A Survey of COVID-19 Contact Tracing Apps

The recent outbreak of COVID-19 has taken the world by surprise, forcing lockdowns and straining public health care systems. COVID-19 is known to be a highly infectious virus, and infected individuals do not initially exhibit symptoms, while some remain asymptomatic. Thus, a non-negligible fraction of the population can, at any given time, be a hidden source of transmissions. In response, many governments have shown great interest in smartphone contact tracing apps that help automate the difficult task of tracing all recent contacts of newly identified infected individuals. However, tracing apps have generated much discussion around their key attributes, including system architecture, data management, privacy, security, proximity estimation, and attack vulnerability. In this article, we provide the first comprehensive review of these much-discussed tracing app attributes. We also present an overview of many proposed tracing app examples, some of which have been deployed countrywide, and discuss the concerns users have reported regarding their usage. We close by outlining potential research directions for next-generation app design, which would facilitate improved tracing and security performance, as well as wide adoption by the population at large.Comment: Paper has been accepted for publication in IEEE Access. Currently available on IEEE ACCESS early access (see DOI

An advertising overflow attack against android exposure notification system impacting COVID-19 contact tracing applications

The digital contact tracing applications are one of the many initiatives to fight the COVID-19 virus. Some of these Apps use the Exposure Notification (EN) system available on Google and Apple?s operating systems. However, EN-based contact tracing Apps depend on the availability of Bluetooth interfaces to exchange proximity identifiers, which, if compromised, directly impact their effectiveness. This paper discloses and details the Advertising Overflow attack, a novel internal Denial of Service (DoS) attack targeting the EN system on Android devices. The attack is performed by a malicious App that occupies all the Bluetooth advertising slots in an Android device, effectively blocking any advertising attempt of EN or other Apps. The impact of the disclosed attack and other previously disclosed DoS-based attacks, namely Battery Exhaustion and Storage Drain, were tested using two target smartphones and other six smartphones as attackers. The results show that the Battery Exhaustion attack imposes a battery discharge rate 1.95 times higher than in the normal operation scenario. Regarding the Storage Drain, the storage usage increased more than 30 times when compared to the normal operation scenario results. The results of the novel attack reveal that a malicious App can prevent any other App to place their Bluetooth advertisements, for any chosen time period, thus canceling the operation of the EN system and compromising the efficiency of any COVID contact tracing App using this system.5311-8814-F0ED | Sara Maria da Cruz Maia de Oliveira PaivaN/

Digital Contact Tracing Solutions: Promises, Pitfalls and Challenges

The COVID-19 pandemic has caused many countries to deploy novel digital contact tracing (DCT) systems to boost the efficiency of manual tracing of infection chains. In this paper, we systematically analyze DCT solutions and categorize them based on their design approaches and architectures. We analyze them with regard to effectiveness, security, privacy, and ethical aspects and compare prominent solutions with regard to these requirements. In particular, we discuss the shortcomings of the Google and Apple Exposure Notification API (GAEN) that is currently widely adopted all over the world. We find that the security and privacy of GAEN has considerable deficiencies as it can be compromised by severe large-scale attacks. We also discuss other proposed approaches for contact tracing, including our proposal TRACECORONA, that are based on Diffie-Hellman (DH) key exchange and aims at tackling shortcomings of existing solutions. Our extensive analysis shows thatTRACECORONA fulfills the above security requirements better than deployed state-of-the-art approaches. We have implementedTRACECORONA and its beta test version has been used by more than 2000 users without any major functional problems1, demonstrating that there are no technical reasons requiring to make compromises with regard to the requirements of DCTapproaches

A patient agent controlled customized blockchain based framework for internet of things

