Skip to main content
SpringerLink
Log in

Modeling and Analyzing the Corona-Virus Warning App with the Isabelle Infrastructure Framework

  • Conference paper
  • First Online:
Data Privacy Management, Cryptocurrencies and Blockchain Technology (DPM 2020, CBT 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12484))

Abstract

We provide a model in the Isabelle Infrastructure framework of the recently published German Corona-virus warning app (CWA). The app supports breaking infection chains by informing users whether they have been in close contact to an infected person. The app has a decentralized architecture that supports anonymity of users. We provide a formal model of the existing app with the Isabelle Infrastructure framework to show up some natural attacks in a very abstract model. We then use the security refinement process of the Isabelle Infrastructure framework to highlight how the use of continuously changing Ephemeral Ids (EphIDs) improves the anonymity.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    That is, if he moves alone: if all others from pub go to shop with him his anonymity remains intact.

  2. 2.

    We identify the smartphone and the user which might be also recognized by his appearance (face).

  3. 3.

    Adding probabilities as in [6] enables quantifying this.

References

  1. Apple and Google. Exposure notification framework (2020). https://www.google.com/covid19/exposurenotifications/

  2. Bundesregierung, D.: Die Corona-Warn-App: Unterstützt uns im Kampf gegen Corona, 2020. German government announcement and support of Coronavirus warning app. https://www.bundesregierung.de/breg-de/themen/corona-warn-app

  3. CHIST-ERA. Success: Secure accessibility for the internet of things (2016). http://www.chistera.eu/projects/success and https://github.com/success-iot

  4. Kammüller, F.: Attack trees in Isabelle. In: Naccache, D., et al. (eds.) ICICS 2018. LNCS, vol. 11149, pp. 611–628. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01950-1_36

    Chapter  Google Scholar 

  5. Kammüller, F.: Formal modeling and analysis of data protection for GDPR compliance of IoT healthcare systems. In: IEEE Systems, Man and Cybernetics, SMC 2018. IEEE (2018)

    Google Scholar 

  6. Kammüller, F.: Attack trees in Isabelle extended with probabilities for quantum cryptography. Comput. Secur. 87, 101572 (2019)

    Article  Google Scholar 

  7. Kammüller, F.: Combining secure system design with risk assessment for IoT healthcare systems. In: Workshop on Security, Privacy, and Trust in the IoT, SPTIoT 2019, colocated with IEEE PerCom. IEEE (2019)

    Google Scholar 

  8. Kammüller, F.: Isabelle infrastructure framework with IoT healthcare S&P application and corona-virus warn app (2020). https://github.com/flokam/IsabelleAT

  9. Kammüller, F., Kerber, M., Probst, C.: Insider threats for auctions: formal modeling, proof, and certified code. J. Wirel. Mob. Netw. Ubiquit. Comput. Dependable Appl. (JoWUA) 8(1), 44–78 (2017). Special Issue on Insider Threat Solutions - Moving from Concept to Reality

    Google Scholar 

  10. Kammüller, F., Nestmann, U.: Inter-blockchain protocols with the Isabelle Infrastructure framework. In: Formal Methods for Blockchain, 2nd International Workshop, Co-located with CAV 2020. Open Access series in Informatics, vol. 84. Dagstuhl Publishing (2020)

    Google Scholar 

  11. Kammüller, F.: A formal development cycle for security engineering in Isabelle (2020). Cornell University, arxive.org https://arxiv.org/abs/2001.08983

  12. Kammüller, F., Kerber, M.: Applying the Isabelle Insider framework to airplane security (2020). Cornell University, arxive.org https://arxiv.org/abs/2003.11838

  13. Nipkow, T., Wenzel, M., Paulson, L.C. (eds.): Isabelle/HOL – A Proof Assistant for Higher-Order Logic. LNCS, vol. 2283. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45949-9

    Book  MATH  Google Scholar 

  14. The Corona-Warn-App Project (2020). https://github.com/corona-warn-app

  15. The Corona-Warn-App Project. Corona-warn-app solution architecture (2020). https://github.com/corona-warn-app/cwa-documentation/blob/master/solution_architecture.md

  16. The DP-3T Project. Decentralized Privacy-Preserving Proximity Tracing (2020). https://github.com/DP-3T

  17. The DP-3T Project. Decentralized privacy-preserving proximity tracing - White Paper (2020). https://github.com/DP-3T/documents/blob/master/DP3TWhitePaper.pdf

  18. The DP-3T Project. Privacy and security risk evaluation of digital proximity tracing systems (2020). https://github.com/DP-3T/documents/blob/master/Securityanalysis/PrivacyandSecurityAttacksonDigital ProximityTracing Systems.pdf

  19. The DP-3T Project. README: Apple/Google Exposure Notification (2020). https://github.com/DP-3T/documents

  20. The DP-3T Project. Response to ‘Analysis of DP3T: Between Scylla and Charybdis’ (2020). https://github.com/DP-3T/documents/blob/master/Securityanalysis/Responseto’AnalysisofDP3T’.pdf

  21. The PEPP-PT Project. Pan-European Privacy-Preserving Proximity Tracing (2020). https://github.com/PEPP-PT

  22. The ROBERT Project. ROBust and privacy-presERving proximity Tracing protocol (2020). https://github.com/ROBERT-proximity-tracing

  23. Vaudenay, S.: Analysis of DP3T: Between Scylla and Charybdis (2020). https://eprint.iacr.org/2020/399.pdf

Download references

Author information

Authors and Affiliations

  1. Middlesex University London, London, UK

    Florian Kammüller & Bianca Lutz

  2. Technische Universität Berlin, Berlin, Germany

    Florian Kammüller & Bianca Lutz

Authors
  1. Florian Kammüller
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bianca Lutz
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Florian Kammüller or Bianca Lutz .

Editor information

Editors and Affiliations

  1. Télécom SudParis, Evry Cedex, France

    Joaquin Garcia-Alfaro

  2. Departament d’Enginyeria de la Informació i de les Comunicacions, Universitat Autonoma de Barcelona, Bellaterra, Spain

    Guillermo Navarro-Arribas

  3. Escola d’Enginyeria, Universitat Autònoma de Barcelona, Cerdanyola del Vallès, Barcelona, Spain

    Jordi Herrera-Joancomarti

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kammüller, F., Lutz, B. (2020). Modeling and Analyzing the Corona-Virus Warning App with the Isabelle Infrastructure Framework. In: Garcia-Alfaro, J., Navarro-Arribas, G., Herrera-Joancomarti, J. (eds) Data Privacy Management, Cryptocurrencies and Blockchain Technology. DPM CBT 2020 2020. Lecture Notes in Computer Science(), vol 12484. Springer, Cham. https://doi.org/10.1007/978-3-030-66172-4_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-66172-4_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-66171-7

  • Online ISBN: 978-3-030-66172-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation