BlindSignedID: Mitigating Denial-of-Service Attacks on Digital Contact Tracing

08/21/2020 ∙ by Bo-Rong Chen, et al. ∙ 0

Due to the recent outbreak of COVID-19, many governments suspended outdoor activities and imposed social distancing policies to prevent the transmission of SARS-CoV-2. These measures have had severe impact on the economy and peoples' daily lives. An alternative to widespread lockdowns is effective contact tracing during an outbreak's early stage. However, mathematical models suggest that epidemic control for SARS-CoV-2 transmission with manual contact tracing is implausible. To reduce the effort of contact tracing, many digital contact tracing projects (e.g., PEPP-PT, DP-3T, TCN, BlueTrace, Google/Apple Exposure Notification, and East/West Coast PACT) are being developed to supplement manual contact tracing. However, digital contact tracing has drawn scrutiny from privacy advocates, since governments or other parties may attempt to use contact tracing protocols for mass surveillance. As a result, many digital contact tracing projects build privacy-preserving mechanisms to limit the amount of privacy-sensitive information leaked by the protocol. In this paper, we examine how these architectures resist certain classes of attacks, specifically DoS attacks, and present BlindSignedIDs, a privacy-preserving digital contact tracing mechanism, which are verifiable ephemeral identifiers to limit the effectiveness of MAC-compliant DoS attacks. In our evaluations, we showed BlindSignedID can effectively deny bogus EphIDs, mitigating DoS attacks on the local storage beyond 90 showed that using 4 attackers can cause the gigabyte level DoS attacks within normal working hours and days.



There are no comments yet.


page 1

page 2

page 3

page 4

This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

1 Introduction

In light of the success of several countries’ SARS-CoV-2 containment strategies based on aggressive contact tracing, several researchers have developed approaches to digital contact tracing [4, 6, 7, 8, 13, 17, 34]. Because of the privacy concerns inherent with disclosing user location traces, several proposals include mechanisms for privacy-preserving proximity tracing. These mecachisms make use of a limited-time identity to reduce an adversary’s ability to track that device from broadcast to broadcast; these identities are variously called ephemeral ID [34], Temporary ID [13], and Rolling Proximity ID [4]; in this paper, we will use the term ephemeral ID or EphID. To reduce the amount of bandwidth needed to disseminate positive identities, these ephemeral IDs are generated from a master secret in a one-way manner, such that the master secret is sufficient to derive all relevant ephemeral IDs, but that several ephemeral IDs leak no information about other associated ephemeral IDs.

In existing designs, a user receiving an ephemeral ID can neither associate that ephemeral ID with other ephemeral IDs from the same contact, nor can the user verify the validity of an ephemeral ID that it receives; as a result, a user must store all of the ephemeral IDs that it encounters across the maximum incubation period (widely set at 14 days for SARS-CoV-2). Furthermore, storing these ephemeral IDs in the cloud faces significant privacy challenges; if a large fraction of users trust a single cloud storage provider to store unencrypted ephemeral IDs, that cloud storage provider would learn extensive privacy-compromising information about a user’s social structure. As a result, existing schemes [4, 6, 8, 17, 34] largely assume that ephemeral IDs are stored on the user’s own device until the incubation period has expired. However, because of the limited storage available on commonly-used mobile devices, an attacker can send a large number of bogus ephemeral IDs, overwhelming the storage of all but high-end devices. We call this attack the DoS attacks. In fact, the existing EphID-based designs [4, 6, 7, 8, 13, 17, 34] are widely adapted by many countries [3, 5, 7, 10, 13], which occupy approximately 12.5% [37] of the world population, thus making these people’s mobile devices vulnerable to DoS attacks. In this paper, we propose a design for BlindSignedIDs, where receivers can verify ephemeral IDs in-place, and senders can generate only a limited number of ephemeral IDs based on a resource constraint, such as personal phone numbers, that must be verified before privacy-preserving verifiable ephemeral identifiers are issued, while still providing privacy from the certificate authority through the use of blind signatures. The rest of this paper is organized as follows: in Section 2, we make system assumptions and describe the attacker model. In Section 3, we describe the security issues regarding current designs of digital contact tracing. Section 4 introduces our approach in detail. We provide an analysis of BlindSignedID in Section 5 and 6. Section 7 demonstrates our example DoS attacks and BlindSignedID can effectively reduce DoS attacks. Section 8 reviews current projects. We make conclusions in Section 9.

2 System Assumptions and Threat Model

2.1 System Assumptions

Each received EphID is kept in the user’s local storage for at least 14 days. The stored EphID includes additional information (e.g., encountering time and duration), which consumes fixed-byte spaces in the local storage. Moreover, the user stores every received EphID regardless of any encountering duration for recording and checking exposure. Finally, the mobile devices support Bluetooth Random Private Address [1], where each received EphID cannot be linked to the real Bluetooth device address.

2.2 Threat Model

The attacker is able to modify the BLE protocol such that her device can advertise BLE beacon packets with the minimum interval. Namely, the transmission interval is not bounded by the underlaying BLE stack (e.g., maximum and minimum intervals in BlueZ [2]). She specifies the standard BLE flags with arbitrary content (i.e., spoofing EphID) such that other users will receive and keep the packets in the local storage. Morever, the attacker uses a powerful BLE antenna for larger transmission ranges.

3 Problem Environment and Statement

3.1 Existing Contact Tracing Design

In this section, we describe DP-3T [34] at a high level, to set the context for our attacks and our approaches. DP-3T generates ephemeral IDs using:


where is a 16-byte ephemeral ID, is secret day seed, is a pseudo-random function, and is a pseudo-random generator. To further reduce the amount of information disseminated for a positive report, DP-3T generates the next secret day seed by hashing the previous secret day seed with a one-way hash function, so that the dissemination of one secret day seed allows contact tracing for all subsequent days.

Each user generates 288 EphIDs per day, randomly reorders them, and uses Bluetooth Low Energy (BLE) to broadcast each EphID for one epoch (5 minutes). A device receiving such a beacon stores the

EphID, signal strength information (such as RSSI), and the date on which the beacon was received, for a total of 36 bytes per EphID for the low-cost design and 52 bytes for the unlinkable design [34]. A receiving device must store these records for 14 days. When a user tests positive, her secret day seeds from the infectious period will be uploaded to the backend, so that other users can fetch seeds and compare with their local records to determine whether they have been in contact with this particular user.

3.2 Problem Statement

Although storing in local space with user-generated ephemeral IDs reveals no information from the user, it suffers from DoS attacks. Specifically, because a user cannot link messages from different secret-day seeds (and even if they could, the attacker can choose arbitrary secret-day seeds), an attacker with a high-power Bluetooth antenna can stream newly-generated ephemeral IDs limited only by bandwidth. BLE has bandwidth of 1–2 Mbps, so any receiver within transmission range of an attacker will need to store (based on the overhead specified in the DP-3T paper) 1–2 GB per hour or 8–16 GB for an 8-hour day. Even when considering the possibility of compression or elimination of certain data, the incompressible EphID alone will amount to between 450 MB and 900 MB per hour, or 3.6 GB to 7.2 GB across an 8-hour working day. Since many phones do not have several gigabytes of available storage, such an attacker can cause the victim’s phone to run out of space. We believe that the lack of authentication of ephemeral IDs makes many privacy-preserving contact tracing approaches [4, 6, 7, 8, 13, 17, 34] vulnerable to DoS attacks.

3.3 Out-of-Scope Problems

Our approaches are designed for the attacks listed above, and not for other, similar attacks. In this section, we describe similar attacks that we do not attempt to address, and discuss the design choices that led us to draw these boundaries.

Our DoS attacks aims at MAC-and-PHY-compliant attackers. While previous work has examined jamming attacks against the physical layer [22, 23, 27, 33] and other attacks against the MAC layer [11, 14, 15, 18, 19, 25, 28], the aim of digital contact tracing is to be immediately available on commodity hardware, which includes commodity wireless chipsets. As a result, mechanisms that require new approaches to the physical-layer or MAC-layer are non-starters for these protocols. Furthermore, the level of complexity required to build jamming devices or MAC-layer attacks makes these attacks less practical than ones that can be built on any Bluetooth compatible system. When future devices may include support for more robust physical- and MAC-layers, our work can integrate with these approaches for greater robustness.

