bluetooth based contact tracing
play

Bluetooth Based Contact Tracing Scheme for Hamagen Benny Pinkas - PowerPoint PPT Presentation

Hashomer: A Proposal for a Privacy-Preserving Bluetooth Based Contact Tracing Scheme for Hamagen Benny Pinkas Eyal Ronen Some disclaimers We are not that kind of doctors (medical / epidemiology) We do not represent the Israeli Ministry


  1. Hashomer: A Proposal for a Privacy-Preserving Bluetooth Based Contact Tracing Scheme for Hamagen Benny Pinkas Eyal Ronen

  2. Some disclaimers • We are not that kind of doctors (medical / epidemiology) • We do not represent the Israeli Ministry of Health • We would not talk about the crypto details (see white paper) • We will talk about our views on what is contact tracing • Centralized vs. De-centralized • The DP3T / GAPPLE solutions vs. our own • What we think is the right solution for Israel

  3. One of the main problems of COVID19 • Sdfg Image taken from DP3T

  4. People meet each other

  5. Alice is identified as COVID-19 positive

  6. Need to inform whoever met Alice

  7. Manual Contact Tracing • Manual epidemiologic interrogation • Where have you been in the last two weeks? • Hard to remember exact location and times • Exposure defined as under 2 meter for over 15 minutes • Who you have met? • Some contacts are unknown • Notify all of you contacts • How to notify unknown contacts? Initial solution: publish list of locations • A labor intensive and inefficient process • Very coarse grain and inaccurate information • Hard to scale to a large number of new positives

  8. How can contacts be automatically traced? • Cellular information • Pros: global, does not depend on user cooperation • Cons: accuracy wise - inaccurate privacy wise - tracks location rather than contacts government may learn locations of all people. • Same arguments apply to similar types of surveillance: credit card purchases, security cams, etc. • Homomorphic encryption and MPC • Might be used for processing data while limiting the risk, but will not mitigate it completely. Do not scale up well.

  9. How can contacts be automatically traced? • Location data gathered on the device itself: GPS, wifi signals, etc. • Pros: More accurate • Cons: Still inaccurate (especially indoors) Tracks location rather than contacts Requires cooperation by users (install an app; must convince users that this is for their own good) Privacy wise: depends on the specific solution

  10. Contact tracing in Israel • Manual epidemiologic interrogation • Fine grained - individual contacts or specific locations • Coarse grained – closing whole schools or workplaces • Shabak - based on cellular networks (and other information?) • List of customers at restaurants • Wide and disturbing impacts on privacy • Still not very accurate

  11. Contact tracing in Israel • Hamagen privacy preserving GPS based solution • Devices keep a log of their whereabouts • Devices retrieve a list of infected persons' locations generated from manual interrogation • Locally compare it to the user's GPS history • Alert for possible exposure with time and location • Preserve privacy for healthy users nothing leaves the device • Almost no privacy for infected persons MoH redacts sensitive locations • GPS has low accuracy, especially inside buildings. Large number of false positives.

  12. Bluetooth Low Energy (BLE) tracking • Can identify other devices in close range BLE • Privacy issues • Can ’ t just publish MAC address • Technical issues • Distance and duration estimations depend on multiple factors (model, obstructions...) • BLE must be sent/received in the background • Power consumption ? • Effective only if both devices support the protocol • For full utility, 60% of users must install. Still good if fewer people install.

  13. In an Ideal World Trusted Party etc. …

  14. In an Ideal World Knows all contacts (not necessarily locations)

  15. In an Ideal World Knows all contacts

  16. Centralized Output The government

  17. Centralized Output The government stay at home! Government does not learn about the contacts of non-infected people (in this ideal implementation)

  18. De Decentralized Output Data which enables to identify contacts

  19. De Decentralized Output Data which enables to identify contacts Oops Oops Oops Government learns nothing, unless those who contacted the sick person want to report about this

  20. De Decentralized Output Data which enables to identify contacts Oops Oops Oops Government learns nothing, unless those who contacted the sick person want to report about this

