NDSS

With Global Threat Comes Global Responsibility 

Background

The current worldwide spread of the COVID-19 pandemic confronts human societies with entirely new challenges that have not existed in this form in the digital age. Strategies to combat the spread of the pathogen are therefore largely based on “traditional” measures such as behavioural recommendations, restrictions to free movement of persons, the shutdown of schools, organizations and companies, and the identification and quarantine of infected people based on medical testing.

Modern digital technologies provide promising opportunities to complement the above-mentioned measures and increase their effectiveness, e.g., by enabling quarantine measures to target potentially infected people faster and in a more focused manner. Indeed, due to the current quarantine situation, the Internet and its services constitute “the” information gateway for many societies.

The computer security research community has been concerned with topics and methodologies such as assessment and evaluation of large scale threats and analysis of the spreading of computer viruses and worms that often follow similar rules of exponential growth as biological diseases and pandemic.

Handling disaster situations such as current pandemic requires extensive data collection ranging from biomedical data to users’ personal and behavioral data. For example, contact tracing using mobile phones was conducted successfully in several countries such as China, South Korea, Singapore, and similar initiatives have been started in a number of other regions including Europe and the US. However, these tracing technologies collect highly sensitive data from individuals.

Security and privacy, particularly concerning medical data, is strictly regulated in a number of countries. It may seem obvious to abolish or relax privacy regulations in crisis circumstances. While some governments have already decided to lift or relax privacy regulations in their respective countries temporarily, some others are still reluctant to do so, worried about privacy-invasive solutions that might remain in use even after the current disaster situation has been resolved. In addition, even if new relaxed laws and regulations are passed, users may not be willing to use the tracing apps and systems in practice due to privacy concerns. This is an obstacle for the effectiveness of tracing apps because they are only effective when many people are willing to participate in the system voluntarily. Particularly, the designers of disaster management solutions should bear in mind that in democratic societies the privacy and safety of individuals are anchored in constitutions, and even in crisis situations it is important that the deployed technologies provide a reasonable level of security and privacy protections.

Another crucial threat these solutions are confronted with is misinformation, amplified through social online media, luring many people into conducting unreasonable and dangerous actions.

The current pandemic is a global threat, and a global threat comes with global responsibility. It is time for the brilliant minds to gather and find effective solutions against this threat at multiple levels and in disparate areas. We believe that as a top international scientific venue NDSS provides an excellent environment for exchanging, discussing and exploring innovative ideas where information security and privacy play a key role.

Goals

The main goal of this NDSS co-located workshop is to collect and evaluate innovative ideas and interdisciplinary proposals for using digital technologies to complement current efforts in fighting the pandemic created by the COVID-19, as well as to develop concrete practical proposals for solutions to various related problems. Security and privacy researchers have developed many tools that can be integrated in IT solutions for disaster management as well as to protect the data generated by those disaster management tools. Proposals can also include sociological aspects related to data processing and communication systems as well as on data analysis methods that would enable extracting useful information about the pandemic situation, making that information available in a suitable format to relevant authorities, persons affected by the crisis, and to the civil society in general. This also includes methods to incentivise users to employ such systems as well as means to prevent misinformation. Last but not least, the practicality of the proposed solutions plays an important role.

Example scenario

Scenario: Since a pathogen spreads via droplet infection, a contact ban has been issued that prohibits gatherings of more than n people. However, in secluded buildings or environments, it can be difficult to ensure that you are not around too many people.

Solution approach: Smartphone apps that use a cloud service to track the number of people within a certain radius, e.g., with the help of GPS observations, can notify and warn users that they are in the vicinity of too many other persons.

Research problem: To prevent the cloud service from being able to create massive and detailed movement profiles of individual users, privacy-protecting methods should be used. Instead of GPS data, e.g., counting of WiFi or Bluetooth beacons nearby could be used to realize issuance of warnings without the need to transmit detailed location information to a central server.

Submissions

Authors are encouraged to contribute their proposals by submitting a 6-page paper (including references). The paper should include a section in which the authors explore on the practicality of their solution or provide a prototype. All submissions will be reviewed by a distinguished evaluation committee. This committee will select proposals for presentation at the workshop. The top 3 ranked proposals will be selected for awards at NDSS.

The proposals can be submitted to corona-defcon21.hotcrp.com until July 21, 2020.

For any questions, please email:  ndss-pc-chair@elists.isoc.org

Deadlines

  • July 21, 2020: Paper submission
  • August 8, 2020: Author notification

Organizers

  • Trent Jaeger (Pennsylvania State University)
  • Farinaz Koushanfar (UCSD)
  • Ahmad-Reza Sadeghi (TU Darmstadt)

Technical Program Committee

  • Najwa Aaraj (Technology Innovation Institute)
  • Rob Aitken (ARM)
  • Srdjan Capkun (ETH Zurich)
  • Massimiliano Corba (Draper Laboratory)
  • Jean Paul Degabriele (TU Darmstadt)
  • Claudia Diaz (KU Leuven)
  • William Enck (North Carolina State University)
  • Carl Gunter (University of Illinois at Urbana-Champaign)
  • Sharon Hu (University of Notre Dame)
  • Florian Kerschbaum (University of Waterloo)
  • Kristin Lauter (Microsoft)
  • Christoph Lehmann (UTSouthwestern Medical Center)
  • Markus Miettinen (TU Darmstadt)
  • Azalia Mirhoseini (Google Brain)
  • Payman Mohassel (Facebook)
  • Pamela Norton (Borsetta)
  • Anand Rajan (Intel)
  • Farshad Raissi (Division of Cardiology, UCSD)
  • Avi Rubin (Johns Hopkins)
  • Negin Salajegheh (Netflix)
  • Maliheh Shirvanian (Visa Research)
  • Jessica Wilkerson (US Food and Drug Administration)
  • Fred Wu (Scripps Health Inpatient Providers)
  • Dongyan Xu (Purdue University)
  • Shouhuai Xu (University of Texas at San Antonio)
  • Moti Yung (Google)