Pan-European Privacy-Preserving Proximity Tracing
Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT/PEPP) is a full-stack open protocol[3] designed to facilitate digital contact tracing of infected participants.[4] The protocol was developed in the context of the ongoing COVID-19 pandemic. The protocol, like the competing Decentralized Privacy-Preserving Proximity Tracing (DP-3T) protocol,[5] makes use of Bluetooth LE to discover and locally log clients near a user. However, unlike DP-3T, it uses a centralized reporting server to process contact logs and individually notify clients of potential contact with an infected patient.[6]:section. 3.2[7] This approaches compromises privacy, but has the benefit of human-in-the-loop checks and health authority verification.[7] While users are not expected to register with their real name,[8]:p. 13 the back-end server processes pseudonymous personal data capable of being reidentified.[9]
Developed by | PePP-PT e.V. i.Gr.[1] |
---|---|
Introduced | April 1, 2020 |
Industry | Digital contact tracing |
Compatible hardware | Android & iOS smartphones |
Physical range | ~10 m (33 ft)[2] |
Technical specification
The protocol can be divided into two broad responsibilities, local device encounters and logging, and transmission of contact logs to a central health authority. These two areas will be referred to as the encounter handshake and infection reporting respectively. Additionally authentication, notification, and other minor responsibilities of the protocol are defined.[10]
Authentication
Authentication during registration is required to prevent malicious actors from creating a multiple false user accounts, using them to interfere with the system. In order to preserve the anonymity of the users, traditional authentication models using static identifiers such as email addresses or phone numbers could not be employed. Rather, the protocol uses a combination of a proof-of-work challenge and CAPTCHA.[8]:p. 11 The suggested proof-of-work algorithm is scrypt as defined in RFC7914, popularized in various blockchain systems such as Dogecoin[11] and Litecoin.[12] Scrypt was chosen because it is memory bound rather than CPU bound.[13] Once a user registers with the app, they are issued a unique 128 bit pseudo-random identifier (PUID) by the server. It will be marked inactive until the app solves the PoW challenge with the input parameters of , a cost factor of 2, and a block size of 8. Once completed, OAuth2 credentials are issued to the client to authenticate all future requests.[14]
Encounter handshake
When two clients encounter each other, they must exchange and log identifying details. In order to prevent the tracking of clients over time through the use of static identifiers, clients exchange time sensitive temporary IDs issued by the central server. In order to generate these temporary IDs, the central server generates a global secret key , which is used to calculate all temporary IDs for a short timeframe . From this an Ephemeral Bluetooth ID (EBID) is calculated for each user with the algorithm where is the AES encryption algorithm. These EBIDs are used by the clients as the temporary IDs in the exchange. EBIDs are fetched in forward dated batches to account for poor internet access.[14]
Clients then constantly broadcast their EBID under the PEPP-PT Bluetooth service identifier, while also scanning for other clients. If another client is found, the two exchange and log EBIDs, along with metadata about the encounter such as the signal strength and a timestamp.[14]
Infection reporting
When a user, out of band, has been confirmed positive for infection the patient is asked to upload their contact logs to the central reporting server. If the user consents, the health authority issues a key authorizing the upload. The user then transmits the contact log over HTTPS to the reporting server to be processed.[14]
Once the reporting server has received a contact log, each entry is run through a proximity check algorithm to reduce the likelihood of false positives. The resulting list of contact is manually confirmed and they, along with a random sample of other users, are sent a message containing a random number and message hash. This message serves to wake up the client and have them check the server for new reports. If the client is on the list of confirmed users, the server will confirm potential infection to the client which will in turn warn the user. If a client is in the random sample, it will receive a response with no meaning. The reason a random sample of users is sent a message for every report is so that eavesdroppers are not able to determine who is at risk for infection by listening to communication between the client and server.[14]
Controversy
The Helmholtz Center for Information Security (CISPA) confirmed in a press release on April 20, 2020 that it was withdrawing from the consortium, citing a 'lack of transparency and clear governance' as well as data protection concerns around the PEPP-PT design.[15] The École Polytechnique Fédérale de Lausanne, ETH Zurich, KU Leuven and the Institute for Scientific Interchange withdrew from the project in the same week.[16][17][18] This group was also responsible for the development of the competing Decentralized Privacy-Preserving Proximity Tracing protocol.[19]
On 20 April 2020, an open letter was released signed by over 300 security and privacy academics from 26 countries criticising the approach taken by PEPP-PT, stating that 'solutions which allow reconstructing invasive information about the population should be rejected without further discussion'.[16][18][17][20][21]
See also
- Decentralized Privacy-Preserving Proximity Tracing
- BlueTrace
- Google / Apple contact tracing project
- TCN Protocol
References
- "DATENSCHUTZ | Pepp-Pt". Pepp Pt (in German). Retrieved 2020-04-20.
