You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
p10 could use a couple of short sentences of introduction. It may be well known in the community what exactly goes into a threat model section, but the White Paper will probably be getting quite a bit of attention even beyond the tighter security community, and it might be good to explain that this section lists the capabilities various potential adversaries are assumed to have. Without such an introduction some parts of p10 may read like they describe weaknesses of the currently proposed system. E.g.:
(Network adversary) Can use observed network traffic to determine the state of a user (e.g., whether they are at-risk, infected, etc.)
might be read as saying that for the current model a network adversary can actually discover at-risk or infected status of a user. As I understand the system the described, blinding should make it impossible for a network adversary to determine at-risk status. Similar blinding could easily be added so that infection reports are not detectable by a network adversary.
p10:
Can observer network communication (i.e., source and destination of packages, payload, time) and/or Bluetooth BLE broadcast messages.
The health authority learns information about at-risk people only when these at-risk people themselves reach out to the health authority (e.g., after receiving a notification from their app).
p13:
This attack is inherent to any proximity-based system notification system, as the adversary only uses the fact that they are notified together with additional information gathered by their phone or other means.
p16:
The latter can only be changed by (1) being infected with SARS-Cov-2, and then (2) reporting somebody else’s key $SK_t$ so that that key is treated as infected.
Here it might be useful to add that $SK_t$ is only available to the attacker if the owner of the key has provided it to them. (Or it has already been published, but then there is nothing to be gained from republishing.)
Data Protection and Security:
p2:
From this data, the identity of the patient cannot be derived by the server or by the apps of other users (see below), it is nearly anonymous. Before this point, no data other than the broadcast EphIDs leaves the phone.
I think the phrase "it is nearly anonymous" does more harm than good. It makes you wonder, well, what now, is it anonymous or not?
p3:
Figure 1; Normal Operation: B should not be recording its own EBID
p4:
hard to parse sentence:
The theoretical potential of this attack is the tradeoff to obtain technical guarantees that prevent function creep and ensure limitation by design.
p5:
also hard to understand for me:
As a result, the fact that the sensitive information, including health information, has equivalent protection to genuinely anonymous data, means that it is protected from all actors by among the most technically stringent safeguards possible in a system with the functions necessary for this purpose.
The text was updated successfully, but these errors were encountered:
White Paper:
p10 could use a couple of short sentences of introduction. It may be well known in the community what exactly goes into a threat model section, but the White Paper will probably be getting quite a bit of attention even beyond the tighter security community, and it might be good to explain that this section lists the capabilities various potential adversaries are assumed to have. Without such an introduction some parts of p10 may read like they describe weaknesses of the currently proposed system. E.g.:
might be read as saying that for the current model a network adversary can actually discover at-risk or infected status of a user. As I understand the system the described, blinding should make it impossible for a network adversary to determine at-risk status. Similar blinding could easily be added so that infection reports are not detectable by a network adversary.
p10:
p13:
p16:
Here it might be useful to add that$SK_t$ is only available to the attacker if the owner of the key has provided it to them. (Or it has already been published, but then there is nothing to be gained from republishing.)
Data Protection and Security:
p2:
I think the phrase "it is nearly anonymous" does more harm than good. It makes you wonder, well, what now, is it anonymous or not?
p3:
Figure 1; Normal Operation: B should not be recording its own EBID
p4:
hard to parse sentence:
p5:
also hard to understand for me:
The text was updated successfully, but these errors were encountered: