Fumiyuki Kato,Yang Cao,Masatoshi Yoshikawa

DOI: https://doi.org/10.48550/arXiv.2010.13381

2020-11-04

Abstract:The COVID-19 pandemic has prompted technological measures to control the spread of the disease. Private contact tracing (PCT) is one of the promising techniques for the purpose. However, the recently proposed Bluetooth-based PCT has several limitations in terms of functionality and flexibility. The existing systems are only able to detect direct contact (i.e., human-human contact), but cannot detect indirect contact (i.e., human-object, such as the disease transmission through surface). Moreover, the rule of risky contact cannot be flexibly changed with the environmental situation and the nature of the virus. In this paper, we propose a secure and efficient trajectory-based PCT system using trusted hardware. We formalize trajectory-based PCT as a generalization of the well-studied Private Set Intersection (PSI), which is mostly based on cryptographic primitives and thus insufficient. We solve the problem by leveraging trusted hardware such as Intel SGX and designing a novel algorithm to achieve a secure, efficient and flexible PCT system. Our experiments on real-world data show that the proposed system can achieve high performance and scalability. Specifically, our system (one single machine with Intel SGX) can process thousands of queries on 100 million records of trajectory data in a few seconds.

Cryptography and Security,Databases

Zhihao Zeng,Ziquan Fang,Lu Chen,Yunjun Gao,Kai Zheng,Gang Chen

DOI: https://doi.org/10.1109/icde60146.2024.00352

2024-01-01

Abstract:Contact tracing query (CTQ) plays a crucial role in the prevention of epidemic diseases. In real-world applications, user trajectory, encompassing a wealth of sensitive information, is typically dispersed across various devices or organizations. Consequently, safeguarding user privacy becomes imperative in the context of CTQ. Simultaneously, for effective epidemic control, it is essential to identify contacts efficiently and accurately, enabling prompt implementation of necessary measures. However, existing CTQ studies face limitations as they struggle to concurrently meet the demands of privacy, accuracy and efficiency. This constraint impedes their practical application in real-world scenarios. To this end, we define the Federated Contact Tracing Query (F-CTQ) problem and propose the FedCTQ framework based on hierarchical federation. To the best of our knowledge, this is the first solution grounded in federation, offering a simultaneous fulfillment of privacy, accuracy and efficiency requirements. Specifically, to ensure the privacy of F-CTQ, we introduce a meticulously designed binary-based secret-sharing (BSS) scheme, which delivers an effective privacy guarantee for user data while preserving the accuracy of the query results. Concurrently, to enhance the efficiency of F-CTQ, we propose a binary-based distance tree (DistTree) index that maximizes computational resources for parallel queries. Based on DistTree, FedCTQ enables nearly the real-time and accurate execution of F-CTQ. Extensive experiments on four datasets demonstrate the superiority of FedCTQ, showcasing a remarkable performance improvement ranging from $4.7\times$ to $14.8\times$ over state-of-the-art approaches.

Yafeng Chen,Axin Wu,Yuer Yang,Xiangjun Xin,Chang Song

DOI: https://doi.org/10.1109/tcc.2024.3360098

IF: 5.697

2024-03-08

IEEE Transactions on Cloud Computing

Abstract:Private set intersection cardinality (PSI-CA) allows two parties to learn the size of the intersection between two private sets without revealing other additional information, which is a promising technique to solve privacy concerns in contact tracing. Efficient PSI protocols typically use oblivious transfer, involving multiple rounds of interaction and leading to heavy local computation overheads and protocol delays, especially when interacting with many receivers. Cloud-assisted PSI-CA is a better solution as it relieves participants' burdens of computation and communication. However, cloud servers may return incorrect or incomplete results for some reason, leading to an incorrectness issue. At present, to our knowledge, existing cloud-assisted PSI-CA protocols cannot address such a concern. To address this, we propose two specific verifiable cloud-assisted PSI-CA protocols: one based on a two-server protocol and the other on a single-server protocol. Further, we employ Cuckoo hashing to optimize these two protocols, enabling the receiver's computational costs independent of the size of the sender's set. We also prove the security of the protocols and implement them. Finally, we analyze and discuss their performance demonstrating that the single-server verifiable PSI-CA protocol does not introduce significant computation or communication costs while adding functionalities.

