Everything comes together at the European Federation Gateway Service (EFGS). You could say it’s the socket that the EU member states’ local contact tracing systems plug into. Cryptologist Robin Fay from Deutsche Telekom Security GmbH’s Trust Center presents the system from up close.
In addition to masks and hygiene rules, the German government’s Corona-Warn app is one of the most important tools in combating Covid-19. Other EU countries are protecting their citizens with mobile applications as well. As different as these apps may appear at first glance, they all have one thing in common: they are based on a contact tracing method using Bluetooth, a joint development by Apple and Google that protects users’ privacy. To date, the national solutions have functioned like independent eco-systems. Now, with the advent of the European Federation Gateway Service, this is set to change.
No breaches of privacy
Before giving further details of the EFGS, let’s first take a very superficial look at how the individual countries’ coronavirus warning apps work.
Every day, the installed app generates a random and autonomous cryptographic key: the temporary exposure key (TEK). The app keeps the participant’s key secret and uses it to generate encrypted, short-lived signals that are sent via Bluetooth to other app users in the vicinity. The receiving device collects signals from users that are within range. Without the key, the recipient cannot decrypt the signals.
Let’s assume an app user tests positive for coronavirus. After confirmation by the user, the app transmits its secret key for the last 14 days to a server dubbed the National Back End, from where the warning apps of other users call up this diagnosis key.
The app then tries to decrypt the signals it has received using the published diagnosis keys. If that is successful, the app knows that you had contact with an infected person and can send you a warning. The type of cryptography used and the random nature of the key mean the infected person remains anonymous.
You will find the fascinating technical details of this process at https://covid19.apple.com/contacttracing and in the repository of the German Corona-Warn app (https://github.com/corona-warn-app).
Cohesion in times of crisis
Up till now, contact tracing was possible only within national borders. Even though the apps used similar technology, there was no possibility of exchanging diagnosis keys between different countries. The European Federation Gateway Service closes this gap. Now, the EFGS provides a centralized, secure, and trustworthy infrastructure for exchanging the countries’ diagnosis keys. The EFGS creates interoperability, meaning that the individual national solutions (the “national back ends”) can be linked up with each other.
Each country in the system can check the origin of the other countries’ diagnosis keys and also ascertain whether the data was manipulated by attackers during international transmission. Cryptologists refer to this as end-to-end data integrity and end-to-end authenticity of the communication partners. These goals are achieved by means of digital signatures and digital identities. I’ll explain in the following how these work.
Digital signatures and digital identities – can somebody tell me what they are?
We all understand what the term “encryption” means – even if only from novels, films, and television shows. Without the secret key, we would be unable to decrypt and read a securely encrypted message. When sender and recipient use the same key, we talk of symmetric encryption.
The term “digital signature” is not so widely known because such signatures are based on a different cryptographic construct: asymmetric cryptography (asymmetric encryption also exists but is irrelevant in this context). Imagine a sealed envelope with a forgery-proof stamp. You know exactly who sent the letter and that nobody was able to tamper with the contents. That’s what we want to achieve – but in digital form – with digital signatures and identities.
Digital signatures require two keys. When signing a message, the sender uses his/her private key and keeps it secret. Other communication partners can use the corresponding public key, which can be made known to anyone, to check whether the message was manipulated and whether the signature is valid. In mathematical terms, the public and private keys of the signatory belong together: they form a key pair. If you know which public key belongs to which communication partner, you can not only determine whether a message from them has been manipulated, but you also know who signed the message. We need digital identities for this – but more about those in a moment.
In the context of the EFGS, the countries use digital signatures to protect their diagnosis keys against manipulation. The member states transmit their signed diagnosis keys to the EFGS, which provides them to the other countries together with the original signatures.
Thus far, I have assumed in my examples that the different nations know which country belongs to which public key. But this is not so easy in practice – because this trust in the identity of the communication partners first has to be created using suitable methods. And – you guessed it – this is where digital identities come in.
Who does the public key belong to?
Identity theft is possible only if we don’t know who a public key belongs to, i.e. who owns the corresponding private key. An attacker can then simply steal a communication partner’s identity and infiltrate the communication. To put it simply: we don’t know who we’re talking to.
Digital identities link an identity (in the case of the EFGS, for example, a particular country) with a public key. In the EFGS context, digital identities are implemented using public key certificates. The EFGS keeps the trusted public key certificates in a digitally signed trust list, which it makes available to the member states. The trust list functions like an anchor for the countries; it is very like a forgery-proof guest list for the EFGS club.
As is the case with our sovereign ID documents, digital identities have to be maintained and that requires audit processes. These serve to identify the participants not just in technical terms, but also in reality. Only then is a digital identity included in the trust list. Public key certificates have only a limited validity and have to be renewed. And that requires quite a bit of ongoing work.
All the processes and security measures I’ve discussed in this brief overview – but also many more that I haven’t mentioned – were developed by experts from different countries. The results of their work are coordinated and documented before being put into practice by a really great team of people. The EFGS is a prime example of international cooperation in a connected world.
If you are interested in further technical details, you will find them here and here.
A big thank-you to everyone involved
I’d like to take this opportunity to expressly thank all the experts from different countries involved in the EFGS project. The project has been a fascinating one for me and has demonstrated how we can organize effective cross-company, cross-border collaboration in times of crisis. I’m happy that I’ve been able to contribute to this system.
Are you interested in further blog posts on cryptography? I look forward to hearing your comments and suggestions. Feel free to post a comment under this blog entry.