A Privacy-Preserving Contact Tracing System based on a Publish-Subscribe Model

Mikaella F. da Silva; Bruno P. Santos; Paulo H. L. Rettore; Vinícius F. S. Mota

doi:10.5753/jisa.2024.3781

Authors

Mikaella F. da Silva Universidade Federal do Espírito Santo https://orcid.org/0009-0005-1009-3014
Bruno P. Santos Universidade Federal da Bahia https://orcid.org/0000-0003-4501-2323
Paulo H. L. Rettore Franhouffer https://orcid.org/0000-0002-5491-7274
Vinícius F. S. Mota Universidade Federal do Espírito Santo https://orcid.org/0000-0002-8341-8183

DOI:

https://doi.org/10.5753/jisa.2024.3781

Keywords:

Contact tracing, Privacy, Anonymity

Abstract

In the context of the COVID-19 pandemic, using contact-tracking apps and measures such as social isolation and mask-wearing has emerged as an efficient strategy to mitigate the spread of the virus. Nonetheless, these apps have raised privacy concerns. This paper introduces a technique for enhancing Privacy in contact-tracing systems while preserving the data for research purposes. The contact-tracing system employs a unique identifier signed with a key associated with the application and the user. In this system, mobile devices serve as sensors sending beacons, actively detecting nearby devices, and transmitting the identifiers of surrounding contacts to a cloud-based platform. When a user reports a positive COVID-19 diagnosis, a dedicated web service identifies and tracks the identifiers associated with at-risk contacts. The system uses a topic-based publish-subscribe broker, and each identifier represents an individual topic to abstract contact communication and disseminate alert messages. To assess the system's efficacy, we conducted a use case with twenty volunteers using the mobile application for two weeks, representing a small university campus. The quantitative results of the use case demonstrated the system's capability of analyzing potential virus transmission and observing user's social interactions while maintaining their anonymity.

Downloads

Download data is not yet available.

References

Ahmed, N., Michelin, R. A., Xue, W., Ruj, S., Malaney, R., Kanhere, S. S., Seneviratne, A., Hu, W., Janicke, H., and Jha, S. K. (2020). A survey of covid-19 contact tracing apps. IEEE access, 8:134577-134601. DOI: 10.1109/ACCESS.2020.3010226.

Ali, Y. and Khan, H. U. (2023). A survey on harnessing the applications of mobile computing in healthcare during the covid-19 pandemic: Challenges and solutions. Computer Networks, 224:109605. DOI: 10.1016/j.comnet.2023.109605.

AltBeacon.org (2014). Altbeacon protocol specification v1.0. Available online [link].

Apple and Google (2023). Privacy-preserving contact tracing. Available online [link].

Avitabile, G., Botta, V., Iovino, V., and Visconti, I. (2020). Towards defeating mass surveillance and sars-cov-2: The pronto-c2 fully decentralized automatic contact tracing system. Cryptology ePrint Archive. DOI: 10.1109/MIC.2022.3213870.

Bay, J., Kek, J., Tan, A., Hau, C. S., Yongquan, L., Tan, J., and Quy, T. A. (2020). Bluetrace: A privacy-preserving protocol for community-driven contact tracing across borders. Government Technology Agency-Singapore, Tech. Rep, 18. Available online [link].

Canetti, R., Trachtenberg, A., and Varia, M. (2020). Anonymous collocation discovery: Harnessing privacy to tame the coronavirus. arXiv preprint. DOI: 10.48550/arXiv.2003.13670.

Castelluccia, C., Bielova, N., Boutet, A., Cunche, M., Lauradoux, C., Le Métayer, D., and Roca, V. (2020). ROBERT: ROBust and privacy-presERving proximity Tracing. Available online [link].

Cho, H., Ippolito, D., and Yu, Y. W. (2020). Contact tracing mobile apps for covid-19: Privacy considerations and related trade-offs. arXiv preprint. DOI: 10.48550/arXiv.2003.11511.

Danquah, L. O., Hasham, N., MacFarlane, M., Conteh, F. E., Momoh, F., Tedesco, A. A., Jambai, A., Ross, D. A., and Weiss, H. A. (2019). Use of a mobile application for Ebola contact tracing and monitoring in northern Sierra Leone: a proof-of-concept study. BMC infectious diseases, 19(1):1-12. DOI: 10.1186/s12879-019-4354-z.

Duan, S. X. and Deng, H. (2022). Exploring privacy paradox in contact tracing apps adoption. Internet Research, 32(5):1725-1750. DOI: 10.1108/INTR-03-2021-0160.

Elavarasan, R. M. and Pugazhendhi, R. (2020). Restructured society and environment: A review on potential technological strategies to control the COVID-19 pandemic. Science of the Total Environment, 725:138858. DOI: 10.1016/j.scitotenv.2020.138858.

Fahliani, A. A., Payer, M., and Aminifar, A. (2023). DP-ACT: Decentralized Privacy-Preserving Asymmetric Digital Contact Tracing. In 24th Privacy Enhancing Technologies Symposium, PETS 2024. DOI: 10.56553/popets-2024-0019.

Gov, I. (2020). Aarogya setu mobile app. Available online [link].

Gupta, N. K. (2016). Inside Bluetooth low energy. Artech House. Book.

Gupta, R., Bedi, M., Goyal, P., Wadhera, S., and Verma, V. (2020). Analysis of covid-19 tracking tool in india: Case study of aarogya setu mobile application. Digital Government: Research and Practice, 1(4):1-8. DOI: 10.1145/3416088.

Gvili, Y. (2020). Security analysis of the COVID-19 contact tracing specifications by Apple Inc. and Google Inc. Cryptology ePrint Archive. Available online [link].

Hossmann, T., Spyropoulos, T., and Legendre, F. (2011). A complex network analysis of human mobility. In 2011 IEEE conference on computer communications workshops (INFOCOM WKSHPS), pages 876-881. IEEE. DOI: 10.1109/INFCOMW.2011.5928936.

Jiang, T., Zhang, Y., Zhang, M., Yu, T., Chen, Y., Lu, C., Zhang, J., Li, Z., Gao, J., and Zhou, S. (2022). A survey on contact tracing: the latest advancements and challenges. ACM Transactions on Spatial Algorithms and Systems (TSAS), 8(2):1-35. DOI: 10.1145/3494529.

Juneau, C.-E., Briand, A.-S., Collazzo, P., Siebert, U., and Pueyo, T. (2023). Effective contact tracing for COVID-19: A systematic review. Global Epidemiology, page 100103. DOI: 10.1016/j.gloepi.2023.100103.

Lee, E., Park, K., Park, D. J., Kim, J., and Jo, C. (2021). Locally testable privacy-preserving contact tracing protocol without exposing secret seed. In IEEE International Conference on Consumer Electronics (ICCE), pages 1-5. DOI: 10.1109/ICCE50685.2021.9427587.

Leung, K. Y., Metting, E., Ebbers, W., Veldhuijzen, I., Andeweg, S. P., Luijben, G., de Bruin, M., Wallinga, J., and Klinkenberg, D. (2024). Effectiveness of a COVID-19 contact tracing app in a simulation model with indirect and informal contact tracing. Epidemics, 46:100735. DOI: 10.1016/j.epidem.2023.100735.

Li, X., Wu, W., and Chen, T. (2024). Blockchain-Driven Privacy-Preserving Contact-Tracing Framework in Pandemics. IEEE Transactions on Computational Social Systems. DOI: 10.48550/arXiv.2202.09407.

Liu, M., Zhang, Z., Chai, W., and Wang, B. (2023). Privacy-preserving COVID-19 contact tracing solution based on blockchain. Computer standards & interfaces, 83:103643. DOI: 10.1016/j.csi.2022.103643.

McLachlan, S., Lucas, P., Dube, K., Hitman, G. A., Osman, M., Kyrimi, E., Neil, M., and Fenton, N. E. (2020). Bluetooth Smartphone Apps: Are they the most private and effective solution for COVID-19 contact tracing? arXiv preprint. DOI: 10.48550/arXiv.2005.06621.

Michael, K. and Abbas, R. (2020). Behind COVID-19 contact trace apps: The Google-Apple partnership. IEEE Consumer electronics magazine, 9(5):71-76. DOI: 10.1109/MCE.2020.3002492.

Morio, K., Esiyok, I., Jackson, D., and Künnemann, R. (2023). Automated security analysis of exposure notification systems. In USENIX Security Symposium, pages 1-18. USENIX Association. Available online [link].

National Human Rights Commission of Korea (2020). Nhrck chairperson’s statement on excessive disclosure of private information of covid-19 patients. Available in [link], Last access 02/06/2022.

Rivest, R. L., Callas, J., Canetti, R., Esvelt, K., Gillmor, D. K., Kalai, Y. T., Lysyanskaya, A., Norige, A., Raskar, R., Shamir, A., et al. (2020). The PACT protocol specification. Private Automated Contact Tracing Team, MIT, Cambridge, MA, USA, Tech. Rep. 0.1. Available online [link].

Rizi, A. K., Keating, L. A., Gleeson, J. P., O'Sullivan, D. J., and Kivelä, M. (2024). Effectiveness of contact tracing on networks with cliques. Physical Review E, 109(2):024303. DOI: 10.48550/arXiv.2304.10405.

Smith, P., Sarkar, S., Patwari, N., and Kasera, S. (2024). On Passive Privacy-Preserving Exposure Notification Using Hash Collisions. IEEE Internet of Things Journal. DOI: 10.1109/JIOT.2024.3353255.

Stevens, H. and Haines, M. B. (2020). Tracetogether: pandemic response, democracy, and technology. East Asian Science, Technology and Society: An International Journal, 14(3):523-532. DOI: 10.1215/18752160-8698301.

Stutzman, F. and Hartzog, W. (2012). Obscurity by design: An approach to building privacy into social media. Available online [link].

Trieu, N., Shehata, K., Saxena, P., Shokri, R., and Song, D. (2020). Epione: Lightweight contact tracing with strong privacy. arXiv preprint. DOI: 10.48550/arXiv.2004.13293.

Troncoso, C., Payer, M., Hubaux, J.-P., Salathé, M., Larus, J., Bugnion, E., Lueks, W., Stadler, T., Pyrgelis, A., Antonioli, D., et al. (2020). Decentralized privacy-preserving proximity tracing. arXiv preprint. DOI: 10.48550/arXiv.2005.12273.

Vaudenay, S. (2020). Centralized or decentralized? the contact tracing dilemma. Cryptology ePrint Archive, Paper 2020/531. Available online [link] Last access in 06/02/2023.

Wahid, M. A., Bukhari, S. H. R., Daud, A., Awan, S. E., and Raja, M. A. Z. (2023). Covict: an iot based architecture for covid-19 detection and contact tracing. Journal of Ambient Intelligence and Humanized Computing, 14(6):7381-7398. DOI: 10.1007/s12652-022-04446-z.

World Health Organization (2020). Contact tracing in the context of covid-19. Available online [link] Last access 27/03/2023.

A Privacy-Preserving Contact Tracing System based on a Publish-Subscribe Model

Authors

DOI:

Keywords:

Abstract

Downloads

References

Downloads

Published

How to Cite

Issue

Section

License

Metrics:

Make a Submission