computer science, information systems, theory & methods

Ssu-Hsin Yu

DOI: https://doi.org/10.48550/arXiv.2006.08568

2020-06-16

Abstract:Smartphone location-based methods have been proposed and implemented as an effective alternative to traditional labor intensive contact tracing methods. However, there are serious privacy and security concerns that may impede wide-spread adoption in many societies. Furthermore, these methods rely solely on proximity to patients, based on Bluetooth or GPS signal for example, ignoring lingering effects of virus, including COVID-19, present in the environment. This results in inaccurate risk assessment and incomplete contact tracing. A new system concept, called PrivyTRAC, preserves user privacy, increases security and improves accuracy of smartphone contact tracing. PrivyTRAC enhances users' and patients' privacy by letting users conduct self-evaluation based on the risk maps download to their smartphones. No user information is transmitted to external locations or devices, and no personally identifiable patient information is embedded in the risk maps as they are processed anonymized and aggregated locations of confirmed patients. The risk maps consider both spatial proximity and temporal effects to improve the accuracy of the infection risk estimation. Experiments conducted in the paper illustrate improvement of PrivyTRAC over proximity based methods in terms of true and false positives. An approach to further improve infection risk estimation by incorporating both positive and negative local test results from contacts of confirmed cases is also described.

Computers and Society,Cryptography and Security

Zhe Peng,Jinbin Huang,Haixin Wang,Shihao Wang,Xiaowen Chu,Xinzhi Zhang,Li Chen,Xin Huang,Xiaoyi Fu,Yike Guo,Jianliang Xu

DOI: https://doi.org/10.48550/arXiv.2101.09653

2021-01-24

Abstract:The coronavirus disease 2019 (COVID-19) pandemic has caused an unprecedented health crisis for the global. Digital contact tracing, as a transmission intervention measure, has shown its effectiveness on pandemic control. Despite intensive research on digital contact tracing, existing solutions can hardly meet users' requirements on privacy and convenience. In this paper, we propose BU-Trace, a novel permissionless mobile system for privacy-preserving intelligent contact tracing based on QR code and NFC technologies. First, a user study is conducted to investigate and quantify the user acceptance of a mobile contact tracing system. Second, a decentralized system is proposed to enable contact tracing while protecting user privacy. Third, an intelligent behavior detection algorithm is designed to ease the use of our system. We implement BU-Trace and conduct extensive experiments in several real-world scenarios. The experimental results show that BU-Trace achieves a privacy-preserving and intelligent mobile system for contact tracing without requesting location or other privacy-related permissions.

Social and Information Networks,Cryptography and Security,Computers and Society

Ni Trieu,Kareem Shehata,Prateek Saxena,Reza Shokri,Dawn Song

DOI: https://doi.org/10.48550/arXiv.2004.13293

2020-04-28

Cryptography and Security

Abstract:Contact tracing is an essential tool in containing infectious diseases such as COVID-19. Many countries and research groups have launched or announced mobile apps to facilitate contact tracing by recording contacts between users with some privacy considerations. Most of the focus has been on using random tokens, which are exchanged during encounters and stored locally on users' phones. Prior systems allow users to search over released tokens in order to learn if they have recently been in the proximity of a user that has since been diagnosed with the disease. However, prior approaches do not provide end-to-end privacy in the collection and querying of tokens. In particular, these approaches are vulnerable to either linkage attacks by users using token metadata, linkage attacks by the server, or false reporting by users. In this work, we introduce Epione, a lightweight system for contact tracing with strong privacy protections. Epione alerts users directly if any of their contacts have been diagnosed with the disease, while protecting the privacy of users' contacts from both central services and other users, and provides protection against false reporting. As a key building block, we present a new cryptographic tool for secure two-party private set intersection cardinality (PSI-CA), which allows two parties, each holding a set of items, to learn the intersection size of two private sets without revealing intersection items. We specifically tailor it to the case of large-scale contact tracing where clients have small input sets and the server's database of tokens is much larger.

Tyler Nicewarner,Wei Jiang,Aniruddha Gokhale,Dan Lin

2024-09-19

Abstract:The task of infectious disease contact tracing is crucial yet challenging, especially when meeting strict privacy requirements. Previous attempts in this area have had limitations in terms of applicable scenarios and efficiency. Our paper proposes a highly scalable, practical contact tracing system called PREVENT that can work with a variety of location collection methods to gain a comprehensive overview of a person's trajectory while ensuring the privacy of individuals being tracked, without revealing their plain text locations to any party, including servers. Our system is very efficient and can provide real-time query services for large-scale datasets with millions of locations. This is made possible by a newly designed secret-sharing based architecture that is tightly integrated into unique private space partitioning trees. Notably, our experimental results on both real and synthetic datasets demonstrate that our system introduces negligible performance overhead compared to traditional contact tracing methods. PREVENT could be a game-changer in the fight against infectious diseases and set a new standard for privacy-preserving location tracking.

