research-article

Trojan Bio-Hacking of DNA-Sequencing Pipeline

Authors:

T. M. Dooley-Cullinane,

S. BalasubramaniamAuthors Info & Claims

NANOCOM '19: Proceedings of the Sixth Annual ACM International Conference on Nanoscale Computing and Communication

Article No.: 18, Pages 1 - 7

https://doi.org/10.1145/3345312.3345474

Published: 25 September 2019 Publication History

Abstract

The article focuses on the information security risks that arise from the use of dubious software as part of a DNA-sequencing pipeline. We show how the perpetrator can use a biologically engineered sample that contains the remote machine's IP address and port number to trigger Trojan spyware previously dormant, and create a connection to the remote machine. The spyware is then used to either steal sensitive data processed by the pipeline (e.g. DNA-sample of crime suspect) or manipulate its control-flow (e.g. via opening a backdoor). To avoid detection the spyware can accept and expect required payload in fragments, which are also hidden inside the sample in a distributed manner. We show how the adversary can use cryptographic tools such as encryption and steganography to make such detection even harder while limiting the footprint that either identifies the attacker or makes the trigger-sample substantially different from its biological species. Therefore, we prove the viability of the attack and further stress the need to account for attacks being launched from the physical, rather than cyber-world. Furthermore, DNA sequencing error can hinder the successful delivery of a payload, hence the success of such attacks. We estimate the success rates for different sequencing error rates, where the calculated results are also verified with corresponding results from simulations.

References

[1]

D. Ahn and G. Lee. 2015. BoundShield: Comprehensive Mitigation for Memory Disclosure Attacks via Secret Region Isolation. IEEE Transactions on Dependable and Secure Computing 12, 4 (2015), 387--399.

[2]

National Center for Biotechnology Information (NCBI). 2019. Basic Local Alignment Search Tool (BLAST). https://blast.ncbi.nlm.nih.gov/Blast.cgi

[3]

S.Jain, F. Farnoud Hassanzadeh, M. Schwartz, and J. Bruck. 2017. Duplication-Correcting Codes for Data Storage in the DNA of Living Organisms. IEEE Transactions on Information Theory 63, 8 (2017), 4996--5010.

[4]

H. Jin, B. Liu, Y. Du, and D. Zou. 2018. BoundShield: Comprehensive Mitigation for Memory Disclosure Attacks via Secret Region Isolation. IEEE Access 6 (2018), 36341--36353.

[5]

H.H. Nguyen, J. Park, S. Park, C.-S. Lee, S. Hwang, Y.-B. Shin, T. Ha, and M. Kim. 2018. Long-Term Stability and Integrity of Plasmid-Based DNA Data Storage. Polymers 10, 28 (2018), 1--10.

[6]

Malathi P., M. Manoaj, R. Manoj, V. Raghavan, and R.E. Vinodhini. 2017. Highly Improved DNA Based Steganography. Procedia Computer Science 115 (2017), 651--659.

Digital Library

[7]

D.R. Paoletti, D.E. Krane, M.L. Raymer, and T.E. Doom. 2012. Inferring the Number of Contributors to Mixed DNA Profiles. IEEE/ACM Transactions on Computational Biology and Bioinformatics 9, 1 (2012), 113--122.

Digital Library

[8]

Kevin Santoso, Suk-Hwan Lee, Won-Joo Hwang, and Ki-Ryong Kwon. 2016. Sector-based DNA information hiding method. Security and Communication Networks 9, 17 (nov 2016), 4210--4226.

Digital Library

[9]

Wei Sun, Katerina Kechris, Sean Jacobson, and et al. 2016. Common Genetic Polymorphisms Influence Blood Biomarker Measurements in COPD. PLOS Genetics 12, 8 (2016), 1--33.

[10]

Milad Taleby Ahvanooey, Qianmu Li, Jun Hou, Hassan Dana Mazraeh, and Jing Zhang. 2018. AITSteg: An Innovative Text Steganography Technique for Hidden Transmission of Text Message via Social Media. IEEE Access 6 (2018), 65981--65995.

[11]

Oxford Nanopore Technologies. 2019. MinION. https://nanoporetech.com/products/minion

[12]

B. D. Unluturk, M. S. Islam, S. Balasubramaniam, and S. Ivanov. 2017. Towards Concurrent Data Transmission: Exploiting Plasmid Diversity by Bacterial Conjugation. IEEE Transactions on NanoBioscience 16, 4 (2017), 287--298.

[13]

USENIX Association 2017. Computer security, privacy, and DNA sequencing: Compromising computers with synthesized DNA, privacy leaks, and more. USENIX Association.

[14]

R.K. Varshney, V.K. Singh, J.M. Hickey, X. Xun, D.F. Marshall, J. Wang, D. Edwards, and J.-M. Ribaut. 2016. Analytical and Decision Support Tools for Genomics-Assisted Breeding. Trends in Plant Science, Elsevier 21, 4 (2016), 354--363.

[15]

S.E. Wallen, M. Lillehammer, and T.H.E. Meuwissen. 2017. Strategies for implementing genomic selection for feed efficiency in dairy cattle breeding schemes. Journal of Dairy Science, Elsevier 100, 8 (2017), 6327--6336.

Cited By

Islam MIvanov SAwan HDrohan JBalasubramaniam SCoffey LKidambi SSri-saan W(2022)Using deep learning to detect digitally encoded DNA trigger for Trojan malware in Bio-Cyber attacksScientific Reports10.1038/s41598-022-13700-512:1Online publication date: 10-Jun-2022
https://doi.org/10.1038/s41598-022-13700-5

Index Terms

Trojan Bio-Hacking of DNA-Sequencing Pipeline
1. Security and privacy

Recommendations

HACKING EXPOSED MALWARE AND ROOTKITS
Hacking Risk Analysis of Web Trojan in Electric Power System
WISM '09: Proceedings of the 2009 International Conference on Web Information Systems and Mining

The threat from web Trojan in electric power systems (EPS) is complex, which perhaps infects computers, damage SCADA system, or even cause electricity fail. The paper presents the potential Trojan attack risks of EPS by analyzing the security ...
Hunting Trojan Horses
ASID '06: Proceedings of the 1st workshop on Architectural and system support for improving software dependability

HTH (Hunting Trojan Horses) is a security framework developed for detecting difficult types of intrusions. HTH is intended as a complement to anti-virus software in that it targets unknown and zero-day Trojan Horses and Backdoors. In order to accurately ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

NANOCOM '19: Proceedings of the Sixth Annual ACM International Conference on Nanoscale Computing and Communication

September 2019

225 pages

ISBN:9781450368971

DOI:10.1145/3345312

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

SIGARCH: ACM Special Interest Group on Computer Architecture

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 September 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Science Foundation Ireland through the SFI VistaMilk
Science Foundation Ireland through the CONNECT research centres

Conference

NANOCOM '19

NANOCOM '19: The Sixth Annual ACM International Conference on Nanoscale Computing and Communication

September 25 - 27, 2019

Dublin, Ireland

Acceptance Rates

NANOCOM '19 Paper Acceptance Rate 35 of 52 submissions, 67%;

Overall Acceptance Rate 97 of 135 submissions, 72%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
120
Total Downloads

Downloads (Last 12 months)13
Downloads (Last 6 weeks)3

Reflects downloads up to 06 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Islam MIvanov SAwan HDrohan JBalasubramaniam SCoffey LKidambi SSri-saan W(2022)Using deep learning to detect digitally encoded DNA trigger for Trojan malware in Bio-Cyber attacksScientific Reports10.1038/s41598-022-13700-512:1Online publication date: 10-Jun-2022
https://doi.org/10.1038/s41598-022-13700-5

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents