ppdt icon indicating copy to clipboard operation
ppdt copied to clipboard

Published 20 hours ago verified publisher icon degregat

SafePath-Privacy preserving location tracking for Covid19

Open cankisagun opened this issue 4 years ago • 6 comments

Check out our work, we are using GPS location instead of bluetooth and designed a privacy preserving DB and querying tool using Trusted Execution Environments

https://github.com/enigmampc/SafeTrace

Let us know if we can help

cankisagun avatar Mar 25 '20 20:03 cankisagun

Looks interesting, but it seems you are currently at the point where the full location history has to be shared with the server in a way that he can read, i.e. I have to trust the server.

I see that you are exploring other options ('…include homomorphic encryption, multiparty computation, and differential privacy…') but it seems these are still at the thinking about stage?

That being said: we are committed to create a protocol where we do not trust either the users nor the server at all (this is explicitly part of the threat model), and we want to make it impossible to use this service to create motion profiles.

So, if you accept this precondition we welcome all support. If that is too much to ask, we would love it if we could maybe collaborate so your app could send and receive those BLE beacons we send as well, so your users can also benefit from users who cannot or do not want to share their location history.

dwt avatar Mar 26 '20 08:03 dwt

@dwt the trust is not so much on the server but the properties of the Trusted Executing Environment (TEE). This is not your regular server - the idea is data is encrypted at client-side (user app) and only decrypted inside the TEE. TEE private keys are generated inside the TEE and never leave. We use Diffie Hellman encryption. If you trust the TEE properties (and are able to set it up properly), no data can be used for creating motion profiles Other options like FHE are not feasible at this stage.

We are not building an app. The goal is to create a privacy preserving DB for apps that collect data to securely share.

I guess you should check out this group for bluetooth work - https://join.slack.com/t/covid19riskre-jgl7299/shared_invite/zt-d1865m7k-PRKOfR80N6qbUV~ur3nfVg

cankisagun avatar Mar 26 '20 16:03 cankisagun

@cankisagun please correct me if I'm wrong, but there is no way that I (as an app user) can verify that you set up the server correctly, but you still require from me that I give information that you (or in that case the server) can decrypt to perform computation on? That sounds like almost a disaster from our point of view, as I have no control over the data I give you - once I gave it to you.

If that is the case, that is exactly the scenario we are trying to prevent with our effort.

That being said, I think there is still value if you guys enhance your app with a bluetooth component that a) works indoors and when gps information is unreliable or non existent, and b) allows you guys to integrate and share information to and with people who are unable / not willing to share location data. Have a look at https://github.com/ito-org/ where we have one effort that tries to implement the bluetooth magic that underlies this protocol.

dwt avatar Mar 28 '20 19:03 dwt

Oh, and thanks for the link!

dwt avatar Mar 28 '20 19:03 dwt

@dwt It's actually part of how SGX works, that the client can have those guarantees. You are right, without them, it is not privacy-preserving. SGX uses a process called "remote attestation", by which the enclave asserts what code may be executed within it, and that it has not been tampered with.

from https://courses.cs.ut.ee/MTAT.07.022/2017_spring/uploads/Main/hiie-report-s16-17.pdf:

Remote attestation, an advanced feature of Intel SGX, is the process of proving that an enclave has been established in a secure hardware environment. This means that a remote party can verify that the right application is running inside an enclave on an Intel SGX enabled platform. Remote attestation provides verification for three things: the application’s identity, its intactness (that it has not been tampered with), and that it is running securely within an enclave on an Intel SGX enabled platform.

You can see more info about how we're implementing sgx in this project here: https://github.com/enigmampc/SafeTrace/tree/master/enclave

And you can see in the API where we anticipate the client will be able to get the report from the enclave: https://github.com/enigmampc/SafeTrace/tree/master/api-server

hope that helps clarify our approach!

ainsleys avatar Mar 28 '20 21:03 ainsleys

@dwt wanted to follow up and share some updates from our end. We completed the MVP of SafeTrace API, which:

  • does encryption on client side
  • transmit data to the enclave in a secure manner
  • performs computations inside the enclave + encrypt (using Diffie Hellman)
  • only user can decrypt results coming from the enclave

Here's a demo video - https://github.com/enigmampc/SafeTrace/tree/master/enclave

Let us know if we can help cc @ jlwaugh

cankisagun avatar Apr 06 '20 20:04 cankisagun