Abstract
We provide a model in the Isabelle Infrastructure framework of the recently published German Corona-virus warning app (CWA). The app supports breaking infection chains by informing users whether they have been in close contact to an infected person. The app has a decentralized architecture that supports anonymity of users. We provide a formal model of the existing app with the Isabelle Infrastructure framework to show up some natural attacks in a very abstract model. We then use the security refinement process of the Isabelle Infrastructure framework to highlight how the use of continuously changing Ephemeral Ids (EphIDs) improves the anonymity.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
That is, if he moves alone: if all others from pub go to shop with him his anonymity remains intact.
- 2.
We identify the smartphone and the user which might be also recognized by his appearance (face).
- 3.
Adding probabilities as in [6] enables quantifying this.
References
Apple and Google. Exposure notification framework (2020). https://www.google.com/covid19/exposurenotifications/
Bundesregierung, D.: Die Corona-Warn-App: Unterstützt uns im Kampf gegen Corona, 2020. German government announcement and support of Coronavirus warning app. https://www.bundesregierung.de/breg-de/themen/corona-warn-app
CHIST-ERA. Success: Secure accessibility for the internet of things (2016). http://www.chistera.eu/projects/success and https://github.com/success-iot
Kammüller, F.: Attack trees in Isabelle. In: Naccache, D., et al. (eds.) ICICS 2018. LNCS, vol. 11149, pp. 611–628. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01950-1_36
Kammüller, F.: Formal modeling and analysis of data protection for GDPR compliance of IoT healthcare systems. In: IEEE Systems, Man and Cybernetics, SMC 2018. IEEE (2018)
Kammüller, F.: Attack trees in Isabelle extended with probabilities for quantum cryptography. Comput. Secur. 87, 101572 (2019)
Kammüller, F.: Combining secure system design with risk assessment for IoT healthcare systems. In: Workshop on Security, Privacy, and Trust in the IoT, SPTIoT 2019, colocated with IEEE PerCom. IEEE (2019)
Kammüller, F.: Isabelle infrastructure framework with IoT healthcare S&P application and corona-virus warn app (2020). https://github.com/flokam/IsabelleAT
Kammüller, F., Kerber, M., Probst, C.: Insider threats for auctions: formal modeling, proof, and certified code. J. Wirel. Mob. Netw. Ubiquit. Comput. Dependable Appl. (JoWUA) 8(1), 44–78 (2017). Special Issue on Insider Threat Solutions - Moving from Concept to Reality
Kammüller, F., Nestmann, U.: Inter-blockchain protocols with the Isabelle Infrastructure framework. In: Formal Methods for Blockchain, 2nd International Workshop, Co-located with CAV 2020. Open Access series in Informatics, vol. 84. Dagstuhl Publishing (2020)
Kammüller, F.: A formal development cycle for security engineering in Isabelle (2020). Cornell University, arxive.org https://arxiv.org/abs/2001.08983
Kammüller, F., Kerber, M.: Applying the Isabelle Insider framework to airplane security (2020). Cornell University, arxive.org https://arxiv.org/abs/2003.11838
Nipkow, T., Wenzel, M., Paulson, L.C. (eds.): Isabelle/HOL – A Proof Assistant for Higher-Order Logic. LNCS, vol. 2283. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45949-9
The Corona-Warn-App Project (2020). https://github.com/corona-warn-app
The Corona-Warn-App Project. Corona-warn-app solution architecture (2020). https://github.com/corona-warn-app/cwa-documentation/blob/master/solution_architecture.md
The DP-3T Project. Decentralized Privacy-Preserving Proximity Tracing (2020). https://github.com/DP-3T
The DP-3T Project. Decentralized privacy-preserving proximity tracing - White Paper (2020). https://github.com/DP-3T/documents/blob/master/DP3TWhitePaper.pdf
The DP-3T Project. Privacy and security risk evaluation of digital proximity tracing systems (2020). https://github.com/DP-3T/documents/blob/master/Securityanalysis/PrivacyandSecurityAttacksonDigital ProximityTracing Systems.pdf
The DP-3T Project. README: Apple/Google Exposure Notification (2020). https://github.com/DP-3T/documents
The DP-3T Project. Response to ‘Analysis of DP3T: Between Scylla and Charybdis’ (2020). https://github.com/DP-3T/documents/blob/master/Securityanalysis/Responseto’AnalysisofDP3T’.pdf
The PEPP-PT Project. Pan-European Privacy-Preserving Proximity Tracing (2020). https://github.com/PEPP-PT
The ROBERT Project. ROBust and privacy-presERving proximity Tracing protocol (2020). https://github.com/ROBERT-proximity-tracing
Vaudenay, S.: Analysis of DP3T: Between Scylla and Charybdis (2020). https://eprint.iacr.org/2020/399.pdf
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Kammüller, F., Lutz, B. (2020). Modeling and Analyzing the Corona-Virus Warning App with the Isabelle Infrastructure Framework. In: Garcia-Alfaro, J., Navarro-Arribas, G., Herrera-Joancomarti, J. (eds) Data Privacy Management, Cryptocurrencies and Blockchain Technology. DPM CBT 2020 2020. Lecture Notes in Computer Science(), vol 12484. Springer, Cham. https://doi.org/10.1007/978-3-030-66172-4_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-66172-4_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-66171-7
Online ISBN: 978-3-030-66172-4
eBook Packages: Computer ScienceComputer Science (R0)