Essay on Cybersecurity Technical Recommendations

Contact Tracing of Cybersecurity Technical Recommendations

            It is studied the research paper on Bluetooth tracing by Apple and Google. The research is about the technical specification for the new type of preserving policy that uses the Bluetooth protocol to support contact tracing. Furthermore, it is made possible to limit through combatting the spread of coronavirus by contact tracking. The contact tracing has ability to give notifications to the participants about the contacted persons as well as it has ability to notify it the contacted person has got the coronavirus. The service of contact detection is the vehicle to implement tracing the contacted persons as well as it uses Bluetooth tracing for the detection of proximation of nearby smartphones as well as for the mechanism of data exchange. The service of contact detection is basically the BLE service to detect proximity of the device that has multiple device’s keys. One key will be generated only device and every smartphone or the device can be traced or detected by the use of this key. One this is very noticeable here which is that device or the smartphone that has the key to contact the machine can be vulnerable because the hackers, data breaches and attackers can effectively attack on the devices as well as they can change the status of the suspected person who is in contact or to be contacted.

            It is recommended that the payload service of contact detection should not include the data types. Furthermore, the data section service should be preceded. While the low energy general mode should be set to 1 rather than other values. The identifier of 128-bit rolling proximity identifier should the payload service data content. Further on the cybersecurity contextual recommendations, non-resolvable address should have the random type of advertiser address. On the other side, those platforms which are supporting the random private address of the Bluetooth along with the rotation interval timeout randomly, the random value must have the advertiser address of the period of rotation. In very simple words, the Bluetooth specification of the contact tracing should not use device location for the detection of proximity and must use beaconing of Bluetooth for the proximity detection. Furthermore, the rolling proximity identifiers of the users must have to change the identifier within or after every 15 minutes. The change of identifier is essential because it effectively minimizes the risk of the privacy or data loss. It is needed to change automatically rolling address identifier to enhance the security and user can trust on the system and it can make easily for the user to make decision for participation in contact tracing.

            In the cryptography specification, the cybersecurity is more involved for the contact tracking. The operating system components, preventing applications defines and fixes the key schedule by including the predictable or static information which can be beneficial for the contact tracking and can also be used. Some recommendations are also provided related to the cryptography specifications for contact tracing. The rolling of identifiers of proximity of the users should not be connected without any kind of daily key for tracing. The reason is that it is very helpful to mitigate the privacy risk and data loss from the devices at the time of advertising. The protocol of the server operator which is being implemented, should not start the learning process. The system must have the ability to scan advertisements from users who recently reported key of diagnoses. As the system has schedule to tracing keys which are generated and given to every user’s device, it must have to reduce the time in the schedule for the rolling proximity identifier because if the system will trace already traced key again, it might high possibility to reduce the security of the user device. So, the time should be reduced to increase the security of the device and this approach can give tough time to attackers. Furthermore, at the time of advertising, it is necessary make all of the method or data encapsulated or should be encrypted. The benefit of the encryption is that the attackers as well as other data breachers will become unable to read or identify or determine the exact information. At the time of advertising as well as changing the rolling address identifiers, the system and the algorithm should have to include the encryption algorithms in the code that will encrypt the tacking key which is generated and given to the user of the device, daily tracing key as well as the rolling proximity identifier. When the algorithm of the system will encrypt all of essential information, the contact tracing to avoid spread of coronavirus will become easier as well as more secured. Otherwise, the attackers can play a role to spread this virus by disabling the notifications.