Several countries adopted the Google & Apple exposure notification system (GAEN) to slow the spread of the SARS-CoV-2 virus down. GAEN promised to guarantee security and privacy through a decentralized approach. In this paper, we report several relevant privacy and integrity threats in GAEN, including new attacks. GAEN's security issues are not inherent risks of contact tracing systems. Indeed, we also propose a system named Pronto-B2 which enjoys a much better resilience with respect to mass surveillance and replay attacks.

Privacy and Integrity Threats in Contact Tracing Systems and Their Mitigations

Iovino V.;Visconti I.
2023-01-01

Abstract

Several countries adopted the Google & Apple exposure notification system (GAEN) to slow the spread of the SARS-CoV-2 virus down. GAEN promised to guarantee security and privacy through a decentralized approach. In this paper, we report several relevant privacy and integrity threats in GAEN, including new attacks. GAEN's security issues are not inherent risks of contact tracing systems. Indeed, we also propose a system named Pronto-B2 which enjoys a much better resilience with respect to mass surveillance and replay attacks.
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11386/4817794
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? 0
social impact