Physically Unclonable Functions with Confidential Computing for Enhanced
Encryption of EHRs
Abstract
Continual exploitation of Electronic Health Records (EHRs) has led to
increasing amounts of ransomware and identity theft in recent years.
Existing cryptosystems protecting these EHRs are weak due to their
inherently transparent software that allows adversaries to extract
encryption keys with relative ease. I designed a novel cryptosystem that
employs Physically Unclonable Functions (PUFs) to securely encrypt user
EHRs in a protected SGX enclave. The CPU-attached PUF provides a secret,
device-unique value or a ‘digital fingerprint’ which is used to derive a
symmetric key for subsequent AES-NI hardware encryption. Since the
cryptographic operations, from key derivation to encryption, transpire
in a confidential SGX enclave, the keys are always protected from
OS-privileged attacks- a capability lacking in most existing systems. I
used my system APIs to evaluate the performance of various hash and
encryption schemes across multiple EHR block sizes. SHA512 and
AES-NI-256-GCM were selected for cryptosystem implementation because
they demonstrated high performance without compromising on security.