Professor Dr. Cas Cremers about his work on Corona Warn App and the role of CISPA in this project
Professor Dr. Cas Cremers has taken the lead in advising for the security of the Corona Warn App (CWA), and has intensively accompanied the process from the beginning. He was also involved in the earlier work of DP-3T, promoted the decentralised approach, and coordinated communication with all partners.
So what role did CISPA play in the development of the German Corona-Warn-App?
The CISPA Helmholtz Center for Information Security provided advice for the security of the app, and provided knowledge from the DP-3T project. SAP and T-Systems gave us early access to several of the app’s design documents. Together with nearly 40 colleagues from CISPA, we analysed the design and architecture of the app, and compared it to DP-3T’s design.
In parallel, we had many discussions with our colleagues from SAP and T-Systems in video calls. We wrote several internal reports for SAP and T-Systems in which we analysed security aspects, and identified pitfalls and gave recommendations. These reports informed and influenced the design decisions.
What was your personal part in this project?
Personally, my contributions started before the German Corona Warn App. I got actively involved in the DP-3T project at the beginning of April. At this point, the core idea of decentralized proximity tracing apps was already there, but it was very far from a full system, and there were a lot of open questions and design decisions that still had to be made. Within DP-3T I contributed to the technical analysis and development, community building, and documentation. For example, on the technical side, I worked on the DP-3T authorization protocols.
Once the development of German decentralized app started around May 1st, I coordinated the efforts within CISPA to improve the security of the CWA app, consider the legal aspects, and provide good privacy guarantees. In this role I worked with many of my CISPA colleagues to analyse the designs and write reports, and communicated between CISPA, DP-3T, and SAP and T-Systems.
The combination of working on DP-3T and CWA took all of my time since April, and I put my other research on hold for now.
What were the major difficulties with this project?
The major problem with such a project is of course the extreme time pressure. The overall design of the app, as DP-3T, has privacy built in by design, but of course there are several points at which a trade-off has to be made between privacy, usability combined with efficiency. These are always complicated decisions. In an ideal world, we would collect a lot of historical data to base decisions on, but with a global pandemic underway, we have to make some decisions immediately, and then adapt in the upcoming months. We have to work with what we have now, without needlessly compromising the privacy of citizens.
What does that mean? Will the app be further developed in the coming weeks?
Yes, definitely. This is an ongoing process.
Tell us more?
CISPA is currently helping SAP and T-Systems with further improving the security for the next version of the app. In particular, we are aiming to further improve the privacy and deniability properties.
At the moment, the apps of different countries cannot yet talk to each other. To make sure the apps can deal with commuters and travelers, we need to enable them to interoperate. We have been designing such schemes, and providing input to the interoperability proposals put forward by others. The decentralized apps can certainly be made to work together across borders, but there are still many different ways in which this can be handled. We are helping out where we can.
How satisfied are you until now with the result?
I am very impressed with the results: both the outcomes of the DP-3T project and the subsequent development of the German Corona Warn App have been excellent. There has been a gigantic effort for the German app, and before that, around the DP-3T project, by a huge number of contributors and supporters. Many different types of interest groups have come together on this issue, and the project would not have been possible without them.
I’ve also been impressed by the German decision to choose a privacy-by-design and open source approach, and I think this will serve as a great international example for the future.
What’s the future for Europe and DP-3T?
As mentioned, at the European level, there is currently a discussion on how to ensure that the different apps can interoperate. We are confident that at least all European decentralized apps will be able to interoperate soon. DP-3T is supporting various countries in their efforts to deploy similar apps, and continues to work on improving and safeguarding privacy as much as possible.
DP-3T has produced extensive analysis and guideline documents over the last months, which have directly fed back into the German app as well as the Google and Apple API. I expect more improvements to come from that angle in the coming weeks.
We have just learned that the UK is also switching to the DP-3T/Google & Apple decentralized approach, which means that interoperability should be feasible with the UK as well. If a country that still uses a centralized approach proposes a way to interoperate, we will be ready to investigate the security implications.
What’s next for you?
Once the last things are done for the Corona Warn App and DP-3T, I look forward to taking a break, or looking at my mailbox that is definitely not under control anymore. After that I return to my research on secure communications, and automated security analysis techniques, and I am looking forward to thinking about other things than proximity tracing apps again.
More information about Cas Cremers and his research: https://cispa.saarland/group/cremers/index.html
More information about the corona-warn-app: https://www.bundesregierung.de/breg-de/themen/corona-warn-app