BlindSignedID: Mitigating Denial-of-Service Attacks on Digital Contact Tracing

TL;DR

This paper introduces BlindSignedID, a privacy-preserving digital contact tracing method that significantly reduces the impact of denial-of-service attacks by verifying ephemeral identifiers, enhancing security without compromising privacy.

Contribution

The paper presents BlindSignedID, a novel approach that mitigates DoS attacks on digital contact tracing while maintaining privacy protections.

Findings

BlindSignedID reduces bogus EphIDs by over 90%.

Four attackers can cause gigabyte-level DoS attacks within hours.

The method effectively limits the success of MAC-compliant DoS attacks.

Abstract

Due to the recent outbreak of COVID-19, many governments suspended outdoor activities and imposed social distancing policies to prevent the transmission of SARS-CoV-2. These measures have had severe impact on the economy and peoples' daily lives. An alternative to widespread lockdowns is effective contact tracing during an outbreak's early stage. However, mathematical models suggest that epidemic control for SARS-CoV-2 transmission with manual contact tracing is implausible. To reduce the effort of contact tracing, many digital contact tracing projects (e.g., PEPP-PT, DP-3T, TCN, BlueTrace, Google/Apple Exposure Notification, and East/West Coast PACT) are being developed to supplement manual contact tracing. However, digital contact tracing has drawn scrutiny from privacy advocates, since governments or other parties may attempt to use contact tracing protocols for mass surveillance. As a result, many digital contact tracing projects build privacy-preserving mechanisms to limit the amount of privacy-sensitive information leaked by the protocol. In this paper, we examine how these architectures resist certain classes of attacks, specifically DoS attacks, and present BlindSignedIDs, a privacy-preserving digital contact tracing mechanism, which are verifiable ephemeral identifiers to limit the effectiveness of MAC-compliant DoS attacks. In our evaluations, we showed BlindSignedID can effectively deny bogus EphIDs, mitigating DoS attacks on the local storage beyond 90% of stored EphIDs. Our example DoS attacks showed that using 4 attackers can cause the gigabyte level DoS attacks within normal working hours and days.