DESIRE
- The short name or acronym of the protocol
-
DESIRE
- In case multiple versions of the protocol exist, indicate the version number
-
1.0
- Technical descriptions/white papers describing the protocol. Provide one or more web addresses (one per line)
-
- If the protocol has been formally verified, provide a pointer to the proof and/or articles or paper(s) describing those efforts
-
-
Claude Castelluccia, Nataliia Bielova, Antoine Boutet, Mathieu Cunche, Cedric Lauradoux, Daniel Le Métayer and Vincent Roca.
- People in the same location cannot be correlated to each other based on data sent upstream
-
Yes
- References for the field 'Co-location cannot be inferred'
-
https://github.com/3rd-ways-for-EU-exposure-notification/project-DESIRE/raw/master/DESIRE-specification-EN-v1_0.pdf Chapter 1.2 Private Encounter Tokens (PETs)
- Temporary IDs are generated and stored client-side
-
Yes
-
- Assurance that future encounters will not be compromised by knowledge of current encounter
-
Yes
-
https://github.com/3rd-ways-for-EU-exposure-notification/project-DESIRE/raw/master/DESIRE-specification-EN-v1_0.pdf 1.2 Private Encounter Tokens (PETs)
- Assurance that past encounters are not be compromised by knowledge of current encounter
-
Yes
-
https://github.com/3rd-ways-for-EU-exposure-notification/project-DESIRE/raw/master/DESIRE-specification-EN-v1_0.pdf 3. Risk Analysis
- Attackers cannot trigger externally observable effects involving users they did not encounter
-
No
-
https://github.com/3rd-ways-for-EU-exposure-notification/project-DESIRE/raw/master/DESIRE-specification-EN-v1_0.pdf 3. Risk Analysis
- Messages exchanged contain an adequate integrity check
-
No
-
https://github.com/3rd-ways-for-EU-exposure-notification/project-DESIRE/raw/master/DESIRE-specification-EN-v1_0 Appendix C. Bluetooth communications
- Users cannot broadcast identifiers they did not originate or were assigned
-
Yes
-
https://github.com/3rd-ways-for-EU-exposure-notification/project-DESIRE/raw/master/DESIRE-specification-EN-v1_0.pdf 1.2 Private Encounter Tokens (PETs)
- Can a malicious user impersonate others by replaying broadcasted signals
-
Yes
-
https://github.com/3rd-ways-for-EU-exposure-notification/project-DESIRE/raw/master/DESIRE-specification-EN-v1_0.pdf 1.2 Private Encounter Tokens (PETs) 3. Risk Analysis
- A passive adversary with physical proximity is unable to capture information not present IRL
-
-
https://github.com/3rd-ways-for-EU-exposure-notification/project-DESIRE/raw/master/DESIRE-specification-EN-v1_0 3. Risk Analysis
- When users are near for multipe consecutive time slots, the combined data cannot be used to infer the length of an encounter.
-
No
-
https://github.com/3rd-ways-for-EU-exposure-notification/project-DESIRE/raw/master/DESIRE-specification-EN-v1_0 2.4 Exposure Status Request
- Users who transmit reports never as a result reveal information to users they did not themselves come into contact with.
-
No
-
https://github.com/3rd-ways-for-EU-exposure-notification/project-DESIRE/raw/master/DESIRE-specification-EN-v1_0 3. Risk Analysis
- Users can retrieve updates concerning their medical status without revealing information to anyone
-
No
-
https://github.com/3rd-ways-for-EU-exposure-notification/project-DESIRE/raw/master/DESIRE-specification-EN-v1_0 note 29 on page 12
- Different keys of the same user cannot be feasibly linked in any way by a passive observer which is able to gather a set of sufficient size by continued observation
-
No
-
https://github.com/3rd-ways-for-EU-exposure-notification/project-DESIRE/raw/master/DESIRE-specification-EN-v1_0 3. Risk Analysis
- No leaks of information to other apps through timing analysis
-
-
- Can the user control the pruning behaviour of the recorded contacts? As in, can data that is no longer relevant be set to be automatically removed?
-
No
-
https://github.com/3rd-ways-for-EU-exposure-notification/project-DESIRE/raw/master/DESIRE-specification-EN-v1_0 3. Risk Analysis
-
An honest-but-curious server cannot learn information about user locations/contacts
- The time window of every contact is registered
-
Yes
-
https://github.com/3rd-ways-for-EU-exposure-notification/project-DESIRE/raw/master/DESIRE-specification-EN-v1_0 2.1 Application Initialization
- If the protocol has a home page on the web, add the URL
-
https://hal.inria.fr/hal-02570382/
- If the protocol has a separate logo, please upload
-