DP-3T admits now that the best solution is the Apple-Google one. They greatly contributed to the design of the A-G solution so kudos to them.
After reviewing this critical review of DP-3T, the only attack I see that applies to the Google-Apple solution is the replay attack. It can be fixed easily by the solution proposed by Prof. Serge Vaudenay of EPFL in Section 4.4 of https://eprint.iacr.org/2020/399.pdf. In a nutshell, send a tag along the ephemeral ID. This tag would be a message authentication code (MAC) computed with the ephemeral ID and a coarse timestamp of when it was sent using the sender's key, SKt. When Apple-Google sends out the SKt keys of the infected people to everybody, recipients will go through the ephemeral IDs they saw to look for matches. When there's a match, the tag will also be checked, i.e. does the tag I compute based on the timestamp when I received the ephemeral ID match the tag I received. If yes, then it was sent by this infected person. Otherwise, it's a replay attack and should be discarded.
Where does this differ from the Apple/google approach? I was reading their doc and it felt like I was re-reading a simplified version of the Apple documentation, with the addition of a traceable-to-the-person healthcare provider authorization code.
I really hope Google and Apple will implement the proposed protocol from DP-3T and give audited and open source apps more control over how the contact tracing is done.
I agree. Ideally, the code will be embedded in the Android source code, which is open source. But more likely it will be an update of the Google Play Services, closed-source...
But the Cloud code should definitely be open-source. We can count on Google for that.
10 comments
[ 5.3 ms ] story [ 44.9 ms ] threadHave you read the newer version?
There is a new proposal that would protect against most of these attacks.