Dissecting Privacy Risks in Biomedical Data

Berrang, Pascal and Humbert, Mathias and Zhang, Yang and Lehmann, Irina and Eils, Roland and Backes, Michael
(2018) Dissecting Privacy Risks in Biomedical Data.
In: IEEE European Symposium on Security and Privacy.
Conference: EuroS&P IEEE European Symposium on Security and Privacy

[img]
Preview
 Text
EUROSP20.pdf
Download (736kB) | Preview

Abstract

The decreasing costs of molecular profiling has fueled the biomedical research community with a plethora of new types of biomedical data, enabling a breakthrough towards a more precise and personalized medicine. However, the release of these intrinsically highly sensitive data poses a new severe privacy threat. While biomedical data is largely associated with our health, there also exist various correlations between different types of biomedical data, along the temporal dimension, and also in-between family members. However, so far, the security community has focused on privacy risks stemming from genomic data, largely overlooking the manifold interdependencies between other biomedical data. In this paper, we present a generic framework for quantifying the privacy risks in biomedical data taking into account the various interdependencies between data (i) of different types, (ii) from different individuals, and (iii) at different time. To this end, we rely on a Bayesian network model that allows us to take all aforementioned dependencies into account and run exact probabilistic inference attacks very efficiently. Furthermore, we introduce a generic algorithm for building the Bayesian network, which encompasses expert knowledge for known dependencies, such as genetic inheritance laws, and learns previously unknown dependencies from the data. Then, we conduct a thorough inference risk evaluation with a very rich dataset containing genomic and epigenomic data of mothers and children over multiple years. Besides effective probabilistic inference, we further demonstrate that our Bayesian network model can also serve as a building block for other attacks. We show that, with our framework, an adversary can efficiently identify the parent-child relationships based on methylation data with a success rate of 95%.

Item Type: Conference or Workshop Item (A Paper) (Paper)
Divisions: Yang Zhang (YZ)
Conference: EuroS&P IEEE European Symposium on Security and Privacy
Depositing User: Ben Stock
Date Deposited: 14 Feb 2018 12:49
Last Modified: 15 Oct 2022 15:55
Primary Research Area: NRA1: Trustworthy Information Processing
URI: https://publications.cispa.saarland/id/eprint/1441

Actions

Actions (login required)

View Item View Item
CISPA is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.