Digital Contact Tracing Solutions: Promises, Pitfalls and Challenges

Abstract

The COVID-19 pandemic has caused many countries to deploy novel digital contact tracing (DCT) systems to boost the efficiency of manual tracing of infection chains. In this paper, we systematically analyze DCT solutions and categorize them based on their design approaches and architectures. We analyze them with regard to effectiveness, security, privacy and ethical aspects and compare prominent solutions based on these requirements. In particular, we discuss shortcomings of the Google and Apple Exposure Notification API (GAEN) that is currently widely adopted all over the world. We find that the security and privacy of GAEN has considerable deficiencies as it can be compromised by severe large-scale attacks. We also discuss other proposed approaches for contact tracing, including our proposal <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">TraceCORONA</small> , that are based on Diffie-Hellman (DH) key exchange and aim at tackling shortcomings of existing solutions. Our extensive analysis shows that <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">TraceCORONA</small> fulfills the above security requirements better than deployed state-of-the-art approaches. We have implemented <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">TraceCORONA</small> and its beta test version has been used by more than 2000 users without any major functional problems <uri xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">https://tracecorona.net/download-tracecorona/</uri> , demonstrating that there are no technical reasons requiring to make compromises with regard to the requirements of DCT approaches.