Privacy-preserving Contact Tracing Research Articles

Non-interactive set intersection for privacy-preserving contact tracing

Contact tracing (CT) is an effective method to combat the spread of infectious diseases like COVID-19, by notifying and alerting individuals who have been in contact with infected patients. One simple yet practical approach for implementing CT functionality is to directly publish the travel history and locations visited by infected users. However, this approach compromises the location privacy and makes infected individuals reluctant to participate in such systems. Private set intersection (PSI) is a promising candidate to protect the privacy of participants. But, interactive PSI protocols may not be friendly for querists with limited resources due to high local computation costs and communication bandwidth requirements. Additionally, concerns about identity leakage may result in infected users missing or providing erroneous information about their visited locations. To address the above issues, we propose a cloud-assisted non-interactive framework for privacy-preserving CT, which enables querists to obtain query results without multi-round interaction and addresses concerns regarding location and identity information leakage. Its core building block is a cloud-assisted non-interactive set intersection protocol, skillfully transformed from anonymous broadcast encryption (AnoBE). To our knowledge, this is the first derivation from AnoBE. We also instantiate the proposed framework and thoroughly evaluate its performance, demonstrating its efficiency.

Privacy-Preserving Contact Tracing System based on a Publish-Subscribe Model

Privacy-Preserving Contact Tracing System based on a Publish-Subscribe Model

DP-ACT: Decentralized Privacy-Preserving Asymmetric Digital Contact Tracing

Digital contact tracing substantially improves the identification of high-risk contacts during pandemics. Despite several attempts to encourage people to use digital contact-tracing applications by developing and rolling out decentralized privacy-preserving protocols (broadcasting pseudo-random IDs over Bluetooth Low Energy---BLE), the adoption of digital contact tracing mobile applications has been limited, with privacy being one of the main concerns. In this paper, we propose a decentralized privacy-preserving contact tracing protocol, called DP-ACT, with both active and passive participants. Active participants broadcast BLE beacons with pseudo-random IDs, while passive participants model conservative users who do not broadcast BLE beacons but still listen to the broadcasted BLE beacons. We analyze the proposed protocol and discuss a set of interesting properties. The proposed protocol is evaluated using both a face-to-face individual interaction dataset and five real-world BLE datasets. Our simulation results demonstrate that the proposed DP-ACT protocol outperforms the state-of-the-art protocols in the presence of passive users.

A lightweight delegated private set intersection cardinality protocol

Secure multiparty computation (MPC) is an important means to realize privacy computing (PC). Private set intersection cardinality (PSI-CA) is a variant of an important problem in MPC research, that is private set intersection. PSI-CA allows multiple participants jointly compute the size of the common intersection of their private sets through interaction without revealing any other information about their respective sets. Delegated PSI-CA delegates a large number of computing in the protocol to some untrusted cloud servers, which makes the protocol efficient. Delegated PSI-CA is considered to be of great significance for the construction of privacy-preserving contact tracing systems recently. However, the existing work is still not ideal for the resource-limited mobile terminal of clients. In this paper, we propose a lightweight delegated PSI-CA protocol based on multi-point oblivious pseudorandom function and collision-resistant hash function. Our protocol does not need to do additional pre-operations, so the computation complexity and the communication complexity on the client side are further reduced compare to the existing works. In addition, we build a privacy-preserving contact tracing system by utilizing our protocol, which can be publicly checked if necessary, named PC-CONTrace. The experimental results show that our system is more practical and advantageous for densely populated areas.

Decentralized multi-client functional encryption for set intersection with improved efficiency

Functional encryption (FE) is a new paradigm of public key encryption that can control the exposed information of plaintexts by supporting computation on encrypted data. In this paper, we propose efficient multi-client FE (MCFE) schemes that compute the set intersection of ciphertexts generated by two clients. First, we propose an MCFE scheme that calculates the set intersection cardinality (MCFE-SIC) and prove its static security under dynamic assumptions. Next, we extend our MCFE-SIC scheme to an MCFE scheme for set intersection (MCFE-SI) and prove its static security under dynamic assumptions. The decryption algorithm of our MCFE-SI scheme is more efficient than the existing MCFE-SI scheme because it requires fewer pairing operations to calculate the intersection of two clients. Finally, we propose a decentralized MCFE scheme for set intersection (DMCFE-SI) that decentralizes the generation of function keys. Our MCFE schemes can be effectively applied to a privacy-preserving contact tracing system to prevent the spread of recent infectious diseases.

DIMY: Enabling privacy-preserving contact tracing

The infection rate of COVID-19 and the rapid mutation ability of the virus has forced governments and health authorities to adopt lockdowns, increased testing, and contact tracing to reduce the virus’s spread. Digital contact tracing has become a supplement to the traditional manual contact tracing process. However, although several digital contact tracing apps are proposed and deployed, these have not been widely adopted due to apprehensions surrounding privacy and security. In this paper, we present a blockchain-based privacy-preserving contact tracing protocol,“Did I Meet You” (DIMY). The protocol provides full-lifecycle data privacy protection on the devices as well as the back-end servers to address most of the privacy concerns associated with existing protocols. We have employed Bloom filters to provide efficient privacy-preserving storage and have used the Diffie–Hellman key exchange for secret sharing among the participants. We show that DIMY provides resilience against many well-known attacks while introducing negligible overheads. DIMY’s footprint on the storage space of clients’ devices and back-end servers is also significantly lower than other similar state-of-the-art apps.

Epidemic Exposure Tracking With Wearables: A Machine Learning Approach to Contact Tracing

The recent pandemic revealed weaknesses in several areas, including the limited capacity of public health systems for efficient case tracking and reporting. In the post-pandemic era, it is essential to be ready and provide not only preventive measures, but also effective digital strategies and solutions to protect our population from future outbreaks. This work presents a contact tracing solution based on wearable devices to track epidemic exposure. Our proximity-based privacy-preserving contact tracing (P3CT) integrates: 1) the Bluetooth Low Energy (BLE) technology for reliable proximity sensing, 2) a machine-learning approach to classify the exposure risk of a user, and 3) an ambient signature protocol for preserving the user’s identity. Proximity sensing exploits the signals emitted from a smartwatch to estimate users’ interaction, in terms of distance and duration. Supervised learning is then used to train four classification models to identify the exposure risk of a user with respect to a patient diagnosed with an infectious disease. Finally, our proposed P3CT protocol uses ambient signatures to anonymize the infected patient’s identity. Extensive experiments demonstrate the feasibility of our proposed solution for real-world contact tracing problems. The large-scale dataset consisting of the signal information collected from the smartwatch is available online. According to experimental results, wearable devices along with machine learning models are a promising approach for epidemic exposure notification and tracking.

Privacy-preserving COVID-19 contact tracing using blockchain

The outbreak of the COVID-19 virus has caused widespread panic and global initiatives are geared towards treatment and limiting its spread. With technological advancements, several mechanisms and mobile applications have been developed that attempt to trace the physical contact made by a person with someone who has been tested COVID-19 positive. While designing these apps, user's privacy has been an afterthought and has resulted in mass violations of privacy of the public and the patients. A total of 32 countries have designed apps and rely on them as a strategy to flatten the pandemic curve. Along with lack of privacy, these methodologies are centralized, where they are fully controlled by the government and the healthcare providers. Owing to these and many other concerns, people are hesitant in the adoption of these technologies. This paper presents a detailed analysis of user tracking apps belonging to 32 countries, thus demonstrating that they collect personal data and are a gross violation of user privacy. This paper presents a novel architecture for the efficient, effective and privacy-preserving contact tracing of COVID-19 patients using blockchain. The proposed architecture preserves the privacy of individuals and their contact history by encrypting all the data specific to an individual using a privacy-preserving Homomorphic encryption scheme and storing it on a permissioned blockchain network. The contacts made with a COVID-19 positive patient are identified by performing search queries directly over the Homomorphic encrypted data stored in the blocks. Therefore, only those contacts that are suspected to be COVID-19 positive may be decrypted by the healthcare professional or government for further contact tracing/diagnosis and COVID-19 testing; thereby leading to enhanced privacy.

COVID-19 Tracking Applications: A Human-Centric Analysis

The year 2020 will always be remembered with the imprints left by COVID-19 on our lives. While the pandemic has had many undesirable effects for the whole world, one of its biggest side effects has been the fast digital transformation that has taken place, which was already in progress with the Industry 4.0 era. The readily available technology and wireless communications infrastructures paved the way for a myriad of digital technologies for the containment of the disease using mobile contact tracing applications developed by health authority organizations in many countries. The mounting privacy concerns especially with Bluetooth-enabled proximity tracing and centralized tracking technologies used by these applications have given rise to the development of new privacy-preserving contact tracing protocols. Although these new protocols have alleviated the privacy concerns of citizens to a certain extent, widespread adoption is still far from being the reality. In this paper, we analyze existing contact tracing technologies from a human-centric standpoint by focusing on their privacy implications. We present our comprehensive dataset consisting of the contact tracing application usage information in 94 countries and provide results of a multinational survey we have conducted on the sentiments of people regarding contact tracing applications. The survey results demonstrate that privacy concerns are still the leading deterrent for people when deciding whether to use these applications. Nevertheless, it is a globally accepted argument that the most effective and fastest method for contact tracking will be digital technologies free from human errors and manual procedures. Accordingly, it is concluded that a policy of developing decentralized tracking solutions based entirely on user privacy should be followed, in which independent trusted third parties assume the role of authority in the system architecture, if absolutely necessary, in order to effectively combat the pandemic worldwide. An important feature of the systems to be developed to pave the way for widespread use is to provide the users the right to be forgotten.

Stochastic sampling effects favor manual over digital contact tracing

Isolation of symptomatic individuals, tracing and testing of their nonsymptomatic contacts are fundamental strategies for mitigating the current COVID-19 pandemic. The breaking of contagion chains relies on two complementary strategies: manual reconstruction of contacts based on interviews and a digital (app-based) privacy-preserving contact tracing. We compare their effectiveness using model parameters tailored to describe SARS-CoV-2 diffusion within the activity-driven model, a general empirically validated framework for network dynamics. We show that, even for equal probability of tracing a contact, manual tracing robustly performs better than the digital protocol, also taking into account the intrinsic delay and limited scalability of the manual procedure. This result is explained in terms of the stochastic sampling occurring during the case-by-case manual reconstruction of contacts, contrasted with the intrinsically prearranged nature of digital tracing, determined by the decision to adopt the app or not by each individual. The better performance of manual tracing is enhanced by heterogeneity in agent behavior: superspreaders not adopting the app are completely invisible to digital contact tracing, while they can be easily traced manually, due to their multiple contacts. We show that this intrinsic difference makes the manual procedure dominant in realistic hybrid protocols.

BeepTrace: Blockchain-Enabled Privacy-Preserving Contact Tracing for COVID-19 Pandemic and Beyond.

The outbreak of the coronavirus disease 2019 (COVID-19) pandemic has exposed an urgent need for effective contact tracing solutions through mobile phone applications to prevent the infection from spreading further. However, due to the nature of contact tracing, public concern on privacy issues has been a bottleneck to the existing solutions, which is significantly affecting the uptake of contact tracing applications across the globe. In this article, we present a blockchain-enabled privacy-preserving contact tracing scheme: BeepTrace, where we propose to adopt blockchain bridging the user/patient and the authorized solvers to desensitize the user ID and location information. Compared with recently proposed contact tracing solutions, our approach shows higher security and privacy with the additional advantages of being battery friendly and globally accessible. Results show viability in terms of the required resource at both server and mobile phone perspectives. Through breaking the privacy concerns of the public, the proposed BeepTrace solution can provide a timely framework for authorities, companies, software developers, and researchers to fast develop and deploy effective digital contact tracing applications, to conquer the COVID-19 pandemic soon. Meanwhile, the open initiative of BeepTrace allows worldwide collaborations, integrate existing tracing and positioning solutions with the help of blockchain technology.

Blockchain-Based Digital Contact Tracing Apps for COVID-19 Pandemic Management: Issues, Challenges, Solutions, and Future Directions.

The COVID-19 pandemic has caused substantial global disturbance by affecting more than 42 million people (as of the end of October 2020). Since there is no medication or vaccine available, the only way to combat it is to minimize transmission. Digital contact tracing is an effective technique that can be utilized for this purpose, as it eliminates the manual contact tracing process and could help in identifying and isolating affected people. However, users are reluctant to share their location and contact details due to concerns related to the privacy and security of their personal information, which affects its implementation and extensive adoption. Blockchain technology has been applied in various domains and has been proven to be an effective approach for handling data transactions securely, which makes it an ideal choice for digital contact tracing apps. The properties of blockchain such as time stamping and immutability of data may facilitate the retrieval of accurate information on the trail of the virus in a transparent manner, while data encryption assures the integrity of the information being provided. Furthermore, the anonymity of the user’s identity alleviates some of the risks related to privacy and confidentiality concerns. In this paper, we provide readers with a detailed discussion on the digital contact tracing mechanism and outline the apps developed so far to combat the COVID-19 pandemic. Moreover, we present the possible risks, issues, and challenges associated with the available contact tracing apps and analyze how the adoption of a blockchain-based decentralized network for handling the app could provide users with privacy-preserving contact tracing without compromising performance and efficiency.

