Why are EPIDs only generated by server? #19
Comments
|
Same question. It's a technical issue (overload) but also a privacy issue (see also #2). |
|
You need the secret KS key to generate an EBID from a user ID so it can't be performed on the App. |
ArchanaaSK
changed the title
|
Okay. But restricting the EPID generation to server brings up issues like issue #27 |
|
I think this derives from the "centralized" approach / trust assumptions : if the EBID were generated on the app, then KS would be stored on the app and regularly EBIDs would be sent to the server, which would store them all. The benefit of doing this is that if the server is compromised, it is not possible to derive future EBIDs (this could make sense for a covert adversary who would then be able to impersonate anyone. However, storing KS on the app means that the app/phone must also be trusted, in order to secure KS (in this case there would be a key for each phone I suppose). More generally, this is the balance between models like DP3T and ROBERT : on the one hand you trust the central authority, which is probably more secure than an individual's phone, but if this trust is misplaced, you lose everything, whereas in DP3T you (arguably) would compromise a subset of individuals, but attacks are easier to achieve. |
It is not only a problem of trust, it is also a problem of server capacities as, if you decide to let the users generate their own EBIDs, the server would have to store them all (he would not be able to derive them from the user ID anymore). Which mean he would quickly need big storage (and memory for index) capacities to store the EBIDs to ID table (see #8 (comment)) |
|
The calculation you made in #8 leads to a few hundreds (?) of TB for a realistic case for a country like France with tens of millions of users of the app, I would argue that this is not a limit in the context of a centralized server (or cluster/cloud). Indexing might be more of an issue, but I do not measure the actual expected query load so it is difficult to answer on that point. |
|
No for a country like France, considering 60 millions of users, the table would "only" be 2.5Tb . I also said in my comment that this option should be considered but an author of the protocol answered that it was rejected due to the size of the table it would requiere. |
What is the advantage of generating all the IDs and storing them at the server? What if these IDs were generated by the App and communicated to the server when needed?
For example, the App and server agree upon a server generated IDA during initialization/registration phase. The server now has a ID list of unique IDs for each registered app. The app can generate EPIDs at the required interval( as mentioned in the specification but generated by the app).
The proximity discovery phase will remain same with app distributing app generated EPIDs. In infected user discovery, the infected user app sends its LocalProximityLsit to server which is stored by server in a list of exposed EPIDs. In exposed status request phase, the server can collect user's generated EPIDs and match it with its list of exposed EPIDS and calculate the risk score.
This is just a strawman protocol where the generation is done by app instead of server. Potentially, there will be many many registered users per server. This type of EPID generation may reduce the computation and storage load on server and the computation load on app is only increased minimally(to generating EPIDs) The storage size remains same for app side.
The text was updated successfully, but these errors were encountered: