The short name or acronym of the protocol

BlueTrace

In case multiple versions of the protocol exist, indicate the version number
1.0

edit

Technical descriptions/white papers describing the protocol. Provide one or more web addresses (one per line)

https://bluetrace.io/static/bluetrace_whitepaper-938063656596c104632def383eb33b3c.pdf

edit

If the protocol has been formally verified, provide a pointer to the proof and/or articles or paper(s) describing those efforts

add

Bay, Jason; Kek, Joel; Tan, Alvin Tan; Hau, Chai Sheng; Yongquan, Lai; Tan, Janice; Anh Quy, Tang

edit

People in the same location cannot be correlated to each other based on data sent upstream

add

References for the field 'Co-location cannot be inferred'

https://reviewfacility.eu/xwiki/bin/edit/Protocols/BlueTrace/WebHome

edit

Temporary IDs are generated and stored client-side
No

edit

https://web.archive.org/web/20200427144530/https://bluetrace.io/static/bluetrace_whitepaper-938063656596c104632def383eb33b3c.pdf

Chapter 5 - heading "Generation of TempID by backend service vs on device"

edit

Assurance that future encounters will not be compromised by knowledge of current encounter
Yes

edit

https://web.archive.org/web/20200427144530/https://bluetrace.io/static/bluetrace_whitepaper-938063656596c104632def383eb33b3c.pdf

Chapter 4 - heading "Storage of encounter history"
Chapter 8 - heading "Encounter Message replay/relay attack"

edit

Assurance that past encounters are not be compromised by knowledge of current encounter
Yes

edit

https://web.archive.org/web/20200427144530/https://bluetrace.io/static/bluetrace_whitepaper-938063656596c104632def383eb33b3c.pdf

Chapter 4 - heading "Generation of TempIDs"

edit

Attackers cannot trigger externally observable effects involving users they did not encounter
Yes

edit

https://web.archive.org/web/20200427144530/https://bluetrace.io/static/bluetrace_whitepaper-938063656596c104632def383eb33b3c.pdf

Chapter 8 - heading "Encounter Message replay/relay attack"

edit

Messages exchanged contain an adequate integrity check

add

https://web.archive.org/web/20200427144530/https://bluetrace.io/static/bluetrace_whitepaper-938063656596c104632def383eb33b3c.pdf

Chapter 4 - heading "Generation of TempIDs"

edit

Users cannot broadcast identifiers they did not originate or were assigned

add

add

Can a malicious user impersonate others by replaying broadcasted signals
No

edit

https://web.archive.org/web/20200427144530/https://bluetrace.io/static/bluetrace_whitepaper-938063656596c104632def383eb33b3c.pdf

Chapter 4 - heading "Generation of TempIDs"
Chapter 8 - heading "Encounter Message replay/relay attack"

edit

A passive adversary with physical proximity is unable to capture information not present IRL
Yes

edit

https://web.archive.org/web/20200427144530/https://bluetrace.io/static/bluetrace_whitepaper-938063656596c104632def383eb33b3c.pdf

Chapter 8 - heading "Encounter Message replay/relay attack"

edit

When users are near for multipe consecutive time slots, the combined data cannot be used to infer the length of an encounter.

add

add

Users who transmit reports never as a result reveal information to users they did not themselves come into contact with.

add

add

Users can retrieve updates concerning their medical status without revealing information to anyone

add

add

Different keys of the same user cannot be feasibly linked in any way by a passive observer which is able to gather a set of sufficient size by continued observation
Yes

edit

https://web.archive.org/web/20200427144530/https://bluetrace.io/static/bluetrace_whitepaper-938063656596c104632def383eb33b3c.pdf

Chapter 4 - heading "Generation of TempIDs"

edit

No leaks of information to other apps through timing analysis

add

add

Can the user control the pruning behaviour of the recorded contacts? As in, can data that is no longer relevant be set to be automatically removed?
No

edit

https://bluetrace.io/static/bluetrace_whitepaper-938063656596c104632def383eb33b3c.pdf

Chapter 3 - heading "DATA PROTECTION AND PRIVACY SAFEGUARDS"

edit

Server has full access to all user data (Leap of faith)

edit

The time window of every contact is registered

add

https://bluetrace.io/static/bluetrace_whitepaper-938063656596c104632def383eb33b3c.pdf

Chapter 4 - "HOW BLUETRACE WORKS"

edit

If the protocol has a home page on the web, add the URL
https://bluetrace.io

edit

If the protocol has a separate logo, please upload

add

Tags:
Created by Michiel Leenaars on 2020/05/17 16:44
    

Need help?

If you need help with XWiki you can contact:

reviewfacility
XWiki 11.10.3
contact@reviewfacility.eu