Privacy-preserving contact tracing in 5G-integrated and blockchain-based medical applications

The current pandemic situation due to COVID-19 is seriously affecting our daily work and life. To block the propagation of infectious diseases, an effective contact tracing mechanism needs to be implemented. Unfortunately, existing schemes have severe privacy issues that jeopardize the identity-privacy and location-privacy for both users and patients. Although some privacy-preserving systems have been proposed, there remain several issues caused by centralization. To mitigate this issues, we propose a Privacy-preserving contact Tracing scheme in 5G-integrated and Blockchain-based Medical applications, named PTBM. In PTBM, the 5G-integrated network is leveraged as the underlying infrastructure where everyone can perform location checking with his mobile phones or even wearable devices connected to 5G network to find whether they have been in possible contact with a diagnosed patient without violating their privacy. A trusted medical center can effectively trace the patients and their corresponding close contacts. Thorough security and performance analysis show that the proposed PTBM scheme achieves privacy protection, traceability, reliability, and authentication, with high computation & communication efficiency and low latency.

Safe contact tracing for COVID-19: A method without privacy breach using functional encryption techniques based-on spatio-temporal trajectory data.

The COVID-19 pandemic has spread all over the globe. In the absence of a vaccine, a small number of countries have managed to control the diffusion of viruses by early detection and early quarantine. South Korea, one of the countries which have kept the epidemics well-controlled, has opened the infected patients' trajectory to the public. Such a reaction has been regarded as an effective method, however, serious privacy breach cases have been issued in South Korea. Furthermore, some suspected contacts have refused to take infection tests because they are afraid of being exposed. To solve this problem, we propose a privacy-preserving contact tracing method based on spatio-temporal trajectory which can be practically used in many quarantine systems. In addition, we develop a system to visualize the contact tracing workflow.

Towards Large-Scale and Privacy-Preserving Contact Tracing in COVID-19 Pandemic: A Blockchain Perspective.

Activity-tracking applications and location-based services using short-range communication (SRC) techniques have been abruptly demanded in the COVID-19 pandemic, especially for automated contact tracing. The attention from both public and policy keeps raising on related practical problems, including 1) how to protect data security and location privacy? 2) how to efficiently and dynamically deploy SRC Internet of Thing (IoT) witnesses to monitor large areas? To answer these questions, in this paper, we propose a decentralized and permissionless blockchain protocol, named Bychain. Specifically, 1) a privacy-preserving SRC protocol for activity-tracking and corresponding generalized block structure is developed, by connecting an interactive zero-knowledge proof protocol and the key escrow mechanism. As a result, connections between personal identity and the ownership of on-chain location information are decoupled. Meanwhile, the owner of the on-chain location data can still claim its ownership without revealing the private key to anyone else. 2) An artificial potential field-based incentive allocation mechanism is proposed to incentivize IoT witnesses to pursue the maximum monitoring coverage deployment. We implemented and evaluated the proposed blockchain protocol in the real-world using the Bluetooth 5.0. The storage, CPU utilization, power consumption, time delay, and security of each procedure and performance of activities are analyzed. The experiment and security analysis is shown to provide a real-world performance evaluation.

Privacy-Preserving Contact Tracing and Public Risk Assessment Using Blockchain for COVID-19 Pandemic

Due to the number of confirmed cases and casualties of the new COVID-19 virus diminishing day after day, several countries around the world are discussing how to return to the new normal way of life. In order to keep the spread of the disease under control and avoid a second wave of infection, one alternative being considered is the utilization of contact tracing. However, despite several alternatives being available, contact tracing still faces issues in terms of maintaining user privacy and security, making its mass adoption quite difficult. Based on that, a novel framework for contact tracing using blockchain as its infrastructure is presented. By integrating blockchain with contact tracing applications, user privacy can be guaranteed, while also providing people and government bodies with a complete public view of all confirmed cases. Moreover, we also investigate how public locations can aid in the contact tracing process by measuring the risk of exposure to COVID-19 to the general public and advertising it in a blockchain. By doing so, these locations can effectively report potential infection risks, while also guaranteeing privacy and trustworthiness in the information. Lastly, numerical results are shown in different scenarios and conclusions are drawn.

Efficient Private Set Intersection Using Point-Value Polynomial Representation

Private set intersection (PSI) allows participants to securely compute the intersection of their inputs, which has a wide range of applications such as privacy-preserving contact tracing of COVID-19. Most existing PSI protocols were based on asymmetric/symmetric cryptosystem. Therefore, keys-related operations would burden these systems. In this paper, we transform the problem of the intersection of sets into the problem of finding roots of polynomials by using point-value polynomial representation, blind polynomials’ point-value pairs for secure transportation and computation with the pseudorandom function, and then propose an efficient PSI protocol without any cryptosystem. We optimize the protocol based on the permutation-based hash technique which divides a set into multisubsets to reduce the degree of the polynomial. The following advantages can be seen from the experimental result and theoretical analysis: (1) there is no cryptosystem for data hiding or encrypting and, thus, our design provides a lightweight system; (2) with set elements less than 212, our protocol is highly efficient compared to the related protocols; and (3) a detailed formal proof is given in the semihonest model.