Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision |
nhscontactapp [2020/05/06 07:15] – mark | nhscontactapp [2020/05/06 10:22] (current) – [How is the unique ID generated] mark |
---|
| |
There are two main options, the first is a seed that is "spun" to generate the next value. Or a pure random value that is created each time. Both methods have there advantages and disadvantages, for example using a Seed means that the app only needs to store the seed and can calculate the values sent within a day easily, this means less storage is needed to store all the values, however leaking the seed allows an attacker to re-generate all the values the app generates for a given time. | There are two main options, the first is a seed that is "spun" to generate the next value. Or a pure random value that is created each time. Both methods have there advantages and disadvantages, for example using a Seed means that the app only needs to store the seed and can calculate the values sent within a day easily, this means less storage is needed to store all the values, however leaking the seed allows an attacker to re-generate all the values the app generates for a given time. |
| |
| From https://www.ncsc.gov.uk/blog-post/security-behind-nhs-contact-tracing-app |
| |
| It looks like a seed is used. |
| |
| "Every day, your device generates a random elliptic curve key pair and encrypts your installation ID (and some other administrative stuff like time periods) with it in a way that only the NHS server can recover, " |
| |
| |
===== How often is the Unique ID changed ===== | ===== How often is the Unique ID changed ===== |
| |
| |
| {{::untitled_diagram_1_.jpg?400|}} |
| |
| |
| This attack can be simplified if the attacker has access to a known "infected" source. This means that an attacker could distribute an infection event to a larger number of victims. This would generate false positive results to the victims. |