Cryptography and Security

Qiang Tang

DOI: https://doi.org/10.1145/3490490

2022-06-30

ACM Transactions on Spatial Algorithms and Systems

Abstract:In the current COVID-19 pandemic, manual contact tracing has been proven to be very helpful to reach close contacts of infected users and slow down spread of the virus. To improve its scalability, a number of automated contact tracing (ACT) solutions have been proposed, and some of them have been deployed. Despite the dedicated efforts, security and privacy issues of these solutions are still open and under intensive debate. In this article, we examine the ACT concept from a broader perspective, by focusing on not only security and privacy issues but also functional issues such as interface, usability, and coverage. We first elaborate on these issues and particularly point out the inevitable privacy leakages in existing Bluetooth Low Energy based ACT solutions, including centralized and decentralized ones. In addition, we examine the existing venue-based ACT solutions and identify their privacy and security concerns. Then, we propose a generic venue-based ACT solution and a concrete instantiation based on Bluetooth Low Energy technology. Our solution monitors users’ contacting history only in virus-spreading-prone venues and offers higher-level protection for both security and privacy than its predecessors. Finally, we evaluate our solution from security, privacy, and efficiency perspectives, and also highlight how to reduce false positives in some specific indoor environments.

Can Zhang,Chang Xu,Kashif Sharif,Liehuang Zhu

DOI: https://doi.org/10.1016/j.csi.2021.103520

2021-08-01

Abstract:<p>The current pandemic situation due to COVID-19 is seriously affecting our daily work and life. To block the propagation of infectious diseases, an effective contact tracing mechanism needs to be implemented. Unfortunately, existing schemes have severe privacy issues that jeopardize the identity-privacy and location-privacy for both users and patients. Although some privacy-preserving systems have been proposed, there remain several issues caused by centralization. To mitigate this issues, we propose a <strong>P</strong>rivacy-preserving contact <strong>T</strong>racing scheme in 5G-integrated and <strong>B</strong>lockchain-based <strong>M</strong>edical applications, named PTBM. In PTBM, the 5G-integrated network is leveraged as the underlying infrastructure where everyone can perform location checking with his mobile phones or even wearable devices connected to 5G network to find whether they have been in possible contact with a diagnosed patient without violating their privacy. A trusted medical center can effectively trace the patients and their corresponding close contacts. Thorough security and performance analysis show that the proposed PTBM scheme achieves privacy protection, traceability, reliability, and authentication, with high computation &amp; communication efficiency and low latency.</p>

computer science, software engineering, hardware & architecture

Jack K. Fitzsimons,Atul Mantri,Robert Pisarczyk,Tom Rainforth,Zhikuan Zhao

DOI: https://doi.org/10.48550/arXiv.2004.05116

2020-04-11

Abstract:The current COVID-19 pandemic highlights the utility of contact tracing, when combined with case isolation and social distancing, as an important tool for mitigating the spread of a disease [1]. Contact tracing provides a mechanism of identifying individuals with a high likelihood of previous exposure to a contagious disease, allowing additional precautions to be put in place to prevent continued transmission. Here we consider a cryptographic approach to contact tracing based on secure two-party computation (2PC). We begin by considering the problem of comparing a set of location histories held by two parties to determine whether they have come within some threshold distance while at the same time maintaining the privacy of the location histories. We propose a solution to this problem using pre-shared keys, adapted from an equality testing protocol due to Ishai et al [2]. We discuss how this protocol can be used to maintain privacy within practical contact tracing scenarios, including both app-based approaches and approaches which leverage location history held by telecoms and internet service providers. We examine the efficiency of this approach and show that existing infrastructure is sufficient to support anonymised contact tracing at a national level.

