Privacy Challenges of Genomic Data-Sharing Beacons and Solutions

基因组数据共享信标和解决方案的隐私挑战

基本信息

批准号：
10674031
负责人：
Erman Ayday
金额：
$ 30.19万
依托单位：
CASE WESTERN RESERVE UNIVERSITY
依托单位国家：
美国
项目类别：
财政年份：
2020
资助国家：
美国
起止时间：
2020-08-01 至 2024-07-31
项目状态：
已结题

项目摘要

Abstract. Availability of very large genomic datasets promises a revolution in medicine. However, it has been shown that it is not straightforward to ensure anonymity of the participants in such datasets. Sharing data in a privacy-preserving way stands as a major bottleneck in front of the medical progress. Recently, a community-driven protocol has been widely adopted for sharing genomic data. So called “genomic data-sharing beacon protocol” aims to provide a secure, easy to implement, and standardized interface for data sharing by only allowing yes/no queries on the presence of specific alleles in the dataset. Previously deemed robust against privacy threats, beacon protocol was recently shown to be vulnerable against membership inference attacks despite its stringent policy. Currently, there is no way to systematically assess beacons' privacy risks for neither the genome donors nor the beacon operators. This cast doubts on usability of beacons from both parties' point of views. Setting up a beacon is risky for beacon operators because of repercussions of possible breaches. Furthermore, for the donors who lack technical background to comprehend the risk, it is often safer to opt-out. Thus, a comprehensive understanding of the system's pitfalls and briefing the genome donors and the beacon operators on potential threats are important issues to overcome to move forward. In this proposal, we aim at (i) detecting and analyzing vulnerabilities of the genomic data-sharing beacons, (ii) providing risk quantification tools for both the donors and data owners to inform both parties on possible risks, and (iii) generating countermeasures against these vulnerabilities. We provide extensive preliminary work on possible vulnerabilities of the beacon system and potential countermeasures. For the first time, we will investigate the information leakage due to beacon updates, which will guide beacon admins on when and how to update the content of the beacon. As the second goal, we will design risk quantification algorithms to assess the risk and inform both the genome donors and beacon operators on possible risks of sharing data. This will be the first attempt at helping beacon operators and participants make informed decisions. We project that if this project is realized, beacon system will be transparent in terms of privacy risks, which will reinstate the trustworthiness of the system and increase its usability. This in turn will tear down the borders that stand in the way of sharing genomic data and enable all downstream research that will benefit from larger data sizes. Our final goal is to focus on countermeasures to protect sensitive information. We observe that current approaches fail to protect the privacy of individuals and provide high data utility at the same time. We will implement novel differential privacy and game theory-based techniques to ensure privacy- preserving data sharing with high data utility.

摘要：超大型基因组数据集的出现预示着医学领域的一场革命。事实证明，确保此类数据集中参与者的匿名性并不简单。以保护隐私的方式共享数据是医学进步的主要瓶颈。最近，社区驱动的协议已被广泛采用来共享基因组数据。 “基因组数据共享信标协议”旨在提供一个安全、易于实施、用于数据共享的标准化接口，仅允许对特定数据是否存在进行是/否查询数据集中的等位基因以前被认为能够抵御隐私威胁，最近信标协议被认为是强大的。现在，没有办法系统地评估基因组捐赠者和基因组的信标隐私风险。从双方的角度来看，这对信标的可用性产生了怀疑。由于可能的违规行为会产生影响，对信标运营商来说，建立信标是有风险的。此外，对于缺乏技术背景来了解风险的捐助者来说，通常更安全的做法是因此，全面了解该系统的缺陷并向基因组捐赠者通报情况。潜在威胁的信标运营商是向前发展需要克服的重要问题。该提案的目的是（i）检测和分析基因组数据共享的漏洞信标，(ii) 为捐助者和数据所有者提供风险量化工具，以告知双方各方可能存在的风险，以及 (iii) 针对这些漏洞制定对策。就信标系统可能存在的漏洞和潜在风险提供广泛的前期工作我们将首次调查因信标更新而导致的信息泄露，这将指导信标管理员何时以及如何更新信标的内容。目标，我们将设计风险量化算法来评估风险并告知基因组捐赠者和信标运营商共享数据可能存在的风险，这将是帮助的第一次尝试。我们预计，如果该项目得以实现，信标运营商和参与者将做出明智的决定。信标系统在隐私风险方面将是透明的，这将恢复人们的可信度系统并提高其可用性，这反过来又会打破阻碍的边界。共享基因组数据并使所有下游研究能够从更大的数据量中受益。我们观察到当前的情况，最终目标是集中于保护敏感信息的对策。这些方法无法在保护个人隐私的同时提供较高的数据效用。将实施新颖的差分隐私和基于博弈论的技术来确保隐私- 保持数据共享，数据利用率高。