A non-interactive multi-user protocol for private authorised query processing on genomic data

Sara Jafarbeiki; Amin Sakzad; Shabnam Kasra Kermanshahi; Ron Steinfeld; Raj K. Gaire; Shangqi Lai

doi:10.1007/978-3-030-91356-4_5

A non-interactive multi-user protocol for private authorised query processing on genomic data

Sara Jafarbeiki, Amin Sakzad, Shabnam Kasra Kermanshahi, Ron Steinfeld, Raj K. Gaire, Shangqi Lai

Department of Software Systems & Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

3 Citations (Scopus)

Abstract

This paper introduces a new non-interactive multi-user model for secure and efficient query executions on outsourced genomic data to the cloud. We instantiate this model by leveraging searchable symmetric encryption (SSE). This new construction supports various types of queries (i.e., count, Boolean, k^′ -out-of-k match queries) on encrypted genomic data, and we call it NIMUPrivGenDB. Most importantly, it eliminates the need for the data owner and/or trusted entity to be online and avoids per-query interaction between the data owner and/or trusted entity and users. This is achieved by introducing a new mechanism called QUAuth to enforce access control based on the types of queries (Q) each user (U) is authorised (Auth) to submit. To the best of our knowledge, this is the first paper proposing an authorisation mechanism based on queries on genomic data. Moreover, QUAuth offers user management by supporting authorisation updates. We proved that our construction achieves strong security against malicious behaviour among authorised users, where a malicious user pretends to be other users by using others’ unique IDs, and colluding attacks among these users are also considered. Finally, our proposed protocol’s implementation and evaluation demonstrate its practicality and efficiency in terms of search computational complexity and storage cost.

Original language	English
Title of host publication	24th International Conference, ISC 2021 Virtual Event, November 10–12, 2021 Proceedings
Editors	Joseph K. Liu, Sokratis Katsikas, Weizhi Meng, Willy Susilo, Rolly Intan
Place of Publication	Cham Switzerland
Publisher	Springer
Pages	70-94
Number of pages	25
ISBN (Electronic)	9783030913564
ISBN (Print)	9783030913557
DOIs	https://doi.org/10.1007/978-3-030-91356-4_5
Publication status	Published - 2021
Event	Information Security Conference 2021 - Online, Bali, Indonesia Duration: 10 Nov 2021 → 12 Nov 2021 Conference number: 24th https://link.springer.com/book/10.1007/978-3-030-91356-4 (Proceedings) https://isc2021.petra.ac.id/ (Website)

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13118 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	Information Security Conference 2021
Abbreviated title	ISC 2021
Country/Territory	Indonesia
City	Bali
Period	10/11/21 → 12/11/21
Internet address	https://link.springer.com/book/10.1007/978-3-030-91356-4 (Proceedings) https://isc2021.petra.ac.id/ (Website)

Keywords

Authorisation
Cloud security
Genomic data privacy
Multi-user
Non-interactive
Searchable encryption
Secure outsourcing

Access to Document

10.1007/978-3-030-91356-4_5

Cite this

Jafarbeiki, S., Sakzad, A., Kasra Kermanshahi, S., Steinfeld, R., Gaire, R. K., & Lai, S. (2021). A non-interactive multi-user protocol for private authorised query processing on genomic data. In J. K. Liu, S. Katsikas, W. Meng, W. Susilo, & R. Intan (Eds.), 24th International Conference, ISC 2021 Virtual Event, November 10–12, 2021 Proceedings (pp. 70-94). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13118 LNCS). Springer. https://doi.org/10.1007/978-3-030-91356-4_5

Jafarbeiki, Sara ; Sakzad, Amin ; Kasra Kermanshahi, Shabnam et al. / A non-interactive multi-user protocol for private authorised query processing on genomic data. 24th International Conference, ISC 2021 Virtual Event, November 10–12, 2021 Proceedings. editor / Joseph K. Liu ; Sokratis Katsikas ; Weizhi Meng ; Willy Susilo ; Rolly Intan. Cham Switzerland : Springer, 2021. pp. 70-94 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{490488971f7c412aa73da5760fae9379,

title = "A non-interactive multi-user protocol for private authorised query processing on genomic data",

abstract = "This paper introduces a new non-interactive multi-user model for secure and efficient query executions on outsourced genomic data to the cloud. We instantiate this model by leveraging searchable symmetric encryption (SSE). This new construction supports various types of queries (i.e., count, Boolean, k′ -out-of-k match queries) on encrypted genomic data, and we call it NIMUPrivGenDB. Most importantly, it eliminates the need for the data owner and/or trusted entity to be online and avoids per-query interaction between the data owner and/or trusted entity and users. This is achieved by introducing a new mechanism called QUAuth to enforce access control based on the types of queries (Q) each user (U) is authorised (Auth) to submit. To the best of our knowledge, this is the first paper proposing an authorisation mechanism based on queries on genomic data. Moreover, QUAuth offers user management by supporting authorisation updates. We proved that our construction achieves strong security against malicious behaviour among authorised users, where a malicious user pretends to be other users by using others{\textquoteright} unique IDs, and colluding attacks among these users are also considered. Finally, our proposed protocol{\textquoteright}s implementation and evaluation demonstrate its practicality and efficiency in terms of search computational complexity and storage cost.",

keywords = "Authorisation, Cloud security, Genomic data privacy, Multi-user, Non-interactive, Searchable encryption, Secure outsourcing",

author = "Sara Jafarbeiki and Amin Sakzad and {Kasra Kermanshahi}, Shabnam and Ron Steinfeld and Gaire, {Raj K.} and Shangqi Lai",

note = "Publisher Copyright: {\textcopyright} 2021, Springer Nature Switzerland AG.; Information Security Conference 2021, ISC 2021 ; Conference date: 10-11-2021 Through 12-11-2021",

year = "2021",

doi = "10.1007/978-3-030-91356-4_5",

language = "English",

isbn = "9783030913557",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "70--94",

editor = "{K. Liu}, Joseph and Sokratis Katsikas and Weizhi Meng and Willy Susilo and Rolly Intan",

booktitle = "24th International Conference, ISC 2021 Virtual Event, November 10–12, 2021 Proceedings",

url = "https://link.springer.com/book/10.1007/978-3-030-91356-4, https://isc2021.petra.ac.id/",

}

Jafarbeiki, S , Sakzad, A, Kasra Kermanshahi, S, Steinfeld, R, Gaire, RK & Lai, S 2021, A non-interactive multi-user protocol for private authorised query processing on genomic data. in J K. Liu, S Katsikas, W Meng, W Susilo & R Intan (eds), 24th International Conference, ISC 2021 Virtual Event, November 10–12, 2021 Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13118 LNCS, Springer, Cham Switzerland, pp. 70-94, Information Security Conference 2021, Bali, Indonesia, 10/11/21. https://doi.org/10.1007/978-3-030-91356-4_5

A non-interactive multi-user protocol for private authorised query processing on genomic data. / Jafarbeiki, Sara ; Sakzad, Amin; Kasra Kermanshahi, Shabnam et al.
24th International Conference, ISC 2021 Virtual Event, November 10–12, 2021 Proceedings. ed. / Joseph K. Liu; Sokratis Katsikas; Weizhi Meng; Willy Susilo; Rolly Intan. Cham Switzerland: Springer, 2021. p. 70-94 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13118 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - A non-interactive multi-user protocol for private authorised query processing on genomic data

AU - Jafarbeiki, Sara

AU - Sakzad, Amin

AU - Kasra Kermanshahi, Shabnam

AU - Steinfeld, Ron

AU - Gaire, Raj K.

AU - Lai, Shangqi

N1 - Conference code: 24th

PY - 2021

Y1 - 2021

N2 - This paper introduces a new non-interactive multi-user model for secure and efficient query executions on outsourced genomic data to the cloud. We instantiate this model by leveraging searchable symmetric encryption (SSE). This new construction supports various types of queries (i.e., count, Boolean, k′ -out-of-k match queries) on encrypted genomic data, and we call it NIMUPrivGenDB. Most importantly, it eliminates the need for the data owner and/or trusted entity to be online and avoids per-query interaction between the data owner and/or trusted entity and users. This is achieved by introducing a new mechanism called QUAuth to enforce access control based on the types of queries (Q) each user (U) is authorised (Auth) to submit. To the best of our knowledge, this is the first paper proposing an authorisation mechanism based on queries on genomic data. Moreover, QUAuth offers user management by supporting authorisation updates. We proved that our construction achieves strong security against malicious behaviour among authorised users, where a malicious user pretends to be other users by using others’ unique IDs, and colluding attacks among these users are also considered. Finally, our proposed protocol’s implementation and evaluation demonstrate its practicality and efficiency in terms of search computational complexity and storage cost.

AB - This paper introduces a new non-interactive multi-user model for secure and efficient query executions on outsourced genomic data to the cloud. We instantiate this model by leveraging searchable symmetric encryption (SSE). This new construction supports various types of queries (i.e., count, Boolean, k′ -out-of-k match queries) on encrypted genomic data, and we call it NIMUPrivGenDB. Most importantly, it eliminates the need for the data owner and/or trusted entity to be online and avoids per-query interaction between the data owner and/or trusted entity and users. This is achieved by introducing a new mechanism called QUAuth to enforce access control based on the types of queries (Q) each user (U) is authorised (Auth) to submit. To the best of our knowledge, this is the first paper proposing an authorisation mechanism based on queries on genomic data. Moreover, QUAuth offers user management by supporting authorisation updates. We proved that our construction achieves strong security against malicious behaviour among authorised users, where a malicious user pretends to be other users by using others’ unique IDs, and colluding attacks among these users are also considered. Finally, our proposed protocol’s implementation and evaluation demonstrate its practicality and efficiency in terms of search computational complexity and storage cost.

KW - Authorisation

KW - Cloud security

KW - Genomic data privacy

KW - Multi-user

KW - Non-interactive

KW - Searchable encryption

KW - Secure outsourcing

UR - http://www.scopus.com/inward/record.url?scp=85121862258&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-91356-4_5

DO - 10.1007/978-3-030-91356-4_5

M3 - Conference Paper

AN - SCOPUS:85121862258

SN - 9783030913557

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 70

EP - 94

BT - 24th International Conference, ISC 2021 Virtual Event, November 10–12, 2021 Proceedings

A2 - K. Liu, Joseph

A2 - Katsikas, Sokratis

A2 - Meng, Weizhi

A2 - Susilo, Willy

A2 - Intan, Rolly

PB - Springer

CY - Cham Switzerland

T2 - Information Security Conference 2021

Y2 - 10 November 2021 through 12 November 2021

ER -

Jafarbeiki S , Sakzad A, Kasra Kermanshahi S, Steinfeld R, Gaire RK, Lai S. A non-interactive multi-user protocol for private authorised query processing on genomic data. In K. Liu J, Katsikas S, Meng W, Susilo W, Intan R, editors, 24th International Conference, ISC 2021 Virtual Event, November 10–12, 2021 Proceedings. Cham Switzerland: Springer. 2021. p. 70-94. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-91356-4_5

A non-interactive multi-user protocol for private authorised query processing on genomic data

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Cite this