4 Proposed Approach

In this section, we describe our approach to the attacks discussed earlier. First, we examine how ephemeral IDs can be verified. Previous work [12, 26, 29, 30, 36] have developed schemes that use attacker’s resource limitations (e.g., ability to compute computational puzzles or solve CAPTCHAs) to create fairness between normal users and automated attackers. Our approach to BlindSignedIDs builds on this work to limit the ability of adversaries to create unbounded numbers of valid ephemeral IDs. In particular, verifying a user’s real identity or phone number can serve as the basis for generating a set of valid identifiers in a privacy-preserving way.

4.1 Generating verifiable ephemeral identifiers

BlindSignedIDs. We build verifiable ephemeral identifiers on subliminal-free blind signatures [21], illustrating the approach using RSA blind signatures. The signer first generates a public-private key pair for each day; we call (, ) the verification and signing exponent used on day to create credentials for day . (The modulus should also change from day to day.) Both the verification exponent, the modulus, and a

(used to pad the

EphID to a length suitable for signing) are published in advance of day . On day , the user creates a main secret day seed , and uses a pseudo-random generator on to generate secondary secret day seeds:


(where is chosen to reduce the chance that an attacker generates EphIDs corresponding to a secret key; we suggest ) and generates sets of EphIDs using


The user then blinds each EphID. To blind EphIDs in a manner easily verifiable by the signer, the user chooses a main blinding seed and uses a pseudo-random generator on to generate secondary blinding seeds , one for each secondary secret day seed:


The user then uses a pseudo-random generator on each to compute a set of blinding values for each EphID, with


where is the signer’s public exponent, and blinding the EphID


is a value chosen for that day to pad the EphID to the size of the RSA group. For example, if we use 2048-bit RSA and 104-bit EphID, the is 1944 bits. In this manner, the user generates sets of blinded EphIDs, each of which corresponds to a single secondary secret day seed. The user then contacts the backend server, proves her identity (for example, a phone number, social media account, or national identity), and sends the set of all blinded EphIDs to the signer. The signer first verifies the identity and ensures that it has not previously signed certificates for this identity for this day. The signer then chooses one set of blinded EphIDs asks the user to reveal the blinding factors and secondary secret day seeds of all remaining sets. The user then reveals the requested secret day seeds and their corresponding blinding seeds. If all revealed EphIDs generated correctly, the signer blindly signs all resulting values from the selected set and sends the signed values back to the user, as shown in Equation 7.


where is the private key for signing on day (and use on day ). If EphIDs are not correctly generated, the signer adds the user into a blocklist, such that the credentials she used are not valid at the signer for a certain period of time (the length of time to be chosen should depend on the possibility of reassignment; for example, longer-term blocking for national identities and social media accounts may be reasonable, but blocks for phone numbers should expire after a few months). By ensuring that EphIDs are generated correctly, we can ensure that a positive test can be represented by a single secondary secret-day seed, ensuring that anyone broadcasting verifiable ephemeral identifiers can correctly report a positive test. Figure 1 illustrates the registration process.

Figure 1: User Registration.

The user computes signatures from the signed values by inverting the used to blind each :


All EphIDs generated and signed on day are used on day . We can choose an arbitrary period for signing and refreshing keys, but we choose a day in line with DP-3T [34].

4.2 Authenticating verifiable ephemeral identifiers in Beacons

Because BLE beacons only have 31 bytes of space, of which 3 bytes are used for BLE flags, including a blind signature for an EphID into the beacon would require the use of several beacons, which could lead to computational attacks on packet defragmentation. To avoid these possibilities, we propose to have the signer exchange signed EphIDs for EphIDs authenticated using TESLA [31]. TESLA uses authenticators based on symmetric cryptography to provide broadcast authentication by using the time at which information is disclosed as the mechanism for creating asymmetry. In particular, the entity wishing to authenticate messages (in this case, the signer) creates a sequence of keys using a one-way hash function: , and a schedule at which these keys will be released: , as illustrated in Figure 2. The signer will release key at time , so if a verifier receives a message before the signer’s clock has reached , the signer knows that the message is authentic if it is authenticated using the key . TESLA relies on loose time-synchronization for security, meaning that each clock must be within a bounded margin of error from the signer’s clock (in our design, will be approximately 5 minutes, and the maximum time-synchronization error will be around 10 seconds). Thus, if the message is received before time on the receiver’s clock, the receiver knows that it is before time on the signer’s clock.

Figure 2: Key Sequence.

Figure 3: BLE Beacon Format.

To exchange RSA blind-signed verifiable ephemeral identifiers for TESLA-authenticated MACs corresponding to each EphID, a user requests them through a MIX [20] on day , providing a nonce, an encryption key, the EphID, the corresponding signature SD, and the time interval at which the user intends to use them on day (these time intervals should be standardized across all requesters to minimize privacy loss). The signer verifies the signature, and if valid and not requested before, generates the authenticator (Auth) for the requested time interval. The signer then encrypts the authenticator using the encryption key and publishes the nonce and encrypted authenticator. On day , a user can retrieve their authenticators for day using one of three approaches: (i) full download: the user downloads the entire list of nonces and encrypted authenticators, discarding all values other than the ones chosen by the user; (ii) partial download: the user intially constructs the nonces so that they are equal in some bits; the user then requests a subset of the list by specifying the bits that are equal across all of that users’ requests; (iii) individual download: a user with limited resources can also request their authenticators through anonymous connection such as Tor [9]. Because authenticators for each EphID are requested separately through a MIX, the signer cannot link two EphIDs except to know that EphIDs authenticated for the same time are likely to be from different users.

When broadcasting a beacon, a user broadcasts the EphID and the TESLA authenticator used for the current time interval. When receiving a beacon, a receiver carries the EphID, the Auth, the time of receipt, and the signal strength. A beacon is kept for two time intervals; if the two keys following the time of receipt do not match the Auth, then the receiver knows that the EphID is not authenticated for the interval in which it was used (see evaluations in Section 7.1). Finally, we use 13 bytes (104 bits) for both EphIDs and Auth to fit within the 28-byte payload limit, as shown in Figure 3.

4.3 Storing Received Beacons

When a device receives a beacon, the user stores them as . When the user obtains the current released key at time from TESLA server, she firstly verifies with by a one-way hash function; she then verifies each EphIDs received in the previous period by checking its authenticator . If the is valid, the device accepts the record and keeps that record in longer-term storage; authenticator verification can be performed in-place to mitigate DoS attacks. Optionally, our protocol can be combined with [32] to prevent relay and replay attacks. However, the details of preventing relay and replay attacks are beyond the scope of our protocol.

4.4 Checking Exposure

When a health authority determines a user is a positive case, all her secondary secret-day seeds and the selected numbers during the infectious period (typically 2 days before symptoms happen) are published in a blockchain, together with a sequential case number for the day of publication. Each user fetches the list of these positive cases, and generates EphIDs with the secondary secret-day seeds and the selected numbers , and compares the EphIDs with the EphIDs in their local storage. If there is a match, the device can suspect contact with a positive case.

FinalTrial. We propose to use the blockchain to provide an additional defense to the identifier-spoofing attacks. When a user generates BlindSignedIDs, she also requests blind-signatures for a set of codes of the form , where is a nonce and represents a sequential case number; these codes are signed with a daily signing key different than the signing key used for BlindSignedIDs. Specifically, the user generates sufficient codes to respond to the maximum number of positive tests that might reasonable affect her jurisdiction for a day. Each such test is a nonce . She then builds a Merkle tree over these nonces, by first hashing each one, then hashing adjacent pairs to reach a tree root. She blinds the tree root by calculating , has it signed as , and unblinds the signature by calculating . When a device matches positive case number , instead of immediately notifying the user, the device posts , SP, and the Merkle path required for verification to the blockchain, allowing each user to determine the number of matches corresponding to each positive case. When a single positive case experiences an excessive number of matches, the device may choose to warn the user that the match seems unlikely, or may entirely ignore the match.

5 Privacy Analysis

In our design, real IDs (such as phone numbers) are revealed to a signing server before the server provides EphIDs. Since EphIDs are blind-signed with a subliminal-channel-free signature, each EphID is indistinguishable, and could be associated with any real ID that was presented on the day on which it was signed.

Lemma 1. Given two signed EphIDs, and , and two possible identities, and , the signer can gain no advantage on which EphID is assigned to which identity; that is, any attempt to assign to

succeeds with probability



The signer generates a RSA key pair (, ) and a public modulo , and publishes the public exponent and modulo (, ). The user generates a set of ephemeral identifiers, {, , }, and a set of random numbers raised by the public exponent modulo to create blinding factors, {, , }. She multiplies the ephemeral identifiers with the blinding factors to obtain the resulting value set .


The set is sent to the signer, and the signer signs each EphID in using the private key . Since , the signer generates a signature set SD


The signer learns the signature set is associated with the user’s real IDs. However, for any pair of values (, ) in the signature set


Since the blinding factors are randomly generated, they could take on any value. For example, if we consider two EphIDs, and , blinded as follows: , these are indistinguishable from . In other words, for each EphID and each blinded EphID , there exists a blinding factor for such that the signing request for would create a signature for . Naturally, the security of the blind-signature scheme requires that such blinding factors be computationally difficult to compute, but they exist and are equiprobable blinding factors: specifically, if a signer generates signatures on one day, then for any given EphID, there are blinding possible blinding factors, each of which corresponds to one blind-signature request. Each such blinding factor is indistinguishably probable to the signer. ∎

When a user provides authenticators to the signer, she also includes the time interval and a nonce; the signer therefore learns only the which EphIDs are used in each time interval, and the correlation between nonces and EphIDs. First, if the signer is not compromised, there is no privacy loss, because only the signer has the correlation between EphID and nonce. Even when the signer is compromised, a user adopting the full download method reveals no information about her authenticators. However, the size of download lists might be multiple gigabytes if there are millions of participants. The partial download method saves user resources at the cost of some privacy in case of a compromised signer; however, revealing only a small part of the nonce (e.g., 1 byte of a 16 byte nonce), each user still retains a significant anonymity set. Finally, the individual download method loses more privacy in case of a compromised signer, but the specific amount of privacy loss depends on the mechanism by which the values are downloaded (for example, when downloading over Tor [9], the privacy properties are the same as Tor’s).

6 Security Analysis

Mitigate DoS attacks. BlindSignedIDs mitigate the DoS attacks by ensuring that each EphID stored by a user is an EphID generated for a valid user. BlindSignedID provides an in-place verification to mitigate the DoS attacks on the local storage in that the user will reject an arbitrarily generated EphID that is not associated with a real identity.

7 Evaluations

7.1 BlindSignedID on DoS attacks

Single attacker. In this section, we evaluated BlindSignedID via sending BLE beacons using mobile devices. Figure 4 shows our experimental setup. We implemented a release key UDP server as the TESLA server, and each key was released every 5 mins. Moreover, we built an Android application to advertise BlindSignedID and scan BLE beacons on two victim’s phones placed at a distance of around 20 cm. For the single attacker, we generated a set of 70,000 random EphIDs sent by a single Raspberry Pi 3 Model B with the distance 1.5 m. We used the first 13-byte of HMAC-SHA1 as authenticator. Each random BLE beacon was broadcasted and the rotating time was 20 ms. The receiver stored each EphID with the time of first receipt, duration, RSSI and authenticator temporarily. Whenever a key release is scheduled, the receiver fetches the key over UDP, checks the key, and for each record, attempts to verify the record. When a record is verified, the receiver puts the time of first receipt, duration of contact, and RSSI in local storage, consuming 38 bytes per EphID. Figure 5 shows our results. Our BlindSignedID rejected all DoS attacks periodically created by the attacking set, and prevented nearly 30,000 fake EphIDs stored in 30 mins. Consequently, the original EphID designs are vulnerable to DoS attacks, and BlindSignedID can mitigate such attacks in-place. In an actual attack, the attacker can further modify BlueZ stack to transmit BLE beacons as frequently as possible, so DoS attacks are even more severe under such circumstances.

Figure 4: DoS attacks Experimental Setup.

Figure 5: Stored EphIDs Sent by Single Attacker.

Multiple attackers. In addition, we evaluated BlindSignedID with multiple attackers to somewhat mitigate the long interval between attacker EphIDs. We generated 4 sets of 4,320,000 random EphIDs, which were used by 2 and 4 Raspberry Pis. Figure 6 shows that 2 and 4 attackers using off-the-shelf BlueZ broadcast intervals can cause approximately 1,227,000 and 1,891,000 stored EphIDs within 8 hrs, representing 645 MBytes and 1.076 GBytes across 14 8-hour days, respectively. Due to networking and processing delays, receivers do not filter all of the invalid EphIDs every 5 minutes, but the system still trends towards significant reductions in storage requirements.

(a) 2 Attackers.
(b) 4 Attackers.
Figure 6: Stored EphIDs Sent by Multiple Attackers.

Crowded environment. We performed 3 experiments where over 14 people were originized in grid positions with a distance of 0.5 m, 1 m, and 1.5 m in a middle-size room, respectively. (These experiments were conducted in compliance with local social distancing requirements.) We used 6 Raspberry Pis as the attackers to send random EphIDs near the same power outlet. Each scenario was conducted for 1–2 mins. Table 1 reported the numbers of received EphIDs and real EphIDs verified by BlindSignedID. As distance increases, devices receive fewer EphIDs due to signal strength losses over longer distances. Also, our BlindSignedID continues to effectively reduce storage consumption, removing over 90% of the identities produced by DoS attacks.

Scenario Distance
Original EphIDs
Reduced Rate
0.5 m 12,122 181 96.72%
1.0 m 6,526 76 97.87%
1.5 m 2,098 28 93.59%
Table 1: DoS attacks on crowded indoor environment.

8 Related Works

This section reviews several papers that inspire BlindSignedID.

Digital Contact Tracing. BlindSignedID mostly follows the current design of DP-3T [34], where a secret day seed is used to generate a set of ephemeral identifiers. Most current projects follow the similar designs. However, current designs suffer from DoS attacks. Although BlindSignedID is based on DP-3T, it can be applied to a wide range of projects based on ephemeral IDs, such as [4, 6, 7, 8, 13, 17, 34]. Moreover, the user registration of BlueTrace [13] utilizes the phone number to acquire a unique, randomised user ID from the backend server. Like BlueTrace, BlindSignedID requires the real IDs (e.g., phone numbers), but the BlueTrace server can learn which particular phone number is linked to which user ID. In other words, the signer can violate the user’s privacy; in BlindSignedID, by contrast, the signer learns no information that can associate an ephemeral identifier with a real ID, other than the day on which the EphID was signed and the set of real IDs that authenticated on that day. The ROBERT protocol [16], a framework related to PEPP-PT [7], suggests that the proof-of-work system can be used during application registration to prevent from automatic registrations, but it does not solve the DoS attacks in-place on local storage, and the wide range of computation power available to different devices makes it difficult to simultaneously allow older mobile phone users to create identities while also preventing well-resourced attackers from creating thousands of identities.

Replay and Relay Attacks. [32, 35] seek to prevent replay and relay attacks on DP-3T. Such attacks can be performed by broadcasting ephemeral IDs generated by published secret seeds. Since these published seeds are positive cases, other users receive false alerts due to such attacks. [35] propose an interactive protocol to prevent such attacks, but it might not be efficient for digital contact tracing. [32] further present Delayed Authentication, which is a non-interactive method to prevent (long-term) replay and relay attacks. They tie a BLE broadcast beacon to time and location information through a key. The receiver verifies potential positives with the backend server. BlueTrace [13] utilizes encrypted User IDs with timestamps as TempID for beaconing, thus mitigating long-term replay attacks (but not relay attacks) by validating the timestamps of each TempID after the user uploads all records. In summary, these proposals prevent long-term replay attacks and potentially relay attacks by including time information and keys in BLE beacons. However, the current digital contact tracing systems still suffer from DoS attacks.

9 Conclusion

In this paper, we present BlindSignedIDs, which can mitigate DoS attacks on the current digital contact tracing designs. In particular, we propose BlindSignedIDs that are verifiable without compromising the user’s privacy to mitigate DoS attacks. Anonymous identifiers do cause the mass surveillance difficult to be conducted. However, using anonymous identifiers without verifications introduces security issues in the current designs. Finally, we evaluated our BlindSignedIDs with example DoS attacks and showd BlindSignedIDs can reduce DoS attacks.


This work is supported by NSF under CNS-17313 and R.O.C. (Taiwan) Ministry of Education for MOE 108 Government Scholarship to Study Abroad. We thank Professor Hsu-Chun Hsiao for supporting experiments at National Taiwan University and offering valuable feedback.