The Mastermind Attack on Genomic Data

2009 30th IEEE Symposium on Security and Privacy Pub Date : 2009-04-28 DOI:10.1109/SP.2009.4

M. Goodrich

{"title":"The Mastermind Attack on Genomic Data","authors":"M. Goodrich","doi":"10.1109/SP.2009.4","DOIUrl":null,"url":null,"abstract":"In this paper, we study the degree to which a genomic string, $Q$,leaks details about itself any time it engages in comparison protocolswith a genomic querier, Bob, even if those protocols arecryptographically guaranteed to produce no additional information otherthan the scores that assess the degree to which $Q$ matches stringsoffered by Bob. We show that such scenarios allow Bob to play variantsof the game of Mastermind with $Q$ so as to learn the complete identityof $Q$. We show that there are a number of efficient implementationsfor Bob to employ in these Mastermind attacks, depending on knowledgehe has about the structure of $Q$, which show how quickly he candetermine $Q$. Indeed, we show that Bob can discover $Q$ using anumber of rounds of test comparisons that is much smaller than thelength of $Q$, under various assumptions regarding the types of scoresthat are returned by the cryptographic protocols and whether he can useknowledge about the distribution that $Q$ comes from, e.g., usingpublic knowledge about the properties of human DNA. We also providethe results of an experimental study we performed on a database ofmitochondrial DNA, showing the vulnerability of existing real-world DNAdata to the Mastermind attack.","PeriodicalId":161757,"journal":{"name":"2009 30th IEEE Symposium on Security and Privacy","volume":"140 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-04-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"58","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 30th IEEE Symposium on Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP.2009.4","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 58

Abstract

In this paper, we study the degree to which a genomic string, $Q$,leaks details about itself any time it engages in comparison protocolswith a genomic querier, Bob, even if those protocols arecryptographically guaranteed to produce no additional information otherthan the scores that assess the degree to which $Q$ matches stringsoffered by Bob. We show that such scenarios allow Bob to play variantsof the game of Mastermind with $Q$ so as to learn the complete identityof $Q$. We show that there are a number of efficient implementationsfor Bob to employ in these Mastermind attacks, depending on knowledgehe has about the structure of $Q$, which show how quickly he candetermine $Q$. Indeed, we show that Bob can discover $Q$ using anumber of rounds of test comparisons that is much smaller than thelength of $Q$, under various assumptions regarding the types of scoresthat are returned by the cryptographic protocols and whether he can useknowledge about the distribution that $Q$ comes from, e.g., usingpublic knowledge about the properties of human DNA. We also providethe results of an experimental study we performed on a database ofmitochondrial DNA, showing the vulnerability of existing real-world DNAdata to the Mastermind attack.

查看原文本刊更多论文

对基因组数据的攻击

在本文中，我们研究了基因组字符串$Q$在与基因组查询器Bob进行比较协议时泄露其自身细节的程度，即使这些协议在密码学上保证除了评估$Q$与Bob提供的字符串匹配程度的分数之外不会产生任何其他信息。我们展示了这样的场景允许Bob与$Q$玩各种各样的游戏，从而学习$Q$的完整身份。我们展示了Bob可以在这些Mastermind攻击中使用许多有效的实现，这取决于他对$Q$结构的了解，这表明他可以多快地确定$Q$。事实上，我们表明Bob可以使用比Q$长度小得多的测试比较的轮数来发现Q$，在关于加密协议返回的分数类型的各种假设下，以及他是否可以使用关于Q$来自的分布的知识，例如，使用关于人类DNA属性的公共知识。我们还提供了我们在线粒体DNA数据库上进行的一项实验研究的结果，显示了现有的真实世界DNA数据在Mastermind攻击下的脆弱性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2009 30th IEEE Symposium on Security and Privacy

自引率

0.00%

发文量