Delayed Authentication: Preventing Replay and Relay Attacks in Private Contact Tracing

Pietrzak, Krzysztof

doi:10.1007/978-3-030-65277-7_1

Krzysztof Pietrzak¹¹

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12578))

Included in the following conference series:

International Conference on Cryptology in India

952 Accesses
18 Citations

Abstract

Currently several projects aim at designing and implementing protocols for privacy preserving automated contact tracing to help fight the current pandemic. Those proposal are quite similar, and in their most basic form basically propose an app for mobile phones which broadcasts frequently changing pseudorandom identifiers via (low energy) Bluetooth, and at the same time, the app stores IDs broadcast by phones in its proximity. Only if a user is tested positive, they upload either the beacons they did broadcast (which is the case in decentralized proposals as DP-3T, east and west coast PACT or Covid watch) or received (as in Popp-PT or ROBERT) during the last two weeks or so.

Vaudenay [eprint 2020/399] observes that this basic scheme (he considers the DP-3T proposal) succumbs to relay and even replay attacks, and proposes more complex interactive schemes which prevent those attacks without giving up too many privacy aspects. Unfortunately interaction is problematic for this application for efficiency and security reasons. The countermeasures that have been suggested so far are either not practical or give up on key privacy aspects. We propose a simple non-interactive variant of the basic protocol that

(security) Provably prevents replay and (if location data is available) relay attacks.
(privacy) The data of all parties (even jointly) reveals no information on the location or time where encounters happened.
(efficiency) The broadcasted message can fit into 128 bits and uses only basic crypto (commitments and secret key authentication).

Towards this end we introduce the concept of “delayed authentication”, which basically is a message authentication code where verification can be done in two steps, where the first doesn’t require the key, and the second doesn’t require the message.

This project has received funding from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (682815 - TOCNeT).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
Consider an app by which malicious covidiots can collect Bluetooth beacons, share them amongst each other, and then re-broadcast the beacons they jointly collected in the last 10 min, leading to many false positives. This attack arguably even works with fairly short (say 1 s) time windows as used in this paper. To really prevent such attacks it seems one either needs location data (as shown in this work using coarse GPS locations), interaction as in Vaudenay’s protocol [Vau20a] or public-key crypto [ABIV20, LAY+20, WL20, CKL+20].

References

Avitabile, G., Botta, V., Iovino, V., Visconti, I.: Towards defeating mass surveillance and SARS-CoV-2: The pronto-C2 fully decentralized automatic contact tracing system. Cryptology ePrint Archive, Report 2020/493 (2020). https://eprint.iacr.org/2020/493
Avitabile, G., Friolo, D., Visconti, I.: TEnK-U: terrorist attacks for fake exposure notifications in contact tracing systems. Cryptology ePrint Archive, Report 2020/1150 (2020). https://eprint.iacr.org/2020/1150
Auerbach, B., et al.: Inverse-sybil attacks in automated contact tracing. Cryptology ePrint Archive, Report 2020/670 (2020). https://eprint.iacr.org/2020/670
Privacy-preserving contact tracing (2020). https://www.apple.com/covid19/contacttracing
Baumgärtner, L., et al.: Mind the gap: security and privacy risks of contact tracing apps (2020)
Google Scholar
Chan, J., et al.: PACT: privacy sensitive protocols and mechanisms for mobile contact tracing. CoRR, abs/2004.03544 (2020)
Canetti, R., et al.: Privacy-preserving automated exposure notification. Cryptology ePrint Archive, Report 2020/863 (2020). https://eprint.iacr.org/2020/863
COVID watch (2020). https://www.covid-watch.org/
Danz, N., Derwisch, O., Lehmann, A., Puenter, W., Stolle, M., Ziemann, J.: Security and privacy of decentralized cryptographic contact tracing. Cryptology ePrint Archive, Report 2020/1309 (2020). https://eprint.iacr.org/2020/1309
Mobile applications to support contact tracing in the EU’s fight against COVID-19 (2020). https://ec.europa.eu/health/sites/health/files/ehealth/docs/covid-19_apps_en.pdf. Version 1.0, 15 Apr 2020
Gennaro, R., Krellenstein, A., Krellenstein, J.: Exposure notification system may allow for large-scale voter suppression
Google Scholar
Gvili, Y.: Security analysis of the COVID-19 contact tracing specifications by Apple inc. and Google inc. Cryptology ePrint Archive, Report 2020/428 (2020). https://eprint.iacr.org/2020/428
Kuhn, C., Beck, M., Strufe, T.: COVID notions: towards formal definitions - and documented understanding - of privacy goals and claimed protection in proximity-tracing services. CoRR, abs/2004.07723 (2020)
Liu, J.K., et al.: Privacy-preserving COVID-19 contact tracing app: a zero-knowledge proof approach. Cryptology ePrint Archive, Report 2020/528 (2020). https://eprint.iacr.org/2020/528
PEPP-PT: Pan-European privacy-preserving proximity tracing (2020). https://www.pepp-pt.org/
ROBERT: ROBust and privacy-presERving proximity Tracing (2020). https://github.com/ROBERT-proximity-tracing
Troncoso, C., et al.: DP3T: decentralized privacy-preserving proximity tracing (2020). https://github.com/DP-3T
Vaudenay, S.: Analysis of DP3T. Cryptology ePrint Archive, Report 2020/399 (2020). https://eprint.iacr.org/2020/399
Vaudenay, S.: Centralized or decentralized? The contact tracing dilemma. Cryptology ePrint Archive, Report 2020/531 (2020). https://eprint.iacr.org/2020/531
Wan, Z., Liu, X.: ContactChaser: a simple yet effective contact tracing scheme with strong privacy. Cryptology ePrint Archive, Report 2020/630 (2020). https://eprint.iacr.org/2020/630

Download references

Author information

Authors and Affiliations

IST Austria, Klosterneuburg, Austria
Krzysztof Pietrzak

Authors

Krzysztof Pietrzak
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Krzysztof Pietrzak .

Editor information

Editors and Affiliations

Inria Paris, Paris, France
Karthikeyan Bhargavan
University of Klagenfurt, Klagenfurt, Austria
Elisabeth Oswald
Department of Computer Science and Engineering, Indian Institute of Technology Bombay, Mumbai, Maharashtra, India
Manoj Prabhakaran

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Pietrzak, K. (2020). Delayed Authentication: Preventing Replay and Relay Attacks in Private Contact Tracing. In: Bhargavan, K., Oswald, E., Prabhakaran, M. (eds) Progress in Cryptology – INDOCRYPT 2020. INDOCRYPT 2020. Lecture Notes in Computer Science(), vol 12578. Springer, Cham. https://doi.org/10.1007/978-3-030-65277-7_1

Download citation

DOI: https://doi.org/10.1007/978-3-030-65277-7_1
Published: 08 December 2020
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-65276-0
Online ISBN: 978-3-030-65277-7
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics