Cryptographic Solutions for Genomic Privacy
Genomics is becoming the next significant challenge for privacy. The price of a complete genome profile has plummeted below $100 for genome-wide genotyping, which is offered by a number of companies. This low cost of DNA sequencing will break the physician/patient connection and it can open the door to all kinds of abuse, not yet fully understood. Access to genomic data prompts some important privacy concerns: (i) DNA reflects information about genetic conditions and predispositions to specific diseases such as Alzheimer’s, cancer, or schizophrenia, (ii) DNA contains information about ancestors, and progeny, (iii) DNA (almost) does not change over time, hence revoking or replacing it is impossible, and (iv) DNA analysis is already being used both in law enforcement and health-care, thus prompting numerous ethical issues. Such issues could lead to abuse, threats, and genetic discrimination. As pointed out by author Rebecca Skloot, “the view we have today of genomes is like a world map, but Google Street View is coming very soon”. This growing precision can be highly beneficial in terms of personalized medicine, but it can have devastating consequences on individuals’ peace of mind.
In this talk, after discussing the threats on genomic privacy, I will briefly focus on the inference attacks and quantification of kin genomic privacy, using information theoretical tools. Then, focusing on homomorphic encryption-based schemes, I will introduce some of the crypto-based techniques we proposed for privacy compliant use of genomes in both healthcare and research. I will also discuss about the inadequacy of crypto-based solutions in certain scenarios. In the remaining of the talk, I will introduce a new protection mechanism, GenoGuard, based on a newly proposed cryptographic primitive called honey-encryption. Considering the high sensitivity and longevity of genomic data, GenoGuard is able to provide security against brute-force attacks (by attackers with unlimited computational power). Finally, I will discuss the open research problems in the field of genomic privacy such as data sharing, credibility, and liability.
Erman Ayday is an Assistant Professor of Computer Science at Bilkent University, Ankara, Turkey. Before that he was a post-doctoral Researcher at Ecole Polytechnique Fédérale de Lausanne (EPFL), Switzerland, in the Laboratory for Communications and Applications 1 (LCA1) led by Prof. Jean-Pierre Hubaux. He received his M.S. and Ph.D. degrees from Georgia Tech Information Processing, Communications and Security Research Lab (IPCAS) in the School of Electrical and Computer Engineering (ECE), Georgia Institute of Technology, Atlanta, GA, in 2007 and 2011, respectively under the supervision of Dr. Faramarz Fekri.
Erman's research interests include privacy-enhancing technologies (including big data and genomic privacy), wireless network security, trust and reputation management, and applied cryptography. Erman is the recipient of Distinguished Student Paper Award at IEEE S&P 2015, 2010 Outstanding Research Award from the Center of Signal and Image Processing (CSIP) at Georgia Tech, and 2011 ECE Graduate Research Assistant (GRA) Excellence Award from Georgia Tech. Other various accomplishments of Erman include several patents, research grants, and H2020 Marie Curie individual fellowship. He is a member of the IEEE and the ACM.