Thomas Klingbeil, senior developer at SAP, gave insights into the backend architecture of the Corona Warning App (CWA) at the remote Chaos Communication Congress (rC3). It basically consists of a CWA server with the diagnostic keys, a verification server and another server for transmitting the test results from the laboratory.

The app and the infrastructure behind it are generally designed for data economy and take into account the state of the art in IT security with a wide range of encryption methods and the exchange of hash values. When tracking contacts via Bluetooth, the responsible server knows, for example, which mobile phone the data is coming from, but cannot draw any conclusions about the user of the device.

A particularly critical data transfer occurs when the user is away Chosen to share a positive test result. Even in this case, only a collection of pseudonymous crypto keys is transmitted. It is therefore difficult to find out who the affected user is. Nevertheless, the developer companies, to which Deutsche Telekom belongs in addition to SAP, have also taken precautions against unauthorized data access and potentially possible analysis of the information at this level.

Secure connections alone are not enough A well-armed attacker could theoretically record the network traffic running through the infrastructure built in the background, stated Klingbeil in his lecture. Only secure connections are used, so that only the sizes of the data packets sent are recognizable, but not their content. This would also make it possible to understand whether a test had taken place and a TAN query took place.

The end point and thus the tested user remained unclear at first. executed the programmer. From the recognizable byte amounts, a hacker could also conclude that there are specific sizes for special requests. Furthermore, it can be seen in principle when the responsible CWA server is contacted for a TAN upload. Unless it is also clear that a user would have to be positive if diagnostic keys were transmitted. In the worst-case scenario, it could also be possible to link this key to an IP address and to determine the user behind it.

“We must therefore include plausible deniability,” said Klingbeil Model of “credible deniability”. Methods are used to hide confidential data or its origin. The CWA is a disturbing noise that is built into the data traffic: According to the insider, the app partially simulates the corresponding traffic in the backend and deliberately sends false or meaningless information to a “playbook” that functions as a “dummy”.

In addition to various encryption techniques, there is also “annoying Noise “is used in order to achieve a high level of data protection when transmitting positive test results.

As part of this automated process, determinable inquiries could be triggered by a real event, explained Klingbeil. But it is just as likely that it is a “fake”. Even if a test turns out negative, the dummy application asks for the diagnostic key and the TAN is also used. So you can no longer find out “if someone really warns”.

Filtering out incorrect packets A special field in the header informs the backend server at the same time that they should not enter the falsified packets into the relevant databases, but should otherwise behave and respond as usual. The additional traffic does not cause any increased costs for the users, since the mobile network operators generally do not count the volume caused by the CWA against the personal contingent (“zero rating”). Metadata would also be removed from a mediation server.

The CWA architecture also has an interface in the form of an “EU Federation Service” to upload national keys for “contact tracing” and foreign keys from member states with interoperable ones To be able to inquire about architectures. The responsible servers are informed about the upload of new keys via a callback mechanism. Klingbeil clarified that even if keys from other EU countries were ultimately treated as national ones, a so-called replay attack and the associated transmission of previously recorded data to trick authentication procedures would not be possible. The information would initially be embargoed for two hours and could only be used afterwards.

The appeal from the Chaos Computer Club (CCC), the CWA with an option for decentralized cluster recording, for example The SAP innovation expert did not want to comment on enrichment via the CrowdNotifier. This is outside of his scope, as the Federal Ministry of Health decides on new functions. Machine learning is currently not used to determine the risk of infection. Criticism from the hacker community that the interaction with the community in the open source project via the developer portal Github is often slow, he will bring to the team.

(pbe)