Differences

This shows you the differences between two versions of the page.

--- nhscontactapp [2020/05/06 07:14] – mark
+++ nhscontactapp [2020/05/06 07:27] – [Does The contact app exchange values] mark
@@ Line 3: / Line 3: @@
 The NHS contact tracing app uses Bluetooth Low Energy to transmit a unique ID, this ID is changed at a periodic interval. This topic details questions about how this process works with the intention to find answers.
-====== How is the unique ID generated ======
+===== How is the unique ID generated =====
 There are two main options, the first is a seed that is "spun" to generate the next value. Or a pure random value that is created each time. Both methods have there advantages and disadvantages, for example using a Seed means that the app only needs to store the seed and can calculate the values sent within a day easily, this means less storage is needed to store all the values, however leaking the seed allows an attacker to re-generate all the values the app generates for a given time.
-====== How often is the Unique ID changed ======
+===== How often is the Unique ID changed =====
 To prevent tracking a user through space, the Unique ID is changed, how often effects the exposure. For example if its changed on every transmission, then it becomes very difficult for the samples points to be "joined" together, however if its only changed once every 10 minutes, it means it can be used to track around shops or along roads.
-====== Does The contact app exchange values ======
+===== Does The contact app exchange values =====
 This is a very important question. If the app just records the beacons it sees without performing any additional authentication, then the app is open to a BLE proxy attack.
+{{::untitled_diagram_1_.jpg?400|}}
+This attack can be simplified if the attacker has access to a known "infected" source. This means that an attacker could distribute an infection event to a larger number of victims. This would generate false positive results to the victims.