SpreadMeNot: A Provably Secure and Privacy-Preserving Contact Tracing Protocol release_petzyxjxknedbos6wqlydtbdby

by Pietro Tedeschi, Spiridon Bakiras, Roberto Di Pietro

Released as a article .

2020  

Abstract

Contact tracing via mobile applications is gaining significant traction in the battle against Covid-19. A plethora of contact tracing apps have been developed and deployed in several countries around the world. However, people are rightfully concerned about the security and privacy risks of such applications. To this end, the contribution of this work is twofold. First, we present an in-depth analysis of the security and privacy characteristics of the most prominent contact tracing protocols, under both passive and active adversaries. The results of our study indicate that all protocols are vulnerable to a variety of attacks, mainly due to the deterministic nature of the underlying cryptographic protocols. Our second contribution is the design of SpreadMeNot, a novel contact tracing protocol that can defend against most passive and active attacks, thus providing strong (provable) security and privacy guarantees that are necessary for such a sensitive application. Moreover, we experimentally demonstrate that SpreadMeNot---while being built on asymmetric crypto primitives---sports little overhead. Our detailed analysis, both formal and experimental, shows that SpreadMeNot satisfies security, privacy, and performance requirements, hence being an ideal candidate for building a contact tracing solution that can be adopted by the majority of the general public, as well as to serve as an open source reference for further developments in the field.
In text/plain format

Archived Files and Locations

application/pdf  1.6 MB
file_y4bmwmcz65cirpn55w4mzjrul4
arxiv.org (repository)
web.archive.org (webarchive)
Read Archived PDF
Preserved and Accessible
Type  article
Stage   submitted
Date   2020-11-14
Version   v1
Language   en ?
arXiv  2011.07306v1
Work Entity
access all versions, variants, and formats of this works (eg, pre-prints)
Catalog Record
Revision: eaf36507-79a5-458c-ba95-0eb8568771ea
API URL: JSON