Skip to Main content Skip to Navigation

Proximity Tracing Approaches - Comparative Impact Analysis

Antoine Boutet 1 Nataliia Bielova 1 Claude Castelluccia 1 Mathieu Cunche 1 Cédric Lauradoux 1 Daniel Le Métayer 1 Vincent Roca 1 
1 PRIVATICS - Privacy Models, Architectures and Tools for the Information Society
Inria Grenoble - Rhône-Alpes, CITI - CITI Centre of Innovation in Telecommunications and Integration of services, Inria Lyon
Abstract : Although they address the same problem, the so-called “centralized” and “decentralized” approaches to COVID-19 proximity tracing rely on different threat model assumptions. The goal of this document is to analyze the impact of these two options in terms of privacy, security and reliability. The main objective of the decentralized approach is to protect users against a malicious server or a state-level adversary and to prevent the leak of sensitive data due to attacks or negligence at the server side. Therefore, the role of the server is reduced as much as possible, and the exposure verification is performed on the user device. In contrast, the centralized approach puts more emphasis on the protection of users against other malicious users trying to infer who is infected. Hence, the role of the server in the centralized approach is more important, including the verification of exposure. This design choice involves different privacy risks: ● The decentralized approach provides many opportunities to malicious or curious users (through wide scale and undetectable attacks or during normal usage) to infer the identity of infected users or to monitor specific areas. These privacy risks coming from users (e.g., neighbors) can easily lead to abuses as well as stigmatization and harassment of diagnosed users. On the positive side, the server learns little information about users. ● In the centralized approach, in contrast, the capability of users to learn who is infected is drastically limited. This better protection however comes at the cost of relying on a server which is able to learn some information about users. Law enforcement agencies and third parties colluding with the server are sources of risk in both approaches but they do not concern the same population. Only infected users who consent to declare themselves are concerned in the decentralized approach, while these risks concern all users (infected or not) in the centralized approach. However, the likelihood of these risks needs to be assessed and balanced, as all other risks, with the potential benefits of these applications in the fight against COVID-19. To this respect, the centralized approach can bring added value because the health authority is aware of the number of exposed people and can use it both for statistical purposes and to easily adjust the risk calculation algorithm (to decide if a user should be classified as “at risk”).
Document type :
Complete list of metadata

Cited literature [6 references]  Display  Hide  Download
Contributor : Antoine Boutet Connect in order to contact the contributor
Submitted on : Friday, May 15, 2020 - 10:44:35 AM
Last modification on : Friday, August 5, 2022 - 3:50:39 AM


Files produced by the author(s)


  • HAL Id : hal-02570676, version 2


Antoine Boutet, Nataliia Bielova, Claude Castelluccia, Mathieu Cunche, Cédric Lauradoux, et al.. Proximity Tracing Approaches - Comparative Impact Analysis. [Research Report] INRIA Grenoble - Rhone-Alpes. 2020. ⟨hal-02570676v2⟩



Record views


Files downloads