Anti-Coronavirus Cryptography

Gonzalo Álvarez Marañón    23 June, 2020
Anti-Coronavirus Cryptography

Governments and health authorities worldwide are launching infection tracing apps. Moreover, within an unprecedented partnership, Apple and Google joined forces to create an API that makes it easier to develop this app. Scientists agree that the adoption of these types of apps by as many citizens as possible will help curb the spread of Covid-19. According to a rough estimate, if 80% of mobile users with iOS or Android install them, this would be equivalent to 56% of the total population, a figure sufficient to contribute significantly to curbing the pandemic.

Unfortunately, since the launch of these apps was announced, all kinds of hoaxes and fake news have been spreading lies about conspiracy spying scenarios. This groundless fear can lead many people not to use the app when it is available in their country, so in this post we will explain how its cryptography works to ensure the privacy of users.

Cryptography of Apps Based on Apple’s and Google’s API

If the health authorities of your country or region have created an app, you can download it from Apple Store or Play Store, depending on whether your device is iOS or Android, respectively. Although you can have more than one app installed on your device that uses exposure notifications, only one can be active at a time.

If you choose to voluntarily install the app authorised in your region or country, this will ask your permission to collect and share random identifiers. To protect your privacy, the app uses a Cryptographically Secure Pseudorandom Number Generator to independently and randomly generate a Temporary Exposure Key (ExpKey) every 24 hours. From it, an encryption key is derived through a HDKF function to generate the Rolling Proximity Keys (RPIKey) and an Associated Encrypted Metadata Key (AEMKey) to encrypt additional metadata in case you later test positive.

RPIKey = HKDF(ExpKey, NULL, UTF8(“EN-RPIK”), 16)

AEMKey = HKDF(ExpKey, NULL, UTF8(“EN-AEMK”), 16)

Specifications for Bluetooth Low Energy (BLE) assume that your device’s MAC address changes every 15-20 minutes to prevent tracking. Every time your MAC address changes, the app generates a new Rolling Proximity ID (RPID) obtained by encrypting, via AES-128 with the previous RPIKey, the value of the new 10-minute time window, Ti.

RPID = AES128(RPIKey, UTF8(“EN-RPI”) || 0x000000000000 || Ti)

On the other hand, the associated metadata are encrypted with AES128-CTR using as key the previous AEMKey and as IV, the RPID.

AEM = AES128−CTR(AEMKey, RPID, Metadata)

Ilustración 1. Esquema de Claves para Notificación de Exposiciones
Figure 1. Key Schedule for Exposure Notification (Source: Exposure Notification Cryptography Specification)

This metadata includes the date, the estimated duration of exposure and the strength of the Bluetooth signal. To further protect your privacy, the maximum estimated duration recorded is 30 minutes. The Bluetooth signal strength helps to understand the proximity of the devices. In general, the closer the devices are, the greater the recorded signal strength. Also, other devices that receive your Bluetooth identifiers will record them in a similar way and store them along with their associated metadata.

As you can see, neither the Bluetooth identifiers nor the random keys on the device include information about your location or identity. Also, GPS cannot be seen, so there is no way to track your movements.

Your terminal and the terminals around you work in the background, constantly exchanging this RPID information and encrypted metadata through BLE without the need to have the application open.

What Happens if I Test Positive for Covid-19?

If you are later diagnosed with Covid-19, your terminal uploads your last 14 temporary exposure keys (ExpKey) to a server of the health authorities of your region or country called Diagnosis Server. Its mission is to add the diagnosis keys of all the users who have tested positive and to distribute them to all the other users who take part in the exposure notification.

All other devices on the system download these 14 keys, regenerate the RPIDs for the last 14 days, and compare them with the locally stored identifiers. If there is a match, the app will have access to the associated metadata (but not to the matched identifier), so it can notify you that a potential exposure has occurred and guide you on the steps to be taken based on health authorities’ instructions.

Depending on its design, the app may generate an exposure risk value that the government or health authorities could use to adapt the guidelines specifically for you in order to better control the pandemic. The exposure risk value is defined and calculated based on the associated metadata, as well as the transmission risk value that the government or health authorities may define for the matching device random keys. In no case will the exposure risk value or transmission risk value be shared with Apple or Google.

The parameters used for this transmission risk value could include information you have provided (such as the symptoms you report or whether your diagnosis has been confirmed by a test) or other data that the government or health authorities consider could affect your risk of transmission, such as your job. The information you choose to provide to the government or health authorities is collected in accordance with the terms of the app’s privacy policy and its legal obligations.

Conversely, if you remain healthy and do not test positive, your Temporary Exposure Keys will not leave your device.

Some Final Thoughts on the Apple and Google API and Your Privacy

Given the image of Google’s and Apple’s Big Brother and in our collective mind, many people will not care about the cryptography of this API and will not trust these two companies. To give you more reassurance, keep in mind that:

  • You decide whether or not you receive exposure notifications: This technology only works if you choose it. If you change your mind, you can turn it off at any time.
  • The Exposure Notification System does not track your location: It does not collect or use the location of your device via GPS or other means. It uses Bluetooth to detect if two devices are close to each other, without disclosing their location.
  • Neither Google, Apple nor other users can see your identity: All matches in the Exposure Notification system are processed on your device. Health authorities may request additional information from you, such as a phone number to contact you for further guidance.
  • Only health authorities can use this system: Access to technology will be granted only to health authority applications. Their applications must meet specific criteria in terms of privacy, security, and data use.
  • Apple and Google will disable the exposure notification system in each region when it is no longer required.

Success Lies in Critical Mass

Remember that these apps will only work if at least 80% of iOS and Android users install them and keep Bluetooth on when they leave home. If you disable your device’s Bluetooth connection, random Bluetooth identifiers will also stop being collected and shared with other devices. This means that the app will not be able to notify you if you have been exposed to someone with Covid-19.

Therefore, when making the decision whether to use these apps or not, each citizen must find the right balance in his or her conscience between the public good and the safeguard of privacy.

Leave a Reply

Your email address will not be published.