Privacy-preserving Identity Broadcast for Contact Tracing Applications

Wireless Contact tracing has emerged as an important tool for managing the COVID-19 pandemic and relies on continuous broadcasting of a person's presence using Bluetooth Low Energy beacons. The limitation of current contact tracing systems in that a reception of a single beacon is sufficient to reveal the user identity, potentially exposing users to malicious trackers installed along the roads, passageways, and other infrastructure. In this paper, we propose a method based on Shamir secret sharing algorithm, which lets mobile nodes reveal their identity only after a certain predefined contact duration, remaining invisible to trackers with short or fleeting encounters. Through data-driven evaluation, using a dataset containing 18 million BLE sightings, we show that the method drastically reduces the privacy exposure. Finally, we implemented the approach on Android phones to demonstrate its feasibility and measure performance for various network densities.