Enhancing the Privacy and Reliability of Massive-scale Bluetooth Low Energy Contact Tracing
Southwest Virginia Contact Tracing
Daphne Yao, associate professor, computer science, Virginia Tech
Carol Fung, associate professor, engineering, Virginia Commonwealth University; Tijay Chung, assistant professor, computer science, VT
Numerous studies have shown the importance of early detection and quarantine in preventing the spread of the deadly COVID virus. However, technology-based contact tracing is grossly undervalued and underutilized. We will examine and harden the security, privacy, and reliability of contact tracing mobile apps, with a focus on Virginia’s COVIDWISE contact tracing app. COVIDWISE is based on Google and Apple’s Exposure Notification System, which utilizes Bluetooth low energy (BLE) technology to broadcast Bluetooth beacons from one device to another when mobile users come in close proximity. Our rigorous security and privacy analysis will have two focuses: (i) to ensure that the library code (from Google and Apple) and the application code (from various government and health organizations) properly protect user privacy and (ii) to harden the design and implementation, if necessary. Our preliminary work has identified beacon-related deficiencies on mobile devices. We will conduct comprehensive static and dynamic runtime program analyses and tests to inspect all aspects of the operations, including data and control flows, data storage, cryptographic key generation, and network communications. Equally important, we will explain and democratize the knowledge of BLE-based contact tracing to the general public and advocate for the wide use of contact tracing apps within the Commonwealth. The team has deep expertise in mobile and network security and is strongly determined to contribute to the well-being of Commonwealth residents. Our project will help address the early infection detection challenge in this unprecedented global pandemic and contribute to the Commonwealth’s economic recovery.