Skip to main content
SpringerLink
Log in

Inverse-Sybil Attacks in Automated Contact Tracing

  • Conference paper
  • First Online:
Topics in Cryptology – CT-RSA 2021 (CT-RSA 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12704))

Included in the following conference series:

Abstract

Automated contract tracing aims at supporting manual contact tracing during pandemics by alerting users of encounters with infected people. There are currently many proposals for protocols (like the “decentralized” DP-3T and PACT or the “centralized” ROBERT and DESIRE) to be run on mobile phones, where the basic idea is to regularly broadcast (using low energy Bluetooth) some values, and at the same time store (a function of) incoming messages broadcasted by users in their proximity. In the existing proposals one can trigger false positives on a massive scale by an “inverse-Sybil” attack, where a large number of devices (malicious users or hacked phones) pretend to be the same user, such that later, just a single person needs to be diagnosed (and allowed to upload) to trigger an alert for all users who were in proximity to any of this large group of devices.

We propose the first protocols that do not succumb to such attacks assuming the devices involved in the attack do not constantly communicate, which we observe is a necessary assumption. The high level idea of the protocols is to derive the values to be broadcasted by a hash chain, so that two (or more) devices who want to launch an inverse-Sybil attack will not be able to connect their respective chains and thus only one of them will be able to upload. Our protocols also achieve security against replay, belated replay, and one of them even against relay attacks.

Guillermo Pascual-Perez and Michelle Yeo were funded by the European Union’s Horizon 2020 research and innovation programme under the Marie Skłodowska–Curie Grant Agreement No. 665385; the remaining contributors to this project have received funding from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (682815 - TOCNeT).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.aies.at/download/2020/AIES-Fokus-2020-03.pdf.

  2. 2.

    https://www.forbes.com/sites/michaeldelcastillo/2020/08/27/google-and-apple-downplay-possible-election-threat-identified-in-their-covid-19-tracing-software.

  3. 3.

    This oversimplifies things, in reality a risk score is computed based on the number, duration, signal strength etc., of the encounters, which then may or may not raise an alert. How the risk is computed is of course crucial, but not important for this work.

  4. 4.

    In Desire it’s called a “private encounter token” (PET), and is uploaded to the server for a risk assessment (so it’s a more centralized scheme), while in Pronto-C2 only diagnosed users upload the tokens, which are then downloaded by all other devices to make the assessment on their phones (so a more decentralized scheme).

  5. 5.

    And some precautions we didn’t explicitly mention, like the necessity to permute the \(L^\mathrm{ser}\) list and let the devices store the \(L^\mathrm{eval}\) list in a history independent datastructure.

  6. 6.

    The reason for only progressing if there was an encounter is that this way the chain is shorter (thus there’s less to up and download), the chain reveals less information (i.e., even the server can’t tell where the empty epochs were) and tracing using passive recording devices becomes more difficult.

References

  1. Covid watch (2020). https://www.covidwatch.org/

  2. Pact: Private automated contact tracing (2020). https://pact.mit.edu/

  3. Pepp-pt: Pan-european privacy-preserving proximity tracing (2020). https://github.com/pepp-pt

  4. Privacy-preserving contact tracing (2020). https://www.apple.com/covid19/contacttracing

  5. Robert: Robust and privacypreserving proximity tracing (2020). https://github.com/ROBERT-proximity-tracing

  6. Auerbach, B., et al.: Inverse-sybil attacks in automated contact tracing. Cryptology ePrint Archive, Report 2020/670 (2020). https://eprint.iacr.org/2020/670

  7. Avitabile, G., Botta, V., Iovino, V., Visconti, I.: Towards defeating mass surveillance and sars-cov-2: The pronto-c2 fully decentralized automatic contact tracing system. Cryptology ePrint Archive, Report 2020/493 (2020). https://eprint.iacr.org/2020/493

  8. Canetti, R., et al.: Privacy-preserving automated exposure notification. Cryptology ePrint Archive, Report 2020/863 (2020). https://eprint.iacr.org/2020/863

  9. Canetti, R., Trachtenberg, A., Varia, M.: Anonymous collocation discovery: taming the coronavirus while preserving privacy. CoRR ArXiv:abs/2003.13670 (2020). https://arxiv.org/abs/2003.13670

  10. Castelluccia, C., et al.: DESIRE: a third way for a european exposure notification system leveraging the best of centralized and decentralized systems. CoRR ArXiv:abs/2008.01621 (2020). https://arxiv.org/abs/2008.01621

  11. Chan, J., et al.: PACT: privacy sensitive protocols and mechanisms for mobile contact tracing. CoRR ArXiv:abs/2004.03544 (2020). https://arxiv.org/abs/2004.03544

  12. Danz, N., Derwisch, O., Lehmann, A., Puenter, W., Stolle, M., Ziemann, J.: Security and privacy of decentralized cryptographic contact tracing. Cryptology ePrint Archive, Report 2020/1309 (2020). https://eprint.iacr.org/2020/1309

  13. Gvili, Y.: Security analysis of the covid-19 contact tracing specifications by apple inc. and google inc. Cryptology ePrint Archive, Report 2020/428 (2020). https://eprint.iacr.org/2020/428

  14. Iovino, V., Vaudenay, S., Vuagnoux, M.: On the effectiveness of time travel to inject covid-19 alerts. Cryptology ePrint Archive, Report 2020/1393 (2020). https://eprint.iacr.org/2020/1393

  15. Pietrzak, K.: Delayed authentication: preventing replay and relay attacks in private contact tracing. In: Bhargavan, K., Oswald, E., Prabhakaran, M. (eds.) INDOCRYPT 2020. LNCS, vol. 12578, pp. 3–15. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-65277-7_1

    Chapter  Google Scholar 

  16. Troncoso, C., et al.: Dp3t: decentralized privacy-preserving proximity tracing (2020). https://github.com/DP-3T

  17. Vaudenay, S.: Analysis of dp3t. Cryptology ePrint Archive, Report 2020/399 (2020).https://eprint.iacr.org/2020/399

  18. Vaudenay, S.: Centralized or decentralized? the contact tracing dilemma. Cryptology ePrint Archive, Report 2020/531 (2020). https://eprint.iacr.org/2020/531

Download references

Author information

Authors and Affiliations

  1. IST Austria, Klosterneuburg, Austria

    Benedikt Auerbach, Suvradip Chakraborty, Karen Klein, Guillermo Pascual-Perez, Krzysztof Pietrzak, Michael Walter & Michelle Yeo

Authors
  1. Benedikt Auerbach
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Suvradip Chakraborty
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Karen Klein
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Guillermo Pascual-Perez
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Krzysztof Pietrzak
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Michael Walter
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Michelle Yeo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Benedikt Auerbach .

Editor information

Editors and Affiliations

  1. ETH Zürich, Zürich, Switzerland

    Kenneth G. Paterson

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Auerbach, B. et al. (2021). Inverse-Sybil Attacks in Automated Contact Tracing. In: Paterson, K.G. (eds) Topics in Cryptology – CT-RSA 2021. CT-RSA 2021. Lecture Notes in Computer Science(), vol 12704. Springer, Cham. https://doi.org/10.1007/978-3-030-75539-3_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-75539-3_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-75538-6

  • Online ISBN: 978-3-030-75539-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation