Reconciling Security and Utility in Next-Generation Epidemic Risk Mitigation Systems
Keywords: Contact Tracing, Privacy, Epidemic risk mitigation
TL;DR: We propose, implement, evaluate and deploy a novel epidemic risk mitigation system that allows the collection of rich data for epidemiological analytics and personalized risk notification while ensuring privacy for users.
Abstract: Epidemics like the recent COVID-19 require proactive contact
tracing and epidemiological analysis to predict and subsequently
contain infection transmissions. The proactive measures
require large scale data collection, which simultaneously
raise concerns regarding users’ privacy. Digital contact
tracing systems developed in response to COVID-19 either
collected extensive data for effective analytics at the cost
of users’ privacy or collected minimal data for the sake of
user privacy but were ineffective in predicting and mitigating
the epidemic risks. We present Silmarillion—in preparation
for future epidemics—a system that reconciles user’s privacy
with rich data collection for higher utility. In Silmarillion, user
devices record Bluetooth encounters with beacons installed in
strategic locations. The beacons further enrich the encounters
with geo-location, location type, and environment conditions
at the beacon installation site. This enriched information enables
detailed scientific analysis of disease parameters as well
as more accurate personalized exposure risk notification. At
the same time, Silmarillion provides privacy to all participants
and non-participants at the same level as that guaranteed in
digital and manual contact tracing.
We describe the design of Silmarillion and its communication
protocols that ensure user privacy and data security. We
also evaluate a prototype of Silmarillion built using low-end
IoT boards, showing that the power consumption and user
latencies are adequately low for a practical deployment. Finally,
we briefly report on a small-scale deployment within a
university building as a proof-of-concept.
Area: System Security
Type: Solution
Revision: No
Submission Number: 2
Loading