UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

How Much Does GenoGuard Really "Guard"? An Empirical Analysis of Long-Term Security for Genomic Data

Oprisanu, M-B; Dessimoz, C; De Cristofaro, E; (2019) How Much Does GenoGuard Really "Guard"? An Empirical Analysis of Long-Term Security for Genomic Data. In: Cavallaro, Lorenzo and Kinder, Johannes, (eds.) WPES'19: Proceedings of the 18th ACM Workshop on Privacy in the Electronic Society. (pp. pp. 93-105). ACM: New York, United States. Green open access

[thumbnail of De Cristofaro_AAM.pdf]
Preview
Text
De Cristofaro_AAM.pdf - Accepted Version

Download (1MB) | Preview

Abstract

Due to its hereditary nature, genomic data is not only linked to its owner but to that of close relatives as well. As a result, its sensitivity does not really degrade over time; in fact, the relevance of a genomic sequence is likely to be longer than the security provided by encryption. This prompts the need for specialized techniques providing long-term security for genomic data, yet the only available tool for this purpose is GenoGuard~\citehuang_genoguard:_2015. By relying on \em Honey Encryption, GenoGuard is secure against an adversary that can brute force all possible keys; i.e., whenever an attacker tries to decrypt using an incorrect password, she will obtain an incorrect but plausible looking decoy sequence. In this paper, we set to analyze the real-world security guarantees provided by GenoGuard; specifically, assess how much more information does access to a ciphertext encrypted using GenoGuard yield, compared to one that was not. Overall, we find that, if the adversary has access to side information in the form of partial information from the target sequence, the use of GenoGuard does appreciably increase her power in determining the rest of the sequence. We show that, in the case of a sequence encrypted using an easily guessable (low-entropy) password, the adversary is able to rule out most decoy sequences, and obtain the target sequence with just 2.5% of it available as side information. In the case of a harder-to-guess (high-entropy) password, we show that the adversary still obtains, on average, better accuracy in guessing the rest of the target sequences than using state-of-the-art genomic sequence inference methods, obtaining up to 15% improvement in accuracy.

Type: Proceedings paper
Title: How Much Does GenoGuard Really "Guard"? An Empirical Analysis of Long-Term Security for Genomic Data
Event: WPES 2019
ISBN: 978-1-4503-6830-8
Open access status: An open access version is available from UCL Discovery
DOI: 10.1145/3338498.3358641
Publisher version: https://doi.org/10.1145/3338498.3358641
Language: English
Additional information: This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions.
UCL classification: UCL
UCL > Provost and Vice Provost Offices > School of Life and Medical Sciences
UCL > Provost and Vice Provost Offices > School of Life and Medical Sciences > Faculty of Life Sciences
UCL > Provost and Vice Provost Offices > School of Life and Medical Sciences > Faculty of Life Sciences > Div of Biosciences
UCL > Provost and Vice Provost Offices > School of Life and Medical Sciences > Faculty of Life Sciences > Div of Biosciences > Genetics, Evolution and Environment
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
URI: https://discovery.ucl.ac.uk/id/eprint/10080759
Downloads since deposit
31Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item