Genotype Extraction and False Relative Attacks: Security Risks to Third-Party Genetic Genealogy Services Beyond Identity Inference

Ney, Peter; Ceze, Luís; Kohno, Tadayoshi

doi:10.14722/ndss.2020.23049

Cited by 34 publications

(33 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The leakage of genetic privacy has been frequently reported where the identity or sensitive trait of a particular individual was disclosed by the identity tracing attacks, 30,31 attribute disclosure attacks via DNA, 4 and completion attacks. 32,33 Several privacy-preserving solutions for genomic data analytics have been proposed, including DP strategies for genome-wide association studies (GWAS), 7,34 crytographic solutions including homomorphic encryption 12,35 and secure multi-party computation (MPC) solutions. 35 However, these privacy-preserving methods aim to mitigate privacy leakage when data is shared and none of them have considered privacy leakage when sharing models.…”

Section: Related Workmentioning

confidence: 99%

Differential Privacy Protection Against Membership Inference Attack on Machine Learning for Genomic Data

Chen

Wang

Shi

2020

Preprint

View full text Add to dashboard Cite

Machine learning is powerful to model massive genomic data while genome privacy is a growing concern. Studies have shown that not only the raw data but also the trained model can potentially infringe genome privacy. An example is the membership inference attack (MIA), by which the adversary, who only queries a given target model without knowing its internal parameters, can determine whether a specific record was included in the training dataset of the target model. Differential privacy (DP) has been used to defend against MIA with rigorous privacy guarantee. In this paper, we investigate the vulnerability of machine learning against MIA on genomic data, and evaluate the effectiveness of using DP as a defense mechanism. We consider two widely-used machine learning models, namely Lasso and convolutional neural network (CNN), as the target model. We study the trade-off between the defense power against MIA and the prediction accuracy of the target model under various privacy settings of DP. Our results show that the relationship between the privacy budget and target model accuracy can be modeled as a log-like curve, thus smaller privacy budget provides stronger privacy guarantee with the cost of losing more model accuracy. We also investigate the effect of model sparsity on model vulnerability against MIA. Our results demonstrate that in addition to prevent overfitting, model sparsity can work together with DP to significantly mitigate the risk of MIA.

show abstract

Section: Related Workmentioning

confidence: 99%

Differential Privacy Protection Against Membership Inference Attack on Machine Learning for Genomic Data

Chen

Wang

Shi

2020

Preprint

View full text Add to dashboard Cite

show abstract

“…Data sharing is dependent upon the data controller's wants and needs, barring any legal or business requirements from other involved stakeholders. Genetic database vulnerabilities have been well-studied and disclosed (Edge and Coop, 2020;Ney et al, 2020;Naveed et al, 2015;Erlich and Narayanan, 2014;Gymrek et al, 2013). For example, the contents of the entire GEDmatch database could be leaked by uploading artificial genomes (Ney et al, 2020).…”

Section: Dissemination Practices and Databasesmentioning

confidence: 99%

“…Genetic database vulnerabilities have been well-studied and disclosed (Edge and Coop, 2020;Ney et al, 2020;Naveed et al, 2015;Erlich and Narayanan, 2014;Gymrek et al, 2013). For example, the contents of the entire GEDmatch database could be leaked by uploading artificial genomes (Ney et al, 2020). Such an attack would violate the confidentiality of more than a million users' and their relatives' genetic data because the information is not truly anonymized.…”

Section: Dissemination Practices and Databasesmentioning

confidence: 99%

Genetic information insecurity as state of the art

Schumacher

Sawaya²,

Nelson³

et al. 2020

Preprint

View full text Add to dashboard Cite

Genetic information is being generated at an increasingly rapid pace, offering advances in science and medicine that are paralleled only by the threats and risk present within the responsible ecosystem. Human genetic information is identifiable and contains sensitive information, but genetic data security is only recently gaining attention. Genetic data is generated in an evolving and distributed cyber-physical ecosystem, with multiple systems that handle data and multiple partners that utilize the data. This paper defines security classifications of genetic information and discusses the threats, vulnerabilities, and risk found throughout the entire genetic information ecosystem. Laboratory security was found to be especially challenging, primarily due to devices and protocols that were not designed with security in mind. Likewise, other industry standards and best practices threaten the security of the ecosystem. A breach or exposure anywhere in the ecosystem can compromise sensitive information. Extensive development will be required to realize the potential of this emerging field while protecting the bioeconomy and all of its stakeholders.

show abstract

“…Genetic database vulnerabilities have been well studied and disclosed ( Gymrek et al, 2013 ; Erlich and Narayanan, 2014 ; Naveed et al, 2015 ; Edge et al, 2017 ; Ney et al, 2018 ; Vinatzer et al, 2019 ; Edge and Coop, 2020 ; Ney et al, 2020 ). For example, the contents of the entire GEDmatch database could be leaked by uploading artificial genomes ( Ney et al, 2020 ). Such an attack would violate the confidentiality of more than a million users’ and their relatives’ genetic data because the information is not truly anonymized.…”

Section: The Genetic Information Threat Landscapementioning

confidence: 99%

Genetic Information Insecurity as State of the Art

Schumacher

Sawaya²,

Nelson³

et al. 2020

Front. Bioeng. Biotechnol.

View full text Add to dashboard Cite

Genetic information is being generated at an increasingly rapid pace, offering advances in science and medicine that are paralleled only by the threats and risk present within the responsible systems. Human genetic information is identifiable and contains sensitive information, but genetic information security is only recently gaining attention. Genetic data is generated in an evolving and distributed cyber-physical system, with multiple subsystems that handle information and multiple partners that rely and influence the whole ecosystem. This paper characterizes a general genetic information system from the point of biological material collection through long-term data sharing, storage and application in the security context. While all biotechnology stakeholders and ecosystems are valuable assets to the bioeconomy, genetic information systems are particularly vulnerable with great potential for harm and misuse. The security of post-analysis phases of data dissemination and storage have been focused on by others, but the security of wet and dry laboratories is also challenging due to distributed devices and systems that are not designed nor implemented with security in mind. Consequently, industry standards and best operational practices threaten the security of genetic information systems. Extensive development of laboratory security will be required to realize the potential of this emerging field while protecting the bioeconomy and all of its stakeholders.

show abstract

Genotype Extraction and False Relative Attacks: Security Risks to Third-Party Genetic Genealogy Services Beyond Identity Inference

Cited by 34 publications

References 23 publications

Differential Privacy Protection Against Membership Inference Attack on Machine Learning for Genomic Data

Differential Privacy Protection Against Membership Inference Attack on Machine Learning for Genomic Data

Genetic information insecurity as state of the art

Genetic Information Insecurity as State of the Art

Contact Info

Product

Resources

About