To fight against infectious diseases (e.g., SARS, COVID-19, Ebola, etc.),
government agencies, technology companies and health institutes have launched
various contact tracing approaches to identify and notify the people exposed to
infection sources. However, existing tracing approaches can lead to severe
privacy and security concerns, thereby preventing their secure and widespread
use among communities. To tackle these problems, this paper proposes CoAvoid, a
decentralized, privacy-preserved contact tracing system that features good
dependability and usability. CoAvoid leverages the Google/Apple Exposure
Notification (GAEN) API to achieve decent device compatibility and operating
efficiency. It utilizes GPS along with Bluetooth Low Energy (BLE) to dependably
verify user information. In addition, to enhance privacy protection, CoAvoid
applies fuzzification and obfuscation measures to shelter sensitive data,
making both servers and users agnostic to information of both low and high-risk
populations. The evaluation demonstrates good efficacy and security of CoAvoid.
Compared with four state-of-art contact tracing applications, CoAvoid can
reduce upload data by at least 90% and simultaneously resist wormhole and
replay attacks in various scenarios