Fingerprint Based Approach to avoid Data Exfiltration in Healthcare Applications

Abstract

In the past few years, the PUFs are used for authentication in different IoT devices. Data exfiltration is common among different android applications and results in severe damage to individuals as well as organizations. This thesis describes the implementation of generating strong encryption keys for data at runtime. As we all know that mobile devices are computationally less strong and are not feasible to create a strong key for encryption. Our implementation uses mobile device fingerprints such as PUFs to generate strong symmetric key along with other user unique attributes to encrypt the documents. In this research we only target the healthcare applications as malicious actors are targeting this industry to get benefits. Healthcare applications are quite vulnerable for decades as the malicious actors are targeting vulnerabilities in mobile applications to retrieve sensitive data. The documents or images contains ePHI (electronic Protected healthcare information) and PII (Personally Identifiable Information) which can be used malicious application to threat or kill a person. Our Research focused on implementation advance security features for android application in order to mitigate these types of attacks. The thesis purely focused on the security of mobile application of healthcare organizations. As mobile devices are computationally weak and cannot generate strong encryption key with high entropy, so we used in built features of device to generate strong encryption key at runtime to encrypt user sensitive data in order to mitigate data exfiltration. The research completely focusses on generating strong encryption key by using Physically Unclonable functions like gyroscope, accelerometer or magnetometer values to generate symmetric key for encrypting user documents or labs and radiology images and reports.