Although Blockchain implementations have emerged as revolutionary technologies for various industrial applications including cryptocurrencies, they have not been widely deployed to store data streaming from sensors to remote servers in architectures known as Internet of Things. New Blockchain for the Internet of Things models promise secure solutions for eHealth, smart cities, and other applications. These models pave the way for continuous monitoring of patient’s physiological signs with wearable sensors to augment traditional medical practice without recourse to storing data with a trusted authority. However, existing Blockchain algorithms cannot accommodate the huge volumes, security, and privacy requirements of health data. In this thesis, our first contribution is an End-to-End secure eHealth architecture that introduces an intelligent Patient Centric Agent. The Patient Centric Agent executing on dedicated hardware manages the storage and access of streams of sensors generated health data, into a customized Blockchain and other less secure repositories. As IoT devices cannot host Blockchain technology due to their limited memory, power, and computational resources, the Patient Centric Agent coordinates and communicates with a private customized Blockchain on behalf of the wearable devices. While the adoption of a Patient Centric Agent offers solutions for addressing continuous monitoring of patients’ health, dealing with storage, data privacy and network security issues, the architecture is vulnerable to Denial of Services(DoS) and single point of failure attacks. To address this issue, we advance a second contribution; a decentralised eHealth system in which the Patient Centric Agent is replicated at three levels: Sensing Layer, NEAR Processing Layer and FAR Processing Layer. The functionalities of the Patient Centric Agent are customized to manage the tasks of the three levels. Simulations confirm protection of the architecture against DoS attacks. Few patients require all their health data to be stored in Blockchain repositories but instead need to select an appropriate storage medium for each chunk of data by matching their personal needs and preferences with features of candidate storage mediums. Motivated by this context, we advance third contribution; a recommendation model for health data storage that can accommodate patient preferences and make storage decisions rapidly, in real-time, even with streamed data. The mapping between health data features and characteristics of each repository is learned using machine learning. The Blockchain’s capacity to make transactions and store records without central oversight enables its application for IoT networks outside health such as underwater IoT networks where the unattended nature of the nodes threatens their security and privacy. However, underwater IoT differs from ground IoT as acoustics signals are the communication media leading to high propagation delays, high error rates exacerbated by turbulent water currents. Our fourth contribution is a customized Blockchain leveraged framework with the model of Patient-Centric Agent renamed as Smart Agent for securely monitoring underwater IoT. Finally, the smart Agent has been investigated in developing an IoT smart home or cities monitoring framework. The key algorithms underpinning to each contribution have been implemented and analysed using simulators.Doctor of Philosoph

Towards Defeating Mass Surveillance and SARS-CoV-2: The Pronto-C2 Fully Decentralized Automatic Contact Tracing System

Mass surveillance can be more easily achieved leveraging fear and desire of the population to feel protected while affected by devastating events. Indeed, in such scenarios, governments can adopt exceptional measures that limit civil rights, usually receiving large support from citizens. The COVID-19 pandemic is currently affecting daily life of many citizens in the world. People are forced to stay home for several weeks, unemployment rates quickly increase, uncertainty and sadness generate an impelling desire to join any government effort in order to stop as soon as possible the spread of the virus. Following recommendations of epidemiologists, governments are proposing the use of smartphone applications to allow automatic contact tracing of citizens.Such systems can be an effective way to defeat the spread of the SARS-CoV-2 virus since they allow to gain time in identifying potentially new infected persons that should therefore be in quarantine. This raises the natural question of whether this form of automatic contact tracing can be a subtle weapon for governments to violate privacy inside new and more sophisticated mass surveillance programs. In order to preserve privacy and at the same time to contribute to the containment of the pandemic, several research partnerships are proposing privacy-preserving contact tracing systems where pseudonyms are updated periodically to avoid linkability attacks. A core component of such systems is Bluetooth low energy (BLE, for short) a technology that allows two smartphones to detect that they are in close proximity. Among such systems there are some proposals like DP-3T, MIT-PACT, UW-PACT and the Apple&Google exposure notification system that through a decentralized approach claim to guarantee better privacy properties compared to other centralized approaches (e.g., PEPP-PT-NTK, PEPP-PT-ROBERT). On the other hand, advocates of centralized approaches claim that centralization gives to epidemiologists more useful data, therefore allowing to take more effective actions to defeat the virus. Motivated by Snowden\u27s revelations about previous attempts of governments to realize mass surveillance programs, in this paper we first analyze mass surveillance attacks that leverage weaknesses of automatic contact tracing systems. We focus in particular on the DP-3T system (still our analysis is significant also for MIT-PACT and Apple&Google systems). Based on recent literature and new findings, we discuss how a government can exploit the use of the DP-3T system to successfully mount privacy attacks as part of a mass surveillance program. Interestingly, we show that privacy issues in the DP-3T system are not inherent in BLE-based contact tracing systems. Indeed, we propose two systems named and $\textsf{Pronto-C2}$ that, in our view, enjoy a much better resilience with respect to mass surveillance attacks still relying on BLE. Both systems are based on a paradigm shift: instead of asking smartphones to send keys to the Big Brother (this corresponds to the approach of the DP-3T system), we construct a decentralized BLE-based ACT system where smartphones anonymously and confidentially talk to each other in the presence of the Big Brother. Unlike $\textsf{Pronto-B2}$, $\textsf{Pronto-C2}$ relies on Diffie-Hellman key exchange providing better privacy but also requiring a bulletin board to translate a BLE beacon identifier into a group element. Both systems can optionally be implemented using Blockchain technology, offering complete transparency and resilience through full decentralization, therefore being more appealing for citizens. Only through a large participation of citizens contact tracing systems can be really useful to defeat COVID-19, and our proposal goes straight in this direction

