Vulnerabilities / Threats

7/14/2016
10:58 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Sandia Labs Researchers Build DNA-Based Encrypted Storage

Researchers at Sandia National Laboratories in New Mexico are experimenting with encrypted DNA storage for archival applications.

Husband and wife team George and Marlene Bachand are biological engineers with a remarkable vision of the future.

The researchers at the Sandia National Laboratories Center for Integrated Nanotechnologies foresee a time when a speck of DNA on a piece of paper the size of a millimeter could securely store the entire anthology of Shakespeare’s works.

George Bachand says the first practical applications for DNA-based storage are for long-term archival purposes. Potentially, such a product could securely store records for the National Archives, government personnel records, research findings at the national labs, or other sensitive classified information.

“Historically, the national laboratories and the US government have a lot of highly secure information that they need to store long-term,” Bachand explains. “I see this as a potentially robust way of storing classified information in the future to preserve it for multiple generations.” 

Crypto, Synthetic DNA, and The Bard

The Bachands' project, Synthetic DNA for Highly Secure Information Storage and Transmission, was inspired when researchers at the European Bioinformatics Institute recorded all of Shakespeare’s sonnets into 2.5 million base pairs of DNA – about half the genome of the tiny E. coli bacterium. Bachand says using this method, the researchers could theoretically store 2.2 petabytes of information in one gram of DNA. That’s 200 times the printed material at the Library of Congress.

Bachand adds that unlike digital forms of storage, DNA never becomes obsolete.

“Hard drives fail and very often the data can’t be recovered,” explains Bachand. “With DNA, it’s possible to recover strands that are 10,000 to 20,000 years old.”

There’s another reason why DNA is more secure. DNA consists of four chemically different building blocks, or bases, commonly referred to by their one-letter abbreviations: A, C, G, and T. All life on Earth stores genetic information in DNA, which is read in groups of three making 64 possible triplet codons, or sequences (think 4 to the 3rd power).

So given that spaces make up on average 15- to 20% of the characters in a text document, instead of using AAA for a “space” in the text, an encryption key could specify that TAG, TAA and TGA is the code for a space while GAA and CTC could be code for the “Letter E.”  By reducing the amount of repetition--in other words, reducing the AAA’s--it makes DNA synthesizing run more smoothly. As an added bonus, reducing the repetition also makes brute-force hacking much more difficult.

The team’s first test came about 18 months ago with a 180-word tweet. The goal was to turn text to DNA, encrypt it using a unique translation key, and then turn the DNA back to text.

How-To

Here’s how it’s done: Using a computer algorithm, the team encrypts a message into a sequence of DNA. They then chemically synthesize the DNA. The DNA is read via DNA sequencing and translated and decoded using the same computer algorithm.

Upon succeeding with the tweet, last fall the team encoded an abridged version of a letter written by former President Harry Truman into DNA. They then spotted the DNA onto a Sandia Labs letterhead and mailed it, along with a conventional letter, around the country. After the letter’s cross-country trip, the Bachands extracted the DNA out of the paper, sequenced the DNA and decoded the message in about 24 hours at a cost of $45.

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada July 30 through Aug. 4, 2016. Click for information on the conference schedule and to register.

Therein lies the rub. While storage costs are cheap and there are many new biotech companies doing DNA sequencing, it can take four to six weeks to make a DNA sequence. Bachand says synthesizing just 3,000 characters can cost up to $5,000.

But its potential is dramatic:  Instead of needing a 15,000 square-foot building to store 35,000 boxes of inactive records and archival documents, Sandia National Laboratories can potentially store information on much less paper, in powder form, in test tubes or petri dishes, or even as a bacterial cell.

“It sounds funny, but even if someone sneezes and the powder is lost, it’s possible to recover all the information by just recovering one DNA molecule,” Bachand explains.

Related Content:

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ChristopherJames
50%
50%
ChristopherJames,
User Rank: Strategist
6/29/2018 | 3:16:11 AM
Re: Hi
It is amazing what technology has evolved into today in this 21st century we are living in currently. Data storage is an asset not only to individuals but especially to businesses as well. Technology has risen to a level that will enable people to own data storage that is basically unlimited using their very own DNA. That is most certainly a breakthrough in this sector but what consumers need to know is how much it will eventually cost.
Row3n
50%
50%
Row3n,
User Rank: Strategist
1/6/2017 | 2:15:33 AM
Hi
This sounds like some seriously futuristic stuff. The stuff that movies are made up of when you have a cyborg who is just pure information and value to a company or something. When the finance companies and businesses of the world start getting into this sort of thing, I'd start getting scared, wouldn't you?
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark Reading,  4/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-11452
PUBLISHED: 2019-04-22
whatsns 4.0 allows index.php?admin_category/remove.html cid[] SQL injection.
CVE-2019-11243
PUBLISHED: 2019-04-22
In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear serv...
CVE-2019-11244
PUBLISHED: 2019-04-22
In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the ...
CVE-2019-11450
PUBLISHED: 2019-04-22
whatsns 4.0 allows index.php?question/ajaxadd.html title SQL injection.
CVE-2019-11451
PUBLISHED: 2019-04-22
whatsns 4.0 allows index.php?inform/add.html qid SQL injection.