Baumgärtner, Lars ; Dmitrienko, Alexandra ; Freisleben, Bernd ; Gruler, Alexander ; Höchst, Jonas ; Kühlberg, Joshua ; Mezini, Mira ; Mitev, Richard ; Miettinen, Markus ; Muhamedagic, Anel ; Nguyen, Thien Duc ; Penning, Alvar ; Pustelnik, Frederik ; Roos, Filipp ; Sadeghi, Ahmad-Reza ; Schwarz, Michael ; Uhl, Christian (2020)
Mind the GAP: Security & Privacy Risks of Contact Tracing Apps.
TrustCom 2020. virtual Conference (29.12.2020-01.01.2021)
Conference or Workshop Item
Abstract
Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy, the so-called "Google/Apple Proposal", which we abbreviate by "GAP". We demonstrate that in real-world scenarios the current GAP design is vulnerable to (i) profiling and possibly de-anonymizing infected persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts with the potential of affecting the accuracy of an app-based contact tracing system. For both types of attack, we have built tools that can easily be used on mobile phones or Raspberry Pis (e.g., Bluetooth sniffers). The goal of our work is to perform a reality check towards possibly providing empirical real-world evidence for these two privacy and security risks. We hope that our findings provide valuable input for developing secure and privacy-preserving digital contact tracing systems.
| Item Type: | Conference or Workshop Item | ||||
|---|---|---|---|---|---|
| Erschienen: | 2020 | ||||
| Creators: | Baumgärtner, Lars ; Dmitrienko, Alexandra ; Freisleben, Bernd ; Gruler, Alexander ; Höchst, Jonas ; Kühlberg, Joshua ; Mezini, Mira ; Mitev, Richard ; Miettinen, Markus ; Muhamedagic, Anel ; Nguyen, Thien Duc ; Penning, Alvar ; Pustelnik, Frederik ; Roos, Filipp ; Sadeghi, Ahmad-Reza ; Schwarz, Michael ; Uhl, Christian | ||||
| Type of entry: | Bibliographie | ||||
| Title: | Mind the GAP: Security & Privacy Risks of Contact Tracing Apps | ||||
| Language: | English | ||||
| Date: | December 2020 | ||||
| Publisher: | IEEE | ||||
| Book Title: | Proceedings : 2020 IEEE 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications | ||||
| Event Title: | TrustCom 2020 | ||||
| Event Location: | virtual Conference | ||||
| Event Dates: | 29.12.2020-01.01.2021 | ||||
| Corresponding Links: | |||||
| Abstract: | Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy, the so-called "Google/Apple Proposal", which we abbreviate by "GAP". We demonstrate that in real-world scenarios the current GAP design is vulnerable to (i) profiling and possibly de-anonymizing infected persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts with the potential of affecting the accuracy of an app-based contact tracing system. For both types of attack, we have built tools that can easily be used on mobile phones or Raspberry Pis (e.g., Bluetooth sniffers). The goal of our work is to perform a reality check towards possibly providing empirical real-world evidence for these two privacy and security risks. We hope that our findings provide valuable input for developing secure and privacy-preserving digital contact tracing systems. |
||||
| Uncontrolled Keywords: | contact tracing | ||||
| Alternative keywords: |
|
||||
| Divisions: | 20 Department of Computer Science 20 Department of Computer Science > System Security Lab DFG-Collaborative Research Centres (incl. Transregio) DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres Profile Areas Profile Areas > Cybersecurity (CYSEC) DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1119: CROSSING – Cryptography-Based Security Solutions: Enabling Trust in New and Next Generation Computing Environments |
||||
| Date Deposited: | 03 Feb 2021 15:16 | ||||
| Last Modified: | 03 Feb 2021 15:16 | ||||
| PPN: | |||||
| Corresponding Links: | |||||
| Export: | |||||
| Suche nach Titel in: | TUfind oder in Google | ||||
 |
Send an inquiry |
Options (only for editors)
 |
Show editorial Details |
Drucken
Impressum