SpreadMeNot: A Provably Secure and Privacy-Preserving Contact Tracing Protocol
release_petzyxjxknedbos6wqlydtbdby
by
Pietro Tedeschi, Spiridon Bakiras, Roberto Di Pietro
2020
Abstract
Contact tracing via mobile applications is gaining significant traction in
the battle against Covid-19. A plethora of contact tracing apps have been
developed and deployed in several countries around the world. However, people
are rightfully concerned about the security and privacy risks of such
applications. To this end, the contribution of this work is twofold. First, we
present an in-depth analysis of the security and privacy characteristics of the
most prominent contact tracing protocols, under both passive and active
adversaries. The results of our study indicate that all protocols are
vulnerable to a variety of attacks, mainly due to the deterministic nature of
the underlying cryptographic protocols. Our second contribution is the design
of SpreadMeNot, a novel contact tracing protocol that can defend against most
passive and active attacks, thus providing strong (provable) security and
privacy guarantees that are necessary for such a sensitive application.
Moreover, we experimentally demonstrate that SpreadMeNot---while being built on
asymmetric crypto primitives---sports little overhead. Our detailed analysis,
both formal and experimental, shows that SpreadMeNot satisfies security,
privacy, and performance requirements, hence being an ideal candidate for
building a contact tracing solution that can be adopted by the majority of the
general public, as well as to serve as an open source reference for further
developments in the field.
In text/plain
format
Archived Files and Locations
application/pdf 1.6 MB
file_y4bmwmcz65cirpn55w4mzjrul4
|
arxiv.org (repository) web.archive.org (webarchive) |
2011.07306v1
access all versions, variants, and formats of this works (eg, pre-prints)