Browse > Article
http://dx.doi.org/10.3837/tiis.2021.11.015

Privacy Analysis and Comparison of Pandemic Contact Tracing Apps  

Piao, Yanji (Information Management and Information System, Yanbian University)
Cui, Dongyue (Information Management and Information System, Yanbian University)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.15, no.11, 2021 , pp. 4145-4162 More about this Journal
Abstract
During the period of epidemic prevention and control, contact tracing systems are developed in many countries, to stop or slow down the progression of COVID-19 contamination. However, the privacy issues involved in the use of contact tracing apps have also attracted people's attention. First, we divide contact tracing techniques into two types: Bluetooth Low Energy (BLE) based and Global Positioning System (GPS) based techniques. In order to clear understand the system structure and its elements, we create data flow diagram (DFD) of each types. Second, we analyze the possible privacy threats contained in various types of contact tracing apps by applying LINDDUN, which is a threat modeling technique for personal information protection. Third, we make a comparison and analysis of various contact tracing techniques from privacy point of view. These studies can facilitate improve tracing and security performance to contact tracing apps through comparisons between different types.
Keywords
Contact tracing apps; COVID-19; LINDDUN; Privacy; Security;
Citations & Related Records
연도 인용수 순위
  • Reference
1 N. Borisov, I. Goldberg, and E. Brewer, "Off-the-record communication, or, why not to use pgp," in Proc. of the 2004 ACM Workshop on Privacy in the Electronic Society, WPES 2004, Washington, DC, USA, pp. 77-84, 2004.
2 CovidAlert. [Online]. Available: https://www.canada.ca/en/public-health/services/diseases/coronavirus-disease-covid-19/covid-alert.html
3 PrivateTracer. [Online]. Available: https://gitlab.com/PrivateTracer
4 Rankingn C-19. [Online]. Available: https://www.covid.is/app/is
5 C19X. [Online]. Available: https://github.com/c19x
6 CovidSafe(UoW), 2020. [Online]. Available: https://covidsafe.cs.washington.edu
7 National Government Service Platform Epidemic Prevention Health Code. [Online]. Available: http://openstd.samr.gov.cn/bzgk/gb/newGbInfo?hcno=ED391A20971F017E8DBC265ECD66CCCE
8 CoronApp. [Online]. Available: https://apps.apple.com/cn/app/id1502037648#?platform=iphone
9 H. Lee, S. Kim, S. Lee, "Evaluation Criteria for COVID-19 Contact Tracing Technology and Security Analysis," Journal of The Korea Institute of Information Security & Cryptology, vol. 30, no. 6, pp. 1151-1166, Dec. 2020.   DOI
10 Pandoa. [Online]. Available: https://github.com/wirewirewirewire/pandoa
11 PrivateKit: Safe Paths. [Online]. Available:http://privatekit.mit.edu/
12 Fraunhofer AISEC, "PANDEMIC CONTACT TRACING APPS: DP-3T, PEPP-PT NTK,AND ROBERT FROM A PRIVACY PERSPECTIVE," Apr. 2020.
13 N. Ahmed, R. Michelin, W.Xue, S.Ruj, and S. Jha, "A Survey of COVID-19 Contact tracing apps." IEEE Access, 8, 134577-134601, 2020.   DOI
14 National Government Service Platform Epidemic Prevention Health Code. [Online]. Available: http://openstd.samr.gov.cn/bzgk/gb/newGbInfo?hcno=09EBF512C9729D09237B646E7DBE1652
15 D. Zhou, P. Zhang, C. Bao, Y. Zhang, and N. Zhu, "Emerging Understanding of Etiology and Epidemiology of the Novel Coronavirus (COVID-19) infection in Wuhan, China," Preprints, Feb. 2020.
