Abstract
The novel coronavirus COVID-19 spreads easily through personal contact, requiring the use of contact tracing to track the spread of the disease. Many existing approaches either trust a public health authority with private data, or publish patients’ data, leading to privacy breaches. Private Set Intersection based on Homomorphic Encryption is a promising solution, but it is limited because the management of keys is challenging and further filtering of contacts is not included. We present a protocol for secure and private conditional contact tracing, allowing the tracking of users’ contacts subject to extra conditions. We construct and apply our new primitive of Conditional Private Set Intersection and combine it with a Trusted Execution Environment (TEE) to construct a protocol with provable security and a high degree of functionality. Our approach moves the memory- and computation-intensive portions of contact tracing out of the TEE to a cloud server. We also present how multi-hop contact tracing can be done with minimal user communication. Our proof-of-concept implementation with Microsoft SEAL allows users to perform their computation in less than 9 min, and the cloud’s per-user computation can be as little as 11 min for a population of 50,000 users with 500 infected (assuming 40 contacts/user) in a day. With other HE libraries/schemes that allows customized parameter sets, our protocol will show much higher scalability.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Altuwaiyan, T., et al.: Epic: efficient privacy-preserving contact tracing for infection detection. In: IEEE ICC, pp. 1–6 (2018)
Apple and Google. Privacy-Preserving Contact Tracing (2020). apple.co/3bFFWzp
Baumgärtner, L., et al.: Mind the GAP: security and privacy risks of contact tracing apps. arXiv preprint (2020). arXiv:2006.05914
Bay, J., et al.: BlueTrace: a privacy-preserving protocol for community-driven contact tracing across borders. Tech. Rep. GovTech-Singapore (2020)
Bell, J., et al.: Tracesecure: towards privacy preserving contact tracing. arXiv preprint arXiv:2004.04059 (2020)
Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (Leveled) fully homomorphic encryption without bootstrapping. ACM TOCT 6(3), 1–36 (2014)
Burke, L.:. New variant meets its first university (2021)
Chen, H., et al.: Fast private set intersection from homomorphic encryption. In: ACM CCS, pp. 1243–1255 (2017)
Chen, H., et al.: Labeled PSI from fully homomorphic encryption with malicious security. In: ACM CCS, pp. 1223–1237 (2018)
Cho, H., Ippolito, D., Yu, Y.W.:. Contact tracing mobile apps for covid-19: Privacy considerations and related trade-offs. arXiv preprint arXiv:2003.11511 (2020)
Ciampi, M., Orlandi, C.: Combining private set-intersection with secure two-party computation. In: Catalano, D., De Prisco, R. (eds) Security and Cryptography for Networks. SCN 2018. Lecture Notes in Computer Science, vol. 11035. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98113-0_25
Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptol. ePrint Arch. 86, 1–118 (2016)
Dave C., Kurt R., Yuriy P., Ryan, G.:. The PALISADE lattice cryptography library (2020). bit.ly/35Bthtz
De Cristofaro, E., Gasti, P., Tsudik, G.: Fast and private computation of cardinality of set Intersection and Union. In: Pieprzyk, J., Sadeghi, A., Manulis, M. (eds.) CANS 2012. LNCS, vol. 7712, pp. 218–231. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35404-5_17
Junfeng Fan, J., Vercauteren, F.: Somewhat practical fully homomorphic encryption. IACR Cryptol. ePrint Arch., 144 (2012)
Centers for Disease Control and Prevention. Appendix A - Glossary of Key Terms (2020). bit.ly/2LljkK0
Garmin. Project Tesserae powered by Garmin (2018). bit.ly/3nI2yBC
Gentry, C., Halevi, S., Smart, N.P.: Homomorphic evaluation of the AES Circuit. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 850–867. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_49
Halevi, S., Shoup, V.: Design and implementation of a homomorphic-encryption library. IBM Research (Manuscript) 6, 12–15 (2013)
Ion, M., et al.: Private intersection-sum protocol with applications to attributing aggregate ad conversions. IACR Cryptol. ePrint Arch. 738 (2017)
Lindell, Y.: How to simulate it-a tutorial on the simulation proof technique. Tutorials on the Foundations of Cryptography, pp. 277–346 (2017)
Liu, S., Jiang, Y., Striegel, A.: Face-to-face proximity estimationusing bluetooth on smartphones. IEEE Trans. Mobile Comput. 13(4), 811–823 (2014)
Lounis, K., Zulkernine, M.: Attacks and defenses in short-range wireless technologies for iot. IEEE Access 8, 88892–88932 (2020)
Michael, K., Abbas, R.: Behind covid-19 contact trace apps: the Google-Apple partnership. IEEE Consumer Electronics Magazine 9(5), 71–76 (2020)
Mofrad, S., Zhang, F., Lu, S., Shi, W.: A comparison study of intel sgx and amd memory encryption technology. In: HASP, pp. 1–8 (2018)
Morgan, A.U., et al.: Remote monitoring of patients with covid-19: design, implementation, and outcomes of the first 3,000 patients in COVID Watch. NEJM Catalyst Innovations in Care Delivery, 1(4) (2020)
Nietzel, M.: Duke University suddenly imposes week-long stay-at-home order on all undergraduates (2021)
Government of Singapore. TraceTogether (2020). www.tracetogether.gov.sg
Benny, P., Eyal, R.: Hashomer-a proposal for a privacy-preserving bluetooth based contact tracing scheme for Hamagen (2020)
Benny, P., Thomas, S., Christian, W., Udi, W.:. Efficient circuit-based PSI via cuckoo hashing. In: EUROCRYPT, pp. 125–157 (2018)
Benny, P., Thomas, S., Michael, Z.: Faster private set intersection based on \(\{\)OT\(\}\) extension. In: Usenix Security, pp. 797–812 (2014)
Ramesh, R., et al.: Apps gone rogue: maintaining personal privacy in an epidemic. arXiv preprint arXiv:2003.08567 (2020)
Raskar, R., Pahwa, D., Beaudry, R.: Contact tracing: holistic solution beyond bluetooth. IEEE Data Eng. Bull 43(2), 67–70 (2020)
Reichert, L., Brack, S., Scheuermann, B.:. Privacy-preserving contact tracing of covid-19 patients. IACR Cryptol. ePrint Arch. 375 (2020)
Riazi, M.S., et al.: HEAX: an architecture for computing on encrypted data. In: ACM ASPLOS, pp. 1295–1309 (2020)
Microsoft SEAL (release 3.6) (2020). bit.ly/3qgKCjd
Singh, P., et al.: Ppcontacttracing: a privacy-preserving contact tracing protocol for covid-19 pandemic. arXiv preprint arXiv:2008.06648 (2020)
Taassori, M., et al.: Vault: reducing paging overheads in SGX with efficient integrity verification structures. In: ASPLOS, pp. 665–678 (2018)
Takeshita, J., et al.: Algorithmic acceleration of B/FV-Like somewhat homomorphic encryption for compute-enabled RAM. In: Dunkelman, O., Jacobson, Jr., M.J., O’Flynn, C. (eds.) SAC 2020. LNCS, vol. 12804, pp. 66–89. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81652-0_3
Tan, B.H.M., et al.: Efficient private comparison queries over encrypted databases using fully homomorphic encryption with finite fields. IEEE TDSC (2020)
Tang, Q.: Privacy-preserving contact tracing: current solutions and open questions. arXiv preprint arXiv:2004.06818 (2020)
Trieu, N., et al.: Epione: lightweight contact tracing with strong privacy. arXiv preprint arXiv:2004.13293 (2020)
Wang, X.S., et al.: Efficient genome-wide, privacy-preserving similar patient query based on private edit distance. In: ACM CCS, pp. 492–503 (2015)
Wu, J., et al.: \(\{\)BLESA\(\}\): spoofing attacks against reconnections in Bluetooth low energy. In: 14th \(\{\)USENIX\(\}\) Workshop on Offensive Technologies (\(\{\)WOOT\(\}\) 20) (2020)
Yasaka, T.M., Lehrich, B.M., Sahyouni, R.:. Peer-to-peer contact tracing: development of a privacy-preserving smartphone app. JMIR Mhealth Uhealth, 8(4), e18936 (2020)
Yoneki, E.: Fluphone study: virtual disease spread using haggle. In: CHANTS, pp. 65–66 (2011)
Acknowledgement
This work was supported by the Office of the Director of National Intelligence (ODNI), Intelligence Advanced Research Projects Activity (IARPA) via contract #2020–20082700002. Any opinions, findings and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect those of the sponsor. The authors also thank Dr. Alex Perkins (Department of Biological Sciences, University of Notre Dame) for his helpful comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Takeshita, J., Karl, R., Mohammed, A., Striegel, A., Jung, T. (2021). Provably Secure Contact Tracing with Conditional Private Set Intersection. In: Garcia-Alfaro, J., Li, S., Poovendran, R., Debar, H., Yung, M. (eds) Security and Privacy in Communication Networks. SecureComm 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 398. Springer, Cham. https://doi.org/10.1007/978-3-030-90019-9_18
Download citation
DOI: https://doi.org/10.1007/978-3-030-90019-9_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-90018-2
Online ISBN: 978-3-030-90019-9
eBook Packages: Computer ScienceComputer Science (R0)