  21. Centralized vs. Decentralized • Who controls the data? (government vs. users) • Who gets the output? (government vs. users) • Centralized (Singapore, Australia, UK?): we must trust that the government does not misuse its power • Even more so in real world implementations of this model • Decentralized (Europe / GAPPLE): we must trust that users will do the right thing

  22. Real World Implementation of the Centralized model In the real world, the implementation of the centralized model might reveal to the government who was in contact with whom

  23. Our Approach • Users must trust that the system preservers their rights • Otherwise they will “cheat” • Government might fight that, but we don’t want to get there

  24. Basic centralized design • Government chooses the values sent over BLE • (simplification) Each device encrypts its identity (plus the time) under the government's public key, and broadcasts it over BLE

  25. Basic centralized design • Government chooses the values sent over BLE • (simplification) Each device encrypts its identity (plus the time) under the government's public key, and broadcasts it over BLE • Users who receive such messages keep them (but cannot decrypt)

  26. Basic centralized design • When a user is sick, it sends to the government all encrypted ids that it received

  27. Basic centralized design • When a user is sick, it sends to the government all encrypted ids that it received • The government decrypts these ids and tells the corresponding people to quarantine stay at home!

  28. Basic centralized design • When a user is sick, it sends to the government all encrypted ids that it received • The government decrypts these ids and tells the corresponding people to quarantine stay at home! • Can be misused • Stored ids can be subpoenaed or compromised • Passive receivers can be used to accurately track users • Many more...

  29. Basic decentralized design • Every 5 minutes each device picks a random value and broadcasts it over BLE

  30. Basic decentralized design • Every 5 minutes each device picks a random value and broadcasts it over BLE rand1, rand2, ... • If user is COVID positive, he can choose to give the government the list of values that he broadcasted

  31. Basic decentralized design • The government broadcasts the random values received from all new COVID+ people rand values of all new sick users

  32. Basic decentralized design • The government broadcasts the random values received from all new COVID+ people rand values of all • All users compare this list to the values that they new sick users received • If there is a match then they can choose to report match ? this

  33. Google/Apple • Similar to the DP-3T decentralized design • Similar to basic design • Generate random key for each day • Ephemeral IDs for the day are all derived from the daily key • Infected person's daily "Temporary Exposure Keys" are broadcasted to all users • Reduces the communication complexity • 1000 positives × 14 days × 24 hours × 4 ids per hour × 16 Bytes ~ 21 MB • 1000 positives × 14 days × 16 Bytes ~ 0.2MB

  34. Tradeoff Between Privacy and Explainability • Do we protect the privacy of infected persons? • Depends on the information given to users, but basically NO • GAPPLE / DP3T only reveal the day of the contact • No explainability • No way to filter false positives • Doesn't seem to be a problem for DP3T in Switzerland • Only protects privacy against receivers which follow the protocol • In Israel locations and times are published • We suggest revealing location and coarse time of contact

  35. Linkability and Partial Disclosure • GAPPLE / DP3T send a single key per day, which allows linking all IDs that an infected person sent on the same day • It is also impossible to redact "sensitive" time periods • We suggest using hourly keys • Using a "Tree" like key derivation scheme to allow flexible tradeoff between privacy and communication complexity • And allowing the user or MoH to redact different periods of time • Better privacy

  36. Relay Attacks • Attack Scenario • BT receiver is placed in an emergency room • BT transmitter is placed in a busy supermarket rand

  37. Protecting against Relay Attacks • GAPLLE / DP3T is insecure wrt these attacks • We suggest sending the user's coarse grain geohash • Receiver anyway knows this location • Use authenticated encryption, key revealed only for infected persons • Server does not learn the location • Tradeoff between security and privacy • Location information stored on device might be compromised or subpoenaed • More advance attacks still possible • e.g., colluding with an infected person

  38. Proving exposure to COVID+ • In DP3T/GAPPLE, users can So you can ’ t just claim that they were Did anyone see any of take the exam exposed to a patient these values sent by new tomorrow … sick users? • Our design enables users to prove that they were exposed I did!

Recommend


More recommend