Modern DNA sequencing techniques can sequence hundreds of millions of DNA strands simultaneously. Computers are needed to process, analyze, and store the billions of DNA bases that can be sequenced from a single DNA sample. New and unexpected interactions may be possible at this boundary between electronic and biological systems.
Genotype Extraction and False Relative Attacks: Security Risks to Third-Party Genetic Genealogy Services Beyond Identity Inference
This paper analyzes the security practices of GEDmatch, the largest third-party genetic genealogy service, for security and privacy issues. We find that an attacker can extract a large percentage of the genetic markers from other users and that an adversary can construct genetic data files that falsely appear like relatives to other samples in the database. We conclude with security recommendations for genetic genealogy services. This paper is accepted to the 2020 Network and Distributed System Security Symposium (NDSS).Research Paper Press
Computer Security, Privacy, and DNA Sequencing: Compromising Computers with Synthesized DNA, Privacy Leaks, and More
This paper evaluates the robustness of DNA processing tools if (or when) adversarial attacks manifest. We demonstrate, for the first time, the synthesis of DNA which — when sequenced and processed— gives an attacker arbitrary remote code execution. Informed by our experiments and results, we develop a broad framework and guidelines to safeguard security and privacy in DNA synthesis, sequencing, and processing. This paper was published at the 2017 USENIX Security Symposium.Research Paper News