Towards Defeating Mass Surveillance and SARS-CoV-2: The Pronto-C2 Fully Decentralized Automatic Contact Tracing System

Mass surveillance can be more easily achieved leveraging fear and desire of the population to feel protected while affected by devastating events. Indeed, in such scenarios, governments can adopt exceptional measures that limit civil rights, usually receiving large support from their citizens. The COVID-19 pandemic is currently affecting daily life of many citizens in the world. People are forced to stay home for several weeks, unemployment rates quickly increase, uncertainty and sadness generate an impelling desire to join any government effort in order to stop as soon as possible the spread of the virus. Following recommendations of epidemiologists, governments are proposing the use of smartphone applications to allow automatic contact tracing of citizens. Such systems can be an effective way to defeat the spread of the SARS-CoV-2 virus since they allow to gain time in identifying potentially new infected persons that should therefore be in quarantine. This raises the natural question of whether this form of automatic contact tracing can be a subtle weapon for governments to violate the privacy of their citizens as part of new and more sophisticated mass surveillance programs. In order to preserve privacy and at the same time to contribute to the containment of the pandemic, several research partnerships are proposing privacy-preserving contact tracing systems where pseudonyms are updated periodically to avoid linkability attacks. A core component of such systems is Bluetooth low energy (BLE, for short) a technology that allows two smartphones to detect that they are in close proximity. Among such systems there are some proposals like DP-3T, PACT and the Apple&Google exposure notification system that through a decentralized approach guarantee better privacy properties compared to other centralized approaches (e.g., PEPP-PT-NTK, PEPP-PT-ROBERT). On the other hand, advocates of centralized approaches claim that centralization gives to epidemiologists more useful data, therefore allowing to take more effective actions to defeat the virus. Motivated by Snowden’s revelations about previous attempts of governments to realize mass surveillance programs, in this paper we first analyze mass surveillance attacks that leverage ∗Disclaimer: this work is based on our understanding of all sources of information specified in the bibliography. New relevant documents and revisions of previous documents appear on-line on a daily basis. Not everything is clear to us and thus we ask in the Introduction several natural questions. In case we have misunderstood something or the answers to our questions are known already, we would be happy to be notified and then we will promptly make proper updates.

[1]  Marko Vukolic,et al.  Hyperledger fabric: a distributed operating system for permissioned blockchains , 2018, EuroSys.

[2]  Qiang Tang,et al.  Privacy-Preserving Contact Tracing: current solutions and open questions , 2020, IACR Cryptol. ePrint Arch..

[3]  Cédric Lauradoux,et al.  DESIRE: A Third Way for a European Exposure Notification System Leveraging the best of centralized and decentralized systems , 2020, ArXiv.

[4]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[5]  David Starobinski,et al.  Tracking Anonymized Bluetooth Devices , 2019, Proc. Priv. Enhancing Technol..

[6]  Jacques Stern,et al.  Provably Secure Blind Signature Schemes , 1996, ASIACRYPT.

[7]  Eric Horvitz,et al.  PACT: Privacy-Sensitive Protocols And Mechanisms for Mobile Contact Tracing , 2020, IEEE Data Eng. Bull..

[8]  David Chaum,et al.  Blind Signature System , 1983, CRYPTO.

[9]  Yael Tauman Kalai,et al.  Privacy-Preserving Automated Exposure Notification , 2020, IACR Cryptol. ePrint Arch..

[10]  Antoine Boutet,et al.  ROBERT: ROBust and privacy-presERving proximity Tracing , 2020 .

[11]  A. Gassmann,et al.  WeTrace - A Privacy-preserving Mobile COVID-19 Tracing Approach and Application , 2020, ArXiv.

[12]  Tancrède Lepoint,et al.  On the (in)Security of ROS , 2022, Journal of Cryptology.

[13]  Carmela Troncoso,et al.  Decentralized Privacy-Preserving Proximity Tracing , 2020, IEEE Data Eng. Bull..

[14]  Francesco Buccafurri,et al.  A Privacy-Preserving Solution for Proximity Tracing Avoiding Identifier Exchanging , 2020, 2020 International Conference on Cyberworlds (CW).

[15]  Serge Vaudenay,et al.  Analysis of DP3T , 2020, IACR Cryptol. ePrint Arch..

[16]  Serge Vaudenay,et al.  Centralized or Decentralized? The Contact Tracing Dilemma , 2020, IACR Cryptol. ePrint Arch..

[17]  Serge Vaudenay,et al.  Analysis of DP3T - Between Scylla and Charybdis , 2020 .

[18]  Fraunhofer AISEC Pandemic Contact Tracing Apps: DP-3T, PEPP-PT NTK, and ROBERT from a Privacy Perspective , 2020, IACR Cryptol. ePrint Arch..

[19]  Krzysztof Pietrzak,et al.  Delayed Authentication: Preventing Replay and Relay Attacks in Private Contact Tracing , 2020, IACR Cryptol. ePrint Arch..

[20]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[21]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[22]  Bernd Freisleben,et al.  Mind the GAP: Security & Privacy Risks of Contact Tracing Apps , 2020, 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom).