evaluate the infection risk and their size is about 153MB, that can be processed as soon as received and deleted immediately after that, without flooding the memory of the smartphone.…”

Section: Performance Of Pronto-c2mentioning

confidence: 99%

Towards Defeating Mass Surveillance and SARS-CoV-2: The Pronto-C2 Fully Decentralized Automatic Contact Tracing System

Avitabile¹,

Botta²,

Iovino³

et al. 2021

Proceedings 2021 Innovative Secure IT Technologies Against COVID-19 Workshop

View full text Add to dashboard Cite

Automatic contact tracing is currently used in several countries in order to limit the spread of SARS-CoV-2. Many governments decided to develop smartphone apps based on the "Exposure Notifications" designed by Apple and Google according to a decentralized approach previously proposed by the DP-3T team. Decentralization was pushed as a key feature to protect privacy in contrast to centralized approaches that could leverage automatic contact tracing to realize mass-surveillance programs.In this work, taking into account the privacy and integrity vulnerabilities of DP-3T systems, we show the design of a decentralized contact tracing system named Pronto-C2 that has better resilience against various attacks. We also discuss the significant overhead of Pronto-C2 when used in real-world scenarios.

show abstract

“…In [6], the author replayed released RPIs from the health authority and managed to trigger a exposure warning in the target. Others [18]- [20] defined scenarios such as advertising the received identifiers either immediately or at a later time. [22] presents an approach using a malicious Software Development Kit (SDK) injected in an App to replay received identifiers.…”

Section: Related Work On Exposure Notification System Attacksmentioning

confidence: 99%

“…[21] mentions the Contact Pollution attack that works similarly to the Replay attack mentioned in [6]. Mitigation strategies for this type of attack have been proposed using protocols and location of devices [6], [17]- [20]. 2) Relay -This attack is similar to the Replay attacks; an attacker receives a RPI in one location and relays it to another device in a different location.…”

Section: Related Work On Exposure Notification System Attacksmentioning

confidence: 99%

An Advertising Overflow Attack Against Android Exposure Notification System Impacting COVID-19 Contact Tracing Applications

2021

View full text Add to dashboard Cite

The contact tracing mobile Apps are one of the many initiatives to fight the COVID-19 virus. These Apps use the Exposure Notification (EN) system available on Google and Apple's operating systems. However, contact tracing applications depend on the availability of Bluetooth interfaces to exchange proximity identifiers that, if compromised, directly impact the effectiveness of the apps. This paper discloses and details the Advertising Overflow attack, a novel internal Denial of Service (DoS) attack targeting the EN system on Android Operating System (OS) devices. The attack is performed by a malicious App that occupies all the Bluetooth advertising slots in an Android device, effectively blocking any advertising attempt of EN. The impact of the disclosed attack and other already disclosed DoSbased attacks, namely Battery Exhaustion and Storage Drain, was tested using two target smartphones and other six smartphones as attackers. The results show that the Battery Exhaustion attack imposes a battery discharge rate 1.95 times superior to the baseline. Regarding the Storage Drain, the storage usage increased more than 30 times the baseline results. The results of the novel attack reveals that a malicious App is able to block the usage of Bluetooth advertising by any other App by any chosen time period, canceling the operation of the EN system and compromising the efficiency of any COVID's contact tracing App based on EN.

show abstract

A Privacy-Preserving Solution for Proximity Tracing Avoiding Identifier Exchanging

Cited by 7 publications

References 10 publications

Delineating privacy aspects of COVID tracing applications embedded with proximity measurement technologies & digital technologies

Delineating privacy aspects of COVID tracing applications embedded with proximity measurement technologies & digital technologies

Towards Defeating Mass Surveillance and SARS-CoV-2: The Pronto-C2 Fully Decentralized Automatic Contact Tracing System

An Advertising Overflow Attack Against Android Exposure Notification System Impacting COVID-19 Contact Tracing Applications

Contact Info

Product

Resources

About