15 Jun Privacy and Security Considerations of Proximity Tracing Apps
From measurement reliability to Bluetooth frequency jamming methods: Cini National Cybersecurity Laboratory has published the white paper “Considerations on Privacy and Security of Proximity Tracing Apps“, in which it analyzes the different protocols for the management of computerized contact tracking and the risks for citizens’ privacy. The study is the result of the analysis and research conducted by the Working Group on Contact Tracing established by the Laboratory, which wanted to deepen the subject in view of the spread of Immuni, the tool adopted by the government to combat the spread of coronavirus.
In the report, the university professors, of heterogeneous skills in the field of cyber security, have deepened and analyzed the functioning of contact tracing, isolating some types of cyber attacks against which these technologies could be vulnerable. Some of these concern methods of identity appropriation of other devices or electromagnetic interference.
In addition to considerations regarding cyber risks, there is also an analysis of the different possible models and the differences between the architectures adopted by different countries. “To encourage the adhesion of this instrument, it is necessary that it offers adequate guarantees for the protection of the privacy of the subjects involved – concludes the Working Group – which can be summarized in a few ‘guiding’ principles: voluntary adhesion, maximum protection of privacy, interoperability of protocols both at a national level – the smartphone market is extremely heterogeneous – and at an international level, for a full restoration of the Schengen area”.
“With our work we wanted to isolate and clarify some computer security risks that we believe should be taken into great consideration for the benefit of the citizens”, commented Alessandro Armando, professor at the University of Genoa and coordinator of the Working Group: “In the white paper we distinguish the specific risks of the Immuni app from those arising from the use of the solution developed jointly by Apple and Google, and from those due to the use of Bluetooth for contact detection”.
“Perhaps so far we have dwelt too much on the surface of the problems potentially related to contact tracing,” says Paolo Prinetto, director of the National Cybersecurity Laboratory of Cini: “We hope that this work of ours, academic and transversal, can help to have a clearer idea of the risks associated with these technologies.
The disclosure of the white paper was accompanied by the publication of an article on Wired Italia by the members of the Working Group.
Alessandro Armando, Università di Genova
Mario A. Bochicchio, Università del Salento
Francesco Buccafurri, Università Mediterranea di Reggio Calabria
Alberto Marchetti Spaccamela, Sapienza Università di Roma
Fabio Massacci, Università di Trento
Francesco Palmieri, Università di Salerno
Paolo Prinetto, Politecnico di Torino
Silvio Ranise, Fondazione Bruno Kessler, Trento