Abstract
Technological advances in biotechnology, especially next-generation DNA sequencing and direct-to-consumer genotyping, have created exponentially more biological data. To reach this scale, biotechnology pipelines have increasingly relied on automation and computation in the molecular data processing workflow: Biological samples are processed at scale using robotic equipment; molecular sensors, like DNA sequencers, have become specialized computers with peripheral sensors designed to read molecules; and extensive data processing and digital storage are required to manage and make use of this data. All of this computation raises security issues that are more typically associated with computer systems. Here, we explore how the entire DNA data processing workflow, from physical sample processing through reading DNA into digital information and eventual data analysis, is plagued by a number of security vulnerabilities, including a lack of data integrity, poor software security practices, and hardware that is insecure by design. In standard DNA sequencing pipelines, DNA samples are presumed to be derived from natural sources without manipulation. In this work, we show how simple synthetic DNA constructs can be used as vectors for computer malware or as commands to backdoored software or firmware, enabling communication across air gaps. DNA sequencing hardware, including flow cells, is also vulnerable by design to data recovery and corruption attacks. Finally, we show how a lack of data integrity checks in genetic databases can lead to catastrophic data breaches and other security concerns. We conclude with some broader themes and lessons from this work that apply to the larger cyber-biosecurity domain.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
H. Orman, The Morris worm: A fifteen-year perspective. IEEE Security & Privacy 1(5), 35–43 (2003)
P. Ney , K. Koscher, L. Organick, L. Ceze, T. Kohno, Computer security, privacy, and DNA sequencing: compromising computers with synthesized DNA, privacy leaks, and more. In 26th USENIX Security Symposium (USENIX Security 17) (2017), pp. 765–779
L. Ceze, J. Nivala, K. Strauss, Molecular digital data storage using DNA. Nat. Rev. Genet. 20(8), 456–466 (2019)
S. Adee, The hunt for the kill switch. IEEE Spectr. 45(5), 34–39 (2008)
C.N. Takahashi, B.H. Nguyen, K. Strauss, L. Ceze, Demonstration of end-to-end automation of DNA data storage. Sci. Rep. 9(1), 1–5 (2019)
P. Ney, L. Organick, J. Nivala, L. Ceze, T. Kohno, DNA sequencing flow cells and the security of the molecular-digital Interface. Proceedings on Privacy Enhancing Technologies 2021(3), 413–432 (2021)
P. Gutmann, Secure deletion of data from magnetic and solid-state memory. In Proceedings of the 6th USENIX security symposium, vol. 14, (San Jose, 1996), pp. 77–89
A. Regalado, “More than 26 million people have taken an at-home ancestry test,” MIT Technology Review, (2019)
P. Ney, L. Ceze, T. Kohno, Genotype Extraction and False Relative Attacks: Security Risks to Third-Party Genetic Genealogy Services Beyond Identity Inference. In Network and Distributed System Symposium (NDSS 2020), (2020)
S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, ..., T. Kohno, Comprehensive experimental analyses of automotive attack surfaces. In the 20th USENIX Security Symposium (USENIX Security 11), (2011)
Acknowledgments
This research was supported in part by a grant from the DARPA Molecular Informatics Program, NSF Grant CNS-1565252, the University of Washington Tech Policy Lab (which receives support from the William and Flora Hewlett Foundation, the John D. and Catherine T. MacArthur Foundation, Microsoft, the Pierre and Pamela Omidyar Fund at the Silicon Valley Community Foundation), the Short-Dooley Professorship, and the Torode Family Professorship.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Ney, P., Bhattacharya, A., Ceze, L., Koscher, K., Kohno, T., Nivala, J. (2023). Cybersecurity Across the DNA-Digital Boundary: DNA Samples to Genomic Data. In: Greenbaum, D. (eds) Cyberbiosecurity. Springer, Cham. https://doi.org/10.1007/978-3-031-26034-6_7
Download citation
DOI: https://doi.org/10.1007/978-3-031-26034-6_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-26033-9
Online ISBN: 978-3-031-26034-6
eBook Packages: Computer ScienceComputer Science (R0)