Aftermath of bustamante attack on genomic beacon service

Aziz, Momin Al; Ghasemi, Reza; Waliullah,; Mohammed, Noman

doi:10.1186/s12920-017-0278-x

Cited by 22 publications

(22 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For each methylation Beacon, we randomly sample 60 patients to construct its Beacon database. We follow the approach of previous works on Beacons testing with uniform sets of patients [36], [29], [1], [45]. This ensures the attacker can only exploit individual variances and not disease-induced systematic differences, i.e., variances that are unavoidably in the data.…”

Section: B Evaluation Resultsmentioning

confidence: 99%

“…Despite the coarse-grained answer format, researchers have shown that the genomic Beacon is vulnerable to privacy attacks, in particular membership inference attacks [36], [29], [1], [45]. In addition, previous works have demonstrated the serious privacy risks stemming from sharing DNA methylation data [3], [8].…”

Section: A Contributionsmentioning

confidence: 99%

“…This example demonstrates the severe consequence of membership inference. Moreover, all the existing attacks against genomic Beacons are membership inference attacks [36], [29], [1], [45].…”

Section: A Threat Modelmentioning

confidence: 99%

See 2 more Smart Citations

MBeacon: Privacy-Preserving Beacons for DNA Methylation Data

Hagestedt

Zhang

Humbert

et al. 2019

Proceedings 2019 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

The advancement of molecular profiling techniques fuels biomedical research with a deluge of data. To facilitate data sharing, the Global Alliance for Genomics and Health established the Beacon system, a search engine designed to help researchers find datasets of interest. While the current Beacon system only supports genomic data, other types of biomedical data, such as DNA methylation, are also essential for advancing our understanding in the field. In this paper, we propose the first Beacon system for DNA methylation data sharing: MBeacon. As the current genomic Beacon is vulnerable to privacy attacks, such as membership inference, and DNA methylation data is highly sensitive, we take a privacy-by-design approach to construct MBeacon. First, we demonstrate the privacy threat, by proposing a membership inference attack tailored specifically to unprotected methylation Beacons. Our experimental results show that 100 queries are sufficient to achieve a successful attack with AUC (area under the ROC curve) above 0.9. To remedy this situation, we propose a novel differential privacy mechanism, namely SVT 2 , which is the core component of MBeacon. Extensive experiments over multiple datasets show that SVT 2 can successfully mitigate membership privacy risks without significantly harming utility. We further implement a fully functional prototype of MBeacon which we make available to the research community.

show abstract

Section: B Evaluation Resultsmentioning

confidence: 99%

Section: A Contributionsmentioning

confidence: 99%

See 1 more Smart Citation

MBeacon: Privacy-Preserving Beacons for DNA Methylation Data

Hagestedt

Zhang

Humbert

et al. 2019

Proceedings 2019 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…Shringarpure and Bustamante discussed different countermeasures, such as (i) increasing the beacon size, (ii) sharing only small genomic regions, (iii) using single population beacons, (iv) not publishing the metadata of a beacon, and (v) adding control samples to the beacon dataset [13]. Lately, Aziz et al proposed two algorithms which are based on randomizing the response set of the beacons with the goal of protecting beacon members' privacy while maintaining the efficacy of the beacon servers [1]. Raisaro et al have analyzed the behavior of the beacon when applying three different countermeasures [10].…”

Section: Discussionmentioning

confidence: 99%

Re-Identification of Individuals in Genomic Data-Sharing Beacons via Allele Inference

Thenen

Ayday

Çiçek

2017

Preprint

View full text Add to dashboard Cite

Abstract. Genomic datasets are often associated with sensitive phenotypes. Therefore, the leak of membership information is a major privacy risk. Genomic beacons aim to provide a secure, easy to implement, and standardized interface for data sharing by only allowing yes/no queries on the presence of specific alleles in the dataset. Previously deemed secure against re-identification attacks, beacons were shown to be vulnerable despite their stringent policy. Recent studies have demonstrated that it is possible to determine whether the victim is in the dataset, by repeatedly querying the beacon for his/her single nucleotide polymorphisms (SNPs). In this work, we propose a novel re-identification attack and show that the privacy risk is more serious than previously thought. Using the proposed attack, even if the victim systematically hides informative SNPs (i.e., SNPs with very low minor allele frequency -MAF-), it is possible to infer the alleles at positions of interest as well as the beacon query results with very high confidence. Our method is based on the fact that alleles at different loci are not necessarily independent. We use the linkage disequilibrium and a high-order Markov chain-based algorithm for the inference. We show that in a simulated beacon with 65 individuals from the CEU population, we can infer membership of individuals with 95% confidence with only 5 queries, even when SNPs with MAF less than 0.05 are hidden. This means, we need less than 0.5% of the number of queries that existing works require, to determine beacon membership under the same conditions. We further show that countermeasures such as hiding certain parts of the genome or setting a query budget for the user would fail to protect the privacy of the participants under our adversary model.

show abstract

“…S3 was not chosen as a baseline in Track 2 because we assumed the beacon service does not keep track of the queries per individual. The performance of our baseline 35 and performance of the top two teams, the first from Vanderbilt University 36 and the second from the University of Manitoba, 37 are depicted in the Fig. 1.…”

Section: Track 1: Practical Protection Of Gds Through Beacon Servicesmentioning

confidence: 99%

A Community Effort to Protect Genomic Data Sharing, Collaboration and Outsourcing

et al. 2017

View full text Add to dashboard Cite

The human genome can reveal sensitive information and is potentially re-identifiable, which raises privacy and security concerns about sharing such data on wide scales. In 2016, we organized the third Critical Assessment of Data Privacy and Protection competition as a community effort to bring together biomedical informaticists, computer privacy and security researchers, and scholars in ethical, legal, and social implications (ELSI) to assess the latest advances on privacy-preserving techniques for protecting human genomic data. Teams were asked to develop novel protection methods for emerging genome privacy challenges in three scenarios: Track (1) data sharing through the Beacon service of the Global Alliance for Genomics and Health. Track (2) collaborative discovery of similar genomes between two institutions; and Track (3) data outsourcing to public cloud services. The latter two tracks represent continuing themes from our 2015 competition, while the former was new and a response to a recently established vulnerability. The winning strategy for Track 1 mitigated the privacy risk by hiding approximately 11% of the variation in the database while permitting around 160,000 queries, a significant improvement over the baseline. The winning strategies in Tracks 2 and 3 showed significant progress over the previous competition by achieving multiple orders of magnitude performance improvement in terms of computational runtime and memory requirements. The outcomes suggest that applying highly optimized privacy-preserving and secure computation techniques to safeguard genomic data sharing and analysis is useful. However, the results also indicate that further efforts are needed to refine these techniques into practical solutions.

show abstract

Aftermath of bustamante attack on genomic beacon service

Cited by 22 publications

References 19 publications

MBeacon: Privacy-Preserving Beacons for DNA Methylation Data

MBeacon: Privacy-Preserving Beacons for DNA Methylation Data

Re-Identification of Individuals in Genomic Data-Sharing Beacons via Allele Inference

A Community Effort to Protect Genomic Data Sharing, Collaboration and Outsourcing

Contact Info

Product

Resources

About