Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use TOTP (RFC-6238) to generate EphIDs from daily Changing SK(t) #303

Open
sslHello opened this issue May 14, 2020 · 1 comment
Open

Use TOTP (RFC-6238) to generate EphIDs from daily Changing SK(t) #303

sslHello opened this issue May 14, 2020 · 1 comment

Comments

@sslHello
Copy link

sslHello commented May 14, 2020
edited
Loading

Suggestion/Request for discussion:
According to the discussion in Issue #66 and the mentioned assessment of the DESIRE proposal, solely BLE beacons are estimated to be used (no individual, bidirectional communication).
So I'd suggest to use the TOTP: Time-Based One-Time Password Algorithm (RFC6238) to generate the EphIDs based on a daily changing seed (SK(t)). Use a strong seed to generate HMAC-SHA256, but truncate the calculated EphID to 16-20 bytes as needed (still looking for a RFC where they have done this already).
Clocks should be relatively synchronized, perhaps this could be verified by as a part of the daily dummy for the upload function.
The EphID should be calculated as often as possible and needed according to locally trace the time of a contact. If possible at least 2 different EphIDs should be sent within the critical contact time (from medical view). So if you calculate that you miss closely the first and the last beacon in this time-frame, t(EphID)="critical time-frame"/3.
Changing the EphIDs could also reduce the risk of false positives as a sequence or a subset of a sequence EphIDs from the same sender helps to recognize the contact using the uploaded SK(t) for the day.
Received EpIDs, time and signal strength should be stored on the phone.
If there are no strong signals within a sliding window (e.g. n * "critical time-frame") these signals could be ignored (e.g. deleted) to reduce the size of local data. Weak signals within the sliding window of a strong signal should be persisted to recognize dangerous contacts with an as infected reported person.

Note: SK(t) should additionally be changed after an infected patient uploaded its SK(t, t-1, t-n) of the last days where he could have infected other persons.
From my point of view it should be also considered to go on beaconing, as it may get more suspicious to pass by a person that does not use the app than continuing beaconing after being tested positive or getting healthy (and not uploading any SK(t) later).
@sslHello sslHello mentioned this issue May 14, 2020
Open
@sslHello sslHello changed the title Use TOTP (RFC-6238) to generate EphIDs from dayly Changing SK(t) Use TOTP (RFC-6238) to generate EphIDs from daily Changing SK(t) May 14, 2020
@sslHello
Copy link
Author

According to RFC4868 it is OK to truncate a HMAC-SHA-256 to 128 bits for IPSec, so the EphIDs could use the same HMAC-SHA-256-128 standard.
Just use the first 128 bits of a SHA-256 HMAC, sounds reasoable for me to be better than HMAC-SHA-128.

@sslHello sslHello mentioned this issue May 23, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sslHello