Privacy-Preserving Contact Tracing Protocol for Mobile Devices: A Zero-Knowledge Proof Approach

Joseph K. Liu; Man Ho Au; Tsz Hon Yuen; Cong Zuo; Jiawei Wang; Amin Sakzad; Xiapu Luo; Li Li; Kim Kwang Raymond Choo

doi:10.1007/978-3-030-93206-0_20

Privacy-Preserving Contact Tracing Protocol for Mobile Devices: A Zero-Knowledge Proof Approach

Joseph K. Liu^*, Man Ho Au, Tsz Hon Yuen, Cong Zuo, Jiawei Wang, Amin Sakzad, Xiapu Luo, Li Li, Kim Kwang Raymond Choo

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Citation (Scopus)

Abstract

In this paper, we propose a privacy-preserving contact tracing protocol for smart phones, and more specifically Android and iOS phones. The protocol allows users to be notified, if they have been a close contact of a confirmed patient. The protocol is designed to strike a balance between privacy, security, and scalability. Specifically, the app allows all users to hide their past location(s) and contact history from the Government, without affecting their ability to determine whether they have close contact with a confirmed patient whose identity will not be revealed. A zero-knowledge protocol is used to achieve such a user privacy functionality. In terms of security, no user can send fake messages to the system to launch a false positive attack. We present a security model and formally prove the security of the protocol. To demonstrate scalability, we evaluate an Android and an iOS implementation of our protocol. A comparative summary shows that our protocol is the most comprehensive and balanced privacy-preserving contact tracing solution to-date.

Original language	English
Title of host publication	Information Security Practice and Experience - 16th International Conference, ISPEC 2021, Proceedings
Editors	Robert Deng, Feng Bao, Guilin Wang, Jian Shen, Mark Ryan, Weizhi Meng, Ding Wang
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	327-344
Number of pages	18
ISBN (Print)	9783030932053
DOIs	https://doi.org/10.1007/978-3-030-93206-0_20
Publication status	Published - 2021
Externally published	Yes
Event	16th International Conference on Information Security Practice and Experience, ISPEC 2021 - Nanjing, China Duration: 17 Dec 2021 → 19 Dec 2021

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13107 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	16th International Conference on Information Security Practice and Experience, ISPEC 2021
Country/Territory	China
City	Nanjing
Period	17/12/21 → 19/12/21

Access to Document

10.1007/978-3-030-93206-0_20

Cite this

Liu, J. K., Au, M. H., Yuen, T. H., Zuo, C., Wang, J., Sakzad, A., Luo, X., Li, L., & Choo, K. K. R. (2021). Privacy-Preserving Contact Tracing Protocol for Mobile Devices: A Zero-Knowledge Proof Approach. In R. Deng, F. Bao, G. Wang, J. Shen, M. Ryan, W. Meng, & D. Wang (Eds.), Information Security Practice and Experience - 16th International Conference, ISPEC 2021, Proceedings (pp. 327-344). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13107 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-93206-0_20

Liu, Joseph K. ; Au, Man Ho ; Yuen, Tsz Hon et al. / Privacy-Preserving Contact Tracing Protocol for Mobile Devices : A Zero-Knowledge Proof Approach. Information Security Practice and Experience - 16th International Conference, ISPEC 2021, Proceedings. editor / Robert Deng ; Feng Bao ; Guilin Wang ; Jian Shen ; Mark Ryan ; Weizhi Meng ; Ding Wang. Springer Science and Business Media Deutschland GmbH, 2021. pp. 327-344 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{833e579d0db5422e90597101991cc927,

title = "Privacy-Preserving Contact Tracing Protocol for Mobile Devices: A Zero-Knowledge Proof Approach",

abstract = "In this paper, we propose a privacy-preserving contact tracing protocol for smart phones, and more specifically Android and iOS phones. The protocol allows users to be notified, if they have been a close contact of a confirmed patient. The protocol is designed to strike a balance between privacy, security, and scalability. Specifically, the app allows all users to hide their past location(s) and contact history from the Government, without affecting their ability to determine whether they have close contact with a confirmed patient whose identity will not be revealed. A zero-knowledge protocol is used to achieve such a user privacy functionality. In terms of security, no user can send fake messages to the system to launch a false positive attack. We present a security model and formally prove the security of the protocol. To demonstrate scalability, we evaluate an Android and an iOS implementation of our protocol. A comparative summary shows that our protocol is the most comprehensive and balanced privacy-preserving contact tracing solution to-date.",

author = "Liu, {Joseph K.} and Au, {Man Ho} and Yuen, {Tsz Hon} and Cong Zuo and Jiawei Wang and Amin Sakzad and Xiapu Luo and Li Li and Choo, {Kim Kwang Raymond}",

note = "Publisher Copyright: {\textcopyright} 2021, Springer Nature Switzerland AG.; 16th International Conference on Information Security Practice and Experience, ISPEC 2021 ; Conference date: 17-12-2021 Through 19-12-2021",

