posted on 2023-11-29, 18:06authored byCarmela Troncoso, Mathias Payer, Jean-Pierre Hubaux, Marcel Salathé, James Larus, Theresa Stadler, Apostolos Pyrgelis, Daniele Antonioli, Ludovic Barman, Sylvain ChatelSylvain Chatel, Kenneth Paterson, Srdjan Capkun, David Basin, Jan Beutel, Dennis Jackson, Marc Roeschlin, Patrick Leu, Bart Preneel, Nigel Smart, Aysajan Abidin, Seda Gürses, Michael Veale, Cas CremersCas Cremers, Michael BackesMichael Backes, Nils Ole TippenhauerNils Ole Tippenhauer, Reuben Binns, Ciro Cattuto, Alain Barrat, Dario Fiore, Manuel Barbosa, Rui Oliveira, José Pereira
This document describes and analyzes a system for secure and privacy-preserving proximity tracing at large scale.This system provides a technological foundation to help slow the spread of SARS-CoV-2 by simplifying and accelerating the process of notifying people who might have been exposed to the virus so that they can take appropriate measures to break its transmission chain. The system aims to minimise privacy and security risks for individuals and communities and guarantee the highest level of data protection.
The goal of our proximity tracing system is to determine who has been in close physical proximity to a COVID-19 positive person and thus exposed to the virus, without revealing the contact’s identity or where the contact occurred. To achieve this goal, users run a smartphone app that continually broadcasts an ephemeral, pseudo-random ID representing the user’s phone and also records the pseudo-random IDs observed from smartphones in close proximity. When a patient is diagnosed with COVID-19, she can upload pseudo-random IDs previously broadcast from her phone to a central server. Prior to the upload, all data remains exclusively on the user’s phone.Other users’ apps can use data from the server to locally estimate whether the device’s owner was exposed to the virus through close-range physical proximity to a COVID-19 positive person who has uploaded their data. In case the app detects a high risk, it will inform the user.
The system provides the following security and privacy protections:
•Ensures data minimization. The central server only observes anonymous identifiers of COVID-19 positive users without any proximity information. Health authorities learn no information except that provided when a user reaches out to them after being notified.
•Prevents abuse of data. As the central server receives the minimum amount of information tailored to its requirements, it can neither misuse the collected data for other purposes, nor can it be coerced or subpoenaed to make other data available.
•Prevents tracking of users. No entity can track users that have not reported a positive diagnosis.Depending on the implementation chosen, others can only track COVID-19 positive users in a small geographical region limited by their capability to deploy infrastructure that can receive broadcasted Bluetooth beacons.
•Graceful dismantling. The system will dismantle itself after the end of the epidemic. COVID-19 positive users will stop uploading their data to the central server, and people will stop using the app. Data on the server and in the apps is removed after 14 days.
We are publishing this document to inform the discussion revolving around the design and implementation of proximity tracing systems. This document is accompanied by other documents containing an overview of the data protection compliance of the design, an extensive privacy and security risk evaluation of digital proximity tracing systems, a proposal for interoperability of multiple systems deployed in different geographical regions,and alternatives for developing secure upload authorisation mechanisms.
History
Preferred Citation
Carmela Troncoso, Mathias Payer, Jean-Pierre Hubaux, Marcel Salathé, James Larus, Theresa Stadler, Apostolos Pyrgelis, Daniele Antonioli, Ludovic Barman, Sylvain Chatel, Kenneth Paterson, Srdjan Capkun, David Basin, Jan Beutel, Dennis Jackson, Marc Roeschlin, Patrick Leu, Bart Preneel, Nigel Smart, Aysajan Abidin, Seda Gürses, Michael Veale, Cas Cremers, Michael Backes, Nils Tippenhauer, Reuben Binns, Ciro Cattuto, Alain Barrat, Dario Fiore, Manuel Barbosa, Rui Oliveira and José Pereira. Decentralized Privacy-Preserving Proximity Tracing. In: IEEE Data Engineering Bulletin. 2020.
Primary Research Area
Reliable Security Guarantees
Legacy Posted Date
2020-10-08
Journal
IEEE Data Engineering Bulletin
Pages
36 - 66
Open Access Type
Green
Sub Type
Article
BibTeX
@article{cispa_all_3245,
title = "Decentralized Privacy-Preserving Proximity Tracing",
author = "Troncoso, Carmela and Payer, Mathias and Hubaux, Jean-Pierre and Salathé, Marcel and Larus, James and Stadler, Theresa and Pyrgelis, Apostolos and Antonioli, Daniele and Barman, Ludovic and Chatel, Sylvain and Paterson, Kenneth and Capkun, Srdjan and Basin, David and Beutel, Jan and Jackson, Dennis and Roeschlin, Marc and Leu, Patrick and Preneel, Bart and Smart, Nigel and Abidin, Aysajan and Gürses, Seda and Veale, Michael and Cremers, Cas and Backes, Michael and Tippenhauer, Nils Ole and Binns, Reuben and Cattuto, Ciro and Barrat, Alain and Fiore, Dario and Barbosa, Manuel and Oliveira, Rui and Pereira, José",
journal="{IEEE Data Engineering Bulletin}",
year="2020",
}