The UK Contact Tracing App: Version 2?

The UK Contact Tracing App: Version 2?

I am confused with the UK Contract Tracing App.

The UK have released a new contact tracing application within the Isle of Wright and with an expected large scale role out across the whole country. The method is almost completely different to the version that Google and Apple are using, and focuses on the use of public key encryption and a central server in the public Cloud. But why go our own way with an imcompatiable system that goes against many other countries? But, now to add a bit more doubt, the Financial Times has discovered that NHSX has awarded a six-month £3.8 million contract to a company in order to investigate a system using the Google/Apple API.

While the Apple/Google method uses the privacy enhancing method of generating a unique ID on the user’s device and an embedded Bluetooth integration, the UK system uses a centralised approach and with a weak use of public key encryption method. Bascially it uses public key encryption to regenerate a symmetric key. It should be noted that in TLS 1.3 the usage of a public key to protect the symmetric key was removed, as a long term leak of a private key would reveal all of the keys involved.

With this, initially Bob registers with the HA and is given an InstallationID, a signing key and the public key of the HA. Every day he then creates a new key pair, which is a public key (PubBobD) and a private key (PrivBobD). He takes the public key from the HA (HAPub) and his own private key (BobPrivD) and create a unique symmetric key (SecretD). This secret key is then used to encrypt the his ID. Then he puts his daily public key alongside the encrypted message, and sends to Alice, who could then forward to the HA. In order to stop a replay, Bob takes a hash of all of the message, and then signs this with his signing key (using HMAC). The HA can then check that he has signed it. Overall the HA can decrypt the message as it can generate the same secret key (SecretD) from Bob’s daily public key and its private key (HAPriv). The major flaw in this is that a breach of the HA’s private key will reveal all of the contacts. It is also centralised, so it is not that difficult to trace Bob to the InstallationID:

The method involved is here.

The current version of the App being trialed in the Isle of Wright was developed by Zuhlke (a Swiss company with a base in London) and Privotal (a US based company). It uses a daily public key for the user, and then uses the public key of the Health Authority (HA) to encrypt the user’s ID (InstallationID). A contact is then logged onto a central database. But there are worries about Bluetooth integration (perhaps using up too much power). But there are many security weaknesses in the proposed method, including the breach of the HA’s private key, and which would cause all of the encrypted records to be reveal. A user, too, can also be tracked for a single day, as their public key is exposed in the transmission. With the Google/Apple API, the user can only be tracked for a 10 minute period, before their ID is changed. The core advantage of the Google/Apple API is that the consent for the tracking is embedded into the operating system, rather than within the App. Thus UK App aims to run in the background, and be always on. This is likely to have secrurity weaknesses (such as for fake application) and significant battery drain.

Conclusions

Scratch head! I don’t want to worry you, too, but I think that the central database is hosted by a private company and is run in the public cloud, and not in the NHS.