Privacy in the time of Covid-19: On Building a Privacy-Preserving Contact Tracing
In this talk I will present a privacy preserving contact tracing protocol (DP3T) and our experience while designing and deploying the protocol. DP3T is a system for secure and privacy-preserving proximity tracing at large scale. This system provides a technological foundation to help slow the spread of SARS-CoV-2 by simplifying and accelerating the process of notifying people who might have been exposed to the virus so that they can take appropriate measures to break its transmission chain. The system aims to minimise privacy and security risks for individuals and communities and guarantee the highest level of data protection.
The goal of our proximity tracing system is to determine who has been in close physical proximity to a COVID-19 positive person and thus exposed to the virus, without revealing the contact’s identity or where the contact occurred. To achieve this goal, users run a smartphone app that continually broadcasts an ephemeral, pseudo-random ID representing the user’s phone and also records the pseudo-random IDs observed from smartphones in close proximity. When a patient is diagnosed with COVID-19, she can upload pseudo-random IDs previously broadcast from her phone to a central server. Prior to the upload, all data remains exclusively on the user’s phone. Other users’ apps can use data from the server to locally estimate whether the device’s owner was exposed to the virus through close-range physical proximity to a COVID-19 positive person who has uploaded their data. In case the app detects a high risk, it will inform the user.
Carmela Troncoso is an assistant professor at EPFL (Switzerland) where she heads the SPRING Lab. Her research focuses on security and privacy.
Carmela holds a Master’s degree in Telecommunication Engineering from the University of Vigo (2006) and a PhD in Engineering from the KU Leuven in 2011. Before arriving at EPFL, she was a faculty member at the IMDEA Software Institute in Spain for two years; the Security and Privacy Technical Lead at Gradiant, working closely with industry to deliver secure and privacy-friendly solutions to the market for four years; and a postdoctoral researcher at the COSIC Group.
Her thesis, Design and Analysis Methods for Privacy Technologies, received the European Research Consortium for Informatics and Mathematics Security and Trust Management Best PhD Thesis Award, and her work on Privacy Engineering received the CNIL-INRIA Privacy Protection Award in 2017. She regularly publishes in the most prestigious venues in security (e.g. ACM Conference on Computer Security or USENIX Security Symposium) and privacy (Privacy Enhancing Technologies).
A leading researcher in the field of online anonymity, Roger was recognized as one of the ‘Top 100...
2019’s CyberSec&AI conference had a fantastic start when it was named as 'Event of the Year' a...
Dr. Sadia Afroz is a Research Scientist at the International Computer Science Institute and a Senior...