{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,8,31]],"date-time":"2022-08-31T18:13:12Z","timestamp":1661969592171},"reference-count":0,"publisher":"Privacy Enhancing Technologies Symposium Advisory Board","issue":"4","license":[{"start":{"date-parts":[[2022,10,1]],"date-time":"2022-10-01T00:00:00Z","timestamp":1664582400000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["PoPETs"],"abstract":"<jats:p>Digital contact tracing offers significant promise to help reduce the spread of SARS-CoV-2 and other viruses. Google and Apple joined together in 2020 to create the Google\/Apple Exposure Notification (GAEN) framework to determine encounters with anonymous users later diagnosed COVID-19 positive. However, as GAEN lacks geospatial awareness, it is susceptible to geographically distributed replay attacks. Anonymous, low-cost, crowd-sourced replay attack networks deployed by malicious actors (or far away nation-state attackers) who utilize malicious (or innocent) users\u2019 smartphones to capture and replay GAEN advertisements can drastically increase false-positive rates even in areas that otherwise exhibit low positivity rates. In response to this powerful replay attack, we introduce GAEN+ , a solution that enhances GAEN with geospatial awareness while maintaining user privacy, and demonstrate its ability to effectively prevent geographically distributed replay attacks.<\/jats:p>","DOI":"10.56553\/popets-2022-0130","type":"journal-article","created":{"date-parts":[[2022,8,31]],"date-time":"2022-08-31T17:28:44Z","timestamp":1661966924000},"page":"727-745","source":"Crossref","is-referenced-by-count":0,"title":["Replay (Far) Away: Exploiting and Fixing Google\/Apple Exposure Notification Contact Tracing"],"prefix":"10.56553","volume":"2022","author":[{"given":"Christopher","family":"Ellis","sequence":"first","affiliation":[{"name":"The Ohio State University"}]},{"given":"Haohuang","family":"Wen","sequence":"additional","affiliation":[{"name":"The Ohio State University"}]},{"given":"Zhiqiang","family":"Lin","sequence":"additional","affiliation":[{"name":"The Ohio State University"}]},{"given":"Anish","family":"Arora","sequence":"additional","affiliation":[{"name":"The Ohio State University"}]}],"member":"35752","published-online":{"date-parts":[[2022,10]]},"container-title":["Proceedings on Privacy Enhancing Technologies"],"original-title":[],"deposited":{"date-parts":[[2022,8,31]],"date-time":"2022-08-31T17:29:50Z","timestamp":1661966990000},"score":1,"resource":{"primary":{"URL":"https:\/\/petsymposium.org\/popets\/2022\/popets-2022-0130.php"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,10]]},"references-count":0,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2022,10]]}},"alternative-id":["10.56553\/popets-2022-0130"],"URL":"https:\/\/doi.org\/10.56553\/popets-2022-0130","relation":{},"ISSN":["2299-0984"],"issn-type":[{"value":"2299-0984","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,10]]}}}