Cryptography and Security

Jianwei Huang,Vinod Yegneswaran,Phillip Porras,Guofei Gu

DOI: https://doi.org/10.48550/arXiv.2012.03283

2020-12-09

Abstract:Smartphone-based contact-tracing applications are at the epicenter of the global fight against the Covid-19 pandemic. While governments and healthcare agencies are eager to mandate the deployment of such applications en-masse, they face increasing scrutiny from the popular press, security companies, and human rights watch agencies that fear the exploitation of these technologies as surveillance tools. Finding the optimal balance between community safety and privacy has been a challenge, and strategies to address these concerns have varied among countries. This paper describes two important attacks that affect a broad swath of contact-tracing applications. The first, referred to as contact-isolation attack, is a user-privacy attack that can be used to identify potentially infected patients in your neighborhood. The second is a contact-pollution attack that affects the integrity of contact tracing applications by causing them to produce a high volume of false-positive alerts. We developed prototype implementations and evaluated both attacks in the context of the DP-3T application framework, but these vulnerabilities affect a much broader class of applications. We found that both attacks are feasible and realizable with a minimal attacker work factor. We further conducted an impact assessment of these attacks by using a simulation study and measurements from the SafeGraph database. Our results indicate that attacks launched from a modest number (on the order of 10,000) of monitoring points can effectively decloak between 5-40\% of infected users in a major metropolis, such as Houston.

Cryptography and Security,Computers and Society

Qiang Tang

DOI: https://doi.org/10.48550/arXiv.2004.06818

2020-04-14

Cryptography and Security

Abstract:The COVID-19 pandemic has posed a unique challenge for the world to find solutions, ranging from vaccines to ICT solutions to slow down the virus spreading. Due to the highly contagious nature of the virus, social distancing is one fundamental measure which has already adopted by many countries. At the technical level, this prioritises contact tracing solutions, which can alert the users who have been in close contact with the infected persons and meanwhile allow heath authorities to take proper actions. In this paper, we examine several existing privacy-aware contact tracing solutions and analyse their (dis)advantages. At the end, we describe several major observations and outline an interdisciplinary research agenda towards more comprehensive and effective privacy-aware contact tracing solutions.

Xin Kang,Zhuo Ma,Yang Liu,Teng Li,Zuobing Ying,Bingsheng Zhang

DOI: https://doi.org/10.1109/tmc.2024.3403664

IF: 6.075

2024-01-01

IEEE Transactions on Mobile Computing

Abstract:Facing the global threat of endemic diseases, utilizing edge computing for exposure detection enables efficient monitoring of the dynamic distribution of infected patient groups across regions, enhancing the management and control of these diseases. Employing the quantitative exposure detection of endemic diseases, regions seek to reconcile patient information collected through mobile devices, aiming to obtain statistical and analytical results based on the intersection of patient lists. In this paper, we propose a privacy-preserving scheme for the collaborative quantitative exposure detection of endemic diseases, which ensures each region to only learn the statistical results, without any information about other regions' datasets. Our scheme is fundamentally achieved through Circuit-based Private Set Intersection (Circuit-PSI) that can compute functions over the set intersection without disclosing the intersection itself. However, the state-of-the-art solution involves a laborious process in which one party iteratively compares its elements with those of others, which leads to a significantly high communication complexity. Therefore, we introduce a novel multi-party protocol that can diminish the communication overhead of circuit-PSI through a skillful decoupling of the comparison complexity from the number of parties. To achieve this, we design a multiparty oblivious encoding scheme, which can prevent any party from inferring any private info through the encoded data. By filtering out the repeated elements, the comparison complexity is independent of the number of parties. Furthermore, to address scenarios involving patient information with additional attributes, we extend our protocol to include payloads by developing a lightweight multiparty data mapping algorithm. Our extensive experiments show that compared to prior works, our protocol achieves a substantial reduction in communication overhead by 6.4×, and runs 1.2× faster in the LAN setting and 3.1× in the WAN setting.

Jiawei Yuan,Bradley Malin,Francois Modave,Yi Guo,William R. Hogan,Elizabeth Shenkman,Jiang Bian

