Digital contact tracing is one of the actions useful, in combination with other measures, to manage an epidemic diffusion of an infectious disease in an after-lock-down phase. This is a very timely issue, due to the pandemic of COVID19 we are unfortunately living. Apps for contact tracing aim to detect proximity of users and to evaluate the related risk in terms of possible contagious. Existing approaches leverage BLE or GPS, or their combination, even though the prevailing approach is BLE-based and relies on a decentralized model requiring the mutual exchange of ephemeral identifiers among users' smartphones. Unfortunately, a number of security and privacy concerns exist in this kind of solutions, mainly due to the exchange of identifiers, while GPS-based solutions (inherently centralized) may suffer from threats concerning massive surveillance. In this paper, we propose a solution leveraging GPS to detect proximity, and BLE only to improve accuracy, with no exchange of identifiers. Unlike related existing solutions, no complex cryptographic mechanism is adopted, while ensuring that the server does not learn anything about locations of users.
A Privacy-Preserving Solution for Proximity Tracing Avoiding Identifier Exchanging
Buccafurri F.;De Angelis V.;
2020-01-01
Abstract
Digital contact tracing is one of the actions useful, in combination with other measures, to manage an epidemic diffusion of an infectious disease in an after-lock-down phase. This is a very timely issue, due to the pandemic of COVID19 we are unfortunately living. Apps for contact tracing aim to detect proximity of users and to evaluate the related risk in terms of possible contagious. Existing approaches leverage BLE or GPS, or their combination, even though the prevailing approach is BLE-based and relies on a decentralized model requiring the mutual exchange of ephemeral identifiers among users' smartphones. Unfortunately, a number of security and privacy concerns exist in this kind of solutions, mainly due to the exchange of identifiers, while GPS-based solutions (inherently centralized) may suffer from threats concerning massive surveillance. In this paper, we propose a solution leveraging GPS to detect proximity, and BLE only to improve accuracy, with no exchange of identifiers. Unlike related existing solutions, no complex cryptographic mechanism is adopted, while ensuring that the server does not learn anything about locations of users.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.