Skip to main content

Cybersecurity Across the DNA-Digital Boundary: DNA Samples to Genomic Data

  • Chapter
  • First Online:
Cyberbiosecurity

Abstract

Technological advances in biotechnology, especially next-generation DNA sequencing and direct-to-consumer genotyping, have created exponentially more biological data. To reach this scale, biotechnology pipelines have increasingly relied on automation and computation in the molecular data processing workflow: Biological samples are processed at scale using robotic equipment; molecular sensors, like DNA sequencers, have become specialized computers with peripheral sensors designed to read molecules; and extensive data processing and digital storage are required to manage and make use of this data. All of this computation raises security issues that are more typically associated with computer systems. Here, we explore how the entire DNA data processing workflow, from physical sample processing through reading DNA into digital information and eventual data analysis, is plagued by a number of security vulnerabilities, including a lack of data integrity, poor software security practices, and hardware that is insecure by design. In standard DNA sequencing pipelines, DNA samples are presumed to be derived from natural sources without manipulation. In this work, we show how simple synthetic DNA constructs can be used as vectors for computer malware or as commands to backdoored software or firmware, enabling communication across air gaps. DNA sequencing hardware, including flow cells, is also vulnerable by design to data recovery and corruption attacks. Finally, we show how a lack of data integrity checks in genetic databases can lead to catastrophic data breaches and other security concerns. We conclude with some broader themes and lessons from this work that apply to the larger cyber-biosecurity domain.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Free shipping worldwide - see info
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. H. Orman, The Morris worm: A fifteen-year perspective. IEEE Security & Privacy 1(5), 35–43 (2003)

    Article  Google Scholar 

  2. P. Ney , K. Koscher, L. Organick, L. Ceze, T. Kohno, Computer security, privacy, and DNA sequencing: compromising computers with synthesized DNA, privacy leaks, and more. In 26th USENIX Security Symposium (USENIX Security 17) (2017), pp. 765–779

    Google Scholar 

  3. L. Ceze, J. Nivala, K. Strauss, Molecular digital data storage using DNA. Nat. Rev. Genet. 20(8), 456–466 (2019)

    Article  CAS  PubMed  Google Scholar 

  4. S. Adee, The hunt for the kill switch. IEEE Spectr. 45(5), 34–39 (2008)

    Article  Google Scholar 

  5. C.N. Takahashi, B.H. Nguyen, K. Strauss, L. Ceze, Demonstration of end-to-end automation of DNA data storage. Sci. Rep. 9(1), 1–5 (2019)

    Article  Google Scholar 

  6. P. Ney, L. Organick, J. Nivala, L. Ceze, T. Kohno, DNA sequencing flow cells and the security of the molecular-digital Interface. Proceedings on Privacy Enhancing Technologies 2021(3), 413–432 (2021)

    Article  Google Scholar 

  7. P. Gutmann, Secure deletion of data from magnetic and solid-state memory. In Proceedings of the 6th USENIX security symposium, vol. 14, (San Jose, 1996), pp. 77–89

    Google Scholar 

  8. A. Regalado, “More than 26 million people have taken an at-home ancestry test,” MIT Technology Review, (2019)

    Google Scholar 

  9. P. Ney, L. Ceze, T. Kohno, Genotype Extraction and False Relative Attacks: Security Risks to Third-Party Genetic Genealogy Services Beyond Identity Inference. In Network and Distributed System Symposium (NDSS 2020), (2020)

    Google Scholar 

  10. S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, ..., T. Kohno, Comprehensive experimental analyses of automotive attack surfaces. In the 20th USENIX Security Symposium (USENIX Security 11), (2011)

    Google Scholar 

Download references

Acknowledgments

This research was supported in part by a grant from the DARPA Molecular Informatics Program, NSF Grant CNS-1565252, the University of Washington Tech Policy Lab (which receives support from the William and Flora Hewlett Foundation, the John D. and Catherine T. MacArthur Foundation, Microsoft, the Pierre and Pamela Omidyar Fund at the Silicon Valley Community Foundation), the Short-Dooley Professorship, and the Torode Family Professorship.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Peter Ney .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Ney, P., Bhattacharya, A., Ceze, L., Koscher, K., Kohno, T., Nivala, J. (2023). Cybersecurity Across the DNA-Digital Boundary: DNA Samples to Genomic Data. In: Greenbaum, D. (eds) Cyberbiosecurity. Springer, Cham. https://doi.org/10.1007/978-3-031-26034-6_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-26034-6_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-26033-9

  • Online ISBN: 978-3-031-26034-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics