AIRCC's International Journal of Computer Science and Information Technology

Open Access Open Access  Restricted Access Subscription Access

Improving the Privacy-preserving of COVID-19 Bluetooth-based Contact Tracing Applications Against Tracking Attacks


Affiliations
1 Department of Communications and Electronics Engineering, Helwan University, Cairo, Egypt
 

Bluetooth is an essential wireless standard for short-distance and low-power wireless networks. Health departments’ contact-tracing applications depended on Bluetooth technology to prevent infectious diseases from spreading, especially COVID-19. The security threats of the Bluetooth-based contact-tracing applications increased because an adversary can use them as surveillance tools that violate the user’s privacy and revealpersonal information. The Bluetooth standard mainly depends on the device address in its authenticated pairing mechanism (Secure Simple Pairing), which can collect with off-the-shelf hardware and software and leads to a tracking attack. To avoid the risk of tracking based on this security vulnerability in the Bluetooth protocol, we suggest a novel authentication protocol based on a noninteractive zero-knowledge scheme to substitute the authentication protocol used in the Bluetooth standard. The new protocol can replace the authentication protocol in the Bluetooth stack without any modification in the device pairing flow. Finally, we prove the security of our proposed scheme against the man-in-themiddle attack and tracking attack. A performance comparison with the authentication algorithm in the BLE standard shows that our method mitigates the tracking attack with low communication messages. Our results help enhance the contact-tracing application’s security in which Bluetooth access is available.

Keywords

Bluetooth Low Energy, Bluetooth Threat, Authentication Protocol, Non-Interactive Zero-Knowledge Proof, Contact Tracing, Tracking Attacks, COVID-19.
User
Notifications
Font Size


  • Improving the Privacy-preserving of COVID-19 Bluetooth-based Contact Tracing Applications Against Tracking Attacks

Abstract Views: 437  |  PDF Views: 216

Authors

Ali M. Allam
Department of Communications and Electronics Engineering, Helwan University, Cairo, Egypt

Abstract


Bluetooth is an essential wireless standard for short-distance and low-power wireless networks. Health departments’ contact-tracing applications depended on Bluetooth technology to prevent infectious diseases from spreading, especially COVID-19. The security threats of the Bluetooth-based contact-tracing applications increased because an adversary can use them as surveillance tools that violate the user’s privacy and revealpersonal information. The Bluetooth standard mainly depends on the device address in its authenticated pairing mechanism (Secure Simple Pairing), which can collect with off-the-shelf hardware and software and leads to a tracking attack. To avoid the risk of tracking based on this security vulnerability in the Bluetooth protocol, we suggest a novel authentication protocol based on a noninteractive zero-knowledge scheme to substitute the authentication protocol used in the Bluetooth standard. The new protocol can replace the authentication protocol in the Bluetooth stack without any modification in the device pairing flow. Finally, we prove the security of our proposed scheme against the man-in-themiddle attack and tracking attack. A performance comparison with the authentication algorithm in the BLE standard shows that our method mitigates the tracking attack with low communication messages. Our results help enhance the contact-tracing application’s security in which Bluetooth access is available.

Keywords


Bluetooth Low Energy, Bluetooth Threat, Authentication Protocol, Non-Interactive Zero-Knowledge Proof, Contact Tracing, Tracking Attacks, COVID-19.

References