Spiridon Bakiras

Pietro Tedeschi, Spiridon Bakiras, Roberto Di Pietro

A plethora of contact tracing apps have been developed and deployed in several countries around the world in the battle against Covid-19. However, people are rightfully concerned about the security and privacy risks of such applications. To this end, the contribution of this work is twofold. First, we present an in-depth analysis of the security and privacy characteristics of the most prominent contact tracing protocols, under both passive and active adversaries. The results of our study indicate that all protocols are vulnerable to a variety of attacks, mainly due to the deterministic nature of the underlying cryptographic protocols. Our second contribution is the design and implementation of SpreadMeNot, a novel contact tracing protocol that can defend against most passive and active attacks, thus providing strong (provable) security and privacy guarantees that are necessary for such a sensitive application. Our detailed analysis, both formal and experimental, shows that SpreadMeNot satisfies security, privacy, and performance requirements, hence being an ideal candidate for building a contact tracing solution that can be adopted by the majority of the general public, as well as to serve as an open-source reference for further developments in the field.

Pietro Tedeschi, Kang Eun Jeon, James She et al.

Contact tracing is the techno-choice of reference to address the COVID-19 pandemic. Many of the current approaches have severe privacy and security issues and fail to offer a sustainable contact tracing infrastructure. We address these issues introducing an innovative, privacy-preserving, sustainable, and experimentally tested architecture that leverages batteryless BLE beacons.

Pietro Tedeschi, Spiridon Bakiras, Roberto Di Pietro

Contact tracing promises to help fight the spread of Covid-19 via an early detection of possible contagion events. To this end, most existing solutions share the following architecture: smartphones continuously broadcast random beacons that are intercepted by nearby devices and stored into their local contact logs. In this paper, we propose an IoT-enabled architecture for contact tracing that relaxes the smartphone-centric assumption, and provide a solution that enjoys the following features: (i) it reduces the overhead on the end-user to the bare minimum -- the mobile device only broadcasts its beacons; (ii) it provides the user with a degree of privacy not achieved by competing solutions -- even in the most privacy adverse scenario, the solution provides k-anonymity; and, (iii) it is flexible: the same architecture can be configured to support several models -- ranging from the fully decentralized to the fully centralized ones -- and the system parameters can be tuned to support the tracing of several social interaction models. We also highlight open issues and discuss a number of future research directions.