SecCT: Secure and scalable count query models on encrypted genomic data

IF 1.4 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING Formal Aspects of Computing Pub Date : 2024-06-03 DOI:10.1145/3670697

Yanguo Peng, Rongqiao Liu, Jingjing Guo, Xiyue Gao, Luyuan Huang, Yaofeng Tu

{"title":"SecCT: Secure and scalable count query models on encrypted genomic data","authors":"Yanguo Peng, Rongqiao Liu, Jingjing Guo, Xiyue Gao, Luyuan Huang, Yaofeng Tu","doi":"10.1145/3670697","DOIUrl":null,"url":null,"abstract":"<p>Recently, due to the continued reduction in DNA sequencing cost, large-scale genetic samples are being gathered for accelerating predispositions to specific diseases, tailoring treatment of efficient drugs and therapies, etc. Massive genetic samples are encrypted-and-then-delegated to a public cloud to both save investment and maintenance costs and prevent the potential leakage of sensitive information. However, such a manner compromises the serviceability of a public cloud, since encryption inevitably breaks the semantic information of genetic samples. Secure count query of single-nucleotide polymorphisms (SNPs), as a kernel component for GWASs and related genomic analysis, is attracting much more attention. </p><p>Existing methods lack provable security, suffer low efficiency caused by multiple interactions with the cloud, etc. In this paper, a secure virtual CT-Tree (secure vCT-Tree) is carefully constructed to confuse the tree structure by introducing a hash function and a Paillier system. Furthermore, by delegating the secure vCT-Tree to the cloud, concrete models (i.e., SecCT and SecCT+) are presented to resolve secure count query problems on-the-fly. SecCT+ is a solution based on trusted execution environment while SecCT is a pure software solution. Both models advance the provable security of genetic research and are proven to be secure under the adaptive chosen keyword (query) attack (IND-CKA2) model. Furthermore, massive experiments are evaluated on realistic data to show the superiority of SecCT and SecCT+.</p>","PeriodicalId":50432,"journal":{"name":"Formal Aspects of Computing","volume":"33 1","pages":""},"PeriodicalIF":1.4000,"publicationDate":"2024-06-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Formal Aspects of Computing","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3670697","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

Recently, due to the continued reduction in DNA sequencing cost, large-scale genetic samples are being gathered for accelerating predispositions to specific diseases, tailoring treatment of efficient drugs and therapies, etc. Massive genetic samples are encrypted-and-then-delegated to a public cloud to both save investment and maintenance costs and prevent the potential leakage of sensitive information. However, such a manner compromises the serviceability of a public cloud, since encryption inevitably breaks the semantic information of genetic samples. Secure count query of single-nucleotide polymorphisms (SNPs), as a kernel component for GWASs and related genomic analysis, is attracting much more attention.

Existing methods lack provable security, suffer low efficiency caused by multiple interactions with the cloud, etc. In this paper, a secure virtual CT-Tree (secure vCT-Tree) is carefully constructed to confuse the tree structure by introducing a hash function and a Paillier system. Furthermore, by delegating the secure vCT-Tree to the cloud, concrete models (i.e., SecCT and SecCT+) are presented to resolve secure count query problems on-the-fly. SecCT+ is a solution based on trusted execution environment while SecCT is a pure software solution. Both models advance the provable security of genetic research and are proven to be secure under the adaptive chosen keyword (query) attack (IND-CKA2) model. Furthermore, massive experiments are evaluated on realistic data to show the superiority of SecCT and SecCT+.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

SecCT：加密基因组数据的安全和可扩展计数查询模型

最近，由于 DNA 测序成本的不断降低，人们正在收集大规模的基因样本，以加速对特定疾病的倾向性分析、定制高效药物和疗法等。为了节省投资和维护成本，并防止敏感信息的潜在泄漏，人们将大量基因样本加密后委托给公共云。然而，由于加密不可避免地会破坏基因样本的语义信息，因此这种方式损害了公共云的可服务性。单核苷酸多态性（SNPs）的安全计数查询作为 GWAS 和相关基因组分析的核心组件，正引起越来越多的关注。现有方法缺乏可证明的安全性，与云的多重交互导致效率低下等。本文精心构建了一种安全虚拟 CT 树（secure vCT-Tree），通过引入哈希函数和 Paillier 系统来混淆树结构。此外，通过将安全 vCT-Tree 委托给云，本文提出了具体的模型（即 SecCT 和 SecCT+）来即时解决安全计数查询问题。SecCT+ 是基于可信执行环境的解决方案，而 SecCT 是纯软件解决方案。这两种模型都推进了基因研究的可证明安全性，并证明在自适应选择关键词（查询）攻击（IND-CKA2）模型下是安全的。此外，还在现实数据上进行了大规模实验评估，以显示 SecCT 和 SecCT+ 的优越性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Formal Aspects of Computing 工程技术-计算机：软件工程

CiteScore

3.30

自引率

0.00%

发文量

审稿时长

>12 weeks

期刊介绍： This journal aims to publish contributions at the junction of theory and practice. The objective is to disseminate applicable research. Thus new theoretical contributions are welcome where they are motivated by potential application; applications of existing formalisms are of interest if they show something novel about the approach or application. In particular, the scope of Formal Aspects of Computing includes: well-founded notations for the description of systems; verifiable design methods; elucidation of fundamental computational concepts; approaches to fault-tolerant design; theorem-proving support; state-exploration tools; formal underpinning of widely used notations and methods; formal approaches to requirements analysis.

期刊最新文献

A Calculus for the Specification, Design, and Verification of Distributed Concurrent Systems Trace Semantics for C++11 Memory Model SecCT: Secure and scalable count query models on encrypted genomic data On Formal Methods Thinking in Computer Science Education FuSeBMC v4: Improving code coverage with smart seeds via BMC, fuzzing and static analysis