Plausibility of DNA sequence for encryption

Plausibility of DNA sequence for encryption



To start with: This is in consideration of in-body implants.



The answer should (initially) assume there is no record of your DNA sequence mapped by a third party yet.



The question boils down to using your own DNA sequence as private key for communication to hypothetical in-body augmentations/devices.



Edit: Further clarification: The device would only be controlled from outside the body, not automation etc. A laptop or (god help us) and 'app' for example could send it commands.



A DNA Sequence as we understand it, is unique to each person.



Is this already possible, is it even a worthwhile investigation if not, and what might be the areas to focus concern.



DNA Sequencing



Interesting related article






If your private key is compromised you need to revoke it and issue a new one. How do you plan to revoke your DNA and get a new sequence in the event of a compromise?

– Mike Scott
Sep 9 '18 at 1:11







It's not bad point, it's more related to once an implant is inside of you, for example you want to release extra adrenaline, but you don't want any listener intercepting, but yes you're right. Seems like a fixed vulnerability. — in order to communicate with the device externally you have the traditional problem.

– Pogrindis
Sep 9 '18 at 1:16







Have you heard of twins?

– OrangeDog
Sep 9 '18 at 19:17






That article suggests that Alice creates a new DNA sequence, which contains the message. So it's not applicable to your already existing DNA.

– S.L. Barth
Sep 10 '18 at 6:48






Doublecheck the research on the idea that a person only has one set of DNA. Pregnant women and chimeras can hold more than one.

– schroeder
Sep 11 '18 at 13:26




3 Answers
3



A major problem with modern biometric authentication is the fact that it uses things like your fingerprint as a password. Unlike a real password, a fingerprint is not sufficiently secret. Biometric identities can be used for usernames, which merely need to be unique to you, but not passwords. There are a few issues with using DNA as a private key or any other secret value:



A good private key or password is something you know, something which you need to voluntarily reveal. "Private key" implies that the key must remain secret and its knowledge allows someone to identify as the original holder. Unlike a password-encrypted private key on your laptop, you leave your DNA around everywhere. In your breath, excretions, skin cells that fall off in the millions, oil, hair, saliva, tears, etc. This makes it pointless for a private key that, as the name implies, must remain secret.



From a recent case where DNA was used to incriminate an individual, three judges pointed out the risk to people's privacy when DNA left unintentionally can be used as evidence in a criminal trial. Regardless of the outcome of this review, the fact that we leave DNA is still there:



The Majority’s approval of such police procedure means, in essence, that a person desiring to keep her DNA profile private, must conduct her public affairs in a hermetically sealed hazmat suit. Moreover, the Majority opinion will likely have the consequence that many people will be reluctant to go to the police station to voluntarily provide information about crimes for fear that they, too, will be added to the CODIS database.... Majority's holding means that a person can no longer vote, participate in a jury, or obtain a driver's license, without opening up his genetic material for state collection and codification. Unlike DNA left in the park or a restaurant, these are all instances where the person has identified himself to the government authority.



It doesn't matter if the government decides whether or not this evidence is admissible. What matters is the fact that the evidence, in the form of DNA, is left over in the first place for anyone to take and analyze. Worse still, once your DNA is "compromised", it cannot be revoked!



Only a tiny fraction of DNA differs between each person. While DNA itself contains a lot of information, any prototypical human genome is going to be extremely close to your genome. If you use your genome for any sort of cryptographic purposes, the differences will be small enough that brute force becomes feasible. In other words, there's just too little difference between us. Not only that, but your family will have an even more similar genome. Even if random genetic variation were great enough to prevent exhaustive search, do you really want it to take nothing more than both your parents to give up their genome to make it possible to "calculate" your genome? Or your siblings?



A large amount of human genetic differences comes from what's called SNPs, or Single Nucleotide Polymorphisms. These are individual bases in DNA which are known to vary between people. Currently, there are only a few hundred million known polymorphisms. While a hundred million may seem huge, people who are ethnically related will have far fewer genetic differences. A good key will differ equally between users, regardless of whether or not they are related by family or race.



There's another problem. If you are analyzing DNA down to each individual base pair, you'll find that it actually changes over time! Small self-reproducing elements called transposons are sequences that copy themselves and re-insert themselves in different areas of our genome. They do this slowly and rather randomly. Over time, this means that even our individual cells won't have the same DNA as they had when we were born. Likewise, even identical twins won't have perfectly identical DNA as a result of this phenomenon. This is not a problem for most modern genetic sequencing, which only counts specific variations on specific genes (called alleles), but will be a problem for anything that requires exact accuracy down to the individual base pair. 40% of DNA is transposable!



Now, what could your genome be used for? Identification and authentication. While it's very easy to discover your DNA sequence, it's quite impossible to copy it into another person's body. No matter how much I try, if a single cell of mine is extracted and its DNA analyzed, it will show the DNA I had at birth (ignoring jumping genes), not your DNA. This makes it possible to prove an individual is who they say they are, given sufficiently careful DNA examination. It's like a SSN, but much, much more difficult to use for identity theft. Knowledge of your DNA doesn't let you impersonate it.



DNA is not the only thing that can be used for identification. The pattern of veins in your hand are unique to you, and unlike fingerprints or DNA, are not left all over everything you come into contact with. You need to explicitly place your hand on a vascular scanning device, which is less intrusive than a retina scan. This is actually a technique that is used in Japan. While this is still more private than DNA, it is still better used as a username than as a password, since it can still be obtained surreptitiously.






you leave your DNA around everywhere a huge oversight of mine

– Pogrindis
Sep 8 '18 at 23:34



you leave your DNA around everywhere






@Pogrindis Yep. For many people, it's their family who they want to keep out of their things more than any stranger! I don't want my family to have my private keys.

– forest
Sep 8 '18 at 23:39







"While a hundred million may seem huge, a good value used for cryptographic purposes must be overwhelmingly larger, often many times larger than 2^80." But wait, the hundred million we're talking about is essentially the number of symbols in a string which are randomly chosen, isn't it? In other words, an individual's DNA has something like a hundred million bits of entropy. You're saying that that can be brute-forced?

– Tanner Swett
Sep 9 '18 at 14:15






But do you really suspect that the amount of entropy in an individual human's genome is less than 80 bits? That could only be the case if, out of all those hundred million SNPs, fewer than 0.001% of them carry even a tenth of a bit of entropy.

– Tanner Swett
Sep 10 '18 at 2:24






DNA actually changes over time in an individual, so it is not static. Not only over time, but also from cell to cell. The changes are ongoing and unsynchronised.

– JAD
Sep 10 '18 at 9:21


DNA actually changes over time in an individual, so it is not static.



To underscore Forest's excellent points, here are the good elements of a private key:



Forest addressed 1 and 2, you leave traces of DNA everywhere, and your DNA may change causing your body to "forget" your key. I'll note that now your "circle of trust" includes your doctor, everyone who works in their office, their medical databases, and any labs they work with. If you donate blood, everyone who handles it. Those are all covered under various medical privacy laws, but it still increases your attack surface. But what about your plumber obtaining your DNA from a hair clog?



3 and 4 are all about what happens when your private key is inevitably compromised. Mike Scott pointed this out in the comments.



When someone posts your password online, you can just change it. When someone posts your DNA online you're hosed for life.



Unique passwords act as a firewall, a security breach in one service doesn't affect others. But if you use the same password on multiple sites, now your security is only as good as the weakest site. DNA is a single password you potentially use for everything.



This leads to a nightmare scenario where your private key, your DNA, is a shared password which cannot be changed. It's only as secure as the weakest service. Once there is a breach, all your accounts are compromised for life.



To offer a dimension that the other answer doesn't explore: Biocomputing. Biocomputing is the use of protein chemistry to store and process data. Logic gates and counters can be represented by the states of a protein.



First, to answer your question directly, you can't use genomic data from DNA for encryption because DNA isn't secret. Anyone can take a sample, store it and clone it. In addition, DNA is not exact. There is a tiny degree of genetic variation in samples of DNA collected from the same person because of transcription errors. While this is small enough to reliably identify an individual organism to a high degree of probability, it precludes the use of DNA sequences as encryption keys. This is because encryption depends upon the exact reproduction of a key. Failure to meet this condition results in different cypherdata being produced.



With that said, you could store an encryption key in a nanoprotein specifically engineered for storing exact data. It will have to be much more chemically inert than DNA which can be easily denatured. No such proteins have been produced. As of 2016, the most advanced biocomputers are finite-state machines.



Thanks for contributing an answer to Information Security Stack Exchange!



But avoid



To learn more, see our tips on writing great answers.



Required, but never shown



Required, but never shown




By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

Popular posts from this blog

𛂒𛀶,𛀽𛀑𛂀𛃧𛂓𛀙𛃆𛃑𛃷𛂟𛁡𛀢𛀟𛁤𛂽𛁕𛁪𛂟𛂯,𛁞𛂧𛀴𛁄𛁠𛁼𛂿𛀤 𛂘,𛁺𛂾𛃭𛃭𛃵𛀺,𛂣𛃍𛂖𛃶 𛀸𛃀𛂖𛁶𛁏𛁚 𛂢𛂞 𛁰𛂆𛀔,𛁸𛀽𛁓𛃋𛂇𛃧𛀧𛃣𛂐𛃇,𛂂𛃻𛃲𛁬𛃞𛀧𛃃𛀅 𛂭𛁠𛁡𛃇𛀷𛃓𛁥,𛁙𛁘𛁞𛃸𛁸𛃣𛁜,𛂛,𛃿,𛁯𛂘𛂌𛃛𛁱𛃌𛂈𛂇 𛁊𛃲,𛀕𛃴𛀜 𛀶𛂆𛀶𛃟𛂉𛀣,𛂐𛁞𛁾 𛁷𛂑𛁳𛂯𛀬𛃅,𛃶𛁼

Crossroads (UK TV series)

ữḛḳṊẴ ẋ,Ẩṙ,ỹḛẪẠứụỿṞṦ,Ṉẍừ,ứ Ị,Ḵ,ṏ ṇỪḎḰṰọửḊ ṾḨḮữẑỶṑỗḮṣṉẃ Ữẩụ,ṓ,ḹẕḪḫỞṿḭ ỒṱṨẁṋṜ ḅẈ ṉ ứṀḱṑỒḵ,ḏ,ḊḖỹẊ Ẻḷổ,ṥ ẔḲẪụḣể Ṱ ḭỏựẶ Ồ Ṩ,ẂḿṡḾồ ỗṗṡịṞẤḵṽẃ ṸḒẄẘ,ủẞẵṦṟầṓế