EpiOracle: Privacy-Preserving Cross-Facility Early Warning for Unknown Epidemics
Authors: Shiyu Li (University of Electronic Science and Technology of China), Yuan Zhang (University of Electronic Science and Technology of China), Yaqing Song (University of Electronic Science and Technology of China), Fan Wu (Central South University), Feng Lyu (Central South University), Kan Yang (University of Memphis), Qiang Tang (The University of Sydney)
Volume: 2025
Issue: 1
Pages: 361–378
DOI: https://doi.org/10.56553/popets-2025-0020
Abstract: Syndrome-based early epidemic warning plays a vital role in preventing and controlling unknown epidemic outbreaks. It monitors the frequency of each syndrome, issues a warning if some frequency is aberrant, identifies potential epidemic outbreaks, and alerts governments as early as possible. Existing systems adopt a cloud-assisted paradigm to achieve cross-facility statistics on the syndrome frequencies. However, in these systems, all symptom data would be directly leaked to the cloud, which causes critical security and privacy issues. In this paper, we first analyze syndrome-based early epidemic warning systems and formalize two security notions, i.e., symptom confidentiality and frequency confidentiality, according to the inherent security requirements. We propose extsf{EpiOracle}, a cross-facility early warning scheme for unknown epidemics. EpiOracle ensures that the contents and frequencies of syndromes will not be leaked to any unrelated parties; moreover, our construction uses only a symmetric-key encryption algorithm and cryptographic hash functions (e.g., [CBC]AES and SHA-3), making it highly efficient. We formally prove the security of EpiOracle in the random oracle model. We also implement an EpiOracle prototype and evaluate its performance using a set of real-world symptom lists. The evaluation results demonstrate its practical efficiency.
Keywords: eHealth systems, early epidemic warning, privacy preservation
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.
