Benny Pinkas (Bar-Ilan University); Eyal Ronen (Tel Aviv University)

In recent months multiple proposals for contact tracing schemes for combating the spread of COVID-19 have been published. Many of those proposals try to implement this functionality in a decentralized and privacy-preserving manner using Bluetooth Low Energy (BLE).

In this paper, we present “Hashomer”, our proposal for a contact tracing scheme tailored for the Israeli Ministry of Health’s (MoH) “Hamagen” application. The design is fully decentralized, and has the following properties:

- Message Unlinkability — Different BLE messages sent by the same user cannot be linked to each other (except for messages sent by COVID-19 positive users who give consent to tracing their contacts, and only for messages sent within a short time period).

- Explainability — To convince users that they were exposed to a COVID-19 positive person, we let them learn the approximate time of contact. This also implies that users can potentially learn, using the phone’s GPS information, the location of the exposure.

- Partial Disclosure and Coercion Prevention — Users and the MoH are able to redact tracing information and exposure notifications for specific time intervals.

- Prevention of Relay Attacks – The design prevents attacks where a malicious receiver relays BLE transmissions from one location to other locations.

- Proof of exposure to a COVID-19 positive person — To prevent false reports about exposure, we allow users who are notified by the application about an exposure to a COVID-19 positive person, to prove this fact to the server.

- Identity Commitment — To prevent malicious changing or replacing keys, we bind the BLE messages to a unique ID in a privacy-preserving way.

- Performance — BLE payload size is limited to 16 bytes. The application uses only symmetric key cryptography (AES and HMAC). To reduce bandwidth, contact updates from the MoH are of limited size. Moreover, the local search for exposure is linear in the number of messages and number of COVID-19 positive persons

View More Papers

Mondrian: Comprehensive Inter-domain Network Zoning Architecture

Jonghoon Kwon (ETH Zürich), Claude Hähni (ETH Zürich), Patrick Bamert (Zürcher Kantonalbank), Adrian Perrig (ETH Zürich)

Read More

Demo #2: Sequential Attacks on Kalman Filter-Based Forward Collision...

Yuzhe Ma, Jon Sharp, Ruizhe Wang, Earlence Fernandes, and Jerry Zhu (University of Wisconsin–Madison)

Read More

Доверя́й, но проверя́й: SFI safety for native-compiled Wasm

Evan Johnson (University of California San Diego), David Thien (University of California San Diego), Yousef Alhessi (University of California San Diego), Shravan Narayan (University Of California San Diego), Fraser Brown (Stanford University), Sorin Lerner (University of California San Diego), Tyler McMullen (Fastly Labs), Stefan Savage (University of California San Diego), Deian Stefan (University of California…

Read More

Screen Gleaning: A Screen Reading TEMPEST Attack on Mobile...

Zhuoran Liu (Radboud university), Niels Samwel (Radboud University), Léo Weissbart (Radboud University), Zhengyu Zhao (Radboud University), Dirk Lauret (Radboud University), Lejla Batina (Radboud University), Martha Larson (Radboud University)

Read More