Lead Institution: Johns Hopkins University

Project Leader: Avi Rubin

Research Progress

• Abstract
  The growing role of mobile devices in previously face to face interactions presents new domains for cryptographic applications. At the same, time the increased role of digital systems raises new security and privacy issues. With some thirty thousand notifications sent, inSPOT.org’s electronic notification of exposure to sexually transmitted infections is one such concerning development. We explored those concerns and developed a system with the features of an ideal service for both notification and certification, as well as protocols for cryptographic solutions.

• Focus of the research/Market need for this project
  This project addresses the need of people who want to remain anonymous and yet notify former partners about their STD status. Currently, there are notification systems, but none of them address the privacy requirements that our system is designed to address.

• Project Aims/Goals
  The goal is to provide an STD notification system that includes privacy guarantees.

• Key Conclusions/Significant Findings/Milestones reached/Deliverables
  We implemented our ideas, designed the cryptographic protocols, and published a paper in the HealthSec conference.

• Materials Available for Other Investigators/interested parties
  The protocols are published in publicly available workshop proceedings.

• Market entry strategies
  We approached two hospitals (Vanderbilt and Johns Hopkins) with proposals to attempt a wide-scale pilot of this project, but we were not able to generate any interest in actually deploying this.

Bibliography
Vis-à-Vis Cryptography: Private and Trustworthy In-Person Certifications
Ian M. Miers, Matthew D. Green, Christoph U. Lehmann, and Aviel D. Rubin
Proceedings of the 3rd USENIX/HealthSec Workshop, August 2012