Deniability in automated contact tracing: Impossibilities and possibilities

Günther CU, Pietrzak KZ. 2024. Deniability in automated contact tracing: Impossibilities and possibilities. Proceedings on Privacy Enhancing Technologies. 2024(4), 636–648.

Download
OA 2024_ProcPrivacyEnhTech_Guenther.pdf 611.57 KB [Published Version]

DOI
10.56553/popets-2024-0134
Journal Article | Published | English
View fulltext
Author
Günther, Christoph UllrichISTA; Pietrzak, Krzysztof ZISTA

Corresponding author has ISTA affiliation

Department
Pietrzak Group
Graduate School
Grant
Security and Privacy by Design for Complex Systems
Abstract
Automated contact tracing (ACT) emerged as a promising measure to curb the spread of Covid-19. Users enable ACT on their smartphones to automatically record contacts with other users. If a user tests positive for the disease, they report their diagnosis to alert their contacts. Designing effective ACT protocols is challenging since they need to be efficient and secure while also ensuring users' privacy. As ACT protocols necessarily leak some information by design, defining privacy is difficult. For example, a user cannot deny having met another user. Ideally, however, the user can plausibly deny everything else, in particular, when they met. We call this privacy property contact-time deniability. While some early works discussed contact-time deniability informally, it has received little attention since then. We investigate deniability from a rigorous, theoretical point of view and arrive at the following impossibility result: A decentralized protocol with unidirectional communication cannot be contact-time deniable and replay-secure. This holds even if malicious users treat smartphones as black-boxes. Unidirectional protocols are usually very efficient and many proposals are unidirectional, e.g., the widely-deployed Google-Apple Exposure Notifications. So the impossibility result considerably constrains the design space of efficient, secure, and private ACT protocols. However, it can also be used as a guide; we discuss several possibilities to achieve contact-time deniability in practice.
Publishing Year
2024
Date Published
2024-07-01
Journal Title
Proceedings on Privacy Enhancing Technologies
Publisher
Privacy Enhancing Technologies Symposium Advisory Board
Acknowledgement
We thank Raluca-Georgia Diugan for her initial contributions and support afterward. This research was funded in whole or in part by the Austrian Science Fund (FWF) 10.55776/F85.
Volume
2024
Issue
4
Page
636-648
Conference
PETs: Privacy Enhancing Technologies Symposium
Conference Location
Bristol, UK/Virtual
Conference Date
2024-07-15 – 2024-07-20
ISSN
2299-0984
IST-REx-ID
18961

Cite this

Günther CU, Pietrzak KZ. Deniability in automated contact tracing: Impossibilities and possibilities. Proceedings on Privacy Enhancing Technologies. 2024;2024(4):636-648. doi:10.56553/popets-2024-0134
Günther, C. U., & Pietrzak, K. Z. (2024). Deniability in automated contact tracing: Impossibilities and possibilities. Proceedings on Privacy Enhancing Technologies. Bristol, UK/Virtual: Privacy Enhancing Technologies Symposium Advisory Board. https://doi.org/10.56553/popets-2024-0134
Günther, Christoph Ullrich, and Krzysztof Z Pietrzak. “Deniability in Automated Contact Tracing: Impossibilities and Possibilities.” Proceedings on Privacy Enhancing Technologies. Privacy Enhancing Technologies Symposium Advisory Board, 2024. https://doi.org/10.56553/popets-2024-0134.
C. U. Günther and K. Z. Pietrzak, “Deniability in automated contact tracing: Impossibilities and possibilities,” Proceedings on Privacy Enhancing Technologies, vol. 2024, no. 4. Privacy Enhancing Technologies Symposium Advisory Board, pp. 636–648, 2024.
Günther CU, Pietrzak KZ. 2024. Deniability in automated contact tracing: Impossibilities and possibilities. Proceedings on Privacy Enhancing Technologies. 2024(4), 636–648.
Günther, Christoph Ullrich, and Krzysztof Z. Pietrzak. “Deniability in Automated Contact Tracing: Impossibilities and Possibilities.” Proceedings on Privacy Enhancing Technologies, vol. 2024, no. 4, Privacy Enhancing Technologies Symposium Advisory Board, 2024, pp. 636–48, doi:10.56553/popets-2024-0134.
All files available under the following license(s):
Creative Commons Attribution 4.0 International Public License (CC-BY 4.0):
cc_by_4_0
https://creativecommons.org/licenses/by/4.0/
https://creativecommons.org/licenses/by/4.0/legalcode
Main File(s)
File Name
2024_ProcPrivacyEnhTech_Guenther.pdf 611.57 KB
Access Level
OA Open Access
Date Uploaded
2025-01-29
MD5 Checksum
348ed6adcf6ad2f925227bde1758cae6


Export

0 Marked Publications

Open Data ISTA Research Explorer

Search this title in

Google Scholar