Privacy-preserving data exploration in genome-wide association studies

Johnson, Aaron M.; Shmatikov, Vitaly

doi:10.1145/2487575.2487687

Cited by 160 publications

(196 citation statements)

References 37 publications

Supporting

Mentioning

195

Contrasting

Order By: Relevance

“…To assess the potential gain in utility of our relaxation, we focus on a particular application of DP, by re-evaluating the privacy protecting mechanisms in genome-wide association studies [10,19,22] for the release of SNPs with high χ 2 -statistics. Our results show that, for a bounded adversarial model, we require up to 2500 fewer patients in the study, in order to reach an acceptable tradeoff between privacy and medical utility.…”

Section: Results Assessment and Implicationsmentioning

confidence: 99%

“…For instance, Fredrikson et al [6] investigate personalized warfarin dosing and demonstrate that for privacy budgets effective against a certain type of inference attacks, satisfying DP exposes patients to highly increased mortality risks. Similarly, studies on privacy in genome-wide association studies (GWAS) [10,19,22] consider differential privacy as a protective measure against an inference attack discovered by Homer et al [9,20]. These works show that for reasonably small values of , the medical utility is essentially null under DP, unless there is an access to impractically large patient datasets.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Differential Privacy with Bounded Priors

Tramèr

Huang

Hubaux

et al. 2015

Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

Differential privacy (DP) has become widely accepted as a rigorous definition of data privacy, with stronger privacy guarantees than traditional statistical methods. However, recent studies have shown that for reasonable privacy budgets, differential privacy significantly affects the expected utility. Many alternative privacy notions which aim at relaxing DP have since been proposed, with the hope of providing a better tradeoff between privacy and utility.At CCS'13, Li et al. introduced the membership privacy framework, wherein they aim at protecting against set membership disclosure by adversaries whose prior knowledge is captured by a family of probability distributions. In the context of this framework, we investigate a relaxation of DP, by considering prior distributions that capture more reasonable amounts of background knowledge. We show that for different privacy budgets, DP can be used to achieve membership privacy for various adversarial settings, thus leading to an interesting tradeoff between privacy guarantees and utility.We re-evaluate methods for releasing differentially private χ 2 -statistics in genome-wide association studies and show that we can achieve a higher utility than in previous works, while still guaranteeing membership privacy in a relevant adversarial setting.

show abstract

Section: Results Assessment and Implicationsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Differential Privacy with Bounded Priors

Tramèr

Huang

Hubaux

et al. 2015

Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

show abstract

“…p m is a non-uniform sequence distribution and we assume γ ≤ 3 − √ 5 ≈ 0.76, which is a requirement for Corollary 1 (in [13]). This assumption is reasonable considering the length of the sequence n (≥ 20000) 5 . To estimate γ, we can consider the sequence with all major alleles and pessimistically assume each major allele frequency is 0.995, large enough to give an upper bound for real datasets.…”

Section: Proofmentioning

confidence: 99%

“…As a response to the above privacy breach in published genomic statistics, Fienberg et al [4] propose to apply Laplacian noise to the released data to achieve differential privacy. Another approach to achieving differential privacy in genome-wide association study is proposed by Johnson and Shmatikov [5]. Yu et al [6] present scalable privacy-preserving methods in genome-wide association studies based on Laplace mechanism and exponential mechanism.…”

Section: Related Workmentioning

confidence: 99%

“…Existing mechanisms for protecting the privacy of genomic data include (i) anonymization, which has proven to be ineffective for genomic data [2], [3], (ii) adding noise to published genomic data or statistics for medical research (e.g., to guarantee differential privacy [4], [5], [6]), (iii) computation partitioning [7], and (iv) cryptography (e.g., homomorphic encryption [8], [9], private set intersection [10], etc.). In this work, we focus mainly on the personal use of genomic data, such as healthcare or DTC services.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

GenoGuard: Protecting Genomic Data against Brute-Force Attacks

Huang

Ayday

Fellay

et al. 2015

2015 IEEE Symposium on Security and Privacy

View full text Add to dashboard Cite

Abstract-Secure storage of genomic data is of great and increasing importance. The scientific community's improving ability to interpret individuals' genetic materials and the growing size of genetic database populations have been aggravating the potential consequences of data breaches. The prevalent use of passwords to generate encryption keys thus poses an especially serious problem when applied to genetic data. Weak passwords can jeopardize genetic data in the short term, but given the multidecade lifespan of genetic data, even the use of strong passwords with conventional encryption can lead to compromise.We present a tool, called GenoGuard, for providing strong protection for genomic data both today and in the long term. GenoGuard incorporates a new theoretical framework for encryption called honey encryption (HE): it can provide information-theoretic confidentiality guarantees for encrypted data. Previously proposed HE schemes, however, can be applied to messages from, unfortunately, a very restricted set of probability distributions. Therefore, GenoGuard addresses the open problem of applying HE techniques to the highly non-uniform probability distributions that characterize sequences of genetic data.In GenoGuard, a potential adversary can attempt exhaustively to guess keys or passwords and decrypt via a bruteforce attack. We prove that decryption under any key will yield a plausible genome sequence, and that GenoGuard offers an information-theoretic security guarantee against messagerecovery attacks. We also explore attacks that use side information. Finally, we present an efficient and parallelized software implementation of GenoGuard.

show abstract

Highly private large‐sample tests for contingency tables

Jung,

Woo Kwak

2024

Stat

View full text Add to dashboard Cite

Differential privacy is a foundational concept for safeguarding sensitive individual information when releasing data or statistical analysis results. In this study, we concentrate on the protection of privacy in the context of goodness‐of‐fit (GOF) and independence tests, utilizing perturbed contingency tables that adhere to Gaussian differential privacy within the high‐privacy regime, where the degrees of privacy protection increase as the sample size increases. We introduce private test procedures for GOF, independence of two variables and the equality of proportions in paired samples, similar to McNemar's test. For each of these hypothesis testing situations, we propose private test statistics based on the statistics and establish their asymptotic null distributions. We numerically confirm that Type I error rates of the proposed private test procedures are well controlled and have adequate power for larger sample sizes and effect sizes. The proposal is demonstrated in private inferences based on the American Time Use Survey data.

show abstract

Privacy-preserving data exploration in genome-wide association studies

Cited by 160 publications

References 37 publications

Differential Privacy with Bounded Priors

Differential Privacy with Bounded Priors

GenoGuard: Protecting Genomic Data against Brute-Force Attacks

Highly private large‐sample tests for contingency tables

Contact Info

Product

Resources

About