McAfee Ireland Ltd., Building 2000, City Gate, Mahon, Cork, Ireland.
Telecommunications Software and Systems Group, Waterford Institute of Technology, Waterford, Ireland.
Sci Rep. 2019 Jun 18;9(1):8684. doi: 10.1038/s41598-019-44995-6.
We present the work towards strengthening the security of DNA-sequencing functionality of future bioinformatics systems against bio-computing attacks. Recent research has shown how using common tools, a perpetrator can synthesize biological material, which upon DNA-analysis opens a cyber-backdoor for the perpetrator to hijack control of a computational resource from the DNA-sequencing pipeline. As DNA analysis finds its way into practical everyday applications, the threat of bio-hacking increases. Our wetlab experiments establish that malicious DNA can be synthesized and inserted into E. coli, a common contaminant. Based on that, we propose a new attack, where a hacker to reach the target hides the DNA with malicious code on common surfaces (e.g., lab coat, bench, rubber glove). We demonstrated that the threat of bio-hacking can be mitigated using dedicated input control techniques similar to those used to counter conventional injection attacks. This article proposes to use genetic similarity of biological samples to identify material that has been generated for bio-hacking. We considered freely available genetic data from 506 mammary, lymphocyte and erythrocyte samples that have a bio-hacking code inserted. During the evaluation we were able to detect up to 95% of malicious DNAs confirming suitability of our method.
我们介绍了如何加强未来生物信息学系统的 DNA 测序功能的安全性,以防范生物计算攻击。最近的研究表明,使用常见工具,攻击者可以合成生物材料,这些材料在 DNA 分析后,会为攻击者在 DNA 测序管道中打开一个网络后门,从而劫持计算资源的控制权。随着 DNA 分析在实际日常应用中的应用,生物黑客攻击的威胁也在增加。我们的湿实验室实验证明,恶意 DNA 可以被合成并插入到大肠杆菌中,这是一种常见的污染物。在此基础上,我们提出了一种新的攻击,黑客将带有恶意代码的 DNA 隐藏在常见的表面上(例如实验服、工作台、橡胶手套),以达到攻击目标。我们证明,使用类似于用于对抗传统注入攻击的专用输入控制技术,可以减轻生物黑客攻击的威胁。本文提出使用生物样本的遗传相似性来识别那些已被用于生物黑客攻击的材料。我们考虑了从 506 个乳腺、淋巴细胞和红细胞样本中获取的免费遗传数据,这些样本中插入了生物黑客攻击代码。在评估过程中,我们能够检测到高达 95%的恶意 DNA,证实了我们方法的适用性。
