CRYPTOGRAPHIC SOLUTIONS FOR CREDIBILITY AND LIABILITY ISSUES OF GENOMIC DATA
ABSTRACT
In this work, we consider a scenario that includes an individual sharing his genomic data (or results obtained from hisgenomic data) with a service provider. In this scenario, (i) the service provider wants to make sure that received genomic data (orresults) in fact belongs to the corresponding individual (and computed correctly), (ii) the individual wants to provide a digital consentalong with his data specifying whether the service provider is allowed to further share his data, and (iii) if his data is shared without hisconsent, the individual wants to determine the service provider that is responsible for this leakage. We propose two schemes based onhomomorphic signature and aggregate signature that links the information about the legitimacy of the data to the consent and thephenotype of the individual. Thus, to verify the data, each party also needs to use the correct consent and phenotype of the individualwho owns the data.
EXISTING SYSTEM:
there have been several works on security and privacyof genomic data. However, as mentioned, credibility andliability issues of genomic data have not been considered inprevious work. We briefly summarize the existing efforts onsecurity/privacy of genomic data in the following.One line of investigation is represented by works focusingon private clinical genomics. Baldi et al. presentedefficient algorithms for privacy-preserving testing on fullgenomes, including paternity and ancestry testing, andthe testing of point mutations (single nucleotide polymorphisms- SNPs) for partner compatibility and personalizedmedicine. Ayday et al. proposed a scheme to protect theprivacy of users’ genomic data yet enable medical units toaccess the genomic data in order to conduct medical tests orto develop personalized medicine methods. Karvelas etal. proposed using the oblivious RAM mechanisms to accessgenomic data (that is stored at a third party) and secure twopartycomputation protocols to compute various functionalitieson the data. Recently, Wang et al. proposed privateedit distance protocols to find similar patients (e.g., acrossseveral hospitals). To provide secure storage and retrievalof genomic data, Ayday et al. proposed techniques for theprivacy-preserving storage and retrieval of raw-genomicdata , and Huang et al. proposed a scheme that wouldguarantee long-term security (in an information-theoreticalsense) for genomic data .
PROPOSED SYSTEM:
we propose two schemes to share genomicdata and genetic test results, respectively. The proposedschemes are based on both homomorphic signature andaggregate signature that links the information about thelegitimacy of the data to the consent and the phenotype(or the identity) of the individual. Thus, in order to verifythe data, a party also needs to use the correct consent andphenotype of the individual who owns the data.One proposed scheme allows the service providers tocheck the validity of individuals’ genomic data. The otherproposed scheme allows service providers to conduct genetictests on individuals’ data and be assured that the testis conducted accurately. The adoption of homomorphic signatureenables the individual to honestly share any subset ofthe authenticated data or the test results without interactingwith the authority. Moreover, it guarantees that the individualdoes not leak unnecessary information when sharing thetest results. The adoption of aggregate signature efficientlyprevents illegal (or unauthorized) sharing of genomic databy the service providers. In such a case, either the entitywhich receives the data understands that data is sharedwithout the consent of the data owner, or the data owner canunderstand which service provider leaked his data withouthis consent, and hence he can hold that party liable of theleakage.
CONCLUSIONS
In this work, we proposed two cryptographic schemes toshare genomic data and genetic test results. The proposedschemes are between a data owner and a service provider.Using the proposed schemes, on the one hand, a serviceprovider can check the validity (or legitimacy) of genomicdata it receives from a data owner (individual). On the otherhand, the individual, via a digital consent, can make surethat the service provider will not further share his datawithout his permission. The proposed schemes are basedon homomorphic signatures and aggregate signatures, andthese cryptographic primitives enable us to link the informationabout the legitimacy of the data to the consent andthe identity of the individual. We also discussed the securityand practicality of the proposed schemes. The proposedschemes can be easily adopted by existing works on privacypreservingprocessing of genomic data.
REFERENCES
[1] P. Baldi, R. Baronio, E. De Cristofaro, P. Gasti, and G. Tsudik,“Countering GATTACA: Efficient and secure testing of fullysequencedhuman genomes,” Proceedings of ACM CCS ’11, pp. 691–702, 2011.
[2] E. Ayday, J. L. Raisaro, J. Rougemont, and J.-P. Hubaux, “Protectingand evaluating genomic privacy in medical tests andpersonalized medicine,” in WPES, 2013.
[3] N. Karvelas, A. Peter, S. Katzenbeisser, E. Tews, and K. Hamacher,“Privacy-preserving whole genome sequence processing throughproxy-aided ORAM,” in Proceedings of the 13th Workshop on Privacyin the Electronic Society, 2014, pp. 1–10.
[4] R. Wang, X. Wang, Z. Li, H. Tang, M. K. Reiter, and Z. ,“Privacy-preserving genomic computation through program specialization,”Proceedings of the 16th ACM Conference on Computerand Communications Security, pp. 338–347, 2009.
[5] E. Ayday, J. L. Raisaro, U. Hengartner, A. Molyneaux, and J.-P.Hubaux, “Privacy-preserving processing of raw genomic data,” inDPM, 2013.
[6] Z. Huang, E. Ayday, J.-P. Hubaux, J. Fellay, and A. Juels,“Genoguard: Protecting genomic data against brute-force attacks,”in n Proceedings of IEEE Symposium on Security and Privacy, 2015.
[7] M. Gymrek, A. L. McGuire, D. Golan, E. Halperin, and Y. Erlich,“Identifying personal genomes by surname inference,” Science: 339(6117), Jan. 2013.
[8] N. Homer, S. Szelinger, M. Redman, D. Duggan, and W. Tembe,“Resolving individuals contributing trace amounts of DNA tohighly complex mixtures using high-density SNP genotypingmicroarrays,” PLoS Genetics, vol. 4, Aug. 2008.
[9] M. Humbert, E. Ayday, J.-P. Hubaux, and A. Telenti, “Addressingthe concerns of the Lacks family: Quantification of kin genomicprivacy,” in CCS, 2013.
[10] A. Johnson and V. Shmatikov, “Privacy-preserving data explorationin genome-wide association studies,” in KDD, 2013, pp.1079–1087.