Digital Contact Tracing Solutions: Promises, Pitfalls and Challenges

The COVID-19 pandemic has caused many countries to deploy novel digital contact tracing (DCT) systems to boost the efficiency of manual tracing of infection chains. In this paper, we systematically analyze DCT solutions and categorize them based on their design approaches and architectures. We analyze them with regard to effectiveness, security, privacy and ethical aspects and compare prominent solutions based on these requirements. In particular, we discuss shortcomings of the Google and Apple Exposure Notification API (GAEN) that is currently widely adopted all over the world. We find that the security and privacy of GAEN has considerable deficiencies as it can be compromised by severe large-scale attacks. We also discuss other proposed approaches for contact tracing, including our proposal TraceCORONA, that are based on Diffie-Hellman (DH) key exchange and aim at tackling shortcomings of existing solutions. Our extensive analysis shows that TraceCORONA fulfills the above security requirements better than deployed state-of-the-art approaches. We have implemented TraceCORONA and its beta test version has been used by more than 2000 users without any major functional problems,(1) demonstrating that there are no technical reasons requiring to make compromises with regard to the requirements of DCT approaches.