Preserving consumer DNA privacy for finding relatives in a malicious two party computation
University of New Brunswick
The evolution of consumer DNA analysis and testing has led consumers to face data privacy risks, as their data are often uploaded into the cloud and made publicly available. By various means, an adversary can obtain the consumer DNA data and perform activities that can harm a consumer. A certain section of consumers are willing to share their data and compromise on their data privacy. However, there exists another segment of consumers who do not want to undermine their data privacy. These consumers are unwilling to upload their sensitive data into the cloud, and they are only interested to find out whether they are related to another individual. In this research, we have created a platform where any two individuals can verify if they are related to each other without uploading or sharing their raw DNA data to each other or to the cloud. We have developed two techniques to verify individual relatedness while keeping their data private. The first approach is based on secure hash algorithms, while the other approach involves the garbled-circuit technique to ensure data privacy. We have implemented matching algorithms and opposite-homozygotes techniques to solve the genealogical DNA matching problem to verify relationships. We have compared our approaches based on security assurance, running time and the correctness of the results. The experimental results show that the garbled-circuit approach is better overall than the hashing-based approach. The hashing-based approach takes about 7.5 seconds to execute the entire operation, whereas the garbled-circuit approach takes approximately 3 minutes to execute the operation. In general, an individual will run this software only a few times in their lifetime, so the running time of the garbled-circuit approach is acceptable.