Paper 2020/1150
Terrorist Attacks for Fake Exposure Notifications in Contact Tracing Systems
Gennaro Avitabile, Daniele Friolo, and Ivan Visconti
Abstract
In this work we show that an adversary can attack the integrity of contact tracing systems based on Google-Apple Exposure Notications (GAEN) by leveraging blockchain technology. We show that through smart contracts there can be an on-line market where infected individuals interested in monetizing their status can upload to the servers of the GAEN-based systems some keys (i.e., TEKs) chosen by a non-infected adversary. In particular, the infected individual can anonymously and digitally trade the upload of TEKs without a mediator and without running risks of being cheated. This vulnerability can therefore be exploited to generate large-scale fake exposure notifications of at-risk contacts with serious consequences (e.g., jeopardizing parts of the health system, affecting results of elections, imposing the closure of schools, hotels or factories). As main contribution, we design a smart contract with two collateral deposits that works, in general, on GAEN-based systems. We then also suggest the design of a more sophisticated smart contract, using DECO, that could be used to attack in a different way GAEN-based systems (i.e., this second smart contract can succeed even in case GAEN systems are repaired making ineffective the first smart contract). Our work shows how to realize with GAEN-based systems (in particular with Immuni and SwissCovid), the terrorist attack to decentralized contact tracing systems envisioned by Vaudenay.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. Minor revision. Applied Cryptography and Network Security (ACNS) 2021
- Keywords
- cryptographic protocolsblockchainsmart contractsattackscontact tracing
- Contact author(s)
-
gavitabile @ unisa it
dfriolo @ unisa it
visconti @ unisa it - History
- 2021-06-15: last of 3 revisions
- 2020-09-25: received
- See all versions
- Short URL
- https://ia.cr/2020/1150
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2020/1150, author = {Gennaro Avitabile and Daniele Friolo and Ivan Visconti}, title = {Terrorist Attacks for Fake Exposure Notifications in Contact Tracing Systems}, howpublished = {Cryptology {ePrint} Archive, Paper 2020/1150}, year = {2020}, url = {https://eprint.iacr.org/2020/1150} }