A Secure and Privacy-Preserving Contact Tracing System for the Covid-19 Pandemic
Due to a large number of asymptomatic carriers, the COVID‑19 contagion is complex to monitor. Confirmed patients, as well as potentially infected individuals, are required to quarantine in order to control the spread of the virus. When a person is confirmed infected, a Contact Tracing System (CTS) is used by health authorities to determine their whereabouts and obtain a list of the individuals with ‘close’ encounters so that they can be advised to self-quarantine. Several countries such as China, South Korea and Singapore have developed and already use CTSs. However, these CTSs do not preserve the privacy of their user: health authorities keep track of everyone’s whereabouts and can identify confirmed cases and their ‘close’ contacts. Such an approach is not acceptable in Europe and North America. Consequently, several CTS proposals have been put forth to improve privacy. Proprietary closed-source solutions (e.g., from Apple/Google) are not acceptable in light of recent breach-of-privacy scandals. Some proposed CTSs have inherent security vulnerabilities. Others (e.g., from UK’s NHSX and from the MILA lab in Montreal) require human intervention. In this project, we propose developing a Privacy-Preserving Quarantine Notification System. Through the use of Bluetooth and WiFi-enabled mobile devices, a user will be able to receive a notification to quarantine if this user has encountered a confirmed Covid-19 patient 14 days before or after the lab confirmation date of this patient. A future version will also support IoT sensors. Our system is the only one we know that fulfills the following requirements: 1) secure (i.e., resilient to cyberattacks); 2) fully automated (i.e., not rely on human intervention except for its easy installation); 3) privacy preserving (i.e., prevent unlawful identification of an individual) and 4) efficient (i.e., quarantine notifications must be timely). The guarantees of our system with respect to security and privacy will favour its widespread adoption by Canadians, which, in turn, will ensure we stop the spread of the virus and successfully restart our economy.
