Tytuł artykułu
Treść / Zawartość
Pełne teksty:
Identyfikatory
Warianty tytułu
Języki publikacji
Abstrakty
We analyze the Google-Apple exposure notification mechanism designed by the Apple-Google consortium and deployed on a large number of Corona-warn apps. At the time of designing it, the most important issue was time-to-market and strict compliance with the privacy protection rules of GDPR. This resulted in a plain but elegant scheme with a high level of privacy protection. In this paper we go into details and propose some extensions of the original design addressing practical issues. Firstly, we point to the danger of a malicious cryptographic random number generator (CRNG) and resulting possibility of unrestricted user tracing. We propose an update that enables verification of unlinkability of pseudonymous identifiers directly by the user. Secondly, we show how to solve the problem of verifying the “same household” situation justifying exempts from distancing rules. We present a solution with MIN-sketches based on rolling proximity identifiers from the Apple-Google scheme. Thirdly, we examine the strategies for revealing temporary exposure keys. We have detected some unexpected phenomena regarding the number of keys for unbalanced binary trees of a small size. These observations may be used in case that the size of the lists of diagnosis keys has to be optimized.
Słowa kluczowe
Rocznik
Tom
Strony
art. no. e137126
Opis fizyczny
Bibliogr. 8 poz., rys., tab.
Twórcy
autor
- Wrocław University of Science and Technology, Wybrzeże Stanisława Wyspiańskiego 27, 50-370 Wrocław, Poland
autor
- Wrocław University of Science and Technology, Wybrzeże Stanisława Wyspiańskiego 27, 50-370 Wrocław, Poland
autor
- Wrocław University of Science and Technology, Wybrzeże Stanisława Wyspiańskiego 27, 50-370 Wrocław, Poland
Bibliografia
- [1] Ministry of Health and Government Technology Agency (Gov-Tech), Trace Together Programme, [Online]. Available: https://www.tracetogether.gov.sg.
- [2] The European Parliament and the Council of the European Union: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/ec (General Data Protection Regulation). Official Journal of the European Union, L119.1, 4.5.2016.
- [3] Corona-Warn-App Consortium, [Online]. Available: https://www.coronawarn.app/en/.
- [4] Carmela Troncoso et. al, “Decentralized Privacy-Preserving Proximity Tracing,” [Online]. Available: https://github.com/DP-3T/documents/blob/master/DP3T%20White%20Paper.pdf.
- [5] Apple & Google, “Exposure Notification Cryptography Specification,” [Online]. Available: https://covid19-static.cdn-apple.com/applications/covid19/current/static/contact-tracing/pdf/ExposureNotification-CryptographySpecificationv1.2.pdf?1.
- [6] D. Shumow and N. Ferguson, “On the Possibility of a Back Door in the NIST SP800-90 Dual Ec Prng,” [Online]. Available: http://rump2007.cr.yp.to/15-shumow.pdf.
- [7] V. Goyal, A. O’Neill, and V. Rao, “Correlated-input secure hash functions,” Theory of Cryptography Conference (TCC), 2011, pp. 182‒200.
- [8] A.Z. Broder, “On the resemblance and containment of documents,” Proceedings. Compression and Complexity of SEQUENCES 1997, Italy, 1997, pp. 21‒29.
Uwagi
Opracowanie rekordu ze środków MNiSW, umowa Nr 461252 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2021).
Typ dokumentu
Bibliografia
Identyfikator YADDA
bwmeta1.element.baztech-322581fb-7e63-48e4-8003-d1491b8487c0
JavaScript jest wyłączony w Twojej przeglądarce internetowej. Włącz go, a następnie odśwież stronę, aby móc w pełni z niej korzystać.