Automated Security Analysis of Exposure Notification Systems

by   Kevin Morio, et al.

We present the first formal analysis and comparison of the security of the two most widely deployed exposure notification systems, ROBERT and the Google and Apple Exposure Notification (GAEN) framework. ROBERT is the most popular instalment of the centralised approach to exposure notification, in which the risk score is computed by a central server. GAEN, in contrast, follows the decentralised approach, where the user's phone calculates the risk. The relative merits of centralised and decentralised systems have proven to be a controversial question. The majority of the previous analyses have focused on the privacy implications of these systems, ours is the first formal analysis to evaluate the security of the deployed systems – the absence of false risk alerts. We model the French deployment of ROBERT and the most widely deployed GAEN variant, Germany's Corona-Warn-App. We isolate the precise conditions under which these systems prevent false alerts. We determine exactly how an adversary can subvert the system via network and Bluetooth sniffing, database leakage or the compromise of phones, back-end systems and health authorities. We also investigate the security of the original specification of the DP3T protocol, in order to identify gaps between the proposed scheme and its ultimate deployment. We find a total of 27 attack patterns, including many that distinguish the centralised from the decentralised approach, as well as attacks on the authorisation procedure that differentiate all three protocols. Our results suggest that ROBERT's centralised design is more vulnerable against both opportunistic and highly resourced attackers trying to perform mass-notification attacks.


Dispelling Myths on Superposition Attacks: Formal Security Model and Attack Analyses

It is of folkloric belief that the security of classical cryptographic p...

Risk Framework for Bitcoin Custody Operation with the Revault Protocol

Our contributions with this paper are twofold. First, we elucidate the m...

A Critique of the Google Apple Exposure Notification (GAEN) Framework

As a response to the COVID-19 pandemic digital contact tracing has been ...

Securing Input Data of Deep Learning Inference Systems via Partitioned Enclave Execution

Deep learning systems have been widely deployed as backend engines of ar...

A First Look at Digital Rights Management Systems for Secure Mobile Content Delivery

Digital rights management (DRM) solutions aim to prevent the copying or ...

Protocols for Checking Compromised Credentials

To prevent credential stuffing attacks, industry best practice now proac...

Tempest: Temporal Dynamics in Anonymity Systems

Many recent proposals for anonymous communication omit from their securi...

Please sign up or login with your details

Forgot password? Click here to reset