Internet of Things Strategic Research Roadmap

Internet of Things (IoT) is an integrated part of Future Internet including existing and evolving Internet and network developments and could be conceptually defined as a dynamic global network infrastructure with self configuring capabilities based on standard and interoperable communication protocols where physical and virtual “things” have identities, physical attributes, and virtual personalities, use intelligent interfaces, and are seamlessly integrated into the information network

A Comprehensive Survey of Enabling and Emerging Technologies for Social Distancing—Part II: Emerging Technologies and Open Issues

This two-part paper aims to provide a comprehensive survey on how emerging technologies, e.g., wireless and networking, artificial intelligence (AI) can enable, encourage, and even enforce social distancing practice. In Part I, an extensive background of social distancing is provided, and enabling wireless technologies are thoroughly surveyed. In this Part II, emerging technologies such as machine learning, computer vision, thermal, ultrasound, etc., are introduced. These technologies open many new solutions and directions to deal with problems in social distancing, e.g., symptom prediction, detection and monitoring quarantined people, and contact tracing. Finally, we discuss open issues and challenges (e.g., privacy-preserving, scheduling, and incentive mechanisms) in implementing social distancing in practice. As an example, instead of reacting with ad-hoc responses to COVID-19-like pandemics in the future, smart infrastructures (e.g., next-generation wireless systems like 6G, smart home/building, smart city, intelligent transportation systems) should incorporate a pandemic mode in their standard architectures/designs

A Comprehensive Survey of Enabling and Emerging Technologies for Social Distancing—Part II: Emerging Technologies and Open Issues

This two-part paper aims to provide a comprehensive survey on how emerging technologies, e.g., wireless and networking, artificial intelligence (AI) can enable, encourage, and even enforce social distancing practice. In Part I, an extensive background of social distancing is provided, and enabling wireless technologies are thoroughly surveyed. In this Part II, emerging technologies such as machine learning, computer vision, thermal, ultrasound, etc., are introduced. These technologies open many new solutions and directions to deal with problems in social distancing, e.g., symptom prediction, detection and monitoring quarantined people, and contact tracing. Finally, we discuss open issues and challenges (e.g., privacy-preserving, scheduling, and incentive mechanisms) in implementing social distancing in practice. As an example, instead of reacting with ad-hoc responses to COVID-19-like pandemics in the future, smart infrastructures (e.g., next-generation wireless systems like 6G, smart home/building, smart city, intelligent transportation systems) should incorporate a pandemic mode in their standard architectures/designs

A Comprehensive Survey of Enabling and Emerging Technologies for Social Distancing—Part II: Emerging Technologies and Open Issues

This two-part paper aims to provide a comprehensive survey on how emerging technologies, e.g., wireless and networking, artificial intelligence (AI) can enable, encourage, and even enforce social distancing practice. In Part I, an extensive background of social distancing is provided, and enabling wireless technologies are thoroughly surveyed. In this Part II, emerging technologies such as machine learning, computer vision, thermal, ultrasound, etc., are introduced. These technologies open many new solutions and directions to deal with problems in social distancing, e.g., symptom prediction, detection and monitoring quarantined people, and contact tracing. Finally, we discuss open issues and challenges (e.g., privacy-preserving, scheduling, and incentive mechanisms) in implementing social distancing in practice. As an example, instead of reacting with ad-hoc responses to COVID-19-like pandemics in the future, smart infrastructures (e.g., next-generation wireless systems like 6G, smart home/building, smart city, intelligent transportation systems) should incorporate a pandemic mode in their standard architectures/designs

Modelling and Experimental Assessment of Inter-Personal Distancing Based on Shared GNSS Observables

In the last few years, all countries worldwide have fought the spread of SARS-CoV-2 (COVID-19) by exploiting Information and Communication Technologies (ICT) to perform contact tracing. In parallel, the pandemic has highlighted the relevance of mobility and social distancing among citizens. The monitoring of such aspects appeared prominent for reactive decision-making and the effective tracking of the infection chain. In parallel to the proximity sensing among people, indeed, the concept of social distancing has captured the attention to signal processing algorithms enabling short-to-medium range distance estimation to provide behavioral models in the emergency. By exploiting the availability of smart devices, the synergy between mobile network connectivity and Global Navigation Satellite Systems (GNSS), cooperative ranging approaches allow computing inter-personal distance measurements in outdoor environments through the exchange of light-weight navigation data among interconnected users. In this paper, a model for Inter-Agent Ranging (IAR) is provided and experimentally assessed to offer a naive collaborative distancing technique that leverages these features. Although the technique provides distance information, it does not imply the disclosure of the user’s locations being intrinsically prone to protect sensitive user data. A statistical error model is presented and validated through synthetic simulations and real, on-field experiments to support implementation in GNSS-equipped mobile devices. Accuracy and precision of IAR measurements are compared to other consolidated GNSS-based techniques showing comparable performance at lower complexity and computational effort