• Corpus ID: 253107170

Reconciling Security and Utility in Next-Generation Epidemic Risk Mitigation Systems

  title={Reconciling Security and Utility in Next-Generation Epidemic Risk Mitigation Systems},
  author={Pierfrancesco Ingo and Nichole Boufford and Ming Jiang and Rowan Lindsay and Roberta De Viti and Matthew Lentz and Gilles Barthe and Manuel Gomez-Rodriguez and Bernhard Scholkopf and Deepak Garg and Peter Druschel and Aastha Mehta},
We present Silmarillion, a novel, inclusive system for digital contact tracing and epidemic risk notification, which simultaneously provides utility as well as security. Silmarillion relies on a low-cost infrastructure of strategically placed beacons, inexpensive and low-maintenance user devices like dongles (if smartphones are inaccessible), and a backend that assists in epidemiological analysis and risk dissemination. Unlike today’s smartphone-based contact tracing systems, Silmarillion… 

Figures and Tables from this paper



Listening to bluetooth beacons for epidemic risk mitigation

A new privacy-preserving and inclusive system for epidemic risk assessment and notification that aims to address the above limitations and can provide significantly higher sensitivity and specificity than existing app-based systems.

PACT: Privacy-Sensitive Protocols And Mechanisms for Mobile Contact Tracing

This work advocates for a third-party free approach to assisted mobile contact tracing, because such an approach mitigates the security and privacy risks of requiring a trusted third party.

Decentralized Privacy-Preserving Proximity Tracing

This system, referred to as DP3T, provides a technological foundation to help slow the spread of SARS-CoV-2 by simplifying and accelerating the process of notifying people who might have been exposed to the virus so that they can take appropriate measures to break its transmission chain.

ConTra Corona: Contact Tracing against the Coronavirus by Bridging the Centralized - Decentralized Divide for Stronger Privacy

Among other additional security measures, this work detail how the use of secret sharing can prevent the unnecessary and potentially panic-inducing warning of contacts that have only been around the infected person for a very brief time period.

Mind the GAP: Security & Privacy Risks of Contact Tracing Apps

It is demonstrated that in real-world scenarios the current GAP design is vulnerable to profiling and possibly de-anonymizing infected persons, and relay-based wormhole attacks that basically can generate fake contacts with the potential of affecting the accuracy of an app-based contact tracing system.

Lighthouses: A Warning System for Super-Spreader Events

This work proposes two designs how broadcast-based ACT systems can be enhanced by using location-specific information without the need for GPS traces or scanning of QR codes, which makes it possible to alert attendees of a potential super-spreader event while providing privacy.

Epione: Lightweight Contact Tracing with Strong Privacy

Epione is introduced, a lightweight system for contact tracing with strong privacy protections and a new cryptographic tool for secure two-party private set intersection cardinality (PSI-CA), which allows two parties, each holding a set of items, to learn the intersection size of two private sets without revealing intersection items.

BlueTrace: A privacy-preserving protocol for community-driven contact tracing across borders

An overview of BlueTrace, the privacy-preserving protocol that underpins TraceTogether, as well as OpenTr Trace, a reference implementation, which comprises the source code for an iOS app, an Android app, a cloud-based backend, and baseline signal strength calibration data is released.

CoVault: A Secure Analytics Platform

CoVault is secure under a very strong threat model that tolerates compromise and side-channel attacks on any one of a small set of parties and their TEEs, and CoVault scales to very large data sizes using map-reduce based query parallelization.

Towards Defeating Mass Surveillance and SARS-CoV-2: The Pronto-C2 Fully Decentralized Automatic Contact Tracing System

Taking into account the privacy and integrity vulnerabilities of DP-3T systems, the design of a decentralized contact tracing system named Pronto-C2 is shown that has better resilience against various attacks.