A Privacy-Preserving Solution for Proximity Tracing Avoiding Identifier Exchanging
This addresses privacy concerns in contact tracing apps for public health during epidemics like COVID-19, though it is incremental as it builds on existing GPS and Bluetooth methods.
The paper tackles the privacy and security issues in digital contact tracing by proposing a solution that uses GPS for proximity detection and Bluetooth for accuracy enhancement, without exchanging identifiers or using complex cryptography, ensuring the server learns no user locations.
Digital contact tracing is one of the actions useful, in combination with other measures, to manage an epidemic diffusion of an infection disease in an after-lock-down phase. This is a very timely issue, due to the pandemic of COVID-19 we are unfortunately living. Apps for contact tracing aim to detect proximity of users and to evaluate the related risk in terms of possible contagious. Existing approaches leverage Bluetooth or GPS, or their combination, even though the prevailing approach is Bluetooth-based and relies on a decentralized model requiring the mutual exchange of ephemeral identifiers among users' smartphones. Unfortunately, a number of security and privacy concerns exist in this kind of solutions, mainly due to the exchange of identifiers, while GPS-based solutions (inherently centralized) may suffer from threats concerning massive surveillance. In this paper, we propose a solution leveraging GPS to detect proximity, and Bluetooth only to improve accuracy, without enabling exchange of identifiers. Unlike related existing solutions, no complex cryptographic mechanism is adopted, while ensuring that the server does not learn anything about locations of users.