16 https://coronavirus.jhu.edu/map.html
17 R. Raskar, I.Schunemann, R. Barbar, K. Vilcans, J. Gray, P. Vepakomma, S. Kapa, A. Nuzzo, R. Gupta, and A. Berke, "Apps gone rogue: maintaining personal privacy in an epidemic,"arXiv:2003.08567 [cs.CR], Mar, 2020.
18 "Maximizing Privacy and Effectiveness in Covid-19 Apps,"OpenMined Community, 2020. [Online]. Available: https://blog.openmined.org/covid-app-privacy-advice/
19 A.Gangavarapu, E.Daw, A. Singh, R.Iyer, and R.Raskar, "Target Privacy Threat Modeling for COVID-19 Exposure Notification Systems," arXiv:2009.13300 [cs.CR], Sep. 2020.
20 L. Angela, C. Peter, C. Joseph, M. Bassam, H. Thaier, "Security Vulnerabilities in Bluetooth Technology as Used in IoT," Journal of Sensor and Actuator Networks, vol. 7, no. 3, 2018.
21 Google, "Exposure notification api," 2020. [Online]. Available: https://www.google.com/covid19/exposurenotifications/
22 TCN Coalition, "TCN protocol for decentralized, privacy-preserving contact tracing,". [Online]. Available: https://github.com/TCNCoalition/TCN
23 S. Wang, S.Ding, and L.Xiong, "A New System for Surveillance and Digital Contact Tracing for COVID-19: Spatiotemporal Reporting Over Network and GPS(Preprint)," 2020.
24 M.J. Parker, C. Fraser, L.Abeler-Dorner, and D. Bonsall, "Ethics of instantaneous contact tracing using mobile phone apps in the control of the COVID-19 pandemic," Journal of Medical Ethics, vol. 46, no. 7, 2020.
25 H. Cho, D. Ippolito,and Y. W. Yu, "Contact Tracing Mobile Apps for COVID-19: Privacy Considerations and Related Trade-offs," arXiv:2003.11511 [cs.CR], Mar. 2020.
26 https://www.who.int/emergencies/diseases/novel-coronavirus-2019
27 https://www.technologyreview.com/2021/02/24/1014369/10-breakthrough-technologies-2021
28 K. Wuyts, and W. Joosen, "LINDDUN privacy threat modeling: a tutorial," Department of Computer Science, KU Leuven; Leuven, Belgium, Report CW 685, Jul. 2015.
29 Pan-European Privacy-Preserving Proximity Tracing. [Online]. Available: https://github.com/pepp-pt/pepp-pt-documentation.
30 ROBERT: ROBust and privacy-presERving proximity Tracing Claude Castelluccia.
31 J.Bay, J. Kek, A.Tan, C. S. Hau, L. Yongquan, J. Tan, and T. A. Quy, "Bluetrace: A privacy-preservingprotocolforcommunity-driven contact tracing across borders,"[Online]. Available: https://bluetrace.io/.
32 COVIDSafe. [Online]. Available: https://github.com/AU-COVIDSafe
33 Trace Together. [Online]. Available: https://github.com/opentrace-community
34 R. Dingledine, N. Mathewson, and P. Syverson, "Tor: The second-generation onion router," in Proc. of the 13th USENIX Security Symposium, August 2004.
35 L.S. Park, J. Singh, J.Malbeuf, and A. A.Mardon, "Evaluation of Effectiveness of Digital GPS Contact Tracing Technology in Response to COVID-19," The Pacific Journal of Science and Technology, vol. 21, no. 2, pp. 341-345, Nov. 2020.
36 G. Avitabile, V. Botta, V. Iovino, and I. Visconti, "Towards defeating mass surveillance and sars-cov-2: The pronto-c2 fully decentralized automatic contact tracing system," in Proc. of Workshop on Secure IT Technologies against COVID-19 (CoronaDef), 2020.
37 M.Hansen, P. Berlich, J. Camenisch, S. Clauss, A. Pfitzmann, and M. Waidner, "Privacy-enhancing identity management," Information Security Technical Report, vol. 9, no. 1, pp. 35-44, 2004.   DOI
38 S. Clauss, A. Pfitzmann, M. Hansen, and E.V. Herreweghen, "Privacy-enhancing identity management,"The IPTS Report, 67, 8-16, Jan. 2002.
39 M. Naor, "Deniable ring authentication," in Proc.Crypto, pp. 481-498, 2002.
40 A. hostack, "Experiences Threat Modeling at Microsoft," in Proc. of Modeling Security Workshop, Dept. of Computing, 2008.
41 Apple, "Privacy preserving contact tracing," 2020. [Online]. Available: https://www.apple.com/covid19/contacttracing.
42 R. L. Rivest, J. Callas, R. Canetti, and et al., "The pact protocol specifications," Technical report, vol. 0.1, April, 2020. [Online]. Available: https://pact.mit.edu/wp-content/uploads/2020/04/The-PACTprotocol-specification-ver-0.1.pdf
43 Stopp Corona. [Online]. Available: https://github.com/austrianredcross/stopp-corona-ios
44 Corona-Warn. [Online]. Available: https://github.com/corona-warn-app
45 CoEpi. [Online]. Available: https://github.com/Co-Epi
46 S.O.Blacklow, S.Lisker, M.Y. Ng, U. Sarkar, and C. Lyles, "Usability, inclusivity, and content evaluation of COVID-19 contact tracing apps in the United States," Journal of the American Medical Informatics Association, 1982-1989, May. 2021.
47 National Government Service Platform Epidemic Prevention Health Code. [Online]. Available: http://openstd.samr.gov.cn/bzgk/gb/newGbInfo?hcno=672AF632394BC01A8D07B221C799923E
48 MySejahtera. [Online]. Available: https://gamma.malaysia.gov.my/appdetails/721#tab3
49 Hamagen. [Online]. Available: https://github.com/MohGovIL/hamagen-reactnative/blob/master/README.md
50 L. Sion, K.Wuyts, K.Yskout, D. V. Landuyt, and W.Joosen, "Interaction-Based Privacy Threat Elicitation," in Proc. of IEEE EuroS&PW, 2018.
51 M. Deng, K. Wuyts, R. Scandariato, B. Prenee, and W. Joosen, "a privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements,"Requirements Engineering, vol. 16, pp. 3-32, 2011.   DOI
52 K. U.Wuyts, R. U.Scandariato, and W. U. Joosen, "LIND(D)UN privacy threat tree catalog," Department of Computer Science, KU Leuven; Leuven, Belgium, Report CW 675, Sep. 2014.
53 A.A. Harith, N. A. Muhamad, and R. Griffiths, "Digital Contact Tracing in Combating COVID-19 Pandemic in Malaysia, New Zealand and China," 2021.
54 M. Hatamian, S. Wairimu, N.Momen, and L. Fritsch, "A privacy and security analysis of early-deployed COVID-19 contact tracing Android apps," Empirical Software Engineering, vol. 26, no. 3, 2021.
55 M.L.Messai, and H.Seba, "Short Paper: Privacy Comparison of Contact Tracing Mobile Applications for COVID-19," Oct. 2020.
56 B.Sowmiya, V. S.Abhijith, S.Sudersan, R. S. J. Sundar, M.Thangavel, and P. Varalakshmi, "A Survey on Security and Privacy Issues in Contact Tracing Application of Covid-19," SN Computer Science, vol. 2, no. 3, pp. 1-11, 2021.   DOI
57 DP-3T. [Online]. Available: https://github.com/DP-3T
58 TousAntiCovid. [Online]. Available: https://bonjour.tousanticovid.gouv.fr/index-en.html
59 J. Chan, S. Gollakota, E. Horvitz, J. Jaeger, S. Kakade, T. Kohno, J. Langford, J. Larson, S. Singanamalla, J. Sunshine et al., "Pact: Privacy sensitive protocols and mechanisms for mobile contact tracing," arXiv preprint arXiv:2004.03544, 2020.