Paper Info
Title
A Non-interactive Multi-user Protocol for Private Authorised Query Processing on Genomic Data
Abstract
This paper introduces a new non-interactive multi-user model for secure and efficient query executions on outsourced genomic data to the cloud. We instantiate this model by leveraging searchable symmetric encryption (SSE). This new construction supports various types of queries (i.e., count, Boolean, k'-out-of-k match queries) on encrypted genomic data, and we call it NIMUPrivGenDB. Most importantly, it eliminates the need for the data owner and/or trusted entity to be online and avoids per-query interaction between the data owner and/or trusted entity and users. This is achieved by introducing a new mechanism called QUAuth to enforce access control based on the types of queries (Q) each user (U) is authorised (Auth) to submit. To the best of our knowledge, this is the first paper proposing an authorisation mechanism based on queries on genomic data. Moreover, QUAuth offers user management by supporting authorisation updates. We proved that our construction achieves strong security against malicious behaviour among authorised users, where a malicious user pretends to be other users by using others' unique IDs, and colluding attacks among these users are also considered. Finally, our proposed protocol's implementation and evaluation demonstrate its practicality and efficiency in terms of search computational complexity and storage cost.
Year
DOI
Venue
2021
10.1007/978-3-030-91356-4_5
INFORMATION SECURITY (ISC 2021)
Keywords
DocType
Volume
Genomic data privacy, Searchable encryption, Secure outsourcing, Cloud security, Non-interactive, Multi-user, Authorisation
Conference
13118
ISSN
Citations 
PageRank 
0302-9743
1
0.37
References 
Authors
0
6
Name
Order
Citations
PageRank
Sara Jafarbeiki110.37
Amin Sakzad210.37
Shabnam Kasra Kermanshahi310.37
Ron Steinfeld4237.99
Raj Gaire510.37
shangqi lai6225.46