nach oben

Erschienen in:

2021 | OriginalPaper | Buchkapitel

Terrorist Attacks for Fake Exposure Notifications in Contact Tracing Systems

verfasst von : Gennaro Avitabile, Daniele Friolo, Ivan Visconti

Erschienen in: Applied Cryptography and Network Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In this work we show that an adversary can attack the integrity of contact tracing systems based on Google-Apple Exposure Notifications (GAEN) by leveraging blockchain technology. We show that through smart contracts there can be an on-line market where infected individuals interested in monetizing their status can upload to the servers of the GAEN-based systems some keys (i.e., TEKs) chosen by a non-infected adversary. In particular, the infected individual can anonymously and digitally trade the upload of TEKs without a mediator and without running risks of being cheated. This vulnerability can therefore be exploited to generate large-scale fake exposure notifications of at-risk contacts with serious consequences (e.g., jeopardizing parts of the health system, affecting results of elections, imposing the closure of schools, hotels or factories).

As main contribution, we design a smart contract with two collateral deposits that works, in general, on GAEN-based systems. We then also suggest the design of a more sophisticated smart contract, using DECO, that could be used to attack in a different way GAEN-based systems (i.e., this second smart contract can succeed even in case GAEN systems are repaired making ineffective the first smart contract).

Our work shows how to realize with GAEN-based systems (in particular with Immuni and SwissCovid), the terrorist attack to decentralized contact tracing systems envisioned by Vaudenay.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Up My Sleeve! A Hidden Secure Fallback for Cryptocurrency Wallets

Nächstes Kapitel Unlinkable and Invisible -Sanitizable Signatures

Nur mit Berechtigung zugänglich

EU eHealth Network: European Proximity Tracing. An Interoperability Architecture https://lasec.epfl.ch/people/vaudenay/swisscovid/swisscovid-ana.pdf.

For example, metadata include information useful to estimate the distance among the smartphones which clearly impacts on estimating the risk of a contact.

Google: Exposure Notification Reference Key Server https://google.github.io/exposure-notifications-server/.

Sometimes for brevity we will just say GAEN systems.

Google: Exposure Notification Specification https://blog.google/documents/69/Exposure_Notification_-_Cryptography_Specification_v1.2.1.pdf.

Obviously, the smart contract can be adjusted so that, in case the buyer does not give his approval and the seller shows that she completed successfully her part of the contract, the expensive transactions costs due to the lack of help from the buyer are charged to the wallet of the buyer. A simple way to realize this could be asking for an additional deposit made by the buyer which could clearly cover the transaction costs of the seller in case the buyer does not give his approval and the seller shows that she successfully completed the upload procedure.

Decentralized Privacy-Preserving Proximity Tracing https://github.com/DP-3T/documents/blob/master/DP3T%20White%20Paper.pdf.

In GAEN, depending on the particular application, this time may amount to up 14 days if the adversary colludes with the authorities, and to one day assuming TEKs are properly mixed and anonymized prior to publication.

Swiss National Cyber Security Center: Security Issue Submission [INR-4434]. Detailed analysis. https://www.melani.admin.ch/dam/melani/de/dokumente/2020/INR-4434_NCSC_Risk_assessment.pdf.download.pdf/INR-4434_NCSC_Risk_assessment.pdf.

Swiss National Cyber Security Center: SwissCovid Proximity Tracing System - Public Security Test, page 8 https://www.melani.admin.ch/dam/melani/de/dokumente/2020/SwissCovid_Public_Security_Test_Current_Findings.pdf.download.pdf/SwissCovid_Public_Security_Test_Current_Findings.pdf.

Indeed, see the case of UK that tried to develop a system without GAEN but had to give up https://www.bbc.com/news/technology-53095336.

Apple: Setting Up an Exposure Notification Server https://developer.apple.com/documentation/exposurenotification/setting_up_an_exposure_notification_server. Google: Exposure Key export file format and verification https://developers.google.com/android/exposure-notifications/exposure-key-file-format.

COVID-19 by itself caused a global economic crisis which led to lower wages and job losses. More details at https://en.wikipedia.org/wiki/COVID-19_recession.

The maximum number of TEKs that can be uploaded in one shot depends on the particular contact tracing system.

Code available at https://github.com/danielefriolo/TEnK-U.

The one we used for signature verification is available at https://github.com/tdrerup/elliptic-curve-solidity.

The cost of 45000 of gas includes TEK extraction, hashing of the export file for signature verification, checking if the stored TEKs are in the extracted ones. To simplify the gas evaluation, we assume that \(\mathcal {B} \) stores only one TEK in the contract.

The infected person also commits a violation by allowing the injection of fake TEKs.

10 requirements for the evaluation of “Contact Tracing" apps https://www.ccc.de/en/updates/2020/contact-tracing-requirements.

Criteria for the Evaluation of Contact Tracing Apps https://github.com/corona-warn-app/cwa-documentation/blob/ec703906c109bd7c3cc84bc361b7e703b20650ea/pruefsteine.md.

https://github.com/immuni-app/immuni-documentation.

Corona-Warn-App Solution Architecture https://github.com/corona-warn-app/cwa-documentation/blob/master/solution_architecture.md.

Google: Exposure Notification Verification Server https://developers.google.com/android/exposure-notifications/verification-system.

In Paparazzi attack, through passive antennas one can link pseudonyms used by an infected user tracing him over the duration of a TEK or for more days if the TEKs are linked. Therefore leaving open the possibility to link such data to a person’s real identity would be extremely incautious.

In this analysis, we refer only to contact tracing system data and messages exchanged via the blockchain during the execution of the attack. We do not take into account border-line situations as, for example, the case where there is only a single infected individual. We also ignore additional information that may help investigators figuring out who the seller is, for example how the money are spent after the trade.

Once a contact tracing system handles his public key to Google, it can completely rely on GAEN APIs to perform signature verification without storing the public key in clear to the app source code (see https://developers.google.com/android/exposure-notifications/exposure-key-file-format for more details).

Keeping a private state inside a smart contract is not possible and computationally intensive operations generate high costs.

More on Tor hidden services can be found at https://2019.www.torproject.org/docs/onion-services.

Interestingly, in June the timeout of a TLS session with both Immuni and SwissCovid upload servers was limited to 5 min, but it has been then extended to two hours.

See CovidCode-Service configuration https://github.com/admin-ch/CovidCode-Service/blob/develop/src/main/resources/application-prod.yml.

This can be inferred from the communication. For example, as in SwissCovid (see SwissCovid Server Controller: https://github.com/DP-3T/dp3t-sdk-backend/blob/a730a5b276591e5cc8b6c609e2b0ba29c6069eb6/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/GaenController.java), \(\mathsf {S}\) may reply \(\mathcal {P} \) with either a success message such as “200 OK" or an error message.

During the chunk splitting, some TEKs may be cut in half. The smart contract should take care of the first and the last bits of each chunk and reconstruct the missing information.

This change occurred in the 4th export file.

Auerbach, B., et al.: Inverse-sybil attacks in automated contact tracing. In: Proceedings of CT-RSA. volume to appear (2021)

Avitabile, G., Friolo, D., Visconti, I.: Tenk-u: terrorist attacks for fake exposure notifications in contact tracing systems. IACR Cryptol. ePrint Arch. 2020, 1150 (2020)

Baumgärtner, L., et al.: Mind the GAP: security and privacy risks of contact tracing apps. In: TrustCom 2020, Security Track, pp. 458–467 (2020)

Dehaye, P., Reardon, J.: Proximity tracing in an ecosystem of surveillance capitalism. CoRR abs/2009.06077 (2020)

Dehaye, P., Reardon, J.: Swisscovid: a critical analysis of risk assessment by swiss authorities. CoRR abs/2006.10719 (2020)

Dingledine, R., Mathewson, N., Syverson, P.F.: Tor: the second-generation onion router. In: USENIX, pp. 303–320 (2004)

European Commission: Guidance on apps supporting the fight against COVID 19 pandemic in relation to data protection. Official Journal of the European Union (2020). https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52020XC0417(08)&from=EN

Immuni Team: Immuni’s high-level description (2020). https://github.com/immuni-app/immuni-documentation. Accessed 23 Aug 2020

Iovino, V., Vaudenay, S., Vuagnoux, M.: On the effectiveness of time travel to inject Covid-19 alerts. In: Proceedings of CT-RSA. volume to appear (2021)

10.

Legendre, F., Humbert, M., Mermoud, A., Lenders, V.: Contact tracing: an overview of technologies and cyber risks. CoRR abs/2007.02806 (2020). https://arxiv.org/abs/2007.02806

11.

Leith, D., Farrell, S.: Testing apps for COVID-19 tracing (TACT) (2020). https://down.dsg.cs.tcd.ie/tact/. Accessed 23 Aug 2020

12.

Leith, D.J., Farrell, S.: Coronavirus contact tracing: evaluating the potential of using bluetooth received signal strength for proximity detection. Comput. Commun. Rev. 50(4), 66–74 (2020)CrossRef

13.

