Physically Unclonable Functions with Confidential Computing for Enhanced Encryption of EHRs

Continual exploitation of Electronic Health Records (EHRs) has led to increasing amounts of ransomware and identity theft in recent years. Existing cryptosystems protecting these EHRs are weak due to their inherently transparent software that allows adversaries to extract encryption keys with relative ease. I designed a novel cryptosystem that employs Physically Unclonable Functions (PUFs) to securely encrypt user EHRs in a protected SGX enclave. The CPU-attached PUF provides a secret, device-unique value or a ‘digital fingerprint’ which is used to derive a symmetric key for subsequent AES-NI hardware encryption. Since the cryptographic operations, from key derivation to encryption, transpire in a confidential SGX enclave, the keys are always protected from OS-privileged attacks- a capability lacking in most existing systems. I used my system APIs to evaluate the performance of various hash and encryption schemes across multiple EHR block sizes. SHA512 and AES-NI-256-GCM were selected for cryptosystem implementation because they demonstrated high performance without compromising on security.