Privacy-preserving Identity Broadcast for Contact Tracing Applications
This addresses privacy risks for users of contact tracing apps, particularly against malicious trackers, but is incremental as it builds on existing secret sharing techniques.
The paper tackles the problem of user identity exposure in wireless contact tracing systems, where a single beacon can reveal identity, by proposing a method based on Shamir secret sharing that only reveals identity after a predefined contact duration, drastically reducing privacy exposure as shown in an evaluation with 18 million BLE sightings.
Wireless Contact tracing has emerged as an important tool for managing the COVID19 pandemic and relies on continuous broadcasting of a person's presence using Bluetooth Low Energy beacons. The limitation of current contact tracing systems in that a reception of a single beacon is sufficient to reveal the user identity, potentially exposing users to malicious trackers installed along the roads, passageways, and other infrastructure. In this paper, we propose a method based on Shamir secret sharing algorithm, which lets mobile nodes reveal their identity only after a certain predefined contact duration, remaining invisible to trackers with short or fleeting encounters. Through data-driven evaluation, using a dataset containing 18 million BLE sightings, we show that the method drastically reduces the privacy exposure of users. Finally, we implemented the approach on Android phones to demonstrate its feasibility and measure performance for various network densities.