Search Icon
2024 Program

Oligo-Snoop: A Non-Invasive Side Channel Attack Against DNA Synthesis Machines

Sina Faezi (University of California, Irvine), Sujit Rokka Chhetri (University of California, Irvine), Arnav Vaibhav Malawade (University of California, Irvine), John Charles Chaput (University of California, Irvine), William Grover (University of California, Riverside), Philip Brisk (University of California, Riverside), Mohammad Abdullah Al Faruque (University of California, Irvine)

Synthetic biology is developing into a promising science and engineering field. One of the enabling technologies for this field is the DNA synthesizer. It allows researchers to custom-build sequences of oligonucleotides (short DNA strands) using the nucleobases: Adenine (A), Guanine (G), Cytosine (C), and Thymine (T). Incorporating these sequences into organisms can result in improved disease resistance and lifespan for plants, animals, and humans. Hence, many laboratories spend large amounts of capital researching and developing unique sequences of oligonucleotides. However, these DNA synthesizers are fully automated systems with cyber-domain processes and physical domain components. Hence, they may be prone to security breaches like any other computing system. In our work, we present a novel acoustic side-channel attack methodology which can be used on DNA synthesizers to breach their confidentiality and steal valuable oligonucleotide sequences.
Our proposed attack methodology achieves an average accuracy of 88.07% in predicting each base and is able to reconstruct short sequences with 100% accuracy by making less than 21 guesses out of $4^{15}$ possibilities. We evaluate our attack against the effects of the microphone's distance from the DNA synthesizer and show that our attack methodology can achieve over 80% accuracy when the microphone is placed as far as 0.7 meters from the DNA synthesizer despite the presence of common room noise. In addition, we reconstruct DNA sequences to show how effectively an attacker with biomedical-domain knowledge would be able to derive the intended functionality of the sequence using the proposed attack methodology. To the best of our knowledge, this is the first methodology that highlights the possibility of such an attack on systems used to synthesize DNA molecules.

Paper
Slides
Video

View More Papers

REDQUEEN: Fuzzing with Input-to-State Correspondence

Cornelius Aschermann (Ruhr-Universität Bochum), Sergej Schumilo (Ruhr-Universität Bochum), Tim Blazytko (Ruhr-Universität Bochum), Robert Gawlik (Ruhr-Universität Bochum), Thorsten Holz (Ruhr-Universität Bochum)

Read More

Fine-Grained and Controlled Rewriting in Blockchains: Chameleon-Hashing Gone Attribute-Based

David Derler (DFINITY), Kai Samelin (TÜV Rheinland i-sec GmbH), Daniel Slamanig (AIT Austrian Institute of Technology), Christoph Striecks (AIT Austrian Institute of Technology)

Read More

A Systematic Framework to Generate Invariants for Anomaly Detection...

Cheng Feng (Imperial College London & Siemens Corporate Technology), Venkata Reddy Palleti (Singapore University of Technology and Design), Aditya Mathur (Singapore University of Technology and Design), Deeph Chana (Imperial College London)

Read More

Balancing Image Privacy and Usability with Thumbnail-Preserving Encryption

Kimia Tajik (Oregon State University), Akshith Gunasekaran (Oregon State University), Rhea Dutta (Cornell University), Brandon Ellis (Oregon State University), Rakesh B. Bobba (Oregon State University), Mike Rosulek (Oregon State University), Charles V. Wright (Portland State University), Wu-Chi Feng (Portland State University)

Read More