- Sponås, Jon Gunnar. "Things You Should Know About Bluetooth Range". blog.nordicsemi.com. Retrieved 2020-04-12.
- "PEPP-PT License". GitHub. 2020-04-19. Retrieved 2020-04-22.
- "Europe's PEPP-PT COVID-19 contacts tracing standard push could be squaring up for a fight with Apple and Google". TechCrunch. Retrieved 2020-04-20.
- "DP-3T whitepaper" (PDF). GitHub. Retrieved 2020-04-22.
- "PEPP-PT High Level Overview" (PDF). GitHub. Retrieved 2020-04-20.
- Jason Bay, Joel Kek, Alvin Tan, Chai Sheng Hau, Lai Yongquan, Janice Tan, Tang Anh Quy. "BlueTrace: A privacy-preserving protocol for community-driven contact tracing across borders" (PDF). Government Technology Agency. Retrieved 2020-04-12.CS1 maint: multiple names: authors list (link)
- "PEPP-PT Data Protection Information Security Architecture" (PDF). GitHub. Retrieved 2020-04-20.
- "Security and privacy analysis of the document 'PEPP-PT: Data Protection and Information Security Architecture'" (PDF). 19 April 2020.
- pepp-pt/pepp-pt-documentation, PEPP-PT, 2020-06-16, retrieved 2020-06-24
- "Dogecoin mining calculator - Scrypt ⛏️". minerstat. Retrieved 2020-04-20.
- Asolo, Bisola (2018-03-29). "Litecoin Scrypt Algorithm Explained". Mycryptopedia. Retrieved 2020-04-20.
- Jo¨el Alwen1 , Binyi Chen2 , Krzysztof Pietrzak , Leonid Reyzin , and Stefano Tessaro (2016). "Scrypt is Maximally Memory-Hard" (PDF). Retrieved 2020-04-21.CS1 maint: multiple names: authors list (link)
- "pepp-pt/pepp-pt-documentation/blob/master/10-data-protection/PEPP-PT-data-protection-information-security-architecture-Germany.pdf" (PDF). GitHub. Retrieved 2020-06-24.
- sebastian.kloeckner (2020-04-20). "Contact Tracing App for the SARS-CoV-2 pandemic". Helmholtz Center for Information Security (CISPA). Retrieved 2020-04-20.
- "Das gefährliche Chaos um die Corona-App". www.tagesspiegel.de (in German). Retrieved 2020-04-20.
- SPIEGEL, DER. "Projekt Pepp-PT: Den Tracing-App-Entwicklern laufen die Partner weg - DER SPIEGEL - Netzwelt". www.spiegel.de (in German). Retrieved 2020-04-20.
- "ZEIT ONLINE | Lesen Sie zeit.de mit Werbung oder imPUR-Abo. Sie haben die Wahl". www.zeit.de. Retrieved 2020-04-20.
- "DP-3T whitepaper" (PDF). GitHub. Retrieved 2020-04-22.
- Zeitung, Süddeutsche. "Corona-App: Streit um Pepp-PT entbrannt". Süddeutsche.de (in German). Retrieved 2020-04-20.
- editor, Alex Hern Technology (2020-04-20). "Digital contact tracing will fail unless privacy is respected, experts warn". The Guardian. ISSN 0261-3077. Retrieved 2020-04-20.CS1 maint: extra text: authors list (link)