TU Darmstadt / ULB / TUbiblio

Mind the GAP: Security & Privacy Risks of Contact Tracing Apps

Baumgärtner, Lars and Dmitrienko, Alexandra and Freisleben, Bernd and Gruler, Alexander and Höchst, Jonas and Kühlberg, Joshua and Mezini, Mira and Mitev, Richard and Miettinen, Markus and Muhamedagic, Anel and Nguyen, Thien Duc and Penning, Alvar and Pustelnik, Frederik and Roos, Filipp and Sadeghi, Ahmad-Reza and Schwarz, Michael and Uhl, Christian (2020):
Mind the GAP: Security & Privacy Risks of Contact Tracing Apps.
In: Proceedings : 2020 IEEE 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 458-467,
IEEE, TrustCom 2020, virtual Conference, 29.12.2020-01.01.2021, ISBN 978-0-7381-4380-4,
[Conference or Workshop Item]

Abstract

Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy, the so-called "Google/Apple Proposal", which we abbreviate by "GAP". We demonstrate that in real-world scenarios the current GAP design is vulnerable to (i) profiling and possibly de-anonymizing infected persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts with the potential of affecting the accuracy of an app-based contact tracing system. For both types of attack, we have built tools that can easily be used on mobile phones or Raspberry Pis (e.g., Bluetooth sniffers). The goal of our work is to perform a reality check towards possibly providing empirical real-world evidence for these two privacy and security risks. We hope that our findings provide valuable input for developing secure and privacy-preserving digital contact tracing systems.

Item Type: Conference or Workshop Item
Erschienen: 2020
Creators: Baumgärtner, Lars and Dmitrienko, Alexandra and Freisleben, Bernd and Gruler, Alexander and Höchst, Jonas and Kühlberg, Joshua and Mezini, Mira and Mitev, Richard and Miettinen, Markus and Muhamedagic, Anel and Nguyen, Thien Duc and Penning, Alvar and Pustelnik, Frederik and Roos, Filipp and Sadeghi, Ahmad-Reza and Schwarz, Michael and Uhl, Christian
Title: Mind the GAP: Security & Privacy Risks of Contact Tracing Apps
Language: English
Abstract:

Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy, the so-called "Google/Apple Proposal", which we abbreviate by "GAP". We demonstrate that in real-world scenarios the current GAP design is vulnerable to (i) profiling and possibly de-anonymizing infected persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts with the potential of affecting the accuracy of an app-based contact tracing system. For both types of attack, we have built tools that can easily be used on mobile phones or Raspberry Pis (e.g., Bluetooth sniffers). The goal of our work is to perform a reality check towards possibly providing empirical real-world evidence for these two privacy and security risks. We hope that our findings provide valuable input for developing secure and privacy-preserving digital contact tracing systems.

Title of Book: Proceedings : 2020 IEEE 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications
Publisher: IEEE
ISBN: 978-0-7381-4380-4
Uncontrolled Keywords: contact tracing
Divisions: 20 Department of Computer Science
20 Department of Computer Science > System Security Lab
DFG-Collaborative Research Centres (incl. Transregio)
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres
Profile Areas
Profile Areas > Cybersecurity (CYSEC)
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1119: CROSSING – Cryptography-Based Security Solutions: Enabling Trust in New and Next Generation Computing Environments
Event Title: TrustCom 2020
Event Location: virtual Conference
Event Dates: 29.12.2020-01.01.2021
Date Deposited: 03 Feb 2021 15:16
Corresponding Links:
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details