Nora von Thenen1, Erman Ayday1,2, A Ercument Cicek1,3. 1. Computer Engineering Department, Bilkent University, Ankara, Turkey. 2. Department of Electrical Engineering and Computer Science, Case Western Reserve University, Cleveland, OH, USA. 3. Computational Biology Department, School of Computer Science, Carnegie Mellon University, Pittsburgh, PA, USA.
Abstract
Motivation: Genomic data-sharing beacons aim to provide a secure, easy to implement and standardized interface for data-sharing by only allowing yes/no queries on the presence of specific alleles in the dataset. Previously deemed secure against re-identification attacks, beacons were shown to be vulnerable despite their stringent policy. Recent studies have demonstrated that it is possible to determine whether the victim is in the dataset, by repeatedly querying the beacon for his/her single-nucleotide polymorphisms (SNPs). Here, we propose a novel re-identification attack and show that the privacy risk is more serious than previously thought. Results: Using the proposed attack, even if the victim systematically hides informative SNPs, it is possible to infer the alleles at positions of interest as well as the beacon query results with very high confidence. Our method is based on the fact that alleles at different loci are not necessarily independent. We use linkage disequilibrium and a high-order Markov chain-based algorithm for inference. We show that in a simulated beacon with 65 individuals from the European population, we can infer membership of individuals with 95% confidence with only 5 queries, even when SNPs with MAF <0.05 are hidden. We need less than 0.5% of the number of queries that existing works require, to determine beacon membership under the same conditions. We show that countermeasures such as hiding certain parts of the genome or setting a query budget for the user would fail to protect the privacy of the participants. Availability and implementation: Software is available at http://ciceklab.cs.bilkent.edu.tr/beacon_attack. Supplementary information: Supplementary data are available at Bioinformatics online.
Motivation: Genomic data-sharing beacons aim to provide a secure, easy to implement and standardized interface for data-sharing by only allowing yes/no queries on the presence of specific alleles in the dataset. Previously deemed secure against re-identification attacks, beacons were shown to be vulnerable despite their stringent policy. Recent studies have demonstrated that it is possible to determine whether the victim is in the dataset, by repeatedly querying the beacon for his/her single-nucleotide polymorphisms (SNPs). Here, we propose a novel re-identification attack and show that the privacy risk is more serious than previously thought. Results: Using the proposed attack, even if the victim systematically hides informative SNPs, it is possible to infer the alleles at positions of interest as well as the beacon query results with very high confidence. Our method is based on the fact that alleles at different loci are not necessarily independent. We use linkage disequilibrium and a high-order Markov chain-based algorithm for inference. We show that in a simulated beacon with 65 individuals from the European population, we can infer membership of individuals with 95% confidence with only 5 queries, even when SNPs with MAF <0.05 are hidden. We need less than 0.5% of the number of queries that existing works require, to determine beacon membership under the same conditions. We show that countermeasures such as hiding certain parts of the genome or setting a query budget for the user would fail to protect the privacy of the participants. Availability and implementation: Software is available at http://ciceklab.cs.bilkent.edu.tr/beacon_attack. Supplementary information: Supplementary data are available at Bioinformatics online.
Authors: Katherine E Boronow; Laura J Perovich; Latanya Sweeney; Ji Su Yoo; Ruthann A Rudel; Phil Brown; Julia Green Brody Journal: Environ Health Perspect Date: 2020-01-10 Impact factor: 9.031
Authors: Zhiyu Wan; James W Hazel; Ellen Wright Clayton; Yevgeniy Vorobeychik; Murat Kantarcioglu; Bradley A Malin Journal: Nat Rev Genet Date: 2022-03-04 Impact factor: 59.581