Slashdot Mirror
New Encryption Scheme Could Protect Your Genome
sciencehabit writes "As the cost of genetic sequencing plummets, experts believe our genomes will help doctors detect diseases and save lives. But not all of us are comfortable releasing our biological blueprints into the world. Now cryptologists are perfecting a new privacy tool that turns genetic information into a secure yet functional format. Called homomorphic encryption, the method could help keep genomes private even as genetic testing shifts to cheap online cloud services."
This isn't new, although the application with gene sequencing might be.
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
Besides the 'internet security issue', its not that hard to get your DNA to test themselves if someone wants it.
---- Booth was a patriot ----
he said homo
That requires a mitochondria upgrade at extra charge. Or else you might experience complications.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
I'm still chuckling over the use of the words "private" and "cloud" in the same sentence...
Bark less. Wag more.
I'm trying to say something intelligent involving homomorphic encryption with random seeds and salt that doesn't trigger the Beavis & Butthead reflex, but I just can't make it happen.
If I were not constantly releasing millions of copies of my DNA in the form of dead skin cells everywhere I go. Either my cells need to also adopt this encryption standard, or I need a lifestyle where I am completely self sufficient (including my waste disposal), never having to leave my home.
Even then, a gust of wind while I am in the backyard might be all that is required one day for someone's reader to catch my DNA and run a simulation to match with facial recognition.
Sdelat' Ameriku velikoy Snova!
I am not a cryptography expert, but I have been supporting genomic medicine for 10 years. For Homomorphic encryption to be of any use in research, or diagnostics, it is necessary to know that each genetic sequence is encrypted to the same results. That is XYZ for person 1 has to be the same genetic sequence as XYZ for person 2. Otherwise we are comparing apples to wood and the results are gibberish. So if XYZ is XYZ is XYZ, how is that any more secure, from a genetic profiling, etc. POV than the raw genetic sequence? It's like saying your SSN is safe, no one will know it is 123-45-6789, we "secured" it as abc-de-fghi but otherwise is just as unique in identifying you. Am I missing something here?
I don't see things in black and white; I see the gray. Heck, I actually see in color, which makes things more difficult
I was going to mention that, but I wasn't sure. Can you get a full genome sequenced from hair, or do you need a certain quantity of blood or something?
As far as I can tell you need full cells so hair that has been cut with a scissor no, but if you have a hair follicle pulled out by a hair brush that's enough. Any blood, saliva, semen or tissue sample will also do. a quick check suggests as little as 5 cells are needed so we're talking nanograms of material here.
Live today, because you never know what tomorrow brings
Hi. I'm a theoretical cryptographer.
Encryption can be broken,
Some implementations have been broken. Encryption itself is generally fine (as long as you go with well-studied, standardized methods). There is a point that encryption is always subject to real-world factors, but the most common libraries are pretty good. Whenever you read about a data breach in the news, it's not because encryption was broken--something else went wrong (and, frequently, exposed data that wasn't encrypted in the first place).
especially the kind that exposes useful information about the plaintext as this one does.
Homomorphic encryption does not expose useful information about the plaintext, although the article doesn't make that clear. You start with an encrypted input, perform an operation, and get an encrypted output. Only the person with the key--who is not the person performing the computation--can decrypt the result.
There is a somewhat-related but distinct concept, called "functional encryption", in which one can distribute a key associated with a function f. That key allows a user to take an encryption of x and obtain f(x)--but nothing else about x other than f(x), where "nothing else" has a mathematical formalization. So you could (conceptually) encrypt your entire medical record and give your doctor a key for the function that calculates the probability that you'll have a heart attack in the next five years. Then they'll be able to calculate that probability, but nothing else about you.
A much simpler alternative is to keep your genetic information in your own control, processing it on your own computer with open source software. You know, just what we already do with other sensitive information like passwords.
This I agree with, in an ideal world. Will we be living in such a world, 5, 10, or 20 years down the line? I don't know. Right now, the trends are largely in outsourcing everything--more and more, your data and computation live on the cloud. For medical information, your doctor doesn't do all the tests himself--he outsources them to a lab. For genetic information, 23andMe doesn't sell software that lets you analyze your own genetic markers--they take your information and perform the analysis on it themselves. So these trends will need to change before the above takes place.
It would be great to keep one's own data and get all the various analysis tools via FOSS. But someone needs to write and distribute those tools--as well as make it feasible to obtain one's own data in the first place (I don't know about you, but I don't have an MRI machine in my house). So until that world exists, homomorphic encryption is a potentially useful tool in this area.
[It also has uses beyond securely outsourcing computation, but that's somewhat off-topic.]
So true. But DNA security is more that an issue of privacy. In the near future, understanding the human genome will make possible developing bioweapons targeted at individuals (with collateral damage) as well as bioweapons that could probably kill all humans exposed to the pathogen (like Ebola). We have, up to now, been protected by the obscurity and complexity of the issue. With advanced computers, vast data collection, and improved scientific understanding, creating individual and global bioweapons will become college-level biochemistry. Maybe not this decade, but probably within several decades (my guesstimate). In that sense, the movie GATTACA was a utopian fantasy, because people did not live in fear of apocalypse every day given everyone's DNA was known precisely and used for identification.
For current trends, consider recent US government activities (but other countries might do it too):
"U.S. Chases Foreign Leaders' DNA, WikiLeaks Shows"
http://www.wired.com/dangerroo...
"State Department representatives didn't immediately respond to questions about why diplomats need to acquire DNA and other biometric data on foreigners, what State does with any biometric information it gets, or how long the department retains it."
And also:
http://www.theatlantic.com/mag...
"The U.S. government is surreptitiously collecting the DNA of world leaders, and is reportedly protecting that of Barack Obama. Decoded, these genetic blueprints could provide compromising information. In the not-too-distant future, they may provide something more as well--the basis for the creation of personalized bioweapons that could take down a president and leave no trace. "
Unlike private encryption keys for a computer system, or a lock and key for your front door, you can't easily change your DNA if someone else gets a sample of it (like from a used drinking glass). In fact, so far, you can't significantly change your DNA at all. And the fact is, probably almost every citizen in the Western world already has taken some kind of medical test where potentially, if archived, their specific DNA would be available. So, we are probably already all compromised..
So, sadly, this trend towards increased genetic understanding may eventually mean the end of human day-to-day living as we know it in the near future (if not actual life). Individually targeted weapons are actually a lesser worry. Imagine a vast plague launched by some genetic-script kiddy showing off how "1eet" they are. Imagine a flu season where just everyone who gets it dies a few weeks after seemingly getting well -- and where everyone gets it. Or imagine perhaps 10 bad flu seasons in a row year after year, each with 30% mortality like the black plague.
Remember, unlike computer viruses, you can't right now just issue a patch for human DNA. And even if you could, the patch itself might be deadly. So avoidance may be the only option if the virus has been specifically designed to target some newly discovered human weakness in all human DNA.
Of course, we face similar risks in theory with nanotechnology, and groups like the Foresight Institute have discussed them. But, nanotechnology in the form of sophisticated mobile nanobots is still theoretical. Biotechnology and disease is a reality of our every day lives.
Preventing this risk of a 100% fatal designer plague would probably mean changing large aspects of how we live. This might include living in air-tight Biosphere-II-like structures and/or space habitats. Could it be that human tribalism and sparring at borders had evolutionary adaptive value to keep tribes mostly isolated to prevent disease transmission? Perhaps things might even go so far as never being in the physical presence of another human being and never receiving a physical object including food from outside your enclosure (
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
It was a lousy joke.
>Homo means gay
Somebody needs to brush up on their Greek. Homo- as a prefix means "the same", as in homomorphic = the same form.
Or alone as Latin for "man" (as in Homo Sapien = intelligent man, versus homo erectus = upright man)
Yes, I'm perpetually annoyed by ignorant people sexualizing useful words, much less common prefixes. Why do you ask? We've got a perfectly good word for sex, it's even one of the coveted limited-edition single-syllable models reserved for only the most important concepts. Why must we perpetually degrade the language by throwing around euphamisms when everybody knows what we mean anyway?
--- Most topics have many sides worth arguing, allow me to take one opposite you.
Right, because I have the knowledge and equipment to sequence my own DNA make sense of the results.
Sure, encryption can be broken, and I don't know how far I'd trust IBMs 1st-generation homomorphic encryption, much less this "streamlined, high performance" version adapted by medical researchers, but it's a hell of a lot better than nothing.
Also, while I'm not an encryption expert, it sounds like homomorphic encryption doesn't actually expose useful information (at least not intentionally, I'm sure it opens up some new attack vectors, everything does). Encrypt A to get B. Apply operations f(B) to get C, decrypt C to get f(A). C is still encrypted gibberish.
So, assuming it's possible to do public/private key homomorphic encryption, my doctor could send a sample for sequencing along with a public key. DNA gets sequenced and encrypted (ideally both on the same non-networked hardware so that the plaintext data is never accessible to anyone), and the encrypted sequence is sent back to my doctor, archived in a public database, whatever.. Doc can then send it to a third-party DNA analysis firm in Nigeria, who perform all manner of analysis on it and send the reams of gibberish test results back. He then calls me in, the only holder of the private key, and I can then decrypt the results on my secure, open-source computer and present them for his interpretation and advice.
--- Most topics have many sides worth arguing, allow me to take one opposite you.