Academia.eduAcademia.edu

Outline

Title
Abstract
Desirable Objectives and Implied Requirements
Introduction
Prilok Data Vault (Pdv)
Security, Dependability and Resilience Analysis
References
All Topics
Art
Architecture

PriLok: Citizen-protecting distributed epidemic tracing

Profile image of Marcus VölpMarcus Völp

2020, arXiv (Cornell University)

Abstract

Contact tracing is an important instrument for national health services to fight epidemics. As part of the COVID-19 situation, many proposals have been made for scaling up contact tracing capacities with the help of smartphone applications, an important but highly critical endeavour due to the privacy risks involved in such solutions. Extending our previously expressed concern, we clearly articulate in this article, the functional and non-functional requirements that any solution has to meet, when striving to serve, not mere collections of individuals, but the whole of a nation, as required in face of such potentially dangerous epidemics. We present a critical information infrastructure, PriLok, a fully-open preliminary architecture proposal and design draft for privacy-preserving digital contact tracing, which we believe can be constructed in a way to fulfil the former requirements. Our architecture leverages the existing regulated mobile communication infrastructure and builds upon the concept of "checks and balances", requiring a majority of independent players to agree to effect any operation on it, thus preventing abuse of the highly sensitive information that must be collected and processed for efficient contact tracing. This is technically enforced with a largely decentralised layout and highly resilient state-of-the-art technology, which we explain in the paper, finishing by giving a security, dependability and resilience analysis, showing how it meets the defined requirements, even while the infrastructure is under attack.

Related papers

COVID-19 Contact Tracing and Data Protection Can Go Together (Preprint)
Cristian Chacon

2020

UNSTRUCTURED We discuss the implementation of app-based contact tracing to control the coronavirus disease (COVID-19) pandemic and discuss its data protection and user acceptability aspects.

View PDFchevron_right
Demystifying COVID-19 Digital Contact Tracing: A Survey on Frameworks and Mobile Apps
José Luis Hernández Ramos

Wireless Communications and Mobile Computing

The coronavirus pandemic is a new reality, and it severely affects the modus vivendi of the international community. In this context, governments are rushing to devise or embrace novel surveillance mechanisms and monitoring systems to fight the outbreak. The development of digital tracing apps, which among others are aimed at automatising and globalising the prompt alerting of individuals at risk in a privacy-preserving manner, is a prominent example of this ongoing effort. Very promptly, a number of digital contact tracing architectures have been sprouted, followed by relevant app implementations adopted by governments worldwide. Bluetooth, specifically its Low Energy (BLE) power-conserving variant, has emerged as the most promising short-range wireless network technology to implement the contact tracing service. This work offers the first to our knowledge full-fledged review of the most concrete contact tracing architectures proposed so far in a global scale. This endeavour does n...

View PDFchevron_right
Tracing Contacts to Control the COVID-19 Pandemic
Christoph Günther

ArXiv, 2020

The control of the COVID-19 pandemic requires a considerable reduction of contacts mostly achieved by imposing movement control up to the level of enforced quarantine. This has lead to a collapse of substantial parts of the economy. Carriers of the disease are infectious roughly 3 days after exposure to the virus. First symptoms occur later or not at all. As a consequence tracing the contacts of people identified as carriers is essential for controlling the pandemic. This tracing must work everywhere, in particular indoors, where people are closest to each other. Furthermore, it should respect people's privacy. The present paper presents a method to enable a thorough traceability with very little risk on privacy. In our opinion, the latter capabilities are necessary to control the pandemic during a future relaunch of our economy.

View PDFchevron_right
Short Paper: Privacy Comparison of Contact Tracing Mobile Applications for COVID-19
MOHAMED MESSAI

ArXiv, 2020

With the COVID-19 pandemic, quarantines took place across the globe. In the aim of stopping or slowing the progression of the COVID-19 contamination, many countries have deployed a contact tracing system to notify persons that be in contact with a COVID-positive person. The contact tracing system is implemented in a mobile application and leverages technologies such as Bluetooth to trace interactions between persons. This paper discusses di?erent smart-phone applications based on contact tracing system from privacy point of view.

