Apple和Google联系人跟踪协议的新版本

2020年4月24日，苹果和谷歌宣布对联合开发的联系与跟踪协议（Apple＆Google接触跟踪协议）进行了更新，现在将它们称为“曝光通知技术”，其名称更好地描述了该协议。

4月29日，iOS 13.5 Beta随该协议的首次实现发布。Beta旨在测试开发人员新的API并获得反馈。计划仅对与州医疗机构正式关联的应用程序授予对API的访问权限。

本文将讨论导致协议更改的原因，更新后是否仍然存在漏洞以及Apple和Google是否能够回应批评（通常是不合理的）。

名称变更

正如公司所指出的那样，尽管有必要进行联系人跟踪，但它只是协议的一部分。

开发的解决方案的目的是提前通知可能感染COVID-19的人，以减少疾病的传播。

, , , COVID-19 ( 14 ), , , , .

, , .

. , Apple Google .

, .

iOS Android , Apple & Google Contact Tracing API .

:

1. Tracing Key.
2. Daily Tracing Key HKDF Tracing Key .
3. 10 Rolling Proximity ID HMAC Daily Tracing Key .
4. Bluetooth Low Energy. , , .
5. - , 14 , 14 , Rolling Proximity ID’s 14 .
6. , .

.

1. 16- Exposure Key.
   Rolling Proximity Key (RPIKey) Associated Encrypted Metadata Key (AEMKey):
   

   
   

   RPIKey = HKDF(ExpKey, NULL, UTF8("EN-RPIK"),16)

   
   

   AEMKey = HKDF(ExpKey, NULL, UTF8("EN-AEMK"),16)

   
   

   :

   
   
   • HKDF – - HKDF(Key, Salt, Info, OutputLength) RFC 5869, SHA-256
   • NULL – ,
     UTF8("EN-RPIK") – , EN-RPIK UTF8
     
   
   

   Bluetooth LE MAC 15-20 , .
   
   MAC Rolling Proximity ID (RPID)
   

   
   

   RPID = AES128(RPIKey, UTF8("EN-RPI") || 0x000000000000 || Ti)

   
   

   :

   
   
   • AES128(Key, Data) – - AES 128- . 128-
   • RPIKey – Rolling Proximity Key
   • || – , :
     
     • UTF8("EN-RPI") – 6 , EN-RPI UTF8
     • 0x000000000000 – 6 ( 128- )
     • Ti – 4- 10- , unix_timestamp div (60 * 10), div –
   
   

   4 Associated Encrypted Metadata (AEM). , . , .
   
   .
   

   
   

   AEM = AES128−CTR(AEMKey, RPID,  Metadata)
   

   
   

   :
   AES128−CTR(Key, IV, Data) – - AES-CTR, 128- AEMKey. , .
   
   IV Rolling Proximity Key.
   

   
   

   Rolling Proximity ID Associated Encrypted Metadata , BLE Payload:

   
   
   
   
   

   Bluetooth Low Energy. , , .

2. - , 14 . , 14 , Rolling Proximity ID’s 14 .
   

“ ” Apple Google.

Apple Google . , , , . (, ) .

Tracing Key, Daily Tracing Key’s, .

Exposure Key ( Daily Tracing Key) , .. .

DP-3T, . .

Apple / Google , 2- :

• , Tracing Key. , .
• Daily Tracing Key Tracing Key, , BLE ( Tracing Key).

AES HMAC-SHA-256

AES HMAC-SHA-256 .

10 , .

, - 10K .

140K 140K*144 ~ 20 ( 144 24*60/10), .

, , , , . , 10 , .. 140 2 , 140*10K=1,4M , .

AES , .

MAC RPI

.

, Rolling Proximity Identifier 10 , MAC Bluetooth LE 15-20 .

, RPI MAC , RPI MAC MAC RPI.

, , Bluetooth .

MAC RPI .

:

The key schedule is fixed and defined by operating system components, preventing applications from including static or predictable information that could be used for tracking.

, , , MAC RPI .

DP-3T OpenCovidTrace Bluetooth LE .

Associated Metadata

– . , , .

• -, 15-20 , 4 .
  
  : 1) , 2) , 3) (, .. 4 ), 4) , 5) , 6) , ID, , .
  
• -, ( ) , .
  
  , , . , , , .. ( , ). , , .
  
• , , , .
  
  , .
  

• Bluetooth , .
• /, , , .
• , , ID, , . , , ID .
  
  ID .
  

, .

, , . , .

– IT – .

OpenCovidTrace , open-source, .

open-source OpenCovidTrace, DP-3T Apple/Google , iOS.

Github!

, .

OpenCovidTrace, .

, .

• Apple & Google
• C open-source
• C Github
• Github DP-3T,