Digital contact tracing is one of the actions useful, in combination with other measures, to manage an epidemic diffusion of an infectious disease in an after-lock-down phase. This is a very timely issue, due to the pandemic of COVID19 we are unfortunately living. Apps for contact tracing aim to detect proximity of users and to evaluate the related risk in terms of possible contagious. Existing approaches leverage BLE or GPS, or their combination, even though the prevailing approach is BLE-based and relies on a decentralized model requiring the mutual exchange of ephemeral identifiers among users' smartphones. Unfortunately, a number of security and privacy concerns exist in this kind of solutions, mainly due to the exchange of identifiers, while GPS-based solutions (inherently centralized) may suffer from threats concerning massive surveillance. In this paper, we propose a solution leveraging GPS to detect proximity, and BLE only to improve accuracy, with no exchange of identifiers. Unlike related existing solutions, no complex cryptographic mechanism is adopted, while ensuring that the server does not learn anything about locations of users.

A Privacy-Preserving Solution for Proximity Tracing Avoiding Identifier Exchanging

Buccafurri F.;Labrini C.
2020

Abstract

Digital contact tracing is one of the actions useful, in combination with other measures, to manage an epidemic diffusion of an infectious disease in an after-lock-down phase. This is a very timely issue, due to the pandemic of COVID19 we are unfortunately living. Apps for contact tracing aim to detect proximity of users and to evaluate the related risk in terms of possible contagious. Existing approaches leverage BLE or GPS, or their combination, even though the prevailing approach is BLE-based and relies on a decentralized model requiring the mutual exchange of ephemeral identifiers among users' smartphones. Unfortunately, a number of security and privacy concerns exist in this kind of solutions, mainly due to the exchange of identifiers, while GPS-based solutions (inherently centralized) may suffer from threats concerning massive surveillance. In this paper, we propose a solution leveraging GPS to detect proximity, and BLE only to improve accuracy, with no exchange of identifiers. Unlike related existing solutions, no complex cryptographic mechanism is adopted, while ensuring that the server does not learn anything about locations of users.
978-1-7281-6497-7
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/20.500.12318/123733
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? 1
social impact