Educause Security Discussion mailing list archives
ESIR (Encrypted Storage of Imaged Records) v 0.0.1.0 available
From: "Faigle, Chris" <cfaigle () RICHMOND EDU>
Date: Mon, 14 Nov 2005 13:41:56 -0500
Hi. I am releasing ESIR (Encrypted Storage for Imaged Records) version 0.0.1.0 with full source under GPL: Download: http://is.richmond.edu/techsupport/security/Downloads.htm Documentation: http://is.richmond.edu/techsupport/security/download/ESIR.doc This Java application takes records (medical, transcripts, etc) that are imaged (multi-page tiffs) onto CD's by a vendor and produces file-encrypted versions onto new CDs, secured by LDAP authorization and the splitting of the (128-bit) AES key for each file into three parts: in the code, database and LDAP server. This allows the original CDs to be very securely stored (off-site vault) with only the encrypted versions in use. The encrypted CD's should still be physically protected. ESIR is written 100% in Java, however it is specific to the Windows platform (for folder creation and database it execs commands and uses the Microsoft Office Image viewer for viewing decrypted TIFF files), although this could be modified. It uses the standard javax.crypto package, wrapped by the AESCrypt package and uses MySQL for its database. Each stand-alone ESIR machine has its network connection limited to only a single connection to our LDAP server and port. Login is only local as is printing. During encryption, ESIR reads the data from CD-R and writes to CD-RW. During decryption, it writes onto a RAM drive. Further, paging is disabled. Given all these, no decrypted data should ever make it to the hard drive. It was developed to the CD format in which the vendor delivers, but this should be fairly easily modifiable to other formats. Following are the intro notes from the documentation. Bug-reports, comments and suggestions off-line please. Best, Chris Faigle IS Security University of Richmond Issues: Please e-mail cfaigle () richmond edu with bugs, comments or modifications. URLs: Download Package: http://is.richmond.edu/techsupport/security/Downloads.htm Test Server: No test server is available. This Document: http://is.richmond.edu/techsupport/security/download/ESIR.doc REQUIRED: AESCrypt - Needed to run and is available on the download site above. Place the AESCrypt.jar file from the dist folder into your jre/lib/ext folder. Background: This project is designed to securely store imaged records, such as medical image or transcripts. This data is currently in paper format and will be imaged by a vendor. These images will be delivered on CD in a single folder with an Access database, indexing a set of un-encrypted multi-page TIFF files. Since these unencrypted TIFF files contain HIPPA (medical records