Abstract
Advances in DNA sequencing technology and human genetics are leading to the availability of inexpensive genetic tests, notably tests for individual predisposition to certain diseases. While such information is often valuable, its availability has raised serious concerns over the privacy of genetic information. These concerns are further heightened when genetic information is gathered into databases. We study access control for one class of such databases, forensic DNA databases, used to match unknown perpetrators against groups of potential suspects – usually convicted criminals. Our key observation is that for legitimate forensic queries, the sensitive information belonging to the target individual is already available to the querying agent in the form of a blood or tissue sample from a crime scene. We show how forensic DNA databases may be implemented so that only legitimate queries are feasible. In particular, a person with unlimited access to the database will be unable to extract information about any individual unless the necessary genetic information for that individual is already known. We develop a general solution framework, and show how to implement databases which handle certain cases of missing or incorrect DNA tests. Our framework and techniques are applicable to the general problem of encrypting information based on partially known or partially correct keys, and its security is based on standard cryptographic assumptions.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Anderson, R.: The DeCODE proposal for an Icelandic health database (1998), http://www.cl.cam.ac.uk/~rja14/iceland/iceland.html
Annas, G.J.: Privacy rules for DNA databanks: Protecting coded future diaries. JAMA 270(19), 2346–2350 (1993)
Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communication Security, pp. 62–73. ACM Press, New York (1993)
Bleichenbacher, D.: Private communication
Budowle, B., Moretti, T.R.: Genotype profiles for six population groups at the 13 CODIS short tandem repeat core loci and other PCR-based loci. Forensic Science Communication 1(2) (July 1999)
Butler, D.: UK to set up DNA database of criminals. Nature 370, 588–589 (1994)
Coster, M.J., Joux, A., LaMacchia, B.A., Odlyzko, A.M., Schnorr, C.-P., Stern, J.: Improved low-density subset sum algorithms. Journal of Computational Complexity 2, 111–128 (1992)
de Gorgey, A.: The advent of DNA databanks: Implications for information privacy. American Journal of Law and Medicine 16, 381–398 (1990)
Dib, C., Faure, S., Fizames, C., Samson, D., Drouot, N., Vignal, A., Millasseau, P., Marc, S., Hazan, J., Seboun, E., Lathrop, M., Gyapay, G., Morissette, J., Weissenbach, J.: A comprehensive genetic map of the human genome based on 5,264 microsatellites. Nature 380, 152–154 (1996)
Ellison, C., Hall, C., Milbert, R., Schneier, B.: Protecting secret keys with personal entropy. Future Generation Computer Systems (1999) (to appear)
Fourney, R.: Allele frequency distribution tables, http://www.cstl.nist.gov/div831/strbase/freq_tab.htm
Fox, K.: Criminal justice. In: Mapping Public Policy for Genetic Technologies. National Conference of State Legislators (1998)
Goldberg, C.: DNA databanks giving police a powerful weapon, and critics. New York Times, Thursday 19 (1998)
Henry, B.E., Rogers, G.S., Mauterer, C., Dodd, D.K., Hicks, J.W.: Technical evaluations of databanking methods. In: Proceedings of the Eighth International Symposium on Human Identification (1997)
Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: 6th ACM Conference on Computer and Communication Security (1999) (to appear)
Kirby, L.T.: DNA Fingerprinting: An Introduction. Oxford University Press, Oxford (1992)
R. Köttger.: Probe nummer 3889 führte zum Mörder. Die Welt (August 27, 1999)
Krontiris, T.G.: Minisatellites and human disease. Science 269, 1682–1683 (1985)
Mannvernd.: The Mannvernd web site, http://www.mannvernd.is
McEwen, J.E.: DNA data banks. In: Rothstein, M. (ed.) Genetic Secrets: Protecting Privacy and Confidentiality in the Genetic Era, pp. 231–254 (1997)
McEwen, J.E., Reilly, P.R.: A review of state legislation on DNA forensic data banking. American Journal of Human Genetics 54, 941–958 (1994)
Menezes, A.J., van Oorschoot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)
Monrose, F., Reiter, M., Wetzel, S.: Password hardening based on keystroke dynamics. In: 6th ACM Conference on Computer and Commnication Security (1999) (to appear)
National Research Council: The Evaluation of Forensic DNA Evidence. National Academy Press (1996)
Nguyen, P., Stern, J.: The hardness of the hidden subset sum problem and its cryptographic implications. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 31–46. Springer, Heidelberg (1999)
Niezgoda Jr., S.J., Brown, B.: The FBI laboratory’s COmbined DNA Index System program. In: Proceedings of the Sixth International Symposium on Human identification (1995)
Working Group of the Ministry of Health and Social Security: Bill on a health sector database (1998), http://brunnur.stjr.is/interpro/htr/htr.nsf/pages/gagnagr-ensk
Peerenboom, E.: Central criminal DNA database created in Germany. Nat. Biotechnol. 16(6), 510–511 (1998)
Perez-Pena, R., Blair, J.: Albany plan widely expands sampling of criminals’ DNA. New York Times, Saturday, August 7 (1999)
Reilly, P.R.: DNA banking. American Journal of Human Genetics 51, 1169–1170 (1992)
Reilly, P.R.: Fear of genetic discrimination drives legislative interest. Human Genome News 8, 3–4 (1997)
Scheck, B.: DNA data banking: A cautionary tale. American Journal of Human Genetics 54, 931–933 (1994)
Schnorr, C.-P., Hörner, H.H.: Attacking the Chor-Rivest cryptosystem by improved lattice reduction. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 1–12. Springer, Heidelberg (1995)
Schumm, J.W.: New approaches to DNA fingerprint analysis. Promega Notes Magazine 58, 12–18 (1996)
Shamir, A.: How to share a secret. Communications of the Association for Computing Machinery 22(11), 612–613 (1979)
Sutherland, G.R., Richards, R.I.: Single tandem DNA repeats and human genetic disease. In: Proceedings of the National Academy of Science USA 92, pp. 3636–3641 (1995)
Technical Working Group on DNA Analysis Methods (TWGDAM).: The combined DNA index system (CODIS): A theoretical model. In: Kirby, L.T. (ed.), DNA Fingerprinting: An Introduction. Oxford University Press, Oxford (1992)
Wrogeman, K., Biancalana, V., Devys, D., Imbert, G., Trottier, Y., Mandel, J.-L.: Microsatellites and disease: A new paradigm. In: DNA Fingerprinting: State of the Science, pp. 141–152. Birkhäuser Verlag, Basel (1993)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bohannon, P., Jakobsson, M., Srikwan, S. (2000). Cryptographic Approaches to Privacy in Forensic DNA Databases. In: Imai, H., Zheng, Y. (eds) Public Key Cryptography. PKC 2000. Lecture Notes in Computer Science, vol 1751. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-46588-1_25
Download citation
DOI: https://doi.org/10.1007/978-3-540-46588-1_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66967-8
Online ISBN: 978-3-540-46588-1
eBook Packages: Springer Book Archive