This project aims to assist in tracing the spread of a virus during a pandemic. By automatically registering encounters with other users of the app, you are can later be notified in case those users become infected with the virus, and vice-versa. Furthermore, our solution focuses on protecting the users’ data, reducing the risk of sensitive information (such as identity, location and infection status) being leaked.

Contact Tracing systems can be extremely useful in controlling the spread of a virus in a pandemic scenario. However, due to the nature of the data these systems deal with, they can also constitute a great
privacy problem for users.

There are two main pieces of sensitive information that a contact tracing system deals with and stores in some way: a user’s infection status and a user’s contacts (which may include the location and time of those contacts). With our solution, we aspire to mitigate these problems by reducing, as much as possible, the ways in which a malicious or otherwise neglectful actor may attack the system and / or disclose the forementioned information.

• Hub OS: Ubuntu 20.04.3 LTS
• DB OS: Ubuntu 20.04.3 LTS
• App OS: Android 6+
• Language: Java
• App ↔ Hub Communication: gRPC with SSL/TLS
• App ↔ App Communication: Bluetooth Low Energy (BLE)
• App Local Storage: SQLite JDBC
• Server-side Storage: PostgreSQL 14
• Building and dependencies: Gradle
• Firewall Utility: Iptables
• Tools used in development: Android Studio, IntelliJ IDEA

• Database prerequisites

  • Hardware:
    • Physical Computer or Virtual Machine
  • Operating System:
    • Ubuntu 20.04.3 LTS
  • Software:
    • PostgreSQL 14

• Hub prerequisites

  • Hardware:
    • Physical Computer or Virtual Machine
  • Operating System:
    • Ubuntu 20.04.3 LTS
  • Software:
    • Java 11
    • Gradle 7.3

• App development prerequisites

  • Software:
    • Java 11
    • Gradle 7.3
    • Android SDK 11.0.10 (API 30)

• App prerequisites

  • Hardware:
    • Physical Android device
  • Operating System:
    • Android 6+

Some of the features of the app are demonstrated in the following table:

Description	Image
Setting a new password, password does not have all the required character types
Setting a new password, password does not have the required length
Setting a new password, password and confirmation do not match
Main Screen
A user tries to claim infection with an invalid ICC
After receiving an ICC from an health authority, the user submits it in the app and is successful
Checked risk of infection, no risk detected
Checked risk of infection, risk detected
Notification of risk of infection and informing that the service is running
After user is notified of a risk of infection, he's asked for his password, password given was incorrect
After user is notified of a risk of infection, all his infected contacts are shown

Database containing 2 messages received through Bluetooth LE from another device:

Tu run this service we will need 2 virtual machines running Ubuntu 20.04.3 LTS

One of these VMs, which we'll call VMH, will be running the Hub and will be connected to the internet through a NAT.

The other one, which we'll call VMDB, will be running the PostgreSQL database and will only be connected to a local network shared with the VMH.

Step-by-step instructions for preparing the VMs:

(These instructions assume you're using VirtualBox)

1. Create a new Ubuntu (64-bit) VM, call it VMH

2. Install Ubuntu 20.04.3 LTS

3. Boot the VM and open a terminal.

4. Run the command:

   sudo apt update && sudo apt upgrade && sudo apt install net-tools

5. Power off the VM.

6. Go to VMH > Settings > Network and enable and configure the following Network Adapters:

   • Adapter 1:
     • Attached to: Internal Network
     • Name: intnet
   • Adapter 2:
     • Attached to: NAT
     • Port Forwarding > New Rule (Host Port: 29292, Guest Port: 29292)

7. Create a clone of the VM, with the following configurations:

   • Name: VMDB
   • MAC Address Policy: Generate new MAC addresses for all network adapters
   • Clone type: Full clone

1. Boot up the VMDB.

2. Open a terminal and run the commands:

   sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list' &&
   wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - &&
   sudo apt update &&
   sudo apt -y install postgresql

3. Transfer the directory A28-CT/scripts/database to the VMDB through your preferred method. (ex: Drag'n'Drop, Shared Folders, etc.), make sure the files are in unix format and not windows.

4. Change directory to that directory, and change some important permissions for the setup:

   chmod +x *.sh && chmod 777 .

5. Run ssl.sh with root privileges:

   sudo ./ssl.sh

6. Copy the file rootCA.crt generated by ssl.sh to your host machine (It will be needed by VMH)

7. Change to user "postgres", go to the transfered directory "database", and run the script "setup.sh":

   sudo su - postgres
   cd <path to database dir>
   ./setup.sh
   exit

8. Run the following command to set the IP address of the VMDB:

   sudo ifconfig enp0s3 192.168.0.10/24 up

9. Run the following command to set up a simple firewall that only accepts requests from VMH to port 5432:

   sudo ./firewall.sh

10. Power off the VMDB

11. Go to VMDB > Settings > Network and disable "Adapter 2" (Which should be the one "Attached to: NAT")

1. Boot up the VMH.

2. To setup the network adapter that is going to connect to the VMDB, we run the following command:

   sudo ifconfig enp0s3 192.168.0.20/24 up

3. Install Java 11:

   sudo apt install openjdk-11-jdk

4. Install Gradle:

   sudo apt -y install vim apt-transport-https dirmngr wget software-properties-common &&
   sudo add-apt-repository ppa:cwchien/gradle &&
   sudo apt update &&
   sudo apt -y install gradle

5. Transfer the whole project directory A28-CT to the VMH through your preferred method. (ex: Drag'n'Drop, Shared Folders, etc.)

6. Copy from the host machine the rootCA.crt to the folder /etc/ssl/certs, give read permissions to the file:

   sudo chmod +r /etc/ssl/certs/rootCA.crt

7. Change directory to the directory A28-CT and build the project

   gradle :hub:build

8. Run the following command to set up the firewall:

   sudo ./scripts/hub/firewall.sh

9. With VMDB booted and postgres running, run the hub:

   gradle :hub:run

First we must create the App APK:

1. Open a shell and change to the project's directory (A28-CT)

2. Run the following command to set the hostname of the previously deployed Hub server. (Or alternatively, navigate to that directory and edit it manually)

   echo <hostname> > app/src/main/res/raw/hub_hostname

3. Run one of the following commands, depending on your operating system:

   • Windows: gradlew :app:build
   • Linux: chmod +x gradlew && ./gradlew :app:build

Then, we must install the APK unto the Android Device: 3. Install Android SDK in order to have access to the adb platform tool. 4. Find the path to the installed adb binary and add it to you PATH environment variable. * Example for windows: path = "C:\Users\AppData\Local\Android\Sdk\platform-tools\adb.exe" 5. Turn on Developer Debug mode on your Android Device. 6. Connect your device to your computer using a USB cable and accept the connection. 7. Run the following command on your computer:

```sh
adb install path/to/project/A28-CT/app/build/outputs/apk/release/app-release-unsigned.apk
```

• Afonso Gomes - IST Master’s student - @AfonsoG6
• Miguel Henriques - IST Master’s student - @miguelchenriques
• António Martins - IST Master’s student - @AL-CT

This project is licensed under the MIT License.

MIT License

Copyright (c) [2022] [A28-CT Team]  

Permission is hereby granted, free of charge, to any person obtaining a copy  
of this software and associated documentation files (the "Software"), to deal  
in the Software without restriction, including without limitation the rights  
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell  
copies of the Software, and to permit persons to whom the Software is  
furnished to do so, subject to the following conditions:  

The above copyright notice and this permission notice shall be included in all  
copies or substantial portions of the Software.  

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR  
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,  
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE  
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER  
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,  
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE  
SOFTWARE.

This project was heavily inspired on the original DP^3T Project. Please follow the link above in order to check out their work.