As we expand beyond the Big Six cryptographic applications, the NHS contact tracing app offers an intriguing case study in how cryptography supports real-world security requirements. Despite its ultimate non-adoption, this app provides valuable lessons in applied cryptography, particularly due to the detailed white paper released by the UK government during the early stages of the COVID-19 pandemic in 2020.
The Context of the NHS Contact Tracing App
The app aimed to:
- Enable individuals to report positive COVID-19 cases.
- Alert others who had been in proximity to an infected individual.
- Monitor environments to identify potential exposure risks.
The primary challenge was balancing privacy concerns with effective contact tracing, relying heavily on cryptographic solutions to build trust among users.
Cryptographic Goals and Requirements
The security objectives of the NHS contact tracing app included:
- Confidentiality: Ensure user identities and health data remain private.
- Integrity: Protect reported data from unauthorized modification.
- Authentication: Verify the legitimacy of data sources and notifications.
- Anonymity: Prevent the identification of individuals in proximity alerts.
Cryptographic Techniques Employed
The NHS contact tracing app utilized well-known cryptographic primitives and methodologies:
- Bluetooth Low Energy (BLE) Communication
- BLE was used to record interactions between devices while preserving anonymity.
- Pseudonymization
- Temporary pseudonyms were exchanged between devices to avoid exposing personal identities.
- Regular updates of these pseudonyms reduced the risk of tracking.
- Hashing
- Secure hashing algorithms like SHA-256 were employed to obscure sensitive data while maintaining integrity.
- Symmetric and Asymmetric Encryption
- Symmetric encryption protected stored data on the user’s device.
- Asymmetric encryption supported secure communication with centralized servers.
- Secure Key Exchange
- Cryptographic key exchanges ensured that proximity data remained encrypted and inaccessible to unauthorized entities.
Challenges in Adoption
While the cryptography was robust, external factors contributed to the app’s non-adoption:
- Centralized Architecture: The app relied on a central server for processing and notifications, sparking privacy concerns. Decentralized models, such as those championed in other European countries, were more widely accepted.
- Technical Limitations: Communication issues and unreliable data exchanges over BLE hindered effectiveness.
Lessons Learned
The NHS contact tracing app highlights the importance of aligning cryptographic solutions with user trust and system performance. Key takeaways include:
- Privacy by Design: Cryptographic anonymity and pseudonymization are essential for public health applications to gain user acceptance.
- Adaptability: Decentralized systems, such as the Google/Apple Exposure Notification (GAEN) framework, proved more successful in addressing privacy concerns.
- Comprehensive Testing: Beyond cryptographic robustness, the entire system’s functionality must meet real-world demands.
Future Applications
The lessons from this app serve as a mock exercise for understanding new cryptographic applications. By dissecting the cryptographic primitives, services, and architecture, cybersecurity professionals can effectively analyze and adapt cryptographic techniques for emerging challenges.
The NHS contact tracing app, despite its operational challenges, remains a valuable case study in leveraging cryptography for privacy and public health. This analysis not only showcases the power of cryptographic techniques but also underscores the need for alignment with user expectations and system performance in large-scale applications.
We love to share our knowledge on current technologies. Our motto is ‘Do our best so that we can’t blame ourselves for anything“.