Share this page!

Lea Kissner Profile picture
Twitter logo
3 Feb, 18 tweets, 6 min read
@carmelatroncoso is speaking about "CONTACT TRACING APPS: ENGINEERING PRIVACY IN QUICKSAND" at #enigma2021

usenix.org/conference/eni…
Engineering contact-tracing apps has been a marathon

Why make them?
* manual contact-tracing became totally overwhelmed with covid cases
* can we supplement with technology?
Constraints: security and privacy
* protect from misuse: surveillance, target marginalized individuals, etc.
* purpose limitation by default
* hide user's identity, location, behaviour
* preserve system integrity
Those fears were well-founded -- information collected for covid was used by other parties e.g. police
Hidden constraint: reality
* highly scalable and reliable
* design under time pressure, has to be built and verified quickly
* dependencies, dependencies -- have to use the sensors we already have
First idea... never got made because reality is hard and has to work with the phones we have
* can't use too much battery
* Apple needed to be involved so that the app could see BT beacons (blocked for privacy reasons)
* needs to be compatible between Android and iOS
Google and Apple did the implementation, which had a lot of implications
* App creates a secret every day
* creates unlinkable BT tokens to broadcast that day
* when you see BT tokens, store them for later use
* If you're infected, upload your BT tokens to a server for when you were infectious
* Everyone gets the "infectious" tokens. If you've seen them, then the phone tells you to isolate and get tested
Strong privacy protections
* unlinkable
* information virtually all stays on the phone
* system sunsets by design
Protocol is just a part of a whole interlocking solution
* epidemiological etc
Authorization mechanism first design
* has to be hard to delegate
* privacy

We know how to do this with crypto (commit in a token)
... but health systems don't have the tools to handle this!
have to use a simple activation code
Are we done?
* in this system the only uploads are from covid+ people
* we can solve! first version: have everyone upload random crud
* but in the real world, you don't know peoples' behaviour. It's going to get messy. And you could accidentally DDoS the server/network
* battery
* also can't use an anonymity network (e.g. ToR) because it's not everywhere, would get DoSed, and we can't afford delays to notifcation (the whole point is to be faster than manual contact tracing)
How to get this access code?
Servers don't live in a vacuum
[ I can vouch for this. It's very messy. No you can't read that whole diagram, I know. It's messier than that. ]
Where is this deployed?
Field experiment in Zurich Oct 2020
* 80% of COVID+ users upload codes
* 22% sent quarentine
* 1/10 tested + after notification
Key lessons:
* data is not a must
* privacy engineering goes well beyond crypto
* privacy engineering in a cloud world is hard [yes]
* keeping in mind socio-technical integration is key
* purpose limitation and abuse prevention is a must

[end of talk]

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Lea Kissner

Lea Kissner Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @LeaKissner

Lea Kissner Profile picture
3 Feb
Last talk of #enigma2021 by Marcus Botacin: "DOES YOUR THREAT MODEL CONSIDER COUNTRY AND CULTURE? A CASE STUDY OF BRAZILIAN INTERNET BANKING SECURITY TO SHOW THAT IT SHOULD!"

usenix.org/conference/eni…
The outcomes I get from my analysis of malware I find in Brazil were quite different than what I saw in analysis of malware from other researchers. Why? Because the malware attacks were different!
The Brazilian banking system:
* let's move banking to computers (80s)to keep up with hyperinflation
* desktop clients for users... and the attackers migrated from physical to fake desktop app attacks -- that would only work in Brazil because that's where the banking was ImageImage
Read 18 tweets
Lea Kissner Profile picture
3 Feb
@gianluca_string is up at #enigma2021 speaking about "COMPUTATIONAL METHODS TO UNDERSTAND AND MITIGATE ONLINE AGGRESSION"

[Make sure to catch the talks when they're posted -- my hands can't keep up with these speakers and the talks are 🔥]

usenix.org/conference/eni…
Content note: this talk is about online abuse as some of the content may be upsetting
Got pulled into this after a screenshot of a class assignment sending folks to post on 4chan to post about race/gender/etc issues got posted on 4chan without the email address... so the 4chan folks thought it was @gianluca_string. It wasn't, but they doxxed and harassed anyway
Read 15 tweets
Lea Kissner Profile picture
3 Feb
Kicking off the last session of #enigma2021, @katestarbird is speaking about an extremely pressing topic: "ONLINE RUMORS, MISINFORMATION AND DISINFORMATION: THE PERFECT STORM OF COVID-19 AND ELECTION2020"

usenix.org/conference/eni…
So much mis/dis-information in the last few months about covid: rumours about lockdowns, home remedies... and then conspiracy theories
This ... thing was taken viral by media and social media and spread so much mis/dis-information.
Read 24 tweets
Lea Kissner Profile picture
3 Feb
"THE LIMITS OF SANDBOXING AND NEXT STEPS" from Chris Palmer at #enigma2021

usenix.org/conference/eni…
This talk is going to go through the experience pushing the boundaries on sandboxing in the Chrome browser

What is sandboxing?
* breaking something into lower/higher privileged process
* necessary for browers, OSes, VMs etc.
Chromium uses to reduce the amount of privilege of the application: also to reduce the amount of privilege for code that touches websites (renderer)
* split different websites into different processes
* good defense against logic bugs (e.g. same-origin policy)
Read 18 tweets
Lea Kissner Profile picture
3 Feb
Next up at #enigma2021, Alex Gaynor from @LazyFishBarrel (satirical security company) will be talking about "QUANTIFYING MEMORY UNSAFETY AND REACTIONS TO IT"

usenix.org/conference/eni…
Look for places where there are a lot of security issues being handled one-off rather than fixing the underlying issue
We tried to fix credential phishing mostly by telling people to be smarter, rather than fixing the root cause: people being able to use phished credential.

2-factor auth just ... fixes the problem.
Read 15 tweets
Lea Kissner Profile picture
3 Feb
It's time to talk about @zoom_us security over @zoom_us at #enigma2021 by Merry Ember Mou with the talk "BUILDING E2EE AND USER IDENTITY"

usenix.org/conference/eni…
Zoom's launched end-to-end encryption 5 months after the white paper was published
* prevents eavesdroppers between users who are speaking to each other
* protection against compromised servers
[ here's the E2EE whitepaper from Zoom]

github.com/zoom/zoom-e2e-…
Read 20 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @LeaKissner has new unrolls!

Check out other threads from @LeaKissner!

Read all threads by @LeaKissner