Nothing Is Every Perfect in Contract Tracing, But Here’s The Flaws in NHSX App
Nothing Is Ever Perfect in Contract Tracing, But Here’s The Weaknesses in NHSX App
Nothing’s perfect, especially when it comes to Contract Tracing! If you are interested, I have created a demo of the basic methods used here:
Back] The NHSX Contract Tracing App uses Elliptic Curve Integrated Encryption Scheme (ECIES) with AES. This is a demo…asecuritysite.com
While there are some things to like about the NHSX App, we need to understand the core risks, and make sure we mitigate against them. So, from what I can tell, the possible risks in NHSX app are:
- Only contacts that you have make after the install of App will be traced (if you are infected, you’re likely to be indoors anyway).
- The data is stored on the public cloud, and is not stored in the NHS infrastruture.
- A breach of the private key on the server releases all of the contacts.
- Bob can be traced for a day using his daily public key. This is generated every day, and is broadcast every time that Bob comes into contact with someone. By relaying the broadcast, to another place, Bob can be tracked with his daily public key. In the Google/Apple method, a new tracing ID is generated every 10 minutes, and which limits the tracking opportunties.
There are no real details given about the access that the NHS will have to the collected data, and if it is stored on the public cloud, there will be great risks in creating a large-scale data breach. This major risk is the breach of the private key of the Infrastructure Provider, especially on an insider leaking this key. As far as I can see, there will be a single key pair used for every encryption, so all the encrypted messages can be decrypted with the release of the single private key (as Bob’s public key can be matched to the private key of the HA).