You are looking at a specific version 20200424:152241 of this paper. See the latest version.

Paper 2020/428

Security Analysis of the COVID-19 Contact Tracing Specifications by Apple Inc. and Google Inc.

Yaron Gvili

Abstract

In a joint effort to fight the COVID-19 pandemic, Apple Inc. and Google Inc. recently partnered to develop a contact tracing technology to help governments and health agencies reduce the spread of the virus, with user privacy and security central to the design. The partnership announcement included technical specifications of the planned technology, which has great potential for widespread adoption due to the global reach of the two companies. In this report, we provide a security analysis of these specifications. We show that the current specifications may introduce significant risks to society and propose mitigation strategies for these risks that do not require major changes to the technology and are easy to adopt. Surprisingly, our mitigation strategies do not use challenge-response protocols nor a public key infrastructure, often used to thwart common attacks. Our analysis focuses mostly on system security considerations yet also includes information security considerations. We leave out of scope a discussion on how important or effective the technology is in fighting the pandemic.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint. MINOR revision.
Keywords
COVID-19Contact TracingSystem SecurityInformation Security
Contact author(s)
cryptomniumllc @ gmail com
History
2020-09-26: last of 3 revisions
2020-04-15: received
See all versions
Short URL
https://ia.cr/2020/428
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.