Skip to main content
SpringerLink
Log in

Provably Secure Contact Tracing with Conditional Private Set Intersection

  • Conference paper
  • First Online:
Security and Privacy in Communication Networks (SecureComm 2021)

Abstract

The novel coronavirus COVID-19 spreads easily through personal contact, requiring the use of contact tracing to track the spread of the disease. Many existing approaches either trust a public health authority with private data, or publish patients’ data, leading to privacy breaches. Private Set Intersection based on Homomorphic Encryption is a promising solution, but it is limited because the management of keys is challenging and further filtering of contacts is not included. We present a protocol for secure and private conditional contact tracing, allowing the tracking of users’ contacts subject to extra conditions. We construct and apply our new primitive of Conditional Private Set Intersection and combine it with a Trusted Execution Environment (TEE) to construct a protocol with provable security and a high degree of functionality. Our approach moves the memory- and computation-intensive portions of contact tracing out of the TEE to a cloud server. We also present how multi-hop contact tracing can be done with minimal user communication. Our proof-of-concept implementation with Microsoft SEAL allows users to perform their computation in less than 9 min, and the cloud’s per-user computation can be as little as 11 min for a population of 50,000 users with 500 infected (assuming 40 contacts/user) in a day. With other HE libraries/schemes that allows customized parameter sets, our protocol will show much higher scalability.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Altuwaiyan, T., et al.: Epic: efficient privacy-preserving contact tracing for infection detection. In: IEEE ICC, pp. 1–6 (2018)

    Google Scholar 

  2. Apple and Google. Privacy-Preserving Contact Tracing (2020). apple.co/3bFFWzp

  3. Baumgärtner, L., et al.: Mind the GAP: security and privacy risks of contact tracing apps. arXiv preprint (2020). arXiv:2006.05914

  4. Bay, J., et al.: BlueTrace: a privacy-preserving protocol for community-driven contact tracing across borders. Tech. Rep. GovTech-Singapore (2020)

    Google Scholar 

  5. Bell, J., et al.: Tracesecure: towards privacy preserving contact tracing. arXiv preprint arXiv:2004.04059 (2020)

  6. Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (Leveled) fully homomorphic encryption without bootstrapping. ACM TOCT 6(3), 1–36 (2014)

    Google Scholar 

  7. Burke, L.:. New variant meets its first university (2021)

    Google Scholar 

  8. Chen, H., et al.: Fast private set intersection from homomorphic encryption. In: ACM CCS, pp. 1243–1255 (2017)

    Google Scholar 

  9. Chen, H., et al.: Labeled PSI from fully homomorphic encryption with malicious security. In: ACM CCS, pp. 1223–1237 (2018)

    Google Scholar 

  10. Cho, H., Ippolito, D., Yu, Y.W.:. Contact tracing mobile apps for covid-19: Privacy considerations and related trade-offs. arXiv preprint arXiv:2003.11511 (2020)

  11. Ciampi, M., Orlandi, C.: Combining private set-intersection with secure two-party computation. In: Catalano, D., De Prisco, R. (eds) Security and Cryptography for Networks. SCN 2018. Lecture Notes in Computer Science, vol. 11035. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98113-0_25

  12. Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptol. ePrint Arch. 86, 1–118 (2016)

    Google Scholar 

  13. Dave C., Kurt R., Yuriy P., Ryan, G.:. The PALISADE lattice cryptography library (2020). bit.ly/35Bthtz

  14. De Cristofaro, E., Gasti, P., Tsudik, G.: Fast and private computation of cardinality of set Intersection and Union. In: Pieprzyk, J., Sadeghi, A., Manulis, M. (eds.) CANS 2012. LNCS, vol. 7712, pp. 218–231. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35404-5_17

  15. Junfeng Fan, J., Vercauteren, F.: Somewhat practical fully homomorphic encryption. IACR Cryptol. ePrint Arch., 144 (2012)

    Google Scholar 

  16. Centers for Disease Control and Prevention. Appendix A - Glossary of Key Terms (2020). bit.ly/2LljkK0

  17. Garmin. Project Tesserae powered by Garmin (2018). bit.ly/3nI2yBC

  18. Gentry, C., Halevi, S., Smart, N.P.: Homomorphic evaluation of the AES Circuit. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 850–867. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_49

  19. Halevi, S., Shoup, V.: Design and implementation of a homomorphic-encryption library. IBM Research (Manuscript) 6, 12–15 (2013)

    Google Scholar 

  20. Ion, M., et al.: Private intersection-sum protocol with applications to attributing aggregate ad conversions. IACR Cryptol. ePrint Arch. 738 (2017)

    Google Scholar 

  21. Lindell, Y.: How to simulate it-a tutorial on the simulation proof technique. Tutorials on the Foundations of Cryptography, pp. 277–346 (2017)

    Google Scholar 

  22. Liu, S., Jiang, Y., Striegel, A.: Face-to-face proximity estimationusing bluetooth on smartphones. IEEE Trans. Mobile Comput. 13(4), 811–823 (2014)

    Google Scholar 

  23. Lounis, K., Zulkernine, M.: Attacks and defenses in short-range wireless technologies for iot. IEEE Access 8, 88892–88932 (2020)

    Google Scholar 

  24. Michael, K., Abbas, R.: Behind covid-19 contact trace apps: the Google-Apple partnership. IEEE Consumer Electronics Magazine 9(5), 71–76 (2020)

    Google Scholar 

  25. Mofrad, S., Zhang, F., Lu, S., Shi, W.: A comparison study of intel sgx and amd memory encryption technology. In: HASP, pp. 1–8 (2018)

