Em 24 de abril de 2020, a Apple e o Google anunciaram uma atualizaĆ§Ć£o do Protocolo de rastreamento e contato desenvolvido em conjunto (Apple e Google Contact Tracing Protocol), que eles agora chamam de Tecnologia de notificaĆ§Ć£o de exposiĆ§Ć£o, como o nome descreve melhor o protocolo.
Em 29 de abril, o iOS 13.5 beta foi lanƧado com a primeira implementaĆ§Ć£o deste protocolo. O objetivo do Beta Ć© testar os desenvolvedores de uma nova API e obter feedback. O acesso Ć API estĆ” planejado para ser emitido apenas para aplicativos oficialmente associados a instituiƧƵes mĆ©dicas estaduais.
Este artigo falarĆ” sobre o que causou as alteraƧƵes no protocolo, se as vulnerabilidades permaneceram apĆ³s a atualizaĆ§Ć£o e se a Apple e o Google foram capazes de responder Ć s crĆticas (geralmente irracionais).
MudanƧa de nome
Como as empresas observam, o rastreamento de contatos Ʃ, embora necessƔrio, mas apenas parte do protocolo.
O objetivo da soluĆ§Ć£o desenvolvida Ć© notificar antecipadamente as pessoas que poderiam estar infectadas com o COVID-19, a fim de reduzir a propagaĆ§Ć£o da doenƧa.
![](https://habrastorage.org/webt/fc/1p/no/fc1pno8ktwdkkywknp9qksefrbw.png)
, , , COVID-19 ( 14 ), , , , .
, , .
. , Apple Google .
, .
iOS Android , Apple & Google Contact Tracing API .
:
- Tracing Key.
- Daily Tracing Key HKDF Tracing Key .
- 10 Rolling Proximity ID HMAC Daily Tracing Key .
- Bluetooth Low Energy. , , .
- - , 14 , 14 , Rolling Proximity IDās 14 .
- , .
.
16- Exposure Key.
Rolling Proximity Key (RPIKey) Associated Encrypted Metadata Key (AEMKey):
RPIKey = HKDF(ExpKey, NULL, UTF8("EN-RPIK"),16)
AEMKey = HKDF(ExpKey, NULL, UTF8("EN-AEMK"),16)
:
HKDF
ā - HKDF(Key, Salt, Info, OutputLength)
RFC 5869, SHA-256NULL
ā ,
UTF8("EN-RPIK")
ā , EN-RPIK UTF8
Bluetooth LE MAC 15-20 , .
MAC Rolling Proximity ID (RPID)
RPID = AES128(RPIKey, UTF8("EN-RPI") || 0x000000000000 || Ti)
:
AES128(Key, Data)
ā - AES 128- . 128-RPIKey
ā Rolling Proximity Key||
ā , :
UTF8("EN-RPI")
ā 6 , EN-RPI UTF80x000000000000
ā 6 ( 128- )Ti
ā 4- 10- , unix_timestamp div (60 * 10)
, div ā
4 Associated Encrypted Metadata (AEM). , . , .
.
AEM = AES128āCTR(AEMKey, RPID, Metadata)
:
AES128āCTR(Key, IV, Data)
ā - AES-CTR, 128- AEMKey. , .
IV Rolling Proximity Key.
Rolling Proximity ID Associated Encrypted Metadata , BLE Payload:
![](https://habrastorage.org/webt/rg/ae/4d/rgae4dwyh6zde46wehazpkedojq.png)
Bluetooth Low Energy. , , .
- - , 14 . , 14 , Rolling Proximity IDās 14 .
ā ā Apple Google.
Apple Google . , , , . (, ) .
Tracing Key, Daily Tracing Keyās, .
Exposure Key ( Daily Tracing Key) , .. .
DP-3T, . .
Apple / Google , 2- :
- , Tracing Key. , .
- Daily Tracing Key Tracing Key, , BLE ( Tracing Key).
AES HMAC-SHA-256
AES HMAC-SHA-256 .
10 , .
, - 10K .
140K 140K*144 ~ 20 ( 144 24*60/10), .
, , , , . , 10 , .. 140 2 , 140*10K=1,4M , .
AES , .
MAC RPI
.
, Rolling Proximity Identifier 10 , MAC Bluetooth LE 15-20 .
, RPI MAC , RPI MAC MAC RPI.
, , Bluetooth .
MAC RPI .
:
The key schedule is fixed and defined by operating system components, preventing applications from including static or predictable information that could be used for tracking.
, , , MAC RPI .
DP-3T OpenCovidTrace Bluetooth LE .
Associated Metadata
ā . , , .
:- -, 15-20 , 4 .
: 1) , 2) , 3) (, .. 4 ), 4) , 5) , 6) , ID, , .
- -, ( ) , .
, , . , , , .. ( , ). , , .
- , , , .
, .
, :- Bluetooth , .
- /, , , .
- , , ID, , . , , ID .
ID .
, .
, , . , .
ā IT ā .
OpenCovidTrace , open-source, .
![](https://habrastorage.org/webt/rp/3x/w-/rp3xw-ahaouj0xjdlqm7315crz0.png)
open-source OpenCovidTrace, DP-3T Apple/Google , iOS.
Github!
, .
OpenCovidTrace, .
, .