Singapore Institute of Technology
Browse
- No file added yet -

SpreadMeNot : A Provably Secure and Privacy-Preserving Contact Tracing Protocol

Download (1.49 MB)
journal contribution
posted on 2023-10-30, 01:22 authored by Pietro Tedeschi, Spiridon BakirasSpiridon Bakiras, Roberto Di Pietro

A plethora of contact tracing apps have been developed and deployed in several countries around the world in the battle against COVID-19. However, people are rightfully concerned about the security and privacy risks of such applications. To address these issues, in this paper we provide two main contributions. First, we present an in-depth analysis of the security and privacy characteristics of the most prominent contact tracing protocols, under both passive and active adversaries. The results of our study indicate that all protocols are vulnerable to a variety of attacks, mainly due to the deterministic nature of the underlying cryptographic protocols. Our second contribution is the design and implementation of SpreadMeNot, a novel contact tracing protocol that can defend against most passive and active attacks, thus providing strong (provable) security and privacy guarantees that are necessary for such a sensitive application. Our detailed analysis, both formal and experimental, shows that SpreadMeNot satisfies security, privacy, and performance requirements, hence being an ideal candidate for building a contact tracing solution that can be adopted by the majority of the general public, as well as to serve as an open-source reference for further developments in the field.

History

Journal/Conference/Book title

IEEE Transactions on Dependable and Secure Computing

Publication date

2023-05-01

Version

  • Post-print

Rights statement

© 2023 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC