Open Access Open Access  Restricted Access Subscription Access

Improving the Privacy-preserving of COVID-19 Bluetooth-based Contact Tracing Applications Against Tracking Attacks


Affiliations
1 Department of Communications and Electronics Engineering, Helwan University, Cairo, Egypt
 

Bluetooth is an essential wireless standard for short-distance and low-power wireless networks. Health departments’ contact-tracing applications depended on Bluetooth technology to prevent infectious diseases from spreading, especially COVID-19. The security threats of the Bluetooth-based contact-tracing applications increased because an adversary can use them as surveillance tools that violate the user’s privacy and revealpersonal information. The Bluetooth standard mainly depends on the device address in its authenticated pairing mechanism (Secure Simple Pairing), which can collect with off-the-shelf hardware and software and leads to a tracking attack. To avoid the risk of tracking based on this security vulnerability in the Bluetooth protocol, we suggest a novel authentication protocol based on a noninteractive zero-knowledge scheme to substitute the authentication protocol used in the Bluetooth standard. The new protocol can replace the authentication protocol in the Bluetooth stack without any modification in the device pairing flow. Finally, we prove the security of our proposed scheme against the man-in-themiddle attack and tracking attack. A performance comparison with the authentication algorithm in the BLE standard shows that our method mitigates the tracking attack with low communication messages. Our results help enhance the contact-tracing application’s security in which Bluetooth access is available.

Keywords

Bluetooth Low Energy, Bluetooth Threat, Authentication Protocol, Non-Interactive Zero-Knowledge Proof, Contact Tracing, Tracking Attacks, COVID-19.
User
Notifications
Font Size

  • Blog.google, 2020. [Online]. Available:https://www.blog.google/documents/58/Contact_Tracing_-_Bluetooth_Specification_v1.1_RYGZbKW.pdf.
  • B. Sowmiya, V. Abhijith, S. Sudersan, R. Sakthi Jaya Sundar, M. Thangavel and P. Varalakshmi, “A Survey on Security and Privacy Issues in Contact Tracing Application of Covid-19”, SN Computer Science, vol. 2, no. 3, 2021. DOI: 10.1007/s42979-021-00520-z.
  • L. Ferretti et al., “Quantifying SARS-CoV-2 transmission suggests epidemic control with digital contact tracing,” Science, vol. 368, no. 6491, p. eabb6936, 2020. DOI: 10.1126/science.abb6936.
  • Bluetooth SIG. 2019. Bluetooth Core Specification Supplement v8.0. https://www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=457081 Accessed: 2021-08-30.
  • Bluetooth SIG. 2019. Bluetooth Core Specification v5.1. https://www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=457080 Accessed: 2021-08-30.
  • T. Issoufaly and P. U. Tournoux, “BLEB: Bluetooth Low Energy Botnet for large scale individual tracking,” 2017 1st International Conference on Next Generation Computing Applications (NextComp), 2017, pp. 115-120, DOI: 10.1109/NEXTCOMP.2017.8016185.
  • D. Oosterlinck, D. Benoit, P. Baecke and N. Van de Weghe, “Bluetooth tracking of humans in an indoor environment: An application to shopping mall visits,” Applied Geography, vol. 78, pp. 55-65, 2017. DOI: 10.1016/j.apgeog.2016.11.005.
  • N. Ibn Minar, “Bluetooth Security Threats and Solutions: A Survey,” International Journal of Distributed and Parallel Systems, vol. 3, no. 1, pp. 127-148, 2012. DOI: 10.5121/ijdps.2012.3110.
  • A. Lonzetta, P. Cope, J. Campbell, B. Mohd, and T. Hayajneh, “Security Vulnerabilities in Bluetooth Technology as Used in IoT,” Journal of Sensor and Actuator Networks, vol. 7, no. 3, p. 28, 2018. DOI: 10.3390/jsan7030028.
  • M. Almiani et al., “Bluetooth Application-Layer Packet-Filtering For Blueborne Attack Defending,” 2019 Fourth International Conference on Fog and Mobile Edge Computing (FMEC), 2019, pp. 142-148, DOI: 10.1109/FMEC.2019.8795354.
  • E. Morais, T. Koens, C. van Wijk and A. Koren, “A survey on zero-knowledge range proofs and applications,” SN Applied Sciences, vol. 1, no. 8, 2019. DOI: 10.1007/s42452-019-0989-z.
  • H. Wu and F. Wang, “A Survey of Noninteractive Zero-Knowledge Proof System and Its Applications,” The Scientific World Journal, vol. 2014, pp. 1-7, 2014. DOI:10.1155/2014/560484.
  • A. De Santis and G. Persiano, “Zero-knowledge proofs of knowledge without interaction,” Proceedings., 33rd Annual Symposium on Foundations of Computer Science, 1992, pp. 427-436, DOI: 10.1109/SFCS.1992.267809.
  • G. Pereira, R. Alves, F. Silva, R. Azevedo, B. Albertini, and C. Margi, “Performance Evaluation of Cryptographic Algorithms over IoT Platforms and Operating Systems,” Security and Communication Networks, vol. 2017, pp. 1-16, 2017. DOI: 10.1155/2017/2046735.
  • G. Singh Tanwar, G. Singh, and V. Gaur, “Secured encryption—concept and challenge,” InternationalJournal of Computer Applications, vol. 2, pp.89–94, 2010.
  • K. Yeh, C. Su, K. Choo, and W. Chiu, “A Novel Certificateless Signature Scheme for Smart Objects in the Internet-of-Things,” Sensors, vol. 17, no. 5, p. 1001, 2017. DOI: 10.3390/s17051001.
  • C. Guo and B. Gong, “Efficient scalar multiplication of ECC using SMBR and fast septuple formula for IoT,” EURASIP Journal on Wireless Communications and Networking, vol. 2021, no. 1, 2021. DOI: 10.1186/s13638-021-01967-7.
  • M. Anagreh, E. Vainikko, and P. Laud, “Accelerate Performance for Elliptic Curve Scalar Multiplication based on NAF by Parallel Computing,” Proceedings of the 5th International Conference on Information Systems Security and Privacy, pp. 238-245, 2019. DOI: 10.5220/0007312702380245.
  • A. Yohan, N. Lo and D. Winata, “An Indoor Positioning-Based Mobile Payment System Using Bluetooth Low Energy Technology,” Sensors, vol. 18, no. 4, p. 974, 2018. DOI: 10.3390/s18040974.

Abstract Views: 315

PDF Views: 169




  • Improving the Privacy-preserving of COVID-19 Bluetooth-based Contact Tracing Applications Against Tracking Attacks

Abstract Views: 315  |  PDF Views: 169

Authors

Ali M. Allam
Department of Communications and Electronics Engineering, Helwan University, Cairo, Egypt

Abstract


Bluetooth is an essential wireless standard for short-distance and low-power wireless networks. Health departments’ contact-tracing applications depended on Bluetooth technology to prevent infectious diseases from spreading, especially COVID-19. The security threats of the Bluetooth-based contact-tracing applications increased because an adversary can use them as surveillance tools that violate the user’s privacy and revealpersonal information. The Bluetooth standard mainly depends on the device address in its authenticated pairing mechanism (Secure Simple Pairing), which can collect with off-the-shelf hardware and software and leads to a tracking attack. To avoid the risk of tracking based on this security vulnerability in the Bluetooth protocol, we suggest a novel authentication protocol based on a noninteractive zero-knowledge scheme to substitute the authentication protocol used in the Bluetooth standard. The new protocol can replace the authentication protocol in the Bluetooth stack without any modification in the device pairing flow. Finally, we prove the security of our proposed scheme against the man-in-themiddle attack and tracking attack. A performance comparison with the authentication algorithm in the BLE standard shows that our method mitigates the tracking attack with low communication messages. Our results help enhance the contact-tracing application’s security in which Bluetooth access is available.

Keywords


Bluetooth Low Energy, Bluetooth Threat, Authentication Protocol, Non-Interactive Zero-Knowledge Proof, Contact Tracing, Tracking Attacks, COVID-19.

References