View PDFchevron_right
BeepTrace: Blockchain-Enabled Privacy-Preserving Contact Tracing for COVID-19 Pandemic and Beyond
Oluwakayode Onireti

IEEE Internet of Things Journal, 2020

The outbreak of the coronavirus disease 2019 (COVID-19) pandemic has exposed an urgent need for effective contact tracing solutions through mobile phone applications to prevent the infection from spreading further. However, due to the nature of contact tracing, public concern on privacy issues has been a bottleneck to the existing solutions, which is significantly affecting the uptake of contact tracing applications across the globe. In this article, we present a blockchain-enabled privacypreserving contact tracing scheme: BeepTrace, where we propose to adopt blockchain bridging the user/patient and the authorized solvers to desensitize the user ID and location information. Compared with recently proposed contact tracing solutions, our approach shows higher security and privacy with the additional advantages of being battery friendly and globally accessible. Results show viability in terms of the required resource at both server and mobile phone perspectives. Through breaking the privacy concerns of the public, the proposed BeepTrace solution can provide a timely framework for authorities, companies, software developers, and researchers to fast develop and deploy effective digital contact tracing applications, to conquer the COVID-19 pandemic soon. Meanwhile, the open initiative of BeepTrace allows worldwide collaborations, integrate existing tracing and positioning solutions with the help of blockchain technology.

View PDFchevron_right
On the Privacy of National Contact Tracing COVID-19 Applications: The Coronavírus-SUS Case
Jéferson Nobre

2021

The 2019 Coronavirus disease (COVID-19) pandemic, caused by a quick dissemination of the Severe Acute Respiratory Syndrome Coronavirus 2 (SARS-CoV-2), has had a deep impact worldwide, both in terms of the loss of human life and the economic and social disruption. The use of digital technologies has been seen as an important effort to combat the pandemic and one of such technologies is contact tracing applications. These applications were successfully employed to face other infectious diseases, thus they have been used during the current pandemic. However, the use of contact tracing poses several privacy concerns since it is necessary to store and process data which can lead to the user/device identification as well as location and behavior tracking. These concerns are even more relevant when considering nationwide implementations since they can lead to mass surveillance by authoritarian governments. Despite the restrictions imposed by data protection laws from several countries, there are still doubts on the preservation of the privacy of the users. In this article, we analyze the privacy features in national contact tracing COVID-19 applications considering their intrinsic characteristics. As a case study, we discuss in more depth the Brazilian COVID-19 application Coronavírus-SUS, since Brazil is one of the most impacted countries by the current pandemic. Finally, as we believe contact tracing will continue to be employed as part of the strategy for the current and potential future pandemics, we present key research challenges.

View PDFchevron_right
The Processing goes far beyond "the app" – Privacy issues of decentralized Digital Contact Tracing using the example of the German Corona-Warn-App
Rainer Rehak

2022 6th International Conference on Cryptography, Security and Privacy (CSP), 2022

Since SARS-CoV-2 started spreading in Europe in early 2020, there has been a strong call for technical solutions to combat or contain the pandemic, with contact tracing apps at the heart of the debates. The EU’s General Data Protection Regulation (GDPR) requires controllers to carry out a data protection impact assessment (DPIA) where their data processing is likely to result in a high risk to the rights and freedoms (Art. 35 GDPR). A DPIA is a structured risk analysis that identifies and evaluates possible consequences of data processing relevant to fundamental rights in advance and describes the measures envisaged to address these risks or expresses the inability to do so. Based on the Standard Data Protection Model (SDM), we present the results of a scientific and methodologically clear DPIA. It shows that even a decentralized architecture involves numerous serious weaknesses and risks, including larger ones still left unaddressed in current implementations. It also found that none of the proposed designs operates on anonymous data or ensures proper anonymisation. It also showed that informed consent would not be a legitimate legal ground for the processing. For all points where data subjects’ rights are still not sufficiently safeguarded, we briefly outline solutions.

