Digital contact tracing solutions have aided humanity in the first line of de-fense against the COVID-19 pandemic, but not without major technical drawbacks such as attacks against digital contact tracing technology and loss of privacy and security. The most popularly used digital contact tracing system is the decentralised DP-3T protocol and it suffers from the replay attack. A re-play attack involves taking contact tracing data from one location and re-transmitting it to another location and creating multiple issues such as false positive cases and inhibiting the COVID-19 pandemic fight. This project’s aim was to try to prevent replay attacks in digital contact tracing systems using blockchain. The research methodology used was an empirical study using both qualitative and quantitative techniques. A literature review was performed by systematically reviewing and analyzing digital contact tracing concepts, theo-ries, and research work. The DP-3T protocol was critically analysed to discover the threat surface that is vulnerable to replay attacks. A remodeled version of the DP-3T protocol was proposed by applying blockchain technology to store different keys and broadcast data, using hash values of location coordinates to ensure privacy, redefining the roles of participating entities, and enabling the authentication and validation of data using the blockchain when received by a user. The proposed solution was implemented and tested in a Python simula-tion. The simulation was input with real-life data which was saved on the blockchain, and broadcasts were simulated between senders and receivers be-fore simulating replay attacks. Hence, all replay attacks are prevented during the Normal Operation phase of the protocol owing to the four layers of condi-tions verifications and validations that must be performed on a received broadcast. As compared with the DP-3T protocol, Vaudenay’s Interactive Protocol and Pietrzak’s Delayed Authentication scheme, our proposed solution prevents 100% of replay attacks and protects user privacy.
Cite this paper
Degambur, L. (2024). Replay Attack Prevention in Decentralised Contact
Tracing: A Blockchain-Based Approach. Open Access Library Journal, 11, e1179. doi: http://dx.doi.org/10.4236/oalib.1111179.
Centers for Disease Control and Prevention. (2021) Contact Tracing for COVID-19. https://www.cdc.gov/museum/pdf/cdcm-pha-stem-lesson-contact-tracing-lesson.pdf
European Centre for Disease Prevention and Control (2021) Contact Tracing in the European Union: Public Health Management of Persons, Including Healthcare Workers, Who Have Had Contact with COVID-19 Cases, Stockholm.
World Health Organisation (2021) Contact Tracing in the Context of COVID-19. Interim Guidance 1 February 2021. World Health Organisation, Geneva. https://doi.org/10.15557/PiMR.2020.0005
Nguyen, K.A., Luo, Z. and Watkins, C. (2020) Epidemic Contact Tracing with Smartphone Sensors. Journal of Location Based Services, 14, 92-128. https://doi.org/10.1080/17489725.2020.1805521
Dar, A.B., Lone, A.H., Zahoor, S., Khan, A.A. and Naaz, R. (2020) Applicability of Mobile Contact Tracing in Fighting Pandemic (COVID-19): Issues, Challenges and Solutions. Computer Science Review, 38, Article 100307. Https://Doi.Org/20/2026/J.Cosrev.2020.100307
Idrees, S.M., Nowostawski, M. and Jameel, R. (2021) Blockchain-Based Digital Contact Tracing Apps For COVID-19 Pandemic Management: Issues, Challenges, Solutions, and Future Directions. JMIR Medical Informatics, 9, e25245. https://doi.org/10.2196/25245
Pietrzak, K. (2020) Delayed Authentication: Preventing Replay and Relay Attacks in Private Contact Tracing. In: Bhargavan, K., Oswald, E. and Prabhakaran, M., Eds., Progress in Cryptology—INDOCRYPT 2020, Vol. 12578, Springer, Cham. Https://Eprint.Iacr.Org/2020/418 https://doi.org/10.1007/978-3-030-65277-7_1
Hasan, H.R., Salah, K., Jayaraman, R., Yaqoob, I., Omar, M. and Ellahham, S. (2021) COVID-19 Contact Tracing Using Blockchain. IEEE Access, 9, 62956-62971. https://doi.org/10.1109/ACCESS.2021.3074753
Liu, M., Zhang, Z., Chai, W. and Wang, B. (2022) Privacy-Preserving COVID-19 Contact Tracing Solution Based on Blockchain. Computer Standards & Interfaces, 83, Article 103643. https://doi.org/10.1016/j.csi.2022.103643
Xu, H., Zhang, L., Onireti, O., Fang, Y., Buchanan, W.J. and Imran, M.A. (2021) Beeptrace: Blockchain-Enabled Privacy-Preserving Contact Tracing for COVID-19 Pandemic and Beyond. IEEE Internet of Things Journal, 8, 3915-3929. https://doi.org/10.1109/JIOT.2020.3025953
Bari, N., Qamar, U. and Khalid, A. (2021) Efficient Contact Tracing For Pandemics Using Blockchain. Informatics in Medicine Unlocked, 26, Article 100742. https://doi.org/10.1016/j.imu.2021.100742
Lv, W., Wu, S., Jiang, C., Cui, Y., Qui, X. and Zhang, Y. (2020) Decentralized Blockchain for Privacy-Preserving Large-Scale Contact Tracing. Https://Arxiv.Org/Abs/2007.00894
Bandara, E., Liang, X., Foytik, P., Shetty, S., Hall, C., Bowden, D., Ranasinghe, N. and De Zoysa, K. (2021) A Blockchain Empowered and Privacy-Preserving Digital Contact Tracing Platform. Information Processing and Management, 58, Article 102572. https://doi.org/10.1016/j.ipm.2021.102572
Shrimali, B. and Patel, H.B. (2021) Blockchain State-of-the-Art: Architecture, Use Cases, Consensus, Challenges and Opportunities. Journal of Kind Saud University—Computer and Information Sciences, 34, 6793-6807. https://doi.org/10.1016/J.Jksuci.2021.08.005
Farrell, S. and Leith, D.J. (2020) A Coronavirus Contact Tracing App Replay Attack with Estimated Amplification Factors. Https://Down.Dsg.Cs.Tcd.Ie/Tact/Replay.Pdf