Person wachting at a smartphone
The goal of the research team is to develop a data protection-secure app for fighting corona.
Image: / Geber86
  • Covid-19, Research news
  • Reading time: 5 MIN

Coronavirus: Research team testing decentralized contact tracingEncryption system for a secure contact tracing app

In the fight against Covid-19, an interdisciplinary research team at the Technical University of Munich (TUM) has developed a model for a contact tracing app that protects personal data. The concept is based on an encryption process that prevents the temporary contact numbers (TCNs) of infected individuals from ending up on the phones of their contacts. A prototype is now undergoing testing in cooperation with the ITO Open Source Consortium. The app has also successfully completed the Bluetooth Special Interest Group qualification process.

Researchers around the world are working hard on measures to bring the SARS-CoV-2 coronavirus under control. One approach seen as promising is the idea of slowing the spread of the virus by means of secure digital contact tracing based on a globally compatible app.

Among the research groups working on contact tracing apps is ContacTUM, an interdisciplinary team from the fields of physics, informatics, law, mathematics and medicine anchored by the physicist Prof. Elisa Resconi.

Warning the contact persons

The basic principle of contact tracing is to notify contacts of infected individuals with the help of an app. Mobile phones on which the app is installed exchange constantly changing, randomly generated TCNs (temporary contact numbers) using Bluetooth technology.

These TCNs are collected locally on the devices and stored there for a limited period of around two weeks. In case of a medically confirmed diagnosis of a Covid-19 infection, the individual's contacts are anonymously notified using the contact tracing app.

Centralized or decentralized

The notification mechanism takes either the centralized or decentralized approach. In the centralized approach, the app uploads to a central server the TCNs of every contact person received by the infected individual's device. The server then uses the TCNs to dispatch messages with the app in order to notify the corresponding contact persons of a potential infection.

The risk of the centralized approach: All of the data are stored at a single location. As a result, there is a high risk of abuse because it becomes possible to de-anonymize and disclose personal contacts as soon as the data on the server can be accessed.

In a decentralized approach, the infected individuals release only the TCNs transmitted by their own device to a server. These TCNs are downloaded from the server by all devices where the app is installed. The check to determine whether any of these "infected" TCNs were previously received now takes place locally on the individual devices. Consequently, the only party with knowledge of possible contact with an infected individual is the contact person himself – and not the central server.

More protection for infected individuals through encryption processes

ContacTUM has been working to build on this decentralized approach and make it more secure. The cross-checking of TCNs of infected individuals against those collected on mobile phones takes place without having to load the infected individuals' TCNs onto the phones. This is possible with an encryption process known as private set intersection cardinality, which does not require information to be exchanged in plain text.

Under the ContacTUM concept, contact persons can thus be warned without their mobile phones being able to recognize the "infected" TCNs among the TCNs stored there.

"As a result, the risk scenario in which an attacker could combine the received TCNs with other information such as the date, time and location where the TCN was transmitted – which would endanger the anonymity of an infected person – is minimized to a large extent," says physicist Kilian Holzapfel.

Privacy protection by design

"It's important to us to ensure that data protection standards are met by design, in other words in the programming," says Prof. Elisa Resconi. That is why Prof. Dirk Heckmann of the TUM School of Governance and Prof. Christian Djeffal of the Munich Center for Technology in Society have been involved in the project from the beginning, contributing their expertise in data protection and IT security.

TUM and ITO jointly develop app prototype

To develop an app prototype based on this principle, ContacTUM is working closely with ITO, an open source consortium of around 30 international developers who are open and transparent in all of their activities.

A prototype of the app is being tested with the Android operating system. The code is publicly available. "But it will still probably be a few weeks before an absolutely secure and technically flawless app is ready for use," says Kilian Holzapfel.

Worldwide compatibility through cooperation with Bluetooth SIG

To ensure that future contact tracing apps worldwide are based on the same decentralized approach to guarantee international compatibility, ContacTUM has submitted a successful qualification request for its decentralized standard to Bluetooth SIG with the express support of leading international IT firms.

In addition, ContacTUM is a member of the TCN Coalition, which was co-founded by ITO. Alongside DP-3T, TCN is one of the major collaborative groups working on a decentralized contact tracing app.

Simulations to assess effectiveness of the app

Parallel to the app design work, a team within ContacTUM, led by the physicist Prof. Stefan Schönert and the mathematician Prof. Johannes Müller, has created simulations to identify the conditions under which the app can make a real difference in slowing the spread of covid-19. Based on initial computations, the scientists believe that, for this to be achieved, at least 60 percent of the population would have to install and use the contact tracing app. Their results also showed that the contacts of an infected person's contacts would have to be notified without delay as well to break the infection chain.



ContacTUM Consortium, ITO Consortium: Digital Contact Tracing Service: an improved decentralised design for privacy and effectiveness. April 17, 2020 (Working Paper)

ContacTUM Consortium: K. Holzapfel, M. Karl, L. Lotz, G. Carle, C. Djeffal, C. Haack, D. Heckmann, M. Köppl, P. Krause, L. Marx, S. Meighen-Berger, J. Pollmann, T. Pollmann, E. Resconi, S. Schönert, A. Turcati, C. Wiesinger

ITO Consortium: C. Allan, K. Bitterschulte, J. Buchwald, C. Fischer, J. Gampe, M. Häcker, J. Islami, A. Pomplun, S. Preisner, N. Quast, C. Romberg, C. Steinlehner, T. Ziehm

More information:

App prototype

Technical University of Munich

Corporate Communications Center Christine Lehner

Contacts to this article:

Kilian Holzapfel
Technical University of Munich
Chair of Experimental Physics with Cosmic Particles

For legal aspects:

Prof. Dr. Dirk Heckmann
Technical University of Munich
Chair of Law and Security of Digitization
Tel.: +49 89 907793 301

Article at

Prof. Klaus Bengler is standing in the hall of the department for machine engineering.

"We shouldn't withdraw into the virtual world"

The Corona crisis changed the working world in no time at all: Home office, web meetings and hygiene measures are now part of our everyday routine. Prof. Klaus Bengler of the Chair of Ergonomics at the Technical University...

A QR-code is scanned unsing a smartphone.

Contact tracing while protecting privacy

The latest regulations require restaurants to record the contact details of their guests to help the authorities to issue warnings in case of covid-19 infections. A team at the Technical University of Munich (TUM) has...

A woman  puts her hands in front of her face

Domestic violence during the coronavirus pandemic

Around 3 percent of women in Germany were subject to physical violence at home during the strict lockdown period and 3.6 percent were raped by their partner. In 6.5 percent of all households, children were subjected to...

Prof. Jan Baumbach

Researchers develop software for drug repurposing

Currently, the corona pandemic is dominating the entire social life in Germany and in many other parts of the world. We are working flat out in order to better help the more than one hundred thousand seriously ill people in...

Prof. Wall (r) and Dr. Biehler at work on their virtual lung model.

Computer model enables protective ventilation

The use of mechanical ventilation can save lives – and not just for COVID-19 patients who develop severe respiratory problems. But at the same time, the ventilation pressure puts immense stress on delicate lung tissue....

Scientists will collect biodata using in-ear sensors

In-ear sensors to help in fight against COVID-19

A team at the Technical University of Munich (TUM) plans to use high-tech biometric sensors for 24-hour monitoring of COVID-19 patients in home isolation. The goal of the study is to find out whether rapid treatment in...

Staff member of the virology department at TUM evaluating the antibody tests.

Large Antibody Study at the Klinikum rechts der Isar

One of the largest antibody studies against SARS-CoV-2 in Germany has begun at the university hospital Klinikum rechts der Isar at Technical University of Munich (TUM). The employee study is intended to provide data on the...

Prof. Christoph Lütge

“Short-term decisions can have a long-term impact on our world”

The weapons deployed in the fight against the covid-19 pandemic also include artificial intelligence. AI might be able to recognize patterns in the spread of the disease, for example. These new possibilities raise ethical...

In the university hospital TUM Klinikum rechts der Isar, drugs against Covid-19 are tested.

Medications against coronavirus in trial

The university hospital is participating in studies on new medications for people suffering from Covid-19. As part of a clinical study, patients can be treated with medications that are still under development. 50 patients...