Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • R ROBERT Server
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
  • Issues 24
    • Issues 24
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 7
    • Merge requests 7
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Package Registry
    • Container Registry
    • Terraform modules
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • TousAntiCovid sources
  • ROBERT Server
  • Issues
  • #29
Closed
Open
Issue created May 29, 2020 by François Lesueur@flesueur

Sybil attack - Multiple accounts to identify infected people

In the risk analysis published by the Robert team ( https://github.com/ROBERT-proximity-tracing/documents/blob/master/Proximity-tracing-analysis-EN-v1_0.pdf ), risk IR1 is "Identify infected individuals". It is stated as one of the most important risks of proximity tracing and lowering this risk has been one of the most expected and revendicated benefits of Robert against decentralized approaches / DP3T.

In this document we can read "In the centralized approach, this de-anonymization attack [...] implies the need to register another account. The cost of this operation would depend on the adopted countermeasures (e.g., proof of work, or anonymous tokens delivered from an trusted party)"

In other words, if an attacker can create many accounts, authors recognize that the centralized approach looses this expected benefit. In other words too, preventing attackers from creating several accounts is required by the team which designed Robert.

In the current implementation, I could not find such protections :

  • IP/Ports of users should probably not be logged, it would go against other requirements of the Robert team (to prevent re-identification)
  • A captcha is not a solution to prevent multiple accounts creation. It is easy to solve a few tens of captchas manually (which is sufficient in this case) or to buy lots of captha resolution (dedicated mechanical turks)

Am I missing something ? As far as I understand, this critical issue (regarding the published privacy properties) is not yet addressed. How will it be addressed ?

Best regards,

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking