The decreasing costs of molecular profiling has
fueled the biomedical research community with a plethora
of new types of biomedical data, enabling a breakthrough
towards a more precise and personalized medicine. However,
the release of these intrinsically highly sensitive data poses
a new severe privacy threat. While biomedical data is largely
associated with our health, there also exist various correlations
between different types of biomedical data, along the temporal
dimension, and also in-between family members. However,
so far, the security community has focused on privacy risks
stemming from genomic data, largely overlooking the manifold
interdependencies between other biomedical data.
In this paper, we present a generic framework for quantifying the privacy risks in biomedical data taking into account the
various interdependencies between data (i) of different types,
(ii) from different individuals, and (iii) at different time. To this
end, we rely on a Bayesian network model that allows us to take
all aforementioned dependencies into account and run exact
probabilistic inference attacks very efficiently. Furthermore,
we introduce a generic algorithm for building the Bayesian
network, which encompasses expert knowledge for known
dependencies, such as genetic inheritance laws, and learns
previously unknown dependencies from the data. Then, we
conduct a thorough inference risk evaluation with a very rich
dataset containing genomic and epigenomic data of mothers
and children over multiple years. Besides effective probabilistic
inference, we further demonstrate that our Bayesian network
model can also serve as a building block for other attacks. We
show that, with our framework, an adversary can efficiently
identify the parent-child relationships based on methylation
data with a success rate of 95%.
History
Preferred Citation
Pascal Berrang, Mathias Humbert, Yang Zhang, Irina Lehmann, Roland Eils and Michael Backes. Dissecting Privacy Risks in Biomedical Data. In: IEEE European Symposium on Security and Privacy (EuroS&P). 2018.
Primary Research Area
Trustworthy Information Processing
Name of Conference
IEEE European Symposium on Security and Privacy (EuroS&P)
Legacy Posted Date
2018-02-14
Open Access Type
Unknown
BibTeX
@inproceedings{cispa_all_1441,
title = "Dissecting Privacy Risks in Biomedical Data",
author = "Berrang, Pascal and Humbert, Mathias and Zhang, Yang and Lehmann, Irina and Eils, Roland and Backes, Michael",
booktitle="{IEEE European Symposium on Security and Privacy (EuroS&P)}",
year="2018",
}