DOI: https://doi.org/10.1016/j.jbi.2016.12.008

IF: 8

2017-01-01

Journal of Biomedical Informatics

Abstract:Background: The last few years have witnessed an increasing number of clinical research networks (CRNs) focused on building large collections of data from electronic health records (EHRs), claims, and patient-reported outcomes (PROs). Many of these CRNs provide a service for the discovery of research cohorts with various health conditions, which is especially useful for rare diseases.Background: Supporting patient privacy can enhance the scalability and efficiency of such processes; however, current practice mainly relies on policy, such as guidelines defined in the Health Insurance Portability and Accountability Act (HIPAA), which are insufficient for CRNs (e.g., HIPAA does not require encryption of data which can mitigate insider threats). By combining policy with privacy enhancing technologies we can enhance the trustworthiness of CRNs. The goal of this research is to determine if searchable encryption can instill privacy in CRNs without sacrificing their usability.Methods: We developed a technique, implemented in working software to enable privacy-preserving cohort discovery (PPCD) services in large distributed CRNs based on elliptic curve cryptography (ECC). This technique also incorporates a block indexing strategy to improve the performance (in terms of computational running time) of PPCD. We evaluated the PPCD service with three real cohort definitions: (1) elderly cervical cancer patients who underwent radical hysterectomy, (2) oropharyngeal and tongue cancer patients who underwent robotic transoral surgery, and (3) female breast cancer patients who underwent mastectomy) with varied query complexity. These definitions were tested in an encrypted database of 7.1 million records derived from the publically available Healthcare Cost and Utilization Project (HCUP) Nationwide Inpatient Sample (NIS). We assessed the performance of the PPCD service in terms of (1) accuracy in cohort discovery, (2) computational running time, and (3) privacy. afforded to the underlying records during PPCD.Results: The empirical results indicate that the proposed PPCD can execute cohort discovery queries in a reasonable amount of time, with query runtime in the range of 165-262 s for the 3 use cases, with zero compromise in accuracy. We further show that the search performance is practical because it supports a highly parallelized design for secure evaluation over encrypted records. Additionally, our security analysis shows that the proposed construction is resilient to standard adversaries.Conclusions: PPCD services can be designed for clinical research networks. The security construction presented in this work specifically achieves high privacy guarantees by preventing both threats originating from within and beyond the network. (C) 2016 Elsevier Inc. All rights reserved.

Maocheng Li,Yuxiang Zeng,Libin Zheng,Lei Chen,Qing Li

DOI: https://doi.org/10.48550/arXiv.2303.02838

2023-03-06

Databases

Abstract:Contact tracing has been considered as an effective measure to limit the transmission of infectious disease such as COVID-19. Trajectory-based contact tracing compares the trajectories of users with the patients, and allows the tracing of both direct contacts and indirect contacts. Although trajectory data is widely considered as sensitive and personal data, there is limited research on how to securely compare trajectories of users and patients to conduct contact tracing with excellent accuracy, high efficiency, and strong privacy guarantee. Traditional Secure Multiparty Computation (MPC) techniques suffer from prohibitive running time, which prevents their adoption in large cities with millions of users. In this work, we propose a technical framework called ContactGuard to achieve accurate, efficient, and privacy-preserving trajectory-based contact tracing. It improves the efficiency of the MPC-based baseline by selecting only a small subset of locations of users to compare against the locations of the patients, with the assist of Geo-Indistinguishability, a differential privacy notion for Location-based services (LBS) systems. Extensive experiments demonstrate that ContactGuard runs up to 2.6$\times$ faster than the MPC baseline, with no sacrifice in terms of the accuracy of contact tracing.

Didem Demirag,Erman Ayday

DOI: https://doi.org/10.48550/arXiv.2003.13073

2020-03-29

Cryptography and Security

Abstract:Today, tracking and controlling the spread of a virus is a crucial need for almost all countries. Doing this early would save millions of lives and help countries keep a stable economy. The easiest way to control the spread of a virus is to immediately inform the individuals who recently had close contact with the diagnosed patients. However, to achieve this, a centralized authority (e.g., a health authority) needs detailed location information from both healthy individuals and diagnosed patients. Thus, such an approach, although beneficial to control the spread of a virus, results in serious privacy concerns, and hence privacy-preserving solutions are required to solve this problem. Previous works on this topic either (i) compromise privacy (especially privacy of diagnosed patients) to have better efficiency or (ii) provide unscalable solutions. In this work, we propose a technique based on private set intersection between physical contact histories of individuals (that are recorded using smart phones) and a centralized database (run by a health authority) that keeps the identities of the positive diagnosed patients for the disease. Proposed solution protects the location privacy of both healthy individuals and diagnosed patients and it guarantees that the identities of the diagnosed patients remain hidden from other individuals. Notably, proposed scheme allows individuals to receive warning messages indicating their previous contacts with a positive diagnosed patient. Such warning messages will help them realize the risk and isolate themselves from other people. We make sure that the warning messages are only observed by the corresponding individuals and not by the health authority. We also implement the proposed scheme and show its efficiency and scalability via simulations.

