My Genome Belongs to Me: Controlling Third Party Computation on Genomic Data

Authors: Dominic Deuber (Friedrich-Alexander-Universität Erlangen-Nürnberg), Christoph Egger (Friedrich-Alexander-Universität Erlangen-Nürnberg), Katharina Fech (Friedrich-Alexander-Universität Erlangen-Nürnberg), Giulio Malavolta (Friedrich-Alexander-Universität Erlangen-Nürnberg), Dominique Schröder (Friedrich-Alexander-Universität Erlangen-Nürnberg), Sri Aravinda Krishnan Thyagarajan (Friedrich-Alexander-Universität Erlangen-Nürnberg), Florian Battke (CeGaT GmbH), Claudia Durand (CeGaT GmbH)

Volume: 2019
Issue: 1
Pages: 108–132
DOI: https://doi.org/10.2478/popets-2019-0007

Download PDF

Abstract: An individual’s genetic information is possibly the most valuable personal information. While knowledge of a person’s DNA sequence can facilitate the diagnosis of several heritable diseases and allow personalized treatment, its exposure comes with significant threats to the patient’s privacy. Currently known solutions for privacy-respecting computation require the owner of the DNA to either be heavily involved in the execution of a cryptographic protocol or to completely outsource the access control to a third party. This motivates the demand for cryptographic protocols which enable computation over encrypted genomic data while keeping the owner of the genome in full control. We envision a scenario where data owners can exercise arbitrary and dynamic access policies, depending on the intended use of the analysis results and on the credentials of who is conducting the analysis. At the same time, data owners are not required to maintain a local copy of their entire genetic data and do not need to exhaust their computational resources in an expensive cryptographic protocol. In this work, we present METIS, a system that assists the computation over encrypted data stored in the cloud while leaving the decision on admissible computations to the data owner. It is based on garbled circuits and supports any polynomially-computable function. A critical feature of our system is that the data owner is free from computational overload and her communication complexity is independent of the size of the input data and only linear in the size of the circuit’s output. We demonstrate the practicality of our approach with an implementation and an evaluation of several functions over real datasets.

Keywords: Secure Multi-Party Computation, Protocols, DNA security, Genome Privacy

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs license.