TraceCORONA is designed to be not only a tracing app, but a system concept that allows the TraceCORONA tracing component as well as other possible tracing apps to integrate into a secure health platform for private healthcare-related services over a well-defined secure interface.
The new strain of coronavirus causing the respiratory disease COVID-19 spreads rapidly around the globe and became a global pandemic in just 3-4 months from the beginning of its existence (reference). The social distancing and contact tracing became key strategies in slowing down the spread of the virus, and it is likely they will remain primary countermeasures until specific COVID-19 treatment becomes available.
So far, contact tracing is often performed manually and requires significant efforts from public health stuff workers to help infected patients to recall their close social contacts and use this information to build infection chains (reference). While obtained with high efforts, this information may be incomplete or even erroneous; resulting in overestimation extra costs for unnecessary testing and underestimation and missing cases. Hence, new methods for more reliable, precise and cost-effective contact tracing are needed.
Using advanced digital tracing apps on mobile devices can help reduce manual effort and significantly increase tracing accuracy. This has already been successfully demonstrated in Asia (e.g., Singapore, China, Korea). However, Asian tracking technologies do not consider privacy requirements and collect highly sensitive data from individuals, such us their geographical locations and encountered contacts, by centralized servers. However, different counties have different data protection and privacy regulations, and in particular, US and European countries have more restrictive regulations that prohibit collection of privacy-sensitive data in clear form. Hence, in Europe and US scientists and technologists are investing effort in developing tracing apps that can provide an appropriate level of privacy.
Our approach, dubbed TraceCORONA, uses Bluetooth Low Energy and the ECDH key exchange algorithm to exchange tokens, which stay on the users' local devices. The tokens are only distributed among other app users in case of confirmed infection, and even in this case the tokens are disseminated in anonymized form. Only the owners of the original token, which are the two people who originally met, can identify the contact match; figure out when the contact was established for how long it lasted. Hence, the solution is privacy preserving and rules out tracing of users or de-anonymizing infected and endangered users even by the service provider who is collecting and disseminating encounter tokens.
TraceCORONA is developed by an international team of researchers and industry partners spearheaded by the System Security Lab at TU Darmstadt. We are proud to be part of this project.
More information at https://tracecorona.net/
People involved: Prof. A. Dmitrienko, Filipp Roos
Digital Contact Tracing Solutions: Promises, Pitfalls and Challenges. in Cryptology ePrint Archive (2022).
Digital contact Tracing solutions: Promises, Pitfalls and Challenges. in ArXiv I arXiv 2202.06698v2 (October 2022) (2022).
Digital Contact Tracing Solutions: Promises, Pitfalls and Challenges. in IEEE Transactions on Emerging Topics in Computing (2022).
Security and Privacy Aspects of Digital Contact Tracing. Thesis; University of Würzburg. (2021, October).
Security Analysis of UniNow App. Thesis; University of Würzburg. (2021, June).
Contact Tracing by Giant Data Collectors: Opening Pandora’s Box of Threats to Privacy, Sovereignty and National Security. (2020).
Mind the GAP: Security & Privacy Risks of Contact Tracing Apps. in TrustCom, Security Track (2020).
Mind the GAP: Security & Privacy Risks of Contact Tracing Apps. in ArXiv | arXiv:2006.05914v2 (2020).