Abstract
Existing Bluetooth-based private contact tracing (PCT) systems can privately detect whether people have come into direct contact with patients with COVID-19. However, we find that the existing systems lack functionality and flexibility, which may hurt the success of contact tracing. Specifically, they cannot detect indirect contact (e.g., people may be exposed to COVID-19 by using a contaminated sheet at a restaurant without making direct contact with the infected individual); they also cannot flexibly change the rules of “risky contact,” such as the duration of exposure or the distance (both spatially and temporally) from a patient with COVID-19 that is considered to result in a risk of exposure, which may vary with the environmental situation.
In this article, we propose an efficient and secure contact tracing system that enables us to trace both direct contact and indirect contact. To address the above problems, we need to utilize users’ trajectory data for PCT, which we call trajectory-based PCT. We formalize this problem as a spatiotemporal private set intersection that satisfies both the security and efficiency requirements. By analyzing different approaches such as homomorphic encryption, which could be extended to solve this problem, we identify the trusted execution environment (TEE) as a candidate method to achieve our requirements. The major challenge is how to design algorithms for a spatiotemporal private set intersection under the limited secure memory of the TEE. To this end, we design a TEE-based system with flexible trajectory data encoding algorithms. Our experiments on real-world data show that the proposed system can process hundreds of queries on tens of millions of records of trajectory data within a few seconds.
- [1] . 2020. COVID-19 contact trace app deployments: Learnings from australia and singapore. IEEE Consum. Electr. Mag. 9, 5 (2020), 65–70.Google ScholarCross Ref
- [2] . 2018. OBLIVIATE: A data oblivious filesystem for intel SGX. In Proceedings of the Network and Distributed System Security Symposium (NDSS’18).Google Scholar
- [3] . 2020. A survey of covid-19 contact tracing apps. IEEE Access 8 (2020), 134577–134601.Google ScholarCross Ref
- [4] . 2018. SenseIO: Realistic ubiquitous indoor outdoor detection system using smartphones. IEEE Sens. J. 18, 9 (2018), 3684–3693.Google ScholarCross Ref
- [5] . 2020. Towards defeating mass surveillance and SARS-CoV-2: The Pronto-C2 fully decentralized automatic contact tracing system. IACR Cryptol. Eprint Arch. 2020 (2020), 493.Google Scholar
- [6] . 2017. Secure multiparty computation from SGX. In Proceedings of the International Conference on Financial Cryptography and Data Security. Springer, 477–497.Google ScholarCross Ref
- [7] . 2019. Tracking anonymized bluetooth devices. Proc. Priv. Enhanc. Technol. 2019, 3 (2019), 50–65.Google ScholarCross Ref
- [8] . 2020. Decentralized contact tracing using a DHT and blind signatures. IACR Cryptol. Eprint Arch. 2020 (2020), 398.Google Scholar
- [9] . 2020. DESIRE: A third way for a european exposure notification system leveraging the best of centralized and decentralized systems. arXiv:2008.01621. Retrieved from https://arxiv.org/abs/2008.01621.Google Scholar
- [10] . 2020. SARS-CoV-2 transmission dynamics should inform policy. Clinical Infectious Diseases. https://doi.org/10.1093/cid/ciaa1442Google Scholar
- [11] . 2019. Trajcompressor: An online map-matching-based trajectory compression framework leveraging vehicle heading direction and change. IEEE Trans. Intell. Transport. Syst. 21, 5 (2019), 2012–2028.Google ScholarCross Ref
- [12] . 2019. Sgxpectre: Stealing intel secrets from SGX enclaves via speculative execution. In Proceedings of the IEEE European Symposium on Security and Privacy (EuroS&P’19). IEEE, 142–157.Google Scholar
- [13] . 2018. Labeled PSI from fully homomorphic encryption with malicious security. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 1223–1237.Google ScholarDigital Library
- [14] . 2017. Fast private set intersection from homomorphic encryption. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 1243–1255.Google ScholarDigital Library
- [15] . 2020. Contact tracing mobile apps for COVID-19: Privacy considerations and related trade-offs. arXiv:2003.11511. Retrieved from https://arxiv.org/abs/2003.11511.Google Scholar
- [16] . 2016. Intel SGX explained. IACR Cryptol. Eprint Arch. 2016, 86 (2016), 1–118.Google Scholar
- [17] . 2020. Covista: A unified view on privacy sensitive mobile contact tracing effort. arXiv:2005.13164. Retrieved from https://arxiv.org/abs/2005.13164.Google Scholar
- [18] . 2010. Linear-complexity private set intersection protocols secure in malicious model. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security. Springer, 213–231.Google ScholarCross Ref
- [19] . 2018. PIR-PSI: Scaling private contact discovery. Proc. Priv. Enhanc. Technol. 2018, 4 (2018), 159–178.Google ScholarCross Ref
- [20] . 2017. Scaling ORAM for secure computation. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 523–535.Google ScholarDigital Library
- [21] . 2020. Retrieved from https://www.enigma.co/products/.Google Scholar
- [22] . 2020. How COVID-19 Cases Are Evolving, along with our Understanding of the Virus. Retrieved from https://www.kgw.com/article/news/health/coronavirus/multnomah-co-top-health-official-talks-about-our-evolving-understanding-of-the-novel-coronavirus/283-f2deae47-ff37-4699-9b4b-12e0c522f03c.Google Scholar
- [23] . 2020. Quantifying SARS-CoV-2 transmission suggests epidemic control with digital contact tracing. Science 368, 6491 (2020).Google ScholarCross Ref
- [24] . 2020. CDC Updates COVID-19 Transmission Webpage to Clarify Information about Types of Spread. Retrieved from https://www.cdc.gov/media/releases/2020/s0522-cdc-updates-covid-transmission.html.Google Scholar
- [25] . 2021. Public Health Guidance for Community-related Exposure. Retrieved from https://www.cdc.gov/coronavirus/2019-ncov/php/public-health-recommendations.html.Google Scholar
- [26] . 2017. Performance of trusted computing in cloud infrastructures with intel SGX. In Closer. 668–675.Google Scholar
- [27] . 2009. Foundations of Cryptography: Volume 2, Basic Applications. Cambridge University Press.Google Scholar
- [28] . 2017. ST-hash: An efficient spatiotemporal index for massive trajectory data in a NoSQL database. In Proceedings of the 25th International Conference on Geoinformatics. IEEE, 1–7.Google ScholarCross Ref
- [29] . 2016. Memory encryption for general-purpose processors. IEEE Secur. Priv. 14, 6 (2016), 54–62.Google ScholarDigital Library
- [30] . 2020. Security analysis of the covid-19 contact tracing specifications by apple inc. And google inc. IACR Cryptol. Eprint Arch. 2020 (2020), 428.Google Scholar
- [31] . 2018. CTS: A cellular-based trajectory tracking system with GPS-level accuracy. Proc. ACM Interact. Mobile Wear. Ubiq. Technol. 1, 4 (2018), 1–29.Google ScholarDigital Library
- [32] . 2012. Private set intersection: Are garbled circuits better than custom protocols? In Proceedings of the Network and Distributed System Security Symposium (NDSS’12).Google Scholar
- [33] . 2009. Location privacy techniques in client-server architectures. In Privacy in Location-based Applications. Springer, 31–58.Google ScholarDigital Library
- [34] . 2020. Secure and efficient trajectory-based contact tracing using trusted hardware. In Proceedings of the 7th International Workshop on Privacy and Security of Big Data.Google Scholar
- [35] . 2020. Sketching algorithms for genomic data analysis and querying in a secure enclave. Nat. Methods 17, 3 (2020), 295–301.Google ScholarCross Ref
- [36] . 2017. SmartITS: Smartphone-based identification and tracking using seamless indoor-outdoor localization. J. Netw. Comput. Appl. 98 (2017), 97–113.Google ScholarDigital Library
- [37] . 2020. Monitoring Intel SGX Enclaves. Retrieved from https://fortanix.com/blog/2020/02/monitoring-intel-sgx-enclaves/.Google Scholar
- [38] . 2020. DEEPEYE: A data science system for monitoring and exploring COVID-19 data. IEEE Data Eng. Bull. 12 (2020).Google Scholar
- [39] . 2018. Oblix: An efficient oblivious search index. In Proceedings of the IEEE Symposium on Security and Privacy (SP’18). IEEE, 279–296.Google Scholar
- [40] . 2006. Efficiency tradeoffs for malicious two-party computation. In Proceedings of the International Workshop on Public Key Cryptography. Springer, 458–473.Google Scholar
- [41] . 2021. Give more data, awareness and control to individual citizens, and they will help COVID-19 containment. Ethics and Information Technology (2020), 1–6.Google ScholarDigital Library
- [42] . 2011. Location privacy via private proximity testing. In Proceedings of the Network and Distributed System Security Symposium (NDSS’11), Vol. 11.Google Scholar
- [43] . 2021. How detection ranges and usage stops impact digital contact tracing effectiveness for COVID-19. Sci. Rep. 11, 1 (2021), 1–11.Google ScholarCross Ref
- [44] . 2015. Returners and explorers dichotomy in human mobility. Nat. Commun. 6, 1 (2015), 1–8.Google ScholarCross Ref
- [45] . 2020. Hashomer-a proposal for a privacy-preserving bluetooth based contact tracing scheme for hamagen.Google Scholar
- [46] . 2014. Faster private set intersection based on OT extension. In Proceedings of the 23rd USENIX Security Symposium (USENIX Security’14). USENIX Association, 797–812.Google Scholar
- [47] . 2018. Scalable private set intersection based on OT extension. ACM Trans. Priv. Secur. 21, 2 (2018), 1–35.Google ScholarDigital Library
- [48] . 2020. Dysregulation of immune response in patients with Coronavirus 2019 (COVID-19) in Wuhan, China. Clin. Infect. Dis. 71, 15 (
03 2020), 762–768.Google ScholarCross Ref - [49] . 2020. Privacy-preserving contact tracing of COVID-19 patients. In Proceedings of the 41st IEEE Symposium on Security and Privacy.Google Scholar
- [50] . 2017. Malicious-secure private set intersection via dual execution. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 1229–1242.Google ScholarDigital Library
- [51] . 2020. The PACT Protocol Specification. Technical Report 0.1, Private Automated Contact Tracing Team, MIT, Cambridge, MA.Google Scholar
- [52] . 2015. Trusted execution environment: What it is, and what it is not. In Proceedings of the IEEE International Conference on Trust, Security and Privacy in Computing and Communications; Big Data Science and Engineering; Parallel and Distributed Processing with Applications (Trustcom/BigDataSE/ISPA’15), Vol. 1. IEEE, 57–64.Google ScholarDigital Library
- [53] . 2020. COVID-19 epidemic in switzerland: On the importance of testing, contact tracing and isolation. Swiss Med. Week. 150, 11-12 (2020), w20225.Google Scholar
- [54] . 2018. Bing Maps Tile System. Retrived from https://docs.microsoft.com/en-us/bingmaps/articles/bing-maps-tile-system.Google Scholar
- [55] . 2020. Unpacking the Privacy Concerns of aarogya setu App. Retrieved from https://blog.ipleaders.in/unpacking-privacy-concerns-aarogya-setu-app/.Google Scholar
- [56] . 2011. Pflow: Reconstructing people flow recycling large-scale social survey data. IEEE Pervas. Comput. 10, 4 (2011), 27–35.Google ScholarDigital Library
- [57] . 2012. Efficient reachability query evaluation in large spatiotemporal contact datasets. Proc. VLDB Endow. 5, 9 (2012), 848–859.Google ScholarDigital Library
- [58] . 2014. PRESS: a novel framework of trajectory compression in road networks. Proc. VLDB Endow. 7, 9 (May 2014), 661–672.Google ScholarDigital Library
- [59] . 2017. Efficient processing of reachability queries with meetings. In Proceedings of the 25th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems(
SIGSPATIAL’17 ). Association for Computing Machinery, New York, NY, Article 22, 10 pages.Google ScholarDigital Library - [60] . 2017. A formal foundation for secure remote execution of enclaves. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 2435–2450.Google ScholarDigital Library
- [61] . 2018. VAULT: Reducing paging overheads in SGX with efficient integrity verification structures. In Proceedings of the 23rd International Conference on Architectural Support for Programming Languages and Operating Systems. 665–678.Google ScholarDigital Library
- [62] . 2017. The circle game: Scalable private membership test using trusted hardware. In Proceedings of the ACM on Asia Conference on Computer and Communications Security. 31–44.Google ScholarDigital Library
- [63] . 2020. Privacy-preserving contact tracing: Current solutions and open questions. arXiv:2004.06818. Retrieved from https://arxiv.org/abs/2004.06818.Google Scholar
- [64] . 2020. TCN. Retrieved from https://github.com/TCNCoalition/TCN.Google Scholar
- [65] . 2020. Scoping Review of Mobile Phone App Uptake and Engagement to Inform Digital Contact Tracing Tools for COVID-19. PsyArXiv PrePrints. https://doi.org/10.31234/osf.io/qe9b6Google Scholar
- [66] . 2018. Switchless calls made practical in intel SGX. In Proceedings of the 3rd Workshop on System Software for Trusted Execution. 22–27.Google ScholarDigital Library
- [67] . 2020. New WHO Guidance Calls for More Evidence on Airborne Coronavirus Transmission. Retrieved from https://www.japantimes.co.jp/news/2020/07/10/world/science-health-world/who-covid19-airborne-transmission/.Google Scholar
- [68] . 2020. Epione: Lightweight contact tracing with strong privacy. arXiv:2004.13293. Retrieved from https://arxiv.org/abs/2004.13293.Google Scholar
- [69] . 2020. Decentralized privacy-preserving proximity tracing. IEEE Data (Base) Engineering Bulletin 43 (2020), 36–66.Google Scholar
- [70] . 2020. Aerosol and surface stability of SARS-CoV-2 as compared with SARS-CoV-1. New Engl. J. Med. 382, 16 (2020), 1564–1567.Google ScholarCross Ref
- [71] . 2020. Analysis of DP3T. IACR Cryptol. Eprint Arch. 2020 (2020), 399.Google Scholar
- [72] . 2020. Response to COVID-19 in taiwan: Big data analytics, new technology, and proactive testing. J. Am. Med. Assoc. 323, 14 (2020), 1341–1342.Google ScholarCross Ref
- [73] . 2019. Towards memory safe enclave programming with rust-sgx. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 2333–2350.Google ScholarDigital Library
- [74] . 2020. Mobile Location Data and Covid-19: Q&A. https://www.hrw.org/news/2020/05/13/mobile-location-data-and-covid-19-qa.Google Scholar
- [75] . 2020. The evidence of indirect transmission of SARS-CoV-2 reported in guangzhou, china. BMC Publ. Health 20, 1 (2020), 1–9.Google ScholarCross Ref
- [76] . 2020. REACT: Real-time contact tracing and risk monitoring using privacy-enhanced mobile tracking. SIGSPATIAL Spec. 12, 2 (
Oct. 2020), 3–14.DOI: DOI: https://doi.org/10.1145/3431843.3431845Google ScholarDigital Library - [77] . 2020. South Korea Is Reporting Intimate Details of COVID-19 Cases: Has It Helped? Retrieved from https://www.nature.com/articles/d41586-020-00740-y.Google Scholar
- [78] . 2018. Surf: Practical range query filtering with fast succinct tries. In Proceedings of the International Conference on Management of Data. 323–336.Google ScholarDigital Library
- [79] . 2018. REST: A reference-based framework for spatio-temporal trajectory compression. In Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining. 2797–2806.Google ScholarDigital Library
Index Terms
- PCT-TEE: Trajectory-based Private Contact Tracing System with Trusted Execution Environment
Recommendations
An Accurate, Flexible and Private Trajectory-Based Contact Tracing System on Untrusted Servers
Information Integration and Web IntelligenceAbstractInfections by the Covid-19 coronavirus have proliferated since the end of 2019, and many privacy-protective contact tracing systems have been proposed to limit infections from spreading. However, the existing Bluetooth-based contact tracking ...
Private Trajectory Data Publication for Trajectory Classification
Web Information Systems and ApplicationsAbstractTrajectory classification (TC), i.e., predicting the class labels of moving objects based on their trajectories and other features, has many important real-world applications. Private trajectory data publication is to anonymize trajectory data, ...
Accurate and Efficient Trajectory-Based Contact Tracing with Secure Computation and Geo-Indistinguishability
Database Systems for Advanced ApplicationsAbstractContact tracing has been considered as an effective measure to limit the transmission of infectious disease such as COVID-19. Trajectory-based contact tracing compares the trajectories of users with the patients, and allows the tracing of both ...
Comments