Security by design of healthcare Network using Intel SGX

Abstract

In the last decade, there has been signicant popularity of the internet of things platforms, and healthcare is not excluded from that. The users share their healthcare data and secrets with servers to perform required analysis on their sensitive information, so they need to protect it. In this regard, there are many security and privacy issues in the transfer, in rest and in use of data during sharing it with analytic systems. These systems are deployed and run on third-party infrastructure, which can not be trusted. Users are required to trust not only the application but also the underlying infrastructure. There is a signicant attack surface for such a third-party. It could be anything from the OS to the system administrator that could be malicious and read or modify the sensitive results of analysis. In this thesis, we study and explore the issues of using the current analytics framework that is deployed on a remote third-party machine. Following that, we designed, developed and evaluated a new healthcare analytics platform that utilizes Intel SGX. Our platform allows users to share and perform sensitive data without having to worry about their data being compromised or modied. Our solution reduces the trust to only the CPU and provides security and privacy guarantees. Therefore, our suggested approach aims to meet a specic set of requirements expected from a secured analytics system, and we describe how this is done while also reducing the trust in the CPU. Our rst research shows that the inclusion of hardware-based root of trust capabilities in the software prototype mitigates many of the inherent security and privacy concerns while having little impact on performance.