A non-interactive multi-user protocol for private authorised query processing on genomic data

Sara Jafarbeiki, Amin Sakzad, Shabnam Kasra Kermanshahi, Ron Steinfeld, Raj K. Gaire, Shangqi Lai

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

3 Citations (Scopus)


This paper introduces a new non-interactive multi-user model for secure and efficient query executions on outsourced genomic data to the cloud. We instantiate this model by leveraging searchable symmetric encryption (SSE). This new construction supports various types of queries (i.e., count, Boolean, k -out-of-k match queries) on encrypted genomic data, and we call it NIMUPrivGenDB. Most importantly, it eliminates the need for the data owner and/or trusted entity to be online and avoids per-query interaction between the data owner and/or trusted entity and users. This is achieved by introducing a new mechanism called QUAuth to enforce access control based on the types of queries (Q) each user (U) is authorised (Auth) to submit. To the best of our knowledge, this is the first paper proposing an authorisation mechanism based on queries on genomic data. Moreover, QUAuth offers user management by supporting authorisation updates. We proved that our construction achieves strong security against malicious behaviour among authorised users, where a malicious user pretends to be other users by using others’ unique IDs, and colluding attacks among these users are also considered. Finally, our proposed protocol’s implementation and evaluation demonstrate its practicality and efficiency in terms of search computational complexity and storage cost.

Original languageEnglish
Title of host publication24th International Conference, ISC 2021 Virtual Event, November 10–12, 2021 Proceedings
EditorsJoseph K. Liu, Sokratis Katsikas, Weizhi Meng, Willy Susilo, Rolly Intan
Place of PublicationCham Switzerland
Number of pages25
ISBN (Electronic)9783030913564
ISBN (Print)9783030913557
Publication statusPublished - 2021
EventInformation Security Conference 2021 - Online, Bali, Indonesia
Duration: 10 Nov 202112 Nov 2021
Conference number: 24th
https://link.springer.com/book/10.1007/978-3-030-91356-4 (Proceedings)
https://isc2021.petra.ac.id/ (Website)

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume13118 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceInformation Security Conference 2021
Abbreviated titleISC 2021
Internet address


  • Authorisation
  • Cloud security
  • Genomic data privacy
  • Multi-user
  • Non-interactive
  • Searchable encryption
  • Secure outsourcing

Cite this