The Sharemind miner that performs both storage and calculation has two com-

ponents: the Sharemind server and the NodeJS server. As discussed previously,

the NodeJS server acts as intermediary between the Javascript controller and the

Sharemind server.

For the NodeJS server to be able to securely connect to the Sharemind server, connection using the TLS protocol was used. TLS protocol is a cryptographic protocol that provides Internet security over a computer network [66]. Cybernetica also provided a guide to generating the self-signed cetificates used by the TLS connection.

openssl req -x509 -days 3650 -nodes -newkey rsa:4096 -keyout host_name-private-key -out host_name-public-key -outform der openssl rsa -in host_name-private-key -out host_name-private-key -outform der

The above command-line code is used in creating a public key and a private key for the host identified as host name. The public key is the key provided to connecting parties while the private key is the key used in the TLS handshake by host name.

The configuration where the certificate of the NodeJS is declared, along with the certificate of the Sharemind server the NodeJS will connect to, can be found in the serverX.cfg file of the NodeJS server directory. The identification for both the public and private certificates of the NodeJS server can be set in the PublicKeyFile and PrivateKeyFile keys respectively; while the identification of the Sharemind server public key can be set in the PublicIdentity key of the same configuration file.

[Network]

; Identity information

PublicKeyFile=client-public-key PrivateKeyFile=client-private-key ConnectTimeout=30000

[MinerNode1]

Address=192.168.17.1 Port=30001

PublicIdentity=server1-public-key

;OutgoingTlsPriorities = NONE:+CTYPE-X509:+VERS-TLS1.2

:+AES-256-GCM:+ECDHE-RSA:+AEAD:+ECDHE-RSA:+COMP-NULL

:+SIGN-RSA-SHA512:+CURVE-SECP521R1

Aside from the NodeJS servers connecting to Sharemind and vise versa, the Sharemind servers also use TLS to securely connect to one another. The same key-generation method is used to generate the self-signed certificates used by each server.

The configuration where the certificate of the Sharemind server is identified can be found in the server.cfg file in the server root directory. The identification of the server’s public key in server.cfg can be set in the PublicIdentity key; while the configuration for the identification of the public key for the NodeJS server can be set in the serverX-whitelist file.

[Server 1]

Address = 192.168.17.1 Port = 30001

PublicIdentity = server1-public-key

;OutgoingTlsPriorities = NONE:+CTYPE-X509:+VERS-TLS1.2 :+AES-256-GCM:+ECDHE-RSA:+AEAD:+ECDHE-RSA:+COMP-NULL :+SIGN-RSA-SHA512:+CURVE-SECP521R1

;MaxPayloadSize = 131059 [Server 2]

Address = 192.168.17.2 Port = 30002

PublicIdentity = server2-public-key

;OutgoingTlsPriorities = NONE:+CTYPE-X509:+VERS-TLS1.2 :+AES-256-GCM:+ECDHE-RSA:+AEAD:+ECDHE-RSA:+COMP-NULL :+SIGN-RSA-SHA512:+CURVE-SECP521R1

;MaxPayloadSize = 131059

The OutgoingTlsPriorities key in both configuration files of the NodeJS and the Sharemind servers (i.e. client host) broadcasts to the specified server (i.e. server host) the priority of the TLS versions the client host can use. The configuration that sets the TLS versions supported by the server is identified by the IncomingTlsPriorities key found in the server host’s configuration file.

Both the OutgoingTlsPriorities and the IncomingTlsPriorities are used in determining the best version of TLS the connecting parties can use [67].

; The default TLS priorities for incoming connections

;IncomingTlsPriorities = NONE:+CTYPE-X509:+VERS-TLS1.2

:+AES-256-GCM:+ECDHE-RSA:+AEAD:+ECDHE-RSA:+COMP-NULL

:+SIGN-RSA-SHA512:+CURVE-SECP521R1

In relation to network connections, the current implementation for the Share-

mind servers can only accept a single connection at a given time; thus, different

process executions by multiple connections at a particular time will only return an

error to the incoming connections once the first connection is established. More-

over, the first connection will still execute its current process.

VII. Conclusions

The genomic risk coefficient calculator was able to preserve the privacy of both the medical unit’s patient variants and the research group’s disease markers by using Sharemind in implementing secure multiparty computation for disease sus- ceptibility testing.

The system was able to store the patient variants and the disease markers without having to depend on any entity aside from the browser – where they access the system, send their data directly to the NodeJS servers of the Sharmeind miners, retrieve the risk result directly, and generate a browser-based PDF report for the result.

The system was also able to calculate the risk coefficient of the patient among the three Sharemind miners, including the calculation of the y-intercept of the regression line used in the additive model that calculates the overall genomic risk coefficient.

Overall, the system was able to fulfill its principal objective: to create a pivacy-

preserving, web-based genomic disease susceptibility testing which protects the

privacy of the medical unit’s patient variants and the research group’s disease

markers.

VIII. Recommendations

The genomic disease risk calculator presented in this paper fulfills the fundamental requirements of preserving the privacy of the input data and the computation.

However, a lot is yet to be improved in order to prepare the system for real life usage.

A. Patient variant browser processing

The current patient variant upload mechanism of the system can only smoothly

handle variants with magnitute below 30, 000. Variants higher than 30, 000 causes

the browser to alert of a continuously-running script, which indicates the ongoing

parsing of the uploaded VCF file in the browser. It is therefore recommended that

a more optimal way of uploading and parsing the VCF file of the patient in the

browser is created so that the browser can still perform other Javascript functions

while still running the file parser (i.e. delve into the possible use of multi-threaded

Javascript).