Privacy-preserving Identity Broadcast for Contact Tracing Applications

TL;DR

This paper introduces a privacy-preserving contact tracing method using Shamir secret sharing, which delays identity revelation until a certain contact duration, significantly reducing privacy risks in BLE-based systems.

Contribution

It proposes a novel privacy-preserving identity broadcast scheme for contact tracing using secret sharing, enhancing user privacy during short encounters.

Findings

Reduces privacy exposure in BLE contact tracing

Demonstrates feasibility on Android devices

Effective in high-density network scenarios

Abstract

Wireless Contact tracing has emerged as an important tool for managing the COVID19 pandemic and relies on continuous broadcasting of a person's presence using Bluetooth Low Energy beacons. The limitation of current contact tracing systems in that a reception of a single beacon is sufficient to reveal the user identity, potentially exposing users to malicious trackers installed along the roads, passageways, and other infrastructure. In this paper, we propose a method based on Shamir secret sharing algorithm, which lets mobile nodes reveal their identity only after a certain predefined contact duration, remaining invisible to trackers with short or fleeting encounters. Through data-driven evaluation, using a dataset containing 18 million BLE sightings, we show that the method drastically reduces the privacy exposure of users. Finally, we implemented the approach on Android phones to demonstrate its feasibility and measure performance for various network densities.