Liao, K., Katz, J.: Incentivizing blockchain forks via whale transactions. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 264–279. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_17CrossRef

14.

Maram, D., et al.: Candid: Can-do decentralized identity with legacy compatibility, sybil-resistance, and accountability. IACR Cryptol. ePrint Arch. 2020, 934 (2020). https://eprint.iacr.org/2020/934

15.

McCorry, P., Hicks, A., Meiklejohn, S.: Smart contracts for bribing miners. In: Zohar, A., et al. (eds.) FC 2018. LNCS, vol. 10958, pp. 3–18. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-662-58820-8_1CrossRef

16.

Nadahalli, T., Khabbazian, M., Wattenhofer, R.: Timelocked bribing. In: Financial Cryptography. volume to appear (2021)

17.

Pietrzak, K.: Delayed authentication: preventing replay and relay attacks in private contact tracing. In: Bhargavan, K., Oswald, E., Prabhakaran, M. (eds.) INDOCRYPT 2020. LNCS, vol. 12578, pp. 3–15. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-65277-7_1CrossRef

18.

Rosario Gennaro, A.K., Krellenstein, J.: Exposure notification system may allow for large-scale voter suppression (2020). https://static1.squarespace.com/static/5e937afbfd7a75746167b39c/t/5f47a87e58d3de0db3da91b2/1598531714869/Exposure_Notification.pdf. Accessed 23 Aug 2020

19.

Semaphore Team: Semaphore. https://semaphore.appliedzkp.org/. Accessed 15 Sept 2020

20.

Swiss Federal Office of Public Health: New coronavirus: Swisscovid app and contact tracing (2020). https://www.bag.admin.ch/bag/en/home/krankheiten/ausbrueche-epidemien-pandemien/aktuelle-ausbrueche-epidemien/novel-cov/swisscovid-app-und-contact-tracing/datenschutzerklaerung-nutzungsbedingungen.html#-11360452. Accessed 23 Aug 2020

21.

Tang, Q.: Privacy-preserving contact tracing: current solutions and open questions. CoRR abs/2004.06818 (2020)

22.

Teutsch, J., Jain, S., Saxena, P.: When cryptocurrencies mine their own business. In: Grossklags, J., Preneel, B. (eds.) FC 2016. LNCS, vol. 9603, pp. 499–514. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54970-4_29CrossRef

23.

Vaudenay, S.: Analysis of DP3T. IACR Cryptol. ePrint Arch. 2020, 399 (2020)

24.

Vaudenay, S.: Centralized or decentralized? the contact tracing dilemma. IACR Cryptol. ePrint Arch. 2020, 531 (2020)

25.

Vaudenay, S., Vuagnoux, M.: Analysis of swisscovid (2020). https://lasec.epfl.ch/people/vaudenay/swisscovid/swisscovid-ana.pdf. Accessed 23 Aug 2020

26.

Velner, Y., Teutsch, J., Luu, L.: Smart contracts make bitcoin mining pools vulnerable. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 298–316. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_19CrossRef

27.

Williamson, Z.J.: Aztec (2018). https://github.com/AztecProtocol/AZTEC/blob/master/AZTEC.pdf. Accessed 15 Sept 2020

28.

Yang, H.: EC Cryptography Tutorials - Herong’s Tutorial Examples. Herong’s Tutorial Examples, Herong Yang (2019). https://books.google.it/books?id=4PWKDwAAQBAJ

29.

Zhang, F., Cecchetti, E., Croman, K., Juels, A., Shi, E.: Town crier: an authenticated data feed for smart contracts. In: ACM CCS (2016)

30.

Zhang, F., Maram, D., Malvai, H., Goldfeder, S., Juels, A.: DECO: liberating web data using decentralized oracles for TLS. In: Ligatti, J., Ou, X., Katz, J., Vigna, G. (eds.) Proceedings of CCS 2020, pp. 1919–1938. ACM (2018)

31.

ZkDAI Team: Zkdai (2020). https://github.com/atvanguard/ethsingapore-zk-dai. Accessed 15 Sept 2020

32.

ZoKrates Team: Zokrates (2020). https://zokrates.github.io/. Accessed 15 Sept 2020

Titel: Terrorist Attacks for Fake Exposure Notifications in Contact Tracing Systems
verfasst von: Gennaro Avitabile
Daniele Friolo
Ivan Visconti
Verlag: Springer International Publishing
Buch: Applied Cryptography and Network Security
Print ISBN: 978-3-030-78371-6

Electronic ISBN: 978-3-030-78372-3

Copyright-Jahr: 2021
DOI: https://doi.org/10.1007/978-3-030-78372-3_9

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"