PURE: A Framework for Analyzing Proximity-based Contact Tracing Protocols

Many proximity-based tracing (PCT) protocols have been proposed and deployed to combat the spreading of COVID-19. In this paper, we take a systematic approach to analyze PCT protocols. We identify a list of desired properties of a contact tracing design from the four aspects of Privacy, Utility, Resiliency, and Efficiency (PURE). We also identify two main design choices for PCT protocols: what information patients report to the server, and which party performs the matching. These two choices determine most of the PURE properties and enable us to conduct a comprehensive analysis and comparison of the existing protocols.

[1]  Björn Scheuermann,et al.  A Survey of Automatic Contact Tracing Approaches , 2020, IACR Cryptol. ePrint Arch..

[2]  Georgios Kambourakis,et al.  Demystifying COVID-19 digital contact tracing: A survey on frameworks and mobile apps , 2020, Wirel. Commun. Mob. Comput..

[3]  Amy N. Finkelstein,et al.  Initial economic damage from the COVID-19 pandemic in the United States is more widespread across ages and geographies than initial mortality impacts , 2020, Proceedings of the National Academy of Sciences.

[4]  Asra Ali,et al.  Communication-Computation Trade-offs in PIR , 2019, IACR Cryptol. ePrint Arch..

[5]  Jörn Müller-Quade,et al.  ConTra Corona: Contact Tracing against the Coronavirus by Bridging the Centralized - Decentralized Divide for Stronger Privacy , 2020, IACR Cryptol. ePrint Arch..

[6]  Ruben L. Bach,et al.  Acceptability of app-based contact tracing for COVID-19: Cross-country survey evidence , 2020, medRxiv.

[7]  Cédric Lauradoux,et al.  DESIRE: A Third Way for a European Exposure Notification System Leveraging the best of centralized and decentralized systems , 2020, ArXiv.

[8]  Jonathan Katz,et al.  Private Set Intersection: Are Garbled Circuits Better than Custom Protocols? , 2012, NDSS.

[9]  Xiaohui Liang,et al.  EPIC: Efficient Privacy-Preserving Contact Tracing for Infection Detection , 2018, 2018 IEEE International Conference on Communications (ICC).

[10]  Lily Chen,et al.  Internet Engineering Task Force (ietf) Updated Security Considerations for the Md5 Message-digest and the Hmac-md5 Algorithms , 2011 .

[11]  Antoine Boutet,et al.  ROBERT: ROBust and privacy-presERving proximity Tracing , 2020 .

[12]  Pedro Figueiredo Silva,et al.  Received signal strength models for WLAN and BLE-based indoor positioning in multi-floor buildings , 2015, 2015 International Conference on Location and GNSS (ICL-GNSS).

[13]  Dan Goldstein,et al.  How good is good enough for COVID19 apps? The influence of benefits, accuracy, and privacy on willingness to adopt , 2020, ArXiv.

[14]  Serge Vaudenay,et al.  Analysis of DP3T , 2020, IACR Cryptol. ePrint Arch..

[15]  Petros Spachos,et al.  Improving BLE Beacon Proximity Estimation Accuracy Through Bayesian Filtering , 2020, IEEE Internet of Things Journal.

[16]  Frauke Kreuter,et al.  Acceptability of App-Based Contact Tracing for COVID-19: Cross-Country Survey Study , 2020, JMIR mHealth and uHealth.

[17]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[18]  Bin Fan,et al.  Cuckoo Filter: Practically Better Than Bloom , 2014, CoNEXT.

[19]  Youngsu Cho,et al.  Analysis of positioning accuracy corresponding to the number of BLE beacons in indoor positioning system , 2015, 2015 17th International Conference on Advanced Communication Technology (ICACT).

[20]  Bob Metcalfe,et al.  Metcalfe's Law after 40 Years of Ethernet , 2013, Computer.

[21]  Ramesh Raskar,et al.  Assessing Disease Exposure Risk With Location Histories And Protecting Privacy: A Cryptographic Approach In Response To A Global Pandemic , 2020, ArXiv.

[22]  Fraunhofer AISEC Pandemic Contact Tracing Apps: DP-3T, PEPP-PT NTK, and ROBERT from a Privacy Perspective , 2020, IACR Cryptol. ePrint Arch..

[23]  Vincenzo Iovino,et al.  Towards Defeating Mass Surveillance and SARS-CoV-2: The Pronto-C2 Fully Decentralized Automatic Contact Tracing System , 2020, IACR Cryptol. ePrint Arch..

[24]  David Butler,et al.  TraceSecure: Towards Privacy Preserving Contact Tracing , 2020, ArXiv.

[25]  Vallipuram Muthukkumarasamy,et al.  COVID-19 Contact Tracing: Challenges and Future Directions , 2020, IEEE Access.

[26]  Dawn Song,et al.  Epione: Lightweight Contact Tracing with Strong Privacy , 2020, IEEE Data Eng. Bull..

[27]  Saniya Zahoor,et al.  Applicability of mobile contact tracing in fighting pandemic (COVID-19): Issues, challenges and solutions , 2020, Computer Science Review.

[28]  Björn Scheuermann,et al.  Privacy-Preserving Contact Tracing of COVID-19 Patients , 2020, IACR Cryptol. ePrint Arch..

[29]  J. Epstein,et al.  Origin and cross-species transmission of bat coronaviruses in China , 2020, bioRxiv.

[30]  Mathini Sellathurai,et al.  An Automated Contact Tracing Approach for Controlling Covid-19 Spread Based on Geolocation Data From Mobile Cellular Networks , 2020, IEEE Access.

[31]  Yuval Ishai,et al.  Function Secret Sharing: Improvements and Extensions , 2016, CCS.

[32]  Srinath T. V. Setty,et al.  PIR with Compressed Queries and Amortized Query Processing , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[33]  Mohammad Shahriar Rahman,et al.  Digital Surveillance Systems for Tracing COVID-19: Privacy and Security Challenges with Recommendations , 2020, ArXiv.

[34]  Minhui Xue,et al.  Vetting Security and Privacy of Global COVID-19 Contact Tracing Applications , 2020, ArXiv.

[35]  Eric Horvitz,et al.  PACT: Privacy-Sensitive Protocols And Mechanisms for Mobile Contact Tracing , 2020, IEEE Data Eng. Bull..

[36]  Yael Tauman Kalai,et al.  Privacy-Preserving Automated Exposure Notification , 2020, IACR Cryptol. ePrint Arch..

[37]  Laura A. Dabbish,et al.  Decentralized is not risk-free: Understanding public perceptions of privacy-utility trade-offs in COVID-19 contact-tracing apps , 2020, ArXiv.

[38]  Patrick Schaumont,et al.  Risk and Architecture factors in Digital Exposure Notification , 2020, IACR Cryptol. ePrint Arch..

[39]  Changyu Dong,et al.  A Fast Single Server Private Information Retrieval Protocol with Low Communication Cost , 2014, ESORICS.

[40]  Emiliano De Cristofaro,et al.  Linear-Complexity Private Set Intersection Protocols Secure in Malicious Model , 2010, ASIACRYPT.

[41]  Helge Janicke,et al.  A Survey of COVID-19 Contact Tracing Apps , 2020, IEEE Access.

[42]  Yaron Gvili,et al.  Security Analysis of the COVID-19 Contact Tracing Specifications by Apple Inc. and Google Inc , 2020, IACR Cryptol. ePrint Arch..

[43]  Craig Gentry,et al.  Single-Database Private Information Retrieval with Constant Communication Rate , 2005, ICALP.

[44]  Dong Xuan,et al.  ACOUSTIC-TURF: Acoustic-based Privacy-Preserving COVID-19 Contact Tracing , 2020, ArXiv.

[45]  Ryan Calo,et al.  COVID-19 Contact Tracing and Privacy: Studying Opinion and Preferences , 2020, ArXiv.

[46]  Jinfeng Li,et al.  COVID-19 Contact-tracing Apps: a Survey on the Global Deployment and Challenges , 2020, ArXiv.

[47]  Ryan Calo,et al.  COVID-19 Contact Tracing and Privacy: A Longitudinal Study of Public Opinion , 2020, Digital Threats: Research and Practice.

[48]  Serge Vaudenay,et al.  Centralized or Decentralized? The Contact Tracing Dilemma , 2020, IACR Cryptol. ePrint Arch..

[49]  Jason Bay,et al.  BlueTrace: A privacy-preserving protocol for community-driven contact tracing across borders , 2020 .

[50]  D. Cummings,et al.  Hospital outbreak of Middle East respiratory syndrome coronavirus. , 2013, The New England journal of medicine.

[51]  Marc-Olivier Killijian,et al.  XPIR : Private Information Retrieval for Everyone , 2016, Proc. Priv. Enhancing Technol..

[52]  Moni Naor,et al.  Private Information Retrieval by Keywords , 1998, IACR Cryptol. ePrint Arch..

[53]  Vincent Lenders,et al.  Contact Tracing: An Overview of Technologies and Cyber Risks , 2020, ArXiv.