PRESAGE: PRivacy-preserving gEnetic testing via SoftwAre Guard Extension
- 1.9k Downloads
Advances in DNA sequencing technologies have prompted a wide range of genomic applications to improve healthcare and facilitate biomedical research. However, privacy and security concerns have emerged as a challenge for utilizing cloud computing to handle sensitive genomic data.
We present one of the first implementations of Software Guard Extension (SGX) based securely outsourced genetic testing framework, which leverages multiple cryptographic protocols and minimal perfect hash scheme to enable efficient and secure data storage and computation outsourcing.
We compared the performance of the proposed PRESAGE framework with the state-of-the-art homomorphic encryption scheme, as well as the plaintext implementation. The experimental results demonstrated significant performance over the homomorphic encryption methods and a small computational overhead in comparison to plaintext implementation.
The proposed PRESAGE provides an alternative solution for secure and efficient genomic data outsourcing in an untrusted cloud by using a hybrid framework that combines secure hardware and multiple crypto protocols.
KeywordsSGX Homomorphic encryption Data outsourcing Privacy preserving
Advanced encryption standard
Cloud service provider
Elliptic curve Diffie–Hellman
Elliptic curve digital signature algorithm
Enclave page cache
Genome-wide association study
Message authentication code
Minimal perfect hash
Personal genome project
Precision medicine initiative
Simple encrypted arithmetic library
Software guard extensions
Secure multiparty computation
The advance of sequencing technology has significantly lower the costs of generating genomic data for improving healthcare, discovering new treatment methods and facilitating biomedical research . For example, Precision Medicine Initiative (PMI)  aims to usher in a new era of medicine by collecting genomic data from a million people, by which more targeted treatment could be developed. It is becoming a big challenge to efficiently store and process the huge amount of genomic data in biomedical research . Recently, cloud computing emerges  as an ideal platform for providing elastic computation and storage resources for genomic data analysis. However, privacy concerns [5, 6] have posed challenges to outsource genomic data in an untrusted cloud environment. Individual genomic information tends to reveal sensitive personal information including, but not limited to, personal identity [7, 8], disease condition [9, 10, 11], appearance . As genomic data are shared by blood relatives, the dissemination of personal genomic information may have negative impact on other family members [13, 14]. For example, Lin et al.  demonstrated that a number of 75 statistically independent SNPs may be enough to re-identify an individual. Sweeney et al.  demonstrated that 84-97% patients profiles in the Personal Genome Project (PGP) could be identified by linking their demographic information to publicly available records. Gymrek et al.  illustrated that surname inferences for U.S. males could be performed by matching Y-chromosome haplotypes in recreational genetic genealogy databases. Claes et al.  modeled the 3D human facial appearance based on gender, genomic ancestry, genotype and specific genes that determine facial features. Furthermore, sensitive patient information would also be recovered from aggregated statistics [9, 16, 17]. By utilizing the reference population from the International HapMap Project, Homer’s attack model  is able to re-identify individuals in a case group from the aggregated allele frequencies in genome-wide association studies (GWAS). A recent study by Shringarpure et al.  demonstrated that even binary query results (i.e., existence of variants) from the genomic data sharing Beacon project  can still reveal sensitive personal information.
To protect the privacy and confidentiality of genomic data, many cryptographic methods have been developed. Homomorphic encryption (HME) is one of the most popular technologies for secure computation over the encrypted data. Since the first fully HME scheme was proposed by Gentry  to support both addition and multiplication operations over encrypted data, the performance of HME technology has been improved significantly [20, 21, 22]. Many HME-based applications have been studied for safeguarding linear classification , predictive analysis on encrypted medical data , genetic association studies [25, 26], Edit distance computation , GWAS study using exact logistic regression . Secure multiparty computation (SMC) is another widely adopted technique for securing genomic data analysis, such as secure multiparty GWAS [29, 30, 31, 32, 33], secure distributed regression model learning  and so on. However, the high computational complexity of the existing HME and SMC solutions plague their practical adoption over the large-scale genomic data.
Recently, Software Guard Extension (SGX)  has been released to be an alternative solution for securing computation over sensitive data by using a hybrid system combining both secure hardware and software. It allows an application to create a protected container, namely enclave, to guarantee integrity and confidentiality of sensitive data and computation under the protection against potential privileged softwares. A detailed discussion of SGX can be found in the overview of SGX section. Many studies have demonstrated the feasibility of applying SGX as efficient solutions for secure and privacy-preserving computation in cloud computing [36, 37], ancestry analysis , international collaboration on rare disease analysis . Thus, in this paper, we proposed an SGX based framework to enable both secure and efficient outsourcing of genetic testing in an untrusted cloud environment.
We present one of the first implementations of SGX based secure genetic testing framework to facilitate efficiently outsourced storage and computation. The secure outsource storage is achieved through data sealing scheme within SGX framework, which is immune to replay attack.
We have taken into account the oblivious access protection by using 4KB page-wise data access model.
To improve the performance, we adopt a perfect hashing scheme to achieve O(1) complexity data access within each 4KB page.
Overview of software guard extension
Software Guard Extensions (SGX)  is a security extension of Intel processor architecture. SGX tends to provide security and confidentiality guarantee for secure computing on hosts. By using SGX, privileged modules like operating system (OS), virtual machine (VM) scheduler etc. are isolated from private codes and secret data through hardware protection. More specifically, instead of quarantining malicious parts within the running system as traditional security sandbox, Intel SGX uses the “inverse sandbox” design to seal private codes, sensitive data and other selected secrets into a CPU secure computation unit called “Enclave”. The access of secrets within enclaves are strongly restricted by the hardware supported access control. This fact implies that Intel SGX can effectively protect secrets for applications, even though the other privileged parts are attacked and compromised by malicious components.
SELECT count(∗) FROM sample.vcf WHERE CHROM = 2 AND (POS = 17330 or 14370) AND (REF= ‘T’ or ‘G’) AND ALT = ‘A’.
In the remaining part of this section, our approach will be introduced in details.
Step 2. Encryption and data outsourcing. A remote attestation procedure is required between the data owner and the enclave so that they can provide the evidences to prove their integrities and authenticities through the Elliptic Curve Digital Signature Algorithm (ECDSA)  and a quoting enclave. Once the attestation step is passed, data owner negotiates a session key with the enclave via the Elliptic curve Diffie–Hellman (ECDH)  protocol. Given the MPH function learned in step 1, each record in the VCF file will be encoded and reordered based on the hashing index followed by a data encryption step using Advance Encryption Standard-Galois/Counter Mode (AES-GCM)  for the sake of efficiency, secrecy and integrity. Then, the encrypted data will be uploaded to the CSP. A time varying initial vector will be used for encrypting each data block in AES to avoid the replay attack . In addition, message authentication code (MAC) will be sent along with each encrypted message to ensure that the message are from the stated sender (i.e., authenticity) and has not been changed during transit (i.e., integrity). After receiving the encrypted data and hashed table, enclave seals them outside for long term storage and answering further queries from data user. Since the data are stored outside the enclave, the untrusted CSP may maliciously reorder data or provide the old versions to enclave for unsealing, which can be considered as a replay attack. To mitigate this kind of attack, we will embed additional MAC, timestamp and data owner information along with the sealed data.
Step 3. Secure Genetic Query Matching. Firstly, the data user will attest the remote enclave to check the integrity of enclave, and build a secure channel with the enclave. Then, the data querying phase for identifying the existence of certain genetic variants, encrypted queries that encode the chromosome #, position, reference and alternative alleles, will be sent to the CSP. Once the query is received, the enclave will unseal the data and hash functions stored in Enclave for query execution: a potential position (hash value) is obtained by applying hash function to query value. Finally, the enclave will encrypt the number of matching queries as result and send it back to the authorized data user. The above procedures ensure the data security and integrity for outsourced cloud based genetic testing.
The sizes of VCF datasets used in our experiments vary from 10,000 to 200,000 records. The data owner and CSP can communicate over a Secure Sockets Layer (SSL) channel, which is built based on OPENSSL library . All of the experiments except the iDASH competition results are conducted on a Windows 10 SGX-enabled machine with i7 6820HK CPU and 48 GB memory. Both data owner and CSP were simulated on the aforementioned SGX machine. The iDASH competition results were evaluated on the Linux server with an Xeon Processor E3-1275 v5 and 64 GB memory . All evaluation results of our PRESAGE framework are averaged over five trials.
The breakdown run time (in seconds) of the proposed PRESAGE framework
The data size and enclave memory consumption (in MB) for different datasets
The proposed PRESAGE framework is designed under the assumption of a malicious CSP, which may deviate arbitrarily from their predefined protocols. The CSP has full control over the hardware and software environments, which include the control of OS, VM, and all code invoked outside the SGX enclave. The malicious activities aim to break the confidentiality and integrity of the proposed framework. Some existing threats such as crashing the CPU hardware and interrupting the enclave execution are not considered in this paper [35, 60]. We try to minimize the controlled-side channel attacks due to the observation of page faulty access pattern through page-wise data blocking. In addition, we assume that the data owner fully trusts the design and correct implementation of secure enclave on the CPU hardware and SGX instructions. In PRESAGE, although the secure enclave is hosted by an untrusted CSP, the remote attestation step ensures to identify a trustworthy enclave and build a secure channel between the data owner/users and the enclave. The adoption of a 128 bits AES-GCM encryption protocol ensures a high-level security and integrity guarantee of all encrypted and sealed data. For storage and computation efficiency concerns, each record is encoded into a 40-bit vector and stored as an 8 byte integer, by which the amount of data operated in communication and sealing phases can be reduced dramatically. The minimal perfect hash is utilized to enable O(1) complexity data query in each page block. To avoid the paging access attack, we equally divided input data into 500 records to fit a 4 KB page-wise block in SGX. To enable secure data storage outsourcing, the seal data have been added with MAC in order to defend the replay attack. The sealed data only introduced about 31% storage overhead on average in our experiments.
There are several limitations of the proposed PRESAGE framework. First, the available Enclave Page Cache (EPC) for a single SGX machine is limited to 128 MB. Although, the enclave memory could be extended to 4 GB with software paging technique under Linux OS, it will impose computational overhead and still cannot avoid expensive data sealing and unsealing processes when genomic datasets exceed 4 GB. Some previous studies [35, 61] have identified the potential vulnerabilities of straightforward SGX implementations due to the memory access patterns, cache timing, page faults, hyper-threading, etc. Although, the proposed framework can take into account the protection of memory access patterns by using page-wise oblivious data access algorithm, we have not tackled other potential vulnerabilities. Finally, the proposed framework is based on the FCH scheme to build the perfect hashing on a single thread, which imposed a significant overhead at the data owner side. More efficient hashing mechanism or multi-threading based parallel hash building schemes will be considered in our future work. Moreover, the current implementation of PRESAGE store each 40-bit vector using a 8-byte integer, which will result in 24-bit unused space for each record. Additional data compression step and better hashing scheme could be adopted to improve the encoding efficiency. The above limitations warrant the further investigation of SGX based secure genomic data analysis framework.
This paper proposed a secure outsourcing framework, which can defend malicious attack. To improve the efficiency, an MPH scheme has been incorporated. To avoid paging based attack, the input data are divided into small pieces in order to be filled into one 4 KB page. The outsourced data are sealed by the enclave and stored in an untrusted cloud. Our experiment results demonstrated the efficiency of the proposed PRESAGE framework. For a VCF file with 200K records, the PRESAGE securely processes a query within 0.05 s, which includes file loading, unsealing and query matching. Compared with state-of-the-art HME solution, PRESAGE framework shows at least 120X performance gain.
The publication was funded by the Patient-Centered Outcomes Research Institute (PCORI) under contract ME-1310-07058, NHGRI R00HG008175, NIGMS R01GM118574, R01GM118609, NLM R21LM012060, NIBIB U01EB023685, NSERC Discovery Grants (RGPIN-2015-04147) and University of Manitoba Startup Grant.
Availability of data and materials
The evaluation data can be found at http://www.humangenomeprivacy.org/2016/competition-tasks.html.
FC, XJ and SW designed the method, implemented algorithms, devised the simulation experiments, SW, FC, CW and WD wrote a majority of the manuscript. XJ, NM, MMAA, MNS, CS and KL provided detailed edits and critical suggestions. All authors read and approved the final manuscript.
The authors declare that they have no competing interests.
Consent for publication
Ethics approval and consent to participate
About this supplement
This article has been published as part of BMC Medical Genomics Volume 10 Supplement 2, 2017: Proceedings of the 5th iDASH Privacy and Security Workshop 2016. The full contents of the supplement are available online at https://bmcmedgenomics.biomedcentral.com/articles/supplements/volume-10-supplement-2.
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
- 1.The Cost of Sequencing a Human Genome. http://www.genome.gov/sequencingcosts/. Accessed 9 May 2017.
- 4.Amazon Elastic Compute Cloud (Amazon EC2). https://aws.amazon.com/ec2/. Accessed 9 May 2017.
- 8.Sweeney L, Abu A, Winn J. Identifying participants in the personal genome project by name. 2013. arXiv:1304.7605.
- 12.Claes P, Liberton DK, Daniels K, Rosana KM, Quillen EE, Pearson LN, McEvoy B, Bauchet M, Zaidi AA, Yao W, Tang H, Barsh GS, Absher DM, Puts DA, Rocha J, Beleza S, Pereira RW, Baynam G, Suetens P, Vandermeulen D, Wagner JK, Boster JS, Shriver MD. Modeling 3d facial shape from dna. PLOS Genetic. 2014; 10(3):1–14.CrossRefGoogle Scholar
- 14.Humbert M, Ayday E, Hubaux JP, Telenti A. Addressing the concerns of the lacks family: Quantification of kin genomic privacy. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security. New York: ACM Press: 2013. p. 1141–52.Google Scholar
- 17.Wang R, Li YF, Wang X, Tang H, Zhou X. Learning your identity and disease from research papers. In: Proceedings of the 16th ACM Conference on Computer and Communications Security - CCS ’09. New York: ACM Press: 2009. p. 534–44.Google Scholar
- 18.Beacon Project. http://ga4gh.org/#/beacon. Accessed 9 May 2017.
- 19.Gentry C. A fully homomorphic encryption scheme. PhD thesis, Stanford University. 2009.Google Scholar
- 20.Brakerski Z, Gentry C, Vaikuntanathan V. (leveled) fully homomorphic encryption without bootstrapping. In: Proceedings of the 3rd Innovations in Theoretical Computer Science Conference. ITCS ’12. New York: ACM: 2012. p. 309–25.Google Scholar
- 21.Halevi S, Shoup V. Algorithms in helib. In: Advances in Cryptology – CRYPTO. Lecture Notes in Computer Science.Santa Barbara: Springer: 2014. p. 554–71.Google Scholar
- 22.Laine K, Player R. Simple encrypted arithmetic Library-SEAL (v2. 0). Technical report, Technical report. 2016.Google Scholar
- 23.Graepel T, Lauter K, Naehrig M. ML confidential: Machine learning on encrypted data In: Kwon T, Lee M-K, Kwon D, editors. Information Security and Cryptology – ICISC 2012. Lecture Notes in Computer Science. Seoul: Springer: 2012. p. 1–21.Google Scholar
- 25.Lauter K, López-Alt A, Naehrig M. Private computation on encrypted genomic data In: Aranha DF, Menezes A, editors. Progress in Cryptology - LATINCRYPT 2014. Lecture Notes in Computer Science. Florianópolis: Springer: 2014. p. 3–27.Google Scholar
- 27.Cheon JH, Kim M, Lauter K. Homomorphic computation of edit distance In: Brenner M, Christin N, Johnson B, Rohloff K, editors. Financial Cryptography and Data Security. Lecture Notes in Computer Science. Puerto Rico: Springer: 2015. p. 194–212.Google Scholar
- 32.Chen F, Cheng S, Mohammed N, Wang S, Jiang X. Precise: Privacy-preserving cloud-assisted quality improvement service in healthcare. In: 2014 8th International Conference on Systems Biology (ISB).2014. p. 176–83. doi:10.1109/ISB.2014.6990752.
- 33.Chen F, Mohammed N, Wang S, He W, Cheng S, Jiang X. Cloud-assisted distributed private data sharing. In: Proceedings of the 6th ACM Conference on Bioinformatics, Computational Biology and Health Informatics - BCB ’15. Atlanta: ACM Press: 2015. p. 202–11.Google Scholar
- 35.Costan V, Devadas S. Intel sgx explained. IACR Cryptology ePrint Archive. 2016; 2016:86.Google Scholar
- 36.Schuster F, Costa M, Fournet C, Gkantsidis C, Peinado M, Mainar-Ruiz G, Russinovich M. Vc3: Trustworthy data analytics in the cloud using SGX. In: 2015 IEEE Symposium on Security and Privacy. SAN JOSE: ieeexplore.ieee.org: 2015. p. 38–54.Google Scholar
- 37.Brenner S, Wulf C, Goltzsche D, Weichbrodt N, Lorenz M, Fetzer C, Pietzuch P, Kapitza R. SecureKeeper: Confidential ZooKeeper using intel SGX. In: Proceedings of the 16th Annual Middleware Conference (Middleware).New York: ACM: 2016.Google Scholar
- 38.Chen F, Dow M, Ding S, Lu Y, Jiang X, Tang H, Wang S. PREMIX: Privacy-preserving EstiMation of individual admixture. In: American Medical Informatics Association Annual Symposium.Chicago: AMIA: 2016.Google Scholar
- 39.Chen F, Wang S, Jiang X, Ding S, Lu Y, Kim JH, Cenk Sahinalp S, Shimizu C, Burns JC, Wright VJ, Martin EP, Hibberd L, Lloyd DD, Yang H, Telenti A, Bloss CS, Fox D, Lauter K, Ohno-Machado L. PRINCESS: Privacy-protecting rare disease international network collaboration via encryption through software guard extensions. Bioinformatics. 2017; 33(6):871–8.PubMedGoogle Scholar
- 40.De Cristofaro E, Faber S, Gasti P, Tsudik G. Genodroid: Are privacy-preserving genomic tests ready for prime time? In: Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society. WPES ’12. New York: ACM: 2012. p. 97–108.Google Scholar
- 41.De Cristofaro E, Faber S, Tsudik G. Secure genomic testing with size- and position-hiding private substring matching. In: Proceedings of the 12th ACM Workshop on Workshop on Privacy in the Electronic Society. WPES ’13. New York: ACM: 2013. p. 107–18.Google Scholar
- 42.Danezis G, De Cristofaro E. Fast and private genomic testing for disease susceptibility. In: Proceedings of the 13th Workshop on Privacy in the Electronic Society. WPES ’14. New York: ACM: 2014. p. 31–4.Google Scholar
- 43.Danezis G, De Cristofaro E. Simpler protocols for privacy-preserving disease susceptibility testing. In: 14th Privacy Enhancing Technologies Symposium, Workshop on Genome Privacy (GenoPri’14).Amsterdam: PETS: 2014.Google Scholar
- 44.McvLaren PJ, Raisaro JL, Aouri M, Rotger M, Ayday E, Bartha I, Delgado MB, Vallet Y, Günthard HF, Cavassini M, Furrer H, Doco-Lecompte T, Marzolini C, Schmid P, Di Benedetto C, Decosterd LA, Fellay J, Hubaux JP, Telenti A. Privacy-preserving genomic testing in the clinic: a model using HIV treatment. Genet Med. 2016; 18(8):814–22.CrossRefGoogle Scholar
- 45.De Cristofaro E, Liang K, Zhang Y. Privacy-Preserving genetic relatedness test 2016. arXiv:1611.03006.
- 46.Anati I, Gueron S, Johnson S, Scarlata V. Innovative technology for cpu based attestation and sealing. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy.Tel-Aviv: ACM: 2013.Google Scholar
- 48.Kim S, Shin Y, Ha J, Kim T, Han D. A first step towards leveraging commodity trusted execution environments for network applications. In: Proceedings of the 14th ACM Workshop on Hot Topics in Networks. HotNets-XIV. New York: ACM: 2015. p. 7–177.Google Scholar
- 49.Gupta D, Mood B, Feigenbaum J, Butler K, Traynor P. Using intel software guard extensions for efficient Two-Party secure function evaluation. In: Proceedings of the 2016 FC Workshop on Encrypted Computing and Applied Homomorphic Cryptography.Rockley: Springer: 2016.Google Scholar
- 50.Ohrimenko O, Schuster F, Fournet C, Mehta A, Nowozin S, Vaswani K, Costa M. Oblivious multi-party machine learning on trusted processors. In: USENIX Security. Austin: USENIX: 2016.Google Scholar
- 51.Human Genome. https://en.wikipedia.org/w/index.php?title=Human_genome&oldid=756562854. Accessed 9 May 2017.
- 52.Fox EA, Chen QF, Heath LS. A faster algorithm for constructing minimal perfect hash functions. In: Proceedings of the 15th Annual International ACM SIGIR Conference on Research and Development in Information Retrieval. SIGIR ’92. New York: ACM: 1992. p. 266–73.Google Scholar
- 54.Jetchev D, Venkatesan R. Bits security of the elliptic curve Diffie–Hellman secret keys In: Wagner D, editor. Advances in Cryptology – CRYPTO 2008. Lecture Notes in Computer Science. Berlin: Springer: 2008. p. 75–92.Google Scholar
- 55.The Galois/counter Mode of Operation (GCM). http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf. Accessed 9 May 2017.
- 56.Adams C. Replay attack In: van Tilborg HCA, editor. Encyclopedia of Cryptography and Security. New York: Springer: 2005. p. 519–9.Google Scholar
- 57.OpenSSL. https://www.openssl.org/. Accessed 9 May 2017.
- 58.iDASH Privacy & Security Workshop 2016 - Home. http://www.humangenomeprivacy.org/2016. Accessed 29 Dec 2016.
- 59.2016 iDASH Genome Privacy Protection Competition Results. http://www.humangenomeprivacy.org/2016/slides/idash16Results_final.pdf. Accessed 9 May 2017.
- 60.McKeen F, Others. Software guard extensions (intel®; SGX), instructions and programming model. Intel Softw Solut Group Tech Rep. 2013. pp. 1–12.Google Scholar
- 61.Xu Y, Cui W, Peinado M. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In: Security and Privacy (SP), 2015 IEEE Symposium on.San Jose: IEEE: 2015. p. 640–56.Google Scholar
Open Access This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made. The Creative Commons Public Domain Dedication waiver(http://creativecommons.org/publicdomain/zero/1.0/) applies to the data made available in this article, unless otherwise stated.