David Sturzenegger,Aetienne Sardon,Stefan Deml,Thomas Hardjono

DOI: https://doi.org/10.48550/arXiv.2006.14235

2020-06-25

Abstract:Contact tracing is paramount to fighting the pandemic but it comes with legitimate privacy concerns. This paper proposes a system enabling both, contact tracing and data privacy. We propose the use of the Intel SGX trusted execution environment to build a privacy-preserving contact tracing backend. While the concept of a confidential computing backend proposed in this paper can be combined with any existing contact tracing smartphone application, we describe a full contact tracing system for demonstration purposes. A prototype of a privacy-preserving contact tracing system based on SGX has been implemented by the authors in a hackathon.

Computers and Society

Tianshi Li,Jackie,Yang,Cori Faklaris,Jennifer King,Yuvraj Agarwal,Laura Dabbish,Jason I. Hong

DOI: https://doi.org/10.48550/arXiv.2005.11957

2020-05-25

Abstract:Contact-tracing apps have potential benefits in helping health authorities to act swiftly to halt the spread of COVID-19. However, their effectiveness is heavily dependent on their installation rate, which may be influenced by people's perceptions of the utility of these apps and any potential privacy risks due to the collection and releasing of sensitive user data (e.g., user identity and location). In this paper, we present a survey study that examined people's willingness to install six different contact-tracing apps after informing them of the risks and benefits of each design option (with a U.S.-only sample on Amazon Mechanical Turk, $N=208$). The six app designs covered two major design dimensions (centralized vs decentralized, basic contact tracing vs. also providing hotspot information), grounded in our analysis of existing contact-tracing app proposals. Contrary to assumptions of some prior work, we found that the majority of people in our sample preferred to install apps that use a centralized server for contact tracing, as they are more willing to allow a centralized authority to access the identity of app users rather than allowing tech-savvy users to infer the identity of diagnosed users. We also found that the majority of our sample preferred to install apps that share diagnosed users' recent locations in public places to show hotspots of infection. Our results suggest that apps using a centralized architecture with strong security protection to do basic contact tracing and providing users with other useful information such as hotspots of infection in public places may achieve a high adoption rate in the U.S.

Human-Computer Interaction,Computers and Society

Qu Lu,Hua Dai,Bohan Li,Pengyue Li,Qian Zhou,Qiang Zhou,Geng Yang

DOI: https://doi.org/10.1007/978-981-97-7241-4_12

2024-01-01

Abstract:With the expansion of cloud computing, its effectiveness in handling large datasets, particularly trajectory, has become evident. However, due to the sensitivity of trajectory data, sharing it in plaintext could lead to privacy risks. It is a challenge to implement secure and efficient contact query based on trajectory data in the cloud. In this paper, we propose a privacy-preserving contact query processing over trajectory data. The trajectory vectorization is designed to encrypt trajectories that support secure distance comparison through vector inner product. Based on the trajectory vectors, the baseline privacy-preserving contact query processing scheme (EPCQ) is introduced. To improve the efficiency of contact query, the quick-filtering checkpoint optimization strategy is presented. By adopting it, the enhanced privacy-preserving contact query processing scheme (EPCQ+) is introduced. Experimental results show that the proposed schemes perform well in query accuracy and efficiency.

Kilian Holzapfel,Martina Karl,Linus Lotz,Georg Carle,Christian Djeffal,Christian Fruck,Christian Haack,Dirk Heckmann,Philipp H. Kindt,Michael Köppl,Patrick Krause,Lolian Shtembari,Lorenz Marx,Stephan Meighen-Berger,Birgit Neumair,Matthias Neumair,Julia Pollmann,Tina Pollmann,Elisa Resconi,Stefan Schönert,Andrea Turcati,Christoph Wiesinger,Giovanni Zattera,Christopher Allan,Esteban Barco,Kai Bitterschulte,Jörn Buchwald,Clara Fischer,Judith Gampe,Martin Häcker,Jasin Islami,Anatol Pomplun,Sebastian Preisner,Nele Quast,Christian Romberg,Christoph Steinlehner,Tjark Ziehm

DOI: https://doi.org/10.48550/arXiv.2006.16960

2020-06-29

Computers and Society

Abstract:We propose a decentralized digital contact tracing service that preserves the users' privacy by design while complying to the highest security standards. Our approach is based on Bluetooth and measures actual encounters of people, the contact time period, and estimates the proximity of the contact. We trace the users' contacts and the possible spread of infectious diseases while preventing location tracking of users, protecting their data and identity. We verify and improve the impact of tracking based on epidemiological models. We compare a centralized and decentralized approach on a legal perspective and find a decentralized approach preferable considering proportionality and data minimization.