    Google Scholar 

  26. Morgan, A.U., et al.: Remote monitoring of patients with covid-19: design, implementation, and outcomes of the first 3,000 patients in COVID Watch. NEJM Catalyst Innovations in Care Delivery, 1(4) (2020)

    Google Scholar 

  27. Nietzel, M.: Duke University suddenly imposes week-long stay-at-home order on all undergraduates (2021)

    Google Scholar 

  28. Government of Singapore. TraceTogether (2020). www.tracetogether.gov.sg

  29. Benny, P., Eyal, R.: Hashomer-a proposal for a privacy-preserving bluetooth based contact tracing scheme for Hamagen (2020)

    Google Scholar 

  30. Benny, P., Thomas, S., Christian, W., Udi, W.:. Efficient circuit-based PSI via cuckoo hashing. In: EUROCRYPT, pp. 125–157 (2018)

    Google Scholar 

  31. Benny, P., Thomas, S., Michael, Z.: Faster private set intersection based on \(\{\)OT\(\}\) extension. In: Usenix Security, pp. 797–812 (2014)

    Google Scholar 

  32. Ramesh, R., et al.: Apps gone rogue: maintaining personal privacy in an epidemic. arXiv preprint arXiv:2003.08567 (2020)

  33. Raskar, R., Pahwa, D., Beaudry, R.: Contact tracing: holistic solution beyond bluetooth. IEEE Data Eng. Bull 43(2), 67–70 (2020)

    Google Scholar 

  34. Reichert, L., Brack, S., Scheuermann, B.:. Privacy-preserving contact tracing of covid-19 patients. IACR Cryptol. ePrint Arch. 375 (2020)

    Google Scholar 

  35. Riazi, M.S., et al.: HEAX: an architecture for computing on encrypted data. In: ACM ASPLOS, pp. 1295–1309 (2020)

    Google Scholar 

  36. Microsoft SEAL (release 3.6) (2020). bit.ly/3qgKCjd

  37. Singh, P., et al.: Ppcontacttracing: a privacy-preserving contact tracing protocol for covid-19 pandemic. arXiv preprint arXiv:2008.06648 (2020)

  38. Taassori, M., et al.: Vault: reducing paging overheads in SGX with efficient integrity verification structures. In: ASPLOS, pp. 665–678 (2018)

    Google Scholar 

  39. Takeshita, J., et al.: Algorithmic acceleration of B/FV-Like somewhat homomorphic encryption for compute-enabled RAM. In: Dunkelman, O., Jacobson, Jr., M.J., O’Flynn, C. (eds.) SAC 2020. LNCS, vol. 12804, pp. 66–89. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81652-0_3

  40. Tan, B.H.M., et al.: Efficient private comparison queries over encrypted databases using fully homomorphic encryption with finite fields. IEEE TDSC (2020)

    Google Scholar 

  41. Tang, Q.: Privacy-preserving contact tracing: current solutions and open questions. arXiv preprint arXiv:2004.06818 (2020)

  42. Trieu, N., et al.: Epione: lightweight contact tracing with strong privacy. arXiv preprint arXiv:2004.13293 (2020)

  43. Wang, X.S., et al.: Efficient genome-wide, privacy-preserving similar patient query based on private edit distance. In: ACM CCS, pp. 492–503 (2015)

    Google Scholar 

  44. Wu, J., et al.: \(\{\)BLESA\(\}\): spoofing attacks against reconnections in Bluetooth low energy. In: 14th \(\{\)USENIX\(\}\) Workshop on Offensive Technologies (\(\{\)WOOT\(\}\) 20) (2020)

    Google Scholar 

  45. Yasaka, T.M., Lehrich, B.M., Sahyouni, R.:. Peer-to-peer contact tracing: development of a privacy-preserving smartphone app. JMIR Mhealth Uhealth, 8(4), e18936 (2020)

    Google Scholar 

  46. Yoneki, E.: Fluphone study: virtual disease spread using haggle. In: CHANTS, pp. 65–66 (2011)

    Google Scholar 

Download references

Acknowledgement

This work was supported by the Office of the Director of National Intelligence (ODNI), Intelligence Advanced Research Projects Activity (IARPA) via contract #2020–20082700002. Any opinions, findings and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect those of the sponsor. The authors also thank Dr. Alex Perkins (Department of Biological Sciences, University of Notre Dame) for his helpful comments.

Author information

Authors and Affiliations

  1. University of Notre Dame, 46556, Notre Dame IN, USA

    Jonathan Takeshita, Ryan Karl, Alamin Mohammed, Aaron Striegel & Taeho Jung

Authors
  1. Jonathan Takeshita
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ryan Karl
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alamin Mohammed
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Aaron Striegel
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Taeho Jung
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Taeho Jung .

Editor information

Editors and Affiliations

  1. Télécom SudParis, Institut Polytechnique de Paris, Palaiseau, France

    Joaquin Garcia-Alfaro

  2. University of Kent Canterbury, Canterbury, Kent, UK

    Shujun Li

  3. University of Washington, Seattle, WA, USA

    Radha Poovendran

  4. Télécom SudParis, Institut Polytechnique de Paris, Palaiseau, France

    Hervé Debar

  5. Google Inc., New York, NY, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Takeshita, J., Karl, R., Mohammed, A., Striegel, A., Jung, T. (2021). Provably Secure Contact Tracing with Conditional Private Set Intersection. In: Garcia-Alfaro, J., Li, S., Poovendran, R., Debar, H., Yung, M. (eds) Security and Privacy in Communication Networks. SecureComm 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 398. Springer, Cham. https://doi.org/10.1007/978-3-030-90019-9_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-90019-9_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-90018-2

  • Online ISBN: 978-3-030-90019-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation