Terrorist Attacks for Fake Exposure Notifications in Contact Tracing Systems

Avitabile, Gennaro; Friolo, Daniele; Visconti, Ivan

doi:10.1007/978-3-030-78372-3_9

Cited by 7 publications

(8 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Actually, there is no evidence of any causality between ticking SwissCovid in this form and being a discovered case. One comment by Dehaye 6 states that people put in quarantine by contact tracers at the time were not In what follows, we write łdiscoveredž under double quotes to remind that the count may be strongly biased (overestimated).…”

Section: Survey-based Performancementioning

confidence: 99%

SwissCovid in the Perspective of Its Goals

Vaudenay

Vuagnoux²

2022

Digital Threats

View full text Add to dashboard Cite

SwissCovid is the Swiss digital contact tracing app, which was deployed to help fighting against the COVID-19 pandemic. After a year of activity, it is high time to evaluate how effective it has been in its mission. At the highest peak, about 22% of the Swiss population was actively using SwissCovid. The activity of SwissCovid follows the curve on the number of COVID-19 cases. However, performances are rather poor. About 1% of the cases may have been discovered by SwissCovid and much less than 2% of SwissCovid alerts may have been useful, while SwissCovid generates 5% of the quarantines. The measure of the proximity of each encounter and its duration are also imprecise. It further comes with security and privacy issues: adversaries can inject false alerts for SwissCovid users and users can be tracked. On top of that, SwissCovid contributes to strengthen the monopoly of Apple and Google and to make users and their data captive of these giants. On top of that, SwissCovid contributes to strengthen the monopoly of Apple and Google. It also digs the digital divide. Contrarily to the original plan, the implementation is not open source and the law was twisted to fit the constraints by Apple and Google. Therefore, SwissCovid did not meet its goals.

show abstract

Section: Survey-based Performancementioning

confidence: 99%

SwissCovid in the Perspective of Its Goals

Vaudenay

Vuagnoux²

2022

Digital Threats

View full text Add to dashboard Cite

show abstract

“…Even worse, the GAEN API [3] allows for a twohour time window for A 𝑤 to conduct relay attacks. Recently, various flavors of relay attacks against GAEN were introduced [5], [21], [37], [7], [29], [38], [39] For instance, Baumgärtner et al [5] realized this attack on the German Corona-Warm-App [40] which is based on GAEN. They showed that A 𝑤 can even use off-the-shelf smartphones to capture and relay TempIDs between three different cities in Germany.…”

Section: B Gaenmentioning

confidence: 99%

“…Tracing Forgery: The Terrorist Attack. In this class of attacks (see [7]), the adversary colludes with infected users (who want to monetize their infection status) to obtain their Temporary Exposure Key (TEK). The adversary then replays TempIDs derived from the TEK at the adversary-chosen (targeted) places.…”

Section: B Gaenmentioning

confidence: 99%

“…In average, a user has approximately 16 encounters (15 minutes or longer) with other users excluding known contacts e.g., household members or colleagues in the same office [79]. [7] X GAEN Baumgaertne et al, [5] x x x GAEN Boutet et al, [74] x x x x x GAEN Crocker et al, [75] x x x x x GAEN Danz et al, [76] x x x x GAEN DP3T-1 Dehaye et al, [39] x GAEN Gennaro et at., [38] x GAEN Gvili et al, [4] x x x x x DoS* GAEN Iovino et al, [6] x GAEN Kojaku et al, [77] x GAEN Lanzing et al, [9] x x Monopolist Coercion GAEN Leith et al, [78] x Bluetooth Leith et al, [11] x x x Data collection GAEN Vaudenay et al, [21] x x GAEN DP3T…”

Section: Data Collected By Client Adoptionmentioning

confidence: 99%

“…Unfortunately, as we will discuss in more detail in Sect. V, it is known that existing rolled out Digital Contact Tracing (DCT) systems exhibit a number of important security and privacy risks [4], [5], [6], [7].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Digital Contact Tracing Solutions: Promises, Pitfalls and Challenges

Nguyen¹,

Miettinen²,

Dmitrienko³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

The COVID-19 pandemic has caused many countries to deploy novel digital contact tracing (DCT) systems to boost the efficiency of manual tracing of infection chains. In this paper, we systematically analyze DCT solutions and categorize them based on their design approaches and architectures. We analyze them with regard to effectiveness, security, privacy and ethical aspects and compare prominent solutions with regard to these requirements. In particular, we discuss shortcomings of the Google and Apple Exposure Notification API (GAEN) that is currently widely adopted all over the world. We find that the security and privacy of GAEN has considerable deficiencies as it can be compromised by severe large-scale attacks.We also discuss other proposed approaches for contact tracing, including our proposal TRACECORONA, that are based on Diffie-Hellman (DH) key exchange and aim at tackling shortcomings of existing solutions. Our extensive analysis shows that TRACECORONA fulfills the above security requirements better than deployed state-of-the-art approaches. We have implemented TRACECORONA and its beta test version has been used by more than 2000 users without any major functional problems 1 , demonstrating that there are no technical reasons requiring to make compromises with regard to the requirements of DCT approaches.

show abstract