Description
Superspreading events have a profound impact in pandemics since one infected person
infects many other persons within a short period, which can lead to an uncontrolled
spread of a virus. It is desirable from an epidemiological point of view to support the
detection of superspreading events in automated contact tracing systems. However,
automated contact tracing systems are mainly concerned with tracing direct encounters
in local proximity.
This thesis investigates the question of how a superspreading event detection can be
added to the most widespread system in use, the Google and Apple Exposure Notification
Framework (GAEN). The challenge with a tracing system like GAEN is the decentralized
storage of the contact information since it is necessary to join the distributed data for a
successful detection at some point. Simultaneously, the enhanced capability should not
introduce an increased attack surface or harm users’ privacy.
The thesis proposes GAENEXT, an extension of GAEN, which enables the detection
of superspreading events. Since GAENEXT is a distributed algorithm, it avoids the need
for a central entity carrying out the computation. Special attention is paid to hide the
list of participants from GAEN’s central Diagnosis Server. GAENEXT’s feasibility is
demonstrated by a prototype implementation.
A security analysis reveals that GAENEXT amplifies some vulnerabilities of GAEN.
Hence, the adoption of GAENEXT should be preceded by improvements in GAEN.
Furthermore, the extension remains vulnerable against active attackers that can generate
false positives under some circumstances. Nonetheless, the thesis contributes impulses
towards the secure and private event detection in the specific context of superspreading
events.
|
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching