Differences

This shows you the differences between two versions of the page.

--- nhscontactapp [2020/05/06 07:15] – mark
+++ nhscontactapp [2020/05/06 10:22] (current) – [How is the unique ID generated] mark
@@ Line 6: / Line 6: @@
 There are two main options, the first is a seed that is "spun" to generate the next value. Or a pure random value that is created each time. Both methods have there advantages and disadvantages, for example using a Seed means that the app only needs to store the seed and can calculate the values sent within a day easily, this means less storage is needed to store all the values, however leaking the seed allows an attacker to re-generate all the values the app generates for a given time.
+From https://www.ncsc.gov.uk/blog-post/security-behind-nhs-contact-tracing-app
+It looks like a seed is used.
+"Every day, your device generates a random elliptic curve key pair and encrypts your installation ID (and some other administrative stuff like time periods) with it in a way that only the NHS server can recover, "
 ===== How often is the Unique ID changed =====
@@ Line 17: / Line 24: @@
+{{::untitled_diagram_1_.jpg?400|}}
+This attack can be simplified if the attacker has access to a known "infected" source. This means that an attacker could distribute an infection event to a larger number of victims. This would generate false positive results to the victims.