Deniability in Automated Contact Tracing: Impossibilities and Possibilities
Authors: Christoph U. Günther (Institute of Science and Technology Austria), Krzysztof Pietrzak (Institute of Science and Technology Austria)
Volume: 2024
Issue: 4
Pages: 636–648
DOI: https://doi.org/10.56553/popets-2024-0134
Abstract: Automated contact tracing (ACT) emerged as a promising measure to curb the spread of Covid-19. Users enable ACT on their smartphones to automatically record contacts with other users. If a user tests positive for the disease, they report their diagnosis to alert their contacts.
Designing effective ACT protocols is challenging since they need to be efficient and secure while also ensuring users' privacy. As ACT protocols necessarily leak some information by design, defining privacy is difficult. For example, a user cannot deny having met another user. Ideally, however, the user can plausibly deny everything else, in particular, when they met. We call this privacy property contact-time deniability.
While some early works discussed contact-time deniability informally, it has received little attention since then. We investigate deniability from a rigorous, theoretical point of view and arrive at the following impossibility result:
A decentralized protocol with unidirectional communication cannot be contact-time deniable and replay-secure. This holds even if malicious users treat smartphones as black-boxes.
Unidirectional protocols are usually very efficient and many proposals are unidirectional, e.g., the widely-deployed Google-Apple Exposure Notifications. So the impossibility result considerably constrains the design space of efficient, secure, and private ACT protocols. However, it can also be used as a guide; we discuss several possibilities to achieve contact-time deniability in practice.
Keywords: automated contact tracing, deniability, replay security, impossibility result
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.
