Server and client application of Privacy preserving disease analysis

In the context of privacy-enhancing technologies, we sought to create reliable and secure corona heatmaps. Our goal was to compute and visualize the distribution of COVID-19 infected persons. We aimed to achieve it by the combination of data from health authorities and mobile network providers. However, the real challenge was to assert strong security guarantees both for the authorities and the operators. During development, we worked with public location data centered around Vienna.

It is a two-party protocol in the classical client-server setting. The Client (health authority) has the identity of patients. The Server (mobile network operator) has Call Detail Records (CDRs). We strive to output the aggregated location data from those CDR, which match the patient's identifiers. Naturally, we want to protect the identity of the ill and location data of individuals.

To achieve the privacy goals outlined above, we use homomorphic encryption, zero-knowledge proof techniques, and differential privacy.

In particular, the patients' identifiers get homomorphically encrypted before sending them to the mobile operator. Due to the nature of homomorphic encryption, the mobile operator can perform the data aggregation without decrypting the identifiers. To prevent the researchers from learning individual CDR, we ensure that the identifiers' set has a minimum cardinality by applying zero-knowledge proof techniques. The mobile operator can also add noise - in the sense of differential privacy - to the aggregated CDR before sending them to the researchers. This addition becomes necessary if the aggregated CDR still leak information that could lead to patients' re-identification.