Research On Privacy Protection Scheme For Epidemic Contact-Tracing Based On Anonymous Authentication

In recent years,large-scale outbreaks of pandemics,such as the 2019 coronavirus COVID-19 and influenza A(H1N1),have posed a great threat to the lives and health of people around the world,but they have also sounded an alarm for us.Timely detection and isolation of epidemic patients and their close contacts are critical to controlling the spread of such epidemics.Therefore,in order to better deal with the outbreak of such epidemics,many governments have come up with contact traceing schemes based on smart mobile devices such as Bluetooth.However,in order to pursue tracing accuracy,existing schemes collect a large amount of information and broadcast personal-related data to surrounding users based on Bluetooth,WIFI,and other wireless communication technologies,taking users as broadcast and receiving nodes.Therefore,there is a risk of privacy leakage.In addition,the verifiability of the sender’s identity and information cannot be guaranteed,which may lead to illegal users broadcasting false messages and undermining tracing effectiveness.In view of the privacy and security problems of the contact tracing scheme,this thesis proposes a privacy protection scheme of epidemic contact tracing based on anonymous authentication,which not only satisfies the traceability but also provides privacy protection and verifiability.Firstly,this thesis presents the system model and formal definition of the scheme for the privacy and security requirements of contact tracing.Then using BBS+signature,zero knowledge proof,block chain,complete subtree method,and other cryptographic tools to give the concrete construction of the scheme.In terms of privacypreserving,this thesis based on the idea of anonymous authentication,which allows users to record the information sent by each other in an anonymous and verifiable way through zeroknowledge proof and other cryptography technologies in the encounter authentication stage,thus satisfying the anonymity and verifiability in the interaction process.In terms of user management,this thesis uses the user identity highly efficient revocation mechanism of the complete subtree method to realize access control over illegal users,and prevents users that have been revoked(such as users who are positive and need to be isolated)from impersonating normal users to continue generating illegal signatures for interaction,so as to prevent the destruction of tracking effectiveness.In the matching stage,the blockchain is used as a bulletin board so that all users can verify whether they have become a cipher.Blockchain-distributed data storage architecture can avoid malicious data tampering by centralized data management.In terms of security,in addition to anonymity,traceability,and verifiability,the scheme also meets the security requirements such as unforgerability,unframeability and backward security,and gives formal proof of related security requirements.Finally,this thesis uses JAVA language,Android Studio 2021.3.1 platform,Hyperledger Fabric v2.0 blockchain platform,and JPBC 2.0.0 cryptography library to carry out simulation experiments on the key algorithms or protocols of this scheme.The computation cost and communication cost of the signature verification algorithm under the BN elliptic curve and the revocation mechanism based on the complete subtree method are tested.In summary,the experimental results and analysis show that this scheme meets more security requirements with a lower computation cost and communication cost,and solves the problems of user privacy disclosure and lack of verifiability,so it has certain practical application significance.