year = "2021",

doi = "10.1007/978-3-030-93206-0_20",

language = "English",

isbn = "9783030932053",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "327--344",

editor = "Robert Deng and Feng Bao and Guilin Wang and Jian Shen and Mark Ryan and Weizhi Meng and Ding Wang",

booktitle = "Information Security Practice and Experience - 16th International Conference, ISPEC 2021, Proceedings",

address = "Germany",

}

Liu, JK, Au, MH, Yuen, TH, Zuo, C, Wang, J, Sakzad, A, Luo, X, Li, L & Choo, KKR 2021, Privacy-Preserving Contact Tracing Protocol for Mobile Devices: A Zero-Knowledge Proof Approach. in R Deng, F Bao, G Wang, J Shen, M Ryan, W Meng & D Wang (eds), Information Security Practice and Experience - 16th International Conference, ISPEC 2021, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13107 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 327-344, 16th International Conference on Information Security Practice and Experience, ISPEC 2021, Nanjing, China, 17/12/21. https://doi.org/10.1007/978-3-030-93206-0_20

Privacy-Preserving Contact Tracing Protocol for Mobile Devices: A Zero-Knowledge Proof Approach. / Liu, Joseph K.; Au, Man Ho; Yuen, Tsz Hon et al.
Information Security Practice and Experience - 16th International Conference, ISPEC 2021, Proceedings. ed. / Robert Deng; Feng Bao; Guilin Wang; Jian Shen; Mark Ryan; Weizhi Meng; Ding Wang. Springer Science and Business Media Deutschland GmbH, 2021. p. 327-344 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13107 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Privacy-Preserving Contact Tracing Protocol for Mobile Devices

T2 - 16th International Conference on Information Security Practice and Experience, ISPEC 2021

AU - Liu, Joseph K.

AU - Au, Man Ho

AU - Yuen, Tsz Hon

AU - Zuo, Cong

AU - Wang, Jiawei

AU - Sakzad, Amin

AU - Luo, Xiapu

AU - Li, Li

AU - Choo, Kim Kwang Raymond

PY - 2021

Y1 - 2021

N2 - In this paper, we propose a privacy-preserving contact tracing protocol for smart phones, and more specifically Android and iOS phones. The protocol allows users to be notified, if they have been a close contact of a confirmed patient. The protocol is designed to strike a balance between privacy, security, and scalability. Specifically, the app allows all users to hide their past location(s) and contact history from the Government, without affecting their ability to determine whether they have close contact with a confirmed patient whose identity will not be revealed. A zero-knowledge protocol is used to achieve such a user privacy functionality. In terms of security, no user can send fake messages to the system to launch a false positive attack. We present a security model and formally prove the security of the protocol. To demonstrate scalability, we evaluate an Android and an iOS implementation of our protocol. A comparative summary shows that our protocol is the most comprehensive and balanced privacy-preserving contact tracing solution to-date.

AB - In this paper, we propose a privacy-preserving contact tracing protocol for smart phones, and more specifically Android and iOS phones. The protocol allows users to be notified, if they have been a close contact of a confirmed patient. The protocol is designed to strike a balance between privacy, security, and scalability. Specifically, the app allows all users to hide their past location(s) and contact history from the Government, without affecting their ability to determine whether they have close contact with a confirmed patient whose identity will not be revealed. A zero-knowledge protocol is used to achieve such a user privacy functionality. In terms of security, no user can send fake messages to the system to launch a false positive attack. We present a security model and formally prove the security of the protocol. To demonstrate scalability, we evaluate an Android and an iOS implementation of our protocol. A comparative summary shows that our protocol is the most comprehensive and balanced privacy-preserving contact tracing solution to-date.

UR - http://www.scopus.com/inward/record.url?scp=85122031809&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-93206-0_20

DO - 10.1007/978-3-030-93206-0_20

M3 - Conference contribution

AN - SCOPUS:85122031809

SN - 9783030932053

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 327

EP - 344

BT - Information Security Practice and Experience - 16th International Conference, ISPEC 2021, Proceedings

A2 - Deng, Robert

A2 - Bao, Feng

A2 - Wang, Guilin

A2 - Shen, Jian

A2 - Ryan, Mark

A2 - Meng, Weizhi

A2 - Wang, Ding

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 17 December 2021 through 19 December 2021

ER -

Liu JK, Au MH, Yuen TH, Zuo C, Wang J, Sakzad A et al. Privacy-Preserving Contact Tracing Protocol for Mobile Devices: A Zero-Knowledge Proof Approach. In Deng R, Bao F, Wang G, Shen J, Ryan M, Meng W, Wang D, editors, Information Security Practice and Experience - 16th International Conference, ISPEC 2021, Proceedings. Springer Science and Business Media Deutschland GmbH. 2021. p. 327-344. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-93206-0_20

Privacy-Preserving Contact Tracing Protocol for Mobile Devices: A Zero-Knowledge Proof Approach

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this