To fight against infectious diseases (e.g., SARS, COVID-19, Ebola, etc.), government agencies, technology companies and health institutes have launched various contact tracing approaches to identify and notify the people exposed to infection sources. However, existing tracing approaches can lead to severe privacy and security concerns, thereby preventing their secure and widespread use among communities. To tackle these problems, this paper proposes CoAvoid, a decentralized, privacy-preserved contact tracing system that features good dependability and usability. CoAvoid leverages the Google/Apple Exposure Notification (GAEN) API to achieve decent device compatibility and operating efficiency. It utilizes GPS along with Bluetooth Low Energy (BLE) to dependably verify user information. In addition, to enhance privacy protection, CoAvoid applies fuzzification and obfuscation measures to shelter sensitive data, making both servers and users agnostic to information of both low and high-risk populations. The evaluation demonstrates good efficacy and security of CoAvoid. Compared with four state-of-art contact tracing applications, CoAvoid can reduce upload data by at least 90% and simultaneously resist wormhole and replay attacks in various scenarios.
翻译:为防治传染病(如SARS、COVID-19、埃博拉等),政府机构、技术公司和卫生机构推出了各种联系追踪方法,以查明并通知接触感染源的人,然而,现有的追踪方法可导致严重的隐私和安全问题,从而妨碍社区安全和广泛使用这些疾病。为解决这些问题,本文件提议CoAave,一个分散的、保密的、具有良好可靠性和使用性的联系追踪系统。CoAue利用Google/Apple接触通知(GAEN)API实现像样的设备兼容性和操作效率。它与蓝牙低能(Clever)一起使用全球定位系统来可靠地核实用户信息。此外,为了加强隐私保护,CoA避免对敏感数据采取模糊和混淆措施,使服务器和用户对低风险和高风险人群的信息都具有不可知觉性。评价表明CoAnei没有良好的效率和安全性。与四种状态接触追踪应用相比,CoAawe可以将上传数据减少至少90%,并在各种情景中同时抵抗蠕虫洞和重新攻击。