Vulnerabilities / Threats

7/14/2016
10:58 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Sandia Labs Researchers Build DNA-Based Encrypted Storage

Researchers at Sandia National Laboratories in New Mexico are experimenting with encrypted DNA storage for archival applications.

Husband and wife team George and Marlene Bachand are biological engineers with a remarkable vision of the future.

The researchers at the Sandia National Laboratories Center for Integrated Nanotechnologies foresee a time when a speck of DNA on a piece of paper the size of a millimeter could securely store the entire anthology of Shakespeare’s works.

George Bachand says the first practical applications for DNA-based storage are for long-term archival purposes. Potentially, such a product could securely store records for the National Archives, government personnel records, research findings at the national labs, or other sensitive classified information.

“Historically, the national laboratories and the US government have a lot of highly secure information that they need to store long-term,” Bachand explains. “I see this as a potentially robust way of storing classified information in the future to preserve it for multiple generations.” 

Crypto, Synthetic DNA, and The Bard

The Bachands' project, Synthetic DNA for Highly Secure Information Storage and Transmission, was inspired when researchers at the European Bioinformatics Institute recorded all of Shakespeare’s sonnets into 2.5 million base pairs of DNA – about half the genome of the tiny E. coli bacterium. Bachand says using this method, the researchers could theoretically store 2.2 petabytes of information in one gram of DNA. That’s 200 times the printed material at the Library of Congress.

Bachand adds that unlike digital forms of storage, DNA never becomes obsolete.

“Hard drives fail and very often the data can’t be recovered,” explains Bachand. “With DNA, it’s possible to recover strands that are 10,000 to 20,000 years old.”

There’s another reason why DNA is more secure. DNA consists of four chemically different building blocks, or bases, commonly referred to by their one-letter abbreviations: A, C, G, and T. All life on Earth stores genetic information in DNA, which is read in groups of three making 64 possible triplet codons, or sequences (think 4 to the 3rd power).

So given that spaces make up on average 15- to 20% of the characters in a text document, instead of using AAA for a “space” in the text, an encryption key could specify that TAG, TAA and TGA is the code for a space while GAA and CTC could be code for the “Letter E.”  By reducing the amount of repetition--in other words, reducing the AAA’s--it makes DNA synthesizing run more smoothly. As an added bonus, reducing the repetition also makes brute-force hacking much more difficult.

The team’s first test came about 18 months ago with a 180-word tweet. The goal was to turn text to DNA, encrypt it using a unique translation key, and then turn the DNA back to text.

How-To

Here’s how it’s done: Using a computer algorithm, the team encrypts a message into a sequence of DNA. They then chemically synthesize the DNA. The DNA is read via DNA sequencing and translated and decoded using the same computer algorithm.

Upon succeeding with the tweet, last fall the team encoded an abridged version of a letter written by former President Harry Truman into DNA. They then spotted the DNA onto a Sandia Labs letterhead and mailed it, along with a conventional letter, around the country. After the letter’s cross-country trip, the Bachands extracted the DNA out of the paper, sequenced the DNA and decoded the message in about 24 hours at a cost of $45.

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada July 30 through Aug. 4, 2016. Click for information on the conference schedule and to register.

Therein lies the rub. While storage costs are cheap and there are many new biotech companies doing DNA sequencing, it can take four to six weeks to make a DNA sequence. Bachand says synthesizing just 3,000 characters can cost up to $5,000.

But its potential is dramatic:  Instead of needing a 15,000 square-foot building to store 35,000 boxes of inactive records and archival documents, Sandia National Laboratories can potentially store information on much less paper, in powder form, in test tubes or petri dishes, or even as a bacterial cell.

“It sounds funny, but even if someone sneezes and the powder is lost, it’s possible to recover all the information by just recovering one DNA molecule,” Bachand explains.

Related Content:

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ChristopherJames
50%
50%
ChristopherJames,
User Rank: Apprentice
6/29/2018 | 3:16:11 AM
Re: Hi
It is amazing what technology has evolved into today in this 21st century we are living in currently. Data storage is an asset not only to individuals but especially to businesses as well. Technology has risen to a level that will enable people to own data storage that is basically unlimited using their very own DNA. That is most certainly a breakthrough in this sector but what consumers need to know is how much it will eventually cost.
Row3n
50%
50%
Row3n,
User Rank: Strategist
1/6/2017 | 2:15:33 AM
Hi
This sounds like some seriously futuristic stuff. The stuff that movies are made up of when you have a cyborg who is just pure information and value to a company or something. When the finance companies and businesses of the world start getting into this sort of thing, I'd start getting scared, wouldn't you?
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-6705
PUBLISHED: 2018-12-12
Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.
CVE-2018-15717
PUBLISHED: 2018-12-12
Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes.
CVE-2018-15718
PUBLISHED: 2018-12-12
Open Dental before version 18.4 transmits the entire user database over the network when a remote unathenticated user accesses the command prompt. This allows the attacker to gain access to usernames, password hashes, privilege levels, and more.
CVE-2018-15719
PUBLISHED: 2018-12-12
Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all database information.
CVE-2018-6704
PUBLISHED: 2018-12-12
Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.