Addressing Beacon re-identification attacks: quantification and mitigation of privacy risks.

Détails

Ressource 1Télécharger: 28339683_BIB_B1775430E24D.pdf (388.36 [Ko])
Etat: Public
Version: Final published version
Licence: CC BY-NC 4.0
ID Serval
serval:BIB_B1775430E24D
Type
Article: article d'un périodique ou d'un magazine.
Collection
Publications
Institution
Titre
Addressing Beacon re-identification attacks: quantification and mitigation of privacy risks.
Périodique
Journal of the American Medical Informatics Association
Auteur⸱e⸱s
Raisaro J.L., Tramèr F., Ji Z., Bu D., Zhao Y., Carey K., Lloyd D., Sofia H., Baker D., Flicek P., Shringarpure S., Bustamante C., Wang S., Jiang X., Ohno-Machado L., Tang H., Wang X., Hubaux J.P.
ISSN
1527-974X (Electronic)
ISSN-L
1067-5027
Statut éditorial
Publié
Date de publication
01/07/2017
Peer-reviewed
Oui
Volume
24
Numéro
4
Pages
799-805
Langue
anglais
Notes
Publication types: Journal Article
Publication Status: ppublish
Résumé
The Global Alliance for Genomics and Health (GA4GH) created the Beacon Project as a means of testing the willingness of data holders to share genetic data in the simplest technical context-a query for the presence of a specified nucleotide at a given position within a chromosome. Each participating site (or "beacon") is responsible for assuring that genomic data are exposed through the Beacon service only with the permission of the individual to whom the data pertains and in accordance with the GA4GH policy and standards.While recognizing the inference risks associated with large-scale data aggregation, and the fact that some beacons contain sensitive phenotypic associations that increase privacy risk, the GA4GH adjudged the risk of re-identification based on the binary yes/no allele-presence query responses as acceptable. However, recent work demonstrated that, given a beacon with specific characteristics (including relatively small sample size and an adversary who possesses an individual's whole genome sequence), the individual's membership in a beacon can be inferred through repeated queries for variants present in the individual's genome.In this paper, we propose three practical strategies for reducing re-identification risks in beacons. The first two strategies manipulate the beacon such that the presence of rare alleles is obscured; the third strategy budgets the number of accesses per user for each individual genome. Using a beacon containing data from the 1000 Genomes Project, we demonstrate that the proposed strategies can effectively reduce re-identification risk in beacon-like datasets.
Mots-clé
Data Anonymization, Genetic Privacy, Genomics, Humans, Information Dissemination, beacon, ga4gh, genomic data sharing, genomic privacy, re-identification
Pubmed
Web of science
Open Access
Oui
Création de la notice
15/11/2022 11:26
Dernière modification de la notice
25/01/2024 7:42
Données d'usage