Erman Ayday
Jean-Pierre Hubaux
ABSTRACT
In this paper, we propose privacy-enhancing technologies for medical tests and personalized medicine methods that use patients' genomic data. Focusing on genetic disease-susceptibility tests, we develop a new architecture (between the patient and the medical unit) and propose a "privacy-preserving disease susceptibility test" (PDS) by using homomorphic encryption and proxy re-encryption. Assuming the whole genome sequencing to be done by a certified institution, we propose to store patients' genomic data encrypted by their public keys at a "storage and processing unit" (SPU). Our proposed solution lets the medical unit retrieve the encrypted genomic data from the SPU and process it for medical tests and personalized medicine methods, while preserving the privacy of patients' genomic data. We also quantify the genomic privacy of a patient (from the medical unit's point of view) and show how a patient's genomic privacy decreases with the genetic tests he undergoes due to (i) the nature of the genetic test, and (ii) the characteristics of the genomic data. Furthermore, we show how basic policies and obfuscation methods help to keep the genomic privacy of a patient at a high level. We also implement and show, via a complexity analysis, the practicality of PDS.
- http://articles.washingtonpost.com/2012-06-02/national/35462326_1_data-breaches-medical-data-social-security-numbers.Google Scholar
- http://www.eupedia.com/genetics/medical_dna_test.shtml.Google Scholar
- http://www.ncbi.nlm.nih.gov/projects/SNP/.Google Scholar
- http://www.ncbi.nlm.nih.gov/projects/SNP/snp_ind.cgi?ind_id=10.Google Scholar
- E. Ashley, A. Butte, M. Wheeler, R.Chen, and T. Klein. Clinical assessment incorporating a personal genome. The Lancet, 375(9725):1525--1535, 2010.Google ScholarCross Ref
- G. Ateniese, K. Fu, M. Green, and S. Hohenberger. Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Transactions on Information and System Security, 9:1--30, Feb. 2006. Google ScholarDigital Library
- E. Ayday, E. D. Cristofaro, G. Tsudik, and J. P. Hubaux. The chills and thrills of whole genome sequencing. arXiv:1306.1264, 2013.Google Scholar
- E. Ayday, J. L. Raisaro, U. Hengartner, A. Molyneaux, and J. P. Hubaux. Privacy-preserving processing of raw genomic data. Proceedings of DPM International Workshop on Data Privacy Management, 2013.Google Scholar
- E. Ayday, J. L. Raisaro, P. J. McLaren, J. Fellay, and J. P. Hubaux. Privacy-preserving computation of disease risk by using genomic, clinical, and environmental data. Proceedings of USENIX Security Workshop on Health Information Technologies, 2013.Google Scholar
- P. Baldi, R. Baronio, E. De Cristofaro, P. Gasti, and G. Tsudik. Countering GATTACA: Efficient and secure testing of fully-sequenced human genomes. Proceedings of the 18th ACM Conference on Computer and Communications Security, 2011. Google ScholarDigital Library
- J. Barrett, B. Fry, J. Maller, and M. Daly. Haploview: Analysis and visualization of LD and haplotype maps. Bioinformatics 21, 2005. Google ScholarDigital Library
- M. Blanton and M. Aliasgari. Secure outsourcing of DNA searching via finite automata. Proceedings of the 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, pages 49--64, 2010. Google ScholarDigital Library
- E. Bresson, D. Catalano, and D. Pointcheval. A simple public-key cryptosystem with a double trapdoor decryption mechanism and its applications. Proceedings of Asiacrypt, 2003.Google ScholarCross Ref
- F. Bruekers, S. Katzenbeisser, K. Kursawe, and P. Tuyls. Privacy-preserving matching of DNA profiles. Technical report, 2008.Google Scholar
- M. Canim, M. Kantarcioglu, and B. Malin. Secure management of biomedical data with cryptographic hardware. IEEE Transactions on Information Technology in Biomedicine, 16(1), 2012. Google ScholarDigital Library
- A. Cavoukian. Privacy by design. 2009. http://www.ontla.on.ca/library/repository/mon/23002/289982.pdf.Google Scholar
- Y. Chen, B. Peng, X. Wang, and H. Tang. Large-scale privacy-preserving mapping of human genomic sequences on hybrid clouds. Proceeding of the 19th Network and Distributed System Security Symposium, 2012.Google Scholar
- Z. Erkin, M. Franz, J. Guajardo, S. Katzenbeisser, I. Lagendijk, and T. Toft. Privacy-preserving face recognition. Proceedings of the 9th International Symposium on Privacy Enhancing Technologies, pages 235--253, 2009. Google ScholarDigital Library
- D. S. Falconer and T. F. Mackay. Introduction to Quantitative Genetics (4th Edition). Addison Wesley Longman, Harlow, Essex, UK, 1996.Google Scholar
- S. E. Fienberg, A. Slavkovic, and C. Uhler. Privacy preserving GWAS data sharing. Proceedings of the IEEE 11th International Conference on Data Mining Workshops, Dec. 2011. Google ScholarDigital Library
- M. Gymrek, A. L. McGuire, D. Golan, E. Halperin, and Y. Erlich. Identifying personal genomes by surname inference. Science: 339 (6117), pages 321--324, Jan. 2013.Google Scholar
- N. Homer, S. Szelinger, M. Redman, D. Duggan, and W. Tembe. Resolving individuals contributing trace amounts of DNA to highly complex mixtures using high-density SNP genotyping microarrays. PLoS Genetics, 4, Aug. 2008.Google ScholarCross Ref
- S. Jha, L. Kruger, and V. Shmatikov. Towards practical privacy for genomic computation. Proceedings of the 2008 IEEE Symposium on Security and Privacy, pages 216--230, 2008. Google ScholarDigital Library
- A. Johnson, R. Handsaker, S. Pulit, M. Nizzari, C. O'Donnell, and P. de Bakker. SNAP: A web-based tool for identification and annotation of proxy SNPs using HapMap. Bioinformatics 24(24):2938--2939, 2008. Google ScholarDigital Library
- A. D. Johnson and C. J. O'Donnell. An open access database of genome-wide association results. BMC Medical Genetics 10:6, 2009.Google ScholarCross Ref
- M. Kantarcioglu, W. Jiang, Y. Liu, and B. Malin. A cryptographic approach to securely share and query genomic sequences. IEEE Transactions on Information Technology in Biomedicine, 12(5):606--617, 2008. Google ScholarDigital Library
- S. Kathiresan, O. Melander, D. Anevski, C. Guiducci, and N. Burtt. Polymorphisms associated with cholesterol and risk of cardiovascular events. The New England Journal of Medicine, 358:1240--1249, 2008.Google ScholarCross Ref
- B. Malin and L. Sweeney. How (not) to protect genomic data privacy in a distributed network: Using trail re-identification to evaluate and design anonymity protection systems. Journal of Biomedical Informatics, 37:179--192, Jun. 2004. Google ScholarDigital Library
- S. Marcellin, D. Zighed, and G. Ritschard. An asymmetric entropy measure for decision trees. Proceedings of International Conference on Information Processing and Management of Uncertainty in Knowledge-Based Systems, pages 1292--1299, 2006.Google Scholar
- M. Rotger and phet al. Contribution of genetic background, traditional risk factors and HIV-related factors to coronary artery disease events in HIV-positive persons. Clinical Infectious Diseases, Mar. 2013.Google Scholar
- A. Serjantov and G. Danezis. Towards an information theoretic metric for anonymity. Proceedings of Privacy Enhancing Technologies Symposium, 2002. Google ScholarDigital Library
- J. R. Troncoso-Pastoriza, S. Katzenbeisser, and M. Celik. Privacy preserving error resilient DNA searching through oblivious automata. Proceedings of the 14th ACM Conference on Computer and Communications Security, pages 519--528, 2007. Google ScholarDigital Library
- R. Wang, Y. F. Li, X. Wang, H. Tang, and X. Zhou. Learning your identity and disease from research papers: Information leaks in genome wide association study. Proceedings of the 16th ACM Conference on Computer and Communications Security, pages 534--544, 2009. Google ScholarDigital Library
- R. Wang, X. Wang, Z. Li, H. Tang, M. K. Reiter, and Z. Dong. Privacy-preserving genomic computation through program specialization. Proceedings of the 16th ACM Conference on Computer and Communications Security, pages 338--347, 2009. Google ScholarDigital Library
- X. Zhou, B. Peng, Y. F. Li, Y. Chen, H. Tang, and X. Wang. To release or not to release: Evaluating information leaks in aggregate human-genome data. Proceedings of the 16th European Conference on Research in Computer Security, 2011. Google ScholarDigital Library
Index Terms
- Protecting and evaluating genomic privacy in medical tests and personalized medicine
Recommendations
Quantifying Interdependent Risks in Genomic Privacy
The rapid progress in human-genome sequencing is leading to a high availability of genomic data. These data is notoriously very sensitive and stable in time, and highly correlated among relatives. In this article, we study the implications of these ...
Evaluating the Strength of Genomic Privacy Metrics
The genome is a unique identifier for human individuals. The genome also contains highly sensitive information, creating a high potential for misuse of genomic data (for example, genetic discrimination). In this article, we investigate how genomic ...
Dynamic attribute-based privacy-preserving genomic susceptibility testing
SAC '19: Proceedings of the 34th ACM/SIGAPP Symposium on Applied ComputingDevelopments in the field of genomic studies have resulted in the current high availability of genomic data which, in turn, raises significant privacy concerns. As DNA information is unique and correlated among family members, it cannot be regarded just ...
Comments