View PDFchevron_right
Secure Digital Contact Tracing Methods Are Necessary for Slowing Down COVID-19
Rania Ansari

2020

COVID-19 has horrified the world with its grasp, totaling 23 million cases and 850k deaths worldwide and they continue to rise. Of those cases, the US holds the highest total 1 worldwide with 6 million cases and 183k deaths. 1 As death tolls and cases rise, so do tensions among government agencies and its people. With a novel virus such as COVID-19, people are torn about what to do during this pandemic and the repercussions that may follow. In previous outbreaks and pandemics, contact tracing was used as a means of slowing down the viral spread by tracing an infected person's contacts. This is usually done by volunteers; people willing to put their lives on the line in order to preserve public health. This is not a luxurious job. In fact, many countries struggle with equipping enough people for the job as the available workforce is extremely limited. For one, it is difficult to recruit enough volunteers that are willing to work with the risk of infection. Even further, it takes critical time to teach volunteers how to properly contact trace, critical time that most certainly means life or death for some individuals. Additionally, in-person contact tracing requires for the infected party to remember all the places they visited and the people they encountered. Of course, these recollections are not always completely accurate. 2 1 "COVID-19 Map -Johns Hopkins ...." Accessed September 1, 2020. . 2 "Liberia: Ebola contact tracing lessons inform ...

View PDFchevron_right
Digital Contact Tracing Service: An improved decentralized design for privacy and effectiveness
Christian Djeffal

2021

We propose a decentralized digital contact tracing service that preserves the users' privacy by design while complying to the highest security standards. Our approach is based on Bluetooth and measures actual encounters of people, the contact time period, and estimates the proximity of the contact. We trace the users' contacts and the possible spread of infectious diseases while preventing location tracking of users, protecting their data and identity. We verify and improve the impact of tracking based on epidemiological models. We compare a centralized and decentralized approach on a legal perspective and find a decentralized approach preferable considering proportionality and data minimization.

View PDFchevron_right
COVID-19 Contact Tracing and Tracking
Jerry Sarumi

Advances in Multidisciplinary and scientific Research Journal Publication

The recent outbreak of COVID-19 has taken the world by surprise, forcing lockdowns and straining public health care systems. COVID-19 is known to be a highly infectious virus, and infected individuals do not initially exhibit symptoms, while some remain asymptomatic. Thus, a non-negligible fraction of the population can, at any given time, be a hidden source of transmissions. In response, many governments have shown great interest in smartphone contact tracing apps that help automate the difficult task of tracing all recent contacts of newly identified infected individuals. However, tracing apps have generated much discussion around their key attributes, including system architecture, data management, privacy, security, proximity estimation, and attack vulnerability. The use of Covid-19 contact tracing applications is close to be unheard of in Nigeria. We are far behind in leveraging on mobile app technology to combat the continued spread of this deadly virus. This project proposes ...

View PDFchevron_right

References (38)

  1. Ittai Abraham, Dahlia Malkhi, Kartik Nayak, Ling Ren, and Alexander Spiegelman. "Sol- ida: A blockchain protocol based on reconfigurable byzantine consensus". In: arXiv (2016).
  2. Elli Androulaki et al. "Hyperledger fabric: a distributed operating system for permissioned blockchains". In: EuroSys conference. 2018.
  3. Apache Storm. http://storm.apache.org/.
  4. Gennaro Avitabile, Vincenzo Botta, Vincenzo Iovino, and Ivan Visconti. Towards Defeat- ing Mass Surveillance and SARS-CoV-2: The Pronto-C2 Fully Decentralized Automatic Contact Tracing System. Cryptology ePrint Archive, Report 2020/493. https://eprint. iacr.org/2020/493. 2020.
  5. Alysson Bessani, Miguel Correia, Bruno Quaresma, Fernando André, and Paulo Sousa. "DepSky: Dependable and Secure Storage in a Cloud-of-Clouds". In: ACM Trans. Storage 9.4 (Nov. 2013).
  6. Alysson Bessani, Ricardo Mendes, Tiago Oliveira, Nuno Neves, Miguel Correia, Marcelo Pasin, and Paulo Verissimo. "SCFS: A Shared Cloud-Backed File System". In: Proceed- ings of the 2014 USENIX Conference on USENIX Annual Technical Conference. USENIX ATC'14. Philadelphia, PA: USENIX Association, 2014.
  7. Alysson Bessani, Joao Sousa, and Eduardo Alchieri. State Machine Replication for the Masses with BFT-SMART. Tech. rep. TR-2013-07. http://hdl.handle.net/10451/14170. University of Lisbon, DI-FCUL, Nov. 2013.
  8. Ran Canetti, Ari Trachtenberg, and Mayank Varia. Anonymous Collocation Discovery: Harnessing Privacy to Tame the Coronavirus. 2020. arXiv: 2003.13670 [cs.CY].
  9. Miguel Castro and Barbara Liskov. "Practical Byzantine Fault Tolerance". In: Proceedings of the Third Symposium on Operating Systems Design and Implementation. OSDI '99. New Orleans, Louisiana, USA: USENIX Association, 1999.
  10. Justin Chan et al. PACT: Privacy Sensitive Protocols and Mechanisms for Mobile Contact Tracing. 2020. arXiv: 2004.03544 [cs.CR].
  11. Yves-Alexandre De Montjoye, César A Hidalgo, Michel Verleysen, and Vincent D Blondel. "Unique in the crowd: The privacy bounds of human mobility". In: Scientific reports 3 (2013).
  12. Yves-Alexandre De Montjoye, Laura Radaelli, Vivek Kumar Singh, et al. "Unique in the shopping mall: On the reidentifiability of credit card metadata". In: Science 347.6221 (2015).
  13. Cynthia Dwork. "Differential privacy: A survey of results". In: International conference on theory and applications of models of computation. Springer. 2008.
  14. Cynthia Dwork, Moni Naor, Toniann Pitassi, and Guy N Rothblum. "Differential privacy under continual observation". In: Proceedings of the forty-second ACM symposium on The- ory of computing. 2010.
  15. Cynthia Dwork, Moni Naor, Toniann Pitassi, Guy N Rothblum, and Sergey Yekhanin. "Pan-Private Streaming Algorithms." In: ICS. 2010.
  16. Ken TD Eames and Matt J Keeling. "Contact tracing and disease control". In: Proceedings of the Royal Society of London. Series B: Biological Sciences 270.1533 (2003).
  17. Edmond J. Safra Center for Ethics at Harvard University. https://ethics.harvard. edu/files/center-for-ethics/files/roadmaptopandemicresilience_final_0.pdf.
  18. "General Data Protection Regulation". In: Official Journal of the European Union L119 (2016).
  19. Ittay Eyal, Adem Efe Gencer, Emin Gün Sirer, and Robbert Van Renesse. "Bitcoin-ng: A scalable blockchain protocol". In: NSDI. 2016.
  20. Miguel Garcia, Nuno Ferreira Neves, and Alysson Bessani. "An intrusion-tolerant firewall design for protecting SIEM systems". In: Workshop on Systems Resilience in conjunction with the Conference on Dependable Systems and Networks. June 2013.
  21. Miguel Garcia, Nuno Ferreira Neves, and Alysson Bessani. "SieveQ: A Layered BFT Pro- tection System for Critical Services". In: IEEE Transactions on Dependable and Secure Computing 15.3 (June 2018).
  22. Yossi Gilad, Rotem Hemo, Silvio Micali, Georgios Vlachos, and Nickolai Zeldovich. "Algo- rand: Scaling byzantine agreements for cryptocurrencies". In: SOSP. 2017.
  23. Guy Golan Gueta et al. "SBFT: a scalable and decentralized trust infrastructure". In: IEEE/IFIP DSN. 2019.
  24. Melissa Gymrek, Amy L McGuire, David Golan, Eran Halperin, and Yaniv Erlich. "Iden- tifying personal genomes by surname inference". In: Science 339.6117 (2013).
  25. R. W. Hamming. "Error detecting and error correcting codes". In: The Bell System Tech- nical Journal 29.2 (1950).
  26. Rüdiger Kapitza, Johannes Behl, Christian Cachin, Tobias Distler, Simon Kuhnle, Seyed Vahid Mohammadi, Wolfgang Schröder-Preikschat, and Klaus Stengel. "CheapBFT: resource- efficient byzantine fault tolerance". In: Proceedings of the 7th ACM european conference on Systems. 2012.
  27. Eleftherios Kokoris Kogias, Philipp Jovanovic, Nicolas Gailly, Ismail Khoffi, Linus Gasser, and Bryan Ford. "Enhancing bitcoin security and performance with strong consistency via collective signing". In: Usenix Security. 2016.
  28. Rebecca Levine. "Development of a Contact Tracing System for Ebola Virus Disease-Kambia District, Sierra Leone, January-February 2015". In: MMWR. Morbidity and mortality weekly report 65 (2016).
  29. Ninghui Li, Tiancheng Li, and Suresh Venkatasubramanian. "t-closeness: Privacy beyond k-anonymity and l-diversity". In: 2007 IEEE 23rd International Conference on Data Engi- neering. IEEE. 2007.
  30. Yongkang Liu, Lin X Cai, Xuemin Shen, and Hongwei Luo. "Deploying cognitive cellular networks under dynamic resource management". In: IEEE wireless communications 20.2 (2013).
  31. Ashwin Machanavajjhala, Daniel Kifer, Johannes Gehrke, and Muthuramakrishnan Venki- tasubramaniam. "l-diversity: Privacy beyond k-anonymity". In: ACM Transactions on Knowl- edge Discovery from Data (TKDD) 1.1 (2007).
  32. Leonie Reichert, Samuel Brack, and Björn Scheuermann. Privacy-preserving contact tracing of covid-19 patients. 2020.
  33. T. Rocket. "Snowflake to avalanche: A novel metastable consensus protocol family for cryptocurrencies". In: 2018.
  34. Adi Shamir. "How to Share a Secret". In: Commun. ACM 22.11 (Nov. 1979).
  35. SQL Stream. https://sqlstream.com/.
  36. Corien M Swaan, Rolf Appels, Mirjam EE Kretzschmar, and Jim E van Steenbergen. "Timeliness of contact tracing among flight passengers for influenza A/H1N1 2009". In: BMC infectious diseases 11.1 (2011).
  37. Latanya Sweeney. "k-anonymity: A model for protecting privacy". In: International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 10.05 (2002).
  38. Giuliana Santos Veronese, Miguel Correia, Alysson Neves Bessani, Lau Cheuk Lung, and Paulo Verissimo. "Efficient byzantine fault-tolerance". In: IEEE Transactions on Computers 62.1 (2011).

Related papers

PriLock: Citizen-protecting distributed epidemic tracing
Marcus Völp

2020

Contact tracing is an important instrument for national health services to fight epidemics. As part of the COVID-19 situation, many proposals have been made for scaling up contract tracing capacities with the help of smartphone applications, an important but highly critical endeavor due to the privacy risks involved in such solutions. Extending our previously expressed concern, we clearly articulate in this article, the functional and non-functional requirements that any solution has to meet, when striving to serve, not mere collections of individuals, but the whole of a nation, as required in face of such potentially dangerous epidemics. We present a critical information infrastructure, PriLock, a fully-open preliminary architecture proposal and design draft for privacy preserving contact tracing, which we believe can be constructed in a way to fulfill the former requirements. Our architecture leverages the existing regulated mobile communication infrastructure and builds upon the ...

View PDFchevron_right
Contact tracing solutions for COVID-19: applications, data privacy and security
Bárbara Muracciole

CLEI Electronic Journal, 2022

Since the beginning of 2020, COVID-19 has had a strong impact on the health of the world population. The mostly used approach to stop the epidemic is the application of controls of a classic epidemic such as case isolation, contact monitoring, and quarantine, as well as physical distancing and hygienic measures. Tracing the contacts of infected people is one of the main strategies for controlling the pandemic. Manual contact tracing is a slow, error-prone (by omission or forgotten) process, and vulnerable in terms of security and privacy. Furthermore, it needs to be carried out by specially trained personnel and it is not effective in identifying contacts with strangers (for example in public transport, supermarkets, etc). Given the high rates of contagion, which makes difficult an effective manual contact tracing, multiple initiatives arose for developing digital proximity tracing technologies. In this paper, we discuss in depth the security and personal data protection requirements that these technologies must satisfy, and we present an exhaustive and detailed list of the various applications that have been deployed globally, as well as the underlying infrastructure models and technologies they used. In particular, we identify potential threats that could undermine the satisfaction of the analyzed requirements, violating hegemonic personal data protection regulations.

View PDFchevron_right
Real-time Privacy Preserving Framework for Covid-19 Contact Tracing
ahmed abdullh mohamed

Computers, Materials & Continua, 2022

The recent unprecedented threat from COVID-19 and past epidemics, such as SARS, AIDS, and Ebola, has affected millions of people in multiple countries. Countries have shut their borders, and their nationals have been advised to self-quarantine. The variety of responses to the pandemic has given rise to data privacy concerns. Infection prevention and control strategies as well as disease control measures, especially real-time contact tracing for COVID-19, require the identification of people exposed to COVID-19. Such tracing frameworks use mobile apps and geolocations to trace individuals. However, while the motive may be well intended, the limitations and security issues associated with using such a technology are a serious cause of concern. There are growing concerns regarding the privacy of an individual's location and personal identifiable information (PII) being shared with governments and/or health agencies. This study presents a real-time, trust-based contact-tracing framework that operates without the use of an individual's PII, location sensing, or gathering GPS logs. The focus of the proposed contact tracing framework is to ensure real-time privacy using the Bluetooth range of individuals to determine others within the range. The research validates the trust-based framework using Bluetooth as practical and privacy-aware. Using our proposed methodology, personal information, health logs, and location data will be secure and not abused. This research analyzes 100,000 tracing dataset records from 150 mobile devices to identify infected users and active users.

View PDFchevron_right
A First Look at Privacy Analysis of COVID-19 Contact Tracing Mobile Applications
Syed Ali Akmal

IEEE Internet of Things Journal

Today's smartphones are equipped with a large number of powerful value-added sensors and features such as a low power Bluetooth sensor, powerful embedded sensors such as the digital compass, accelerometer, GPS sensors, Wi-Fi capabilities, microphone, humidity sensors, health tracking sensors, and a camera, etc. These value-added sensors have revolutionized the lives of the human being in many ways such, as tracking the health of the patients and movement of doctors, tracking employees movement in large manufacturing units, and monitoring the environment, etc. These embedded sensors could also be used for large-scale personal, group, and community sensing applications especially tracing the spread of certain diseases. Governments and regulators are turning to use these features to trace the people thought to have symptoms of certain diseases or virus e.g. COVID-19. The outbreak of COVID-19 in December 2019, has seen a surge of the mobile applications for tracing, tracking and isolating the persons showing COVID-19 symptoms to limit the spread of disease to the larger community. The use of embedded sensors could disclose private information of the users thus potentially bring threat to the privacy and security of users. In this paper, we analyzed a large set of smartphone applications that have been designed to contain the spread of the COVID-19 virus and bring the people back to normal life. Specifically, we have analyzed what type of permission these smartphone apps require, whether these permissions are necessary for the track and trace, how data from the user devices is transported to the analytic center, and analyzing the security measures these apps have deployed to ensure the privacy and security of users.

View PDFchevron_right
A survey of COVID-19 contact-tracing apps
saleh alrashed

Computers in Biology and Medicine, 2021

The COVID-19 pandemic has sparked a variety of technological interventions, including smartphone contact tracing apps. These apps help notify the recent contacts of infected individuals, but they introduce many security and design concerns. This research will primarily analyze a 2020 IEEE article about this technology titled "A Survey of COVID-19 Contact Tracing Apps," by Ahmed et al.; the paper examines different system architectures, privacy considerations, potential attacks, and examples of existing contact tracing apps. Analyzing this research will expose unanswered questions and insights to guide future development of contact tracing technology. Additionally, the article's analysis of contact tracing architecture will be applied to the Virginia statewide contact tracing app (COVIDWISE). Promoting an understanding of the security and privacy implications of the COVIDWISE app architecture will encourage wider adoption of the technology. Since the efficacy of contact tracing apps relies on a sufficient adoption rate, increasing the public's trust in the technology is imperative.

View PDFchevron_right

Related topics

  • Computer Science
  • Architecture
  • Computer Security
  • Critical Infrastructure
  • Contact Tracing
    • 580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved