中文大學生命科學學院 Bioencryption project – Just storage, no encryption?

It was interesting to read about a team of students and their advisors from CUHK School of Life Sciences won gold with their bioencryption project (see more news) at the International Genetically Engineered Machine (iGEM) 2010 competition organized by the Massachusetts Institute of Technology (MIT).

While the team has certainly made some interesting progress, security technologist and author Bruce Schneier has questions about the team’s “bioencryption” claims (emphasis),

Why can’t bacteria be hacked? If the storage system is attached to a network, it’s just as vulnerable as anything else attached to a network. And if it’s disconnected from any network, then it’s just as secure as anything else disconnected from a network. The problem the U.S. diplomats had was authorized access to the WikiLeaks cables by someone who decided to leak them. No cryptography helps against that.

And Bruce even started his article with, “The article talks about how secure it is, and the students even coined the term “bioencryption,” but I don’t see any encryption. It’s just storage.

I can’t find a full technical paper to read but after reading the above press reports and the team’s iGEM project description, project principle, and project results, I have to say, like Bruce, I also don’t see any encryption and it looks like just storage to me.

And reading scientist’s quotes like the following in popular press,

Bacteria can’t be hacked. All kinds of computers are vulnerable to electrical failures or data theft. But bacteria are immune from cyber attacks. You can safeguard the information.

just don’t exactly give me confidence that the scientist fully appreciate/understand computer security/cryptography.

I don’t mean to be too critical of some of the CUHK team’s achievements. I think they have done well. At the same time, I think it is very important for serious scientists to know the limits of their scientific claims and don’t overextend without proper justified support.

Of course, I might be wrong, and it will be wonderful if someone can explain to me what I missed so that I can learn and understand. If I am mistaken, it will be my pleasure to correct this article.

July 19, 2011 update:Here are some more info about Bruce from info security, “Interview: BT’s Bruce Schneier – BT’s Bruce Schneier has made a reputation for himself by exploring the unconventional sides of security. Drew Amorosi sat down with this industry luminary to gain a greater understanding of the man and, briefly, dive into the mind and life that is Bruce Schneier…

10 Responses to 中文大學生命科學學院 Bioencryption project – Just storage, no encryption?

  1. site-specific recombination says:

    Please take a look at the site-specific recombination mechanism, and then you will understand how the encryption works~

  2. kempton says:

    Sorry, to be honest, your comment wasn’t useful nor helpful at all.

    I tried to understand the thing in Jan 2011 when I wrote this entry based on what I read in the CU stuff and what Bruce wrote here,
    http://www.schneier.com/blog/archives/2011/01/bioencryption.html

    Again, I take security expert Bruce Schneier’s critique seriously as many people have. Have a read of his credential,
    http://www.schneier.com/about.html

    Again, I am not saying Bruce can’t be wrong, but he did write a best seller about crypto.

  3. site-specific recombination says:

    their construct is similar to that.

  4. kempton says:

    Again, my concern is where is the crypto? Storage maybe. But crypto, I didn’t see crypto then and I don’t have time to investigate more on the 2000 nih article you link to.

    Storage may be cool in itself. But what intrigues me (and I think Bruce) is the crypto stuff. And that, as I did spend some time in Jan 2011, I saw none.

    Do you know cryptography?

    While I am no expert but I did read and own a copy of Applied Cryptography (Bruce’s classic text) because I thought it was cool to learn about it (and not just bs about it).

  5. site-specific recombination says:

    The encryption is basically done by the cell during the recombination process. If you don’t understand the paper, then it’s difficult for me to explain to you also. To understand it, you might need to grab some biological knowledge on that by wiki the recombination or site specific recombination.

  6. site-specific recombination says:

    besides, you dont need any cryptographic knowledge to understand it. once you understand some biological stuffs, a high school student will know how it works. and finally, trust me, the committee at MIT are not idiots for sure, lol

  7. kempton says:

    Few points:

    *) I don’t usually allow anonymous comments for this kind of lengthy multi-comments. I have limited respect for people who are not willing to give their first name and stand by their comments. But I’ve made an exception here.

    *) I think your last comment shows a symptom of the problem. “you dont need any cryptographic knowledge to understand it.” Huh? Really?

    Again, the bio stuff may be cool. But my focus here and Bruce’s focus was mainly about the crypto claim. Are there any encryption? Is the encryption any good? etc etc.

    Because I don’t know how many of them are crypto experts, I can’t comment on whether “the committee at MIT are not idiots” or not. But with respect to crypto, I think Bruce’s knowledge is internationally respected, including at MIT.

    Please, if you like to further comment, at least use your first name (or may be link to your website). I am a bit sick of dealing with anonymous comments here. I hope you are not too offended but I try to be as respectful to you as I can.

  8. site-specific recombination says:

    Do you have any basic idea about what recombination is? If not, any further discussion will be meaningless, and I strongly doubt whether you and the expert Bruce do. Bruce totally doesnt understand how their system works. he thinks that they need to encode the information before putting them into the bacteria, which is NOT THE CASE! I’ve already told you that it is the cell that does the encryption by recombination. I wonder if you have paid any attention to what I wrote.

    So I suggest you learn a little bit more about it before further discussion. Or you can take some fundmental course on it. I’ve tried my best to give you the information and suggestion on this topic, but you are just unwilling to study on them. Then I cannot help.

    *science is science, no matter who you are and whether you leave your name or not. After the igem competition, a lot of people are interested in it, and asked them for the source code to carry on the research, and I’m one of them(is that sufficient?). I tried to use the name “site-specific recombination” to draw you attention on its principle a little bit, but I think I totally failed. If you feel sick about it, sorry that there’s nothing i can do about it. To be frank, I’m also sick about the erroneous comment of layman on synthetic biology, but I’ve already made my best effort to respect and explain.

  9. kempton says:

    I let you, who shall remain anonymous, have the last words on this. I hope your comments/discussions are useful for someone.

%d bloggers like this: