PAARS: Privacy Aware Access Regulation System

TL;DR

PAARS is a privacy-preserving access regulation system designed for micro-level monitoring during pandemics, avoiding user identifier exchange and ensuring privacy on both server and user sides through secure hashing and differential privacy.

Contribution

It introduces a novel micro-level access regulation system that enhances privacy without relying on ephemeral identifiers or large-scale city-wide solutions.

Findings

Protects user privacy without ephemeral identifier exchange

Uses secure hashing and differential privacy mechanisms

Focuses on micro-level access regulation during pandemics

Abstract

During pandemics, health officials usually recommend access monitoring and regulation protocols/systems in places that are major activity centres. As organizations adhere to those recommendations, they often fail to implement proper privacy requirements to prevent privacy loss of the users of those protocols or systems. This is a very timely issue as health authorities across the world are increasingly putting these regulations in place to mitigate the spread of the current pandemic. A number of solutions have been proposed to mitigate these privacy issues existing in current models of contact tracing or access regulations systems. However, a prevalent pattern among these solutions are they mainly focus on protecting users privacy from server side and involve Bluetooth based ephemeral identifier exchange between users. Another pattern is all the current solutions try to solve the problem in city-wide or nation-wide level. In this paper, we propose a system, PAARS, which approaches the privacy issues in access monitoring/regulation systems from a micro level. We solve the privacy issues in access monitoring/regulation systems without any exchange of any ephemeral identifiers between users. Moreover, our proposed system provides privacy on both server side and the user side by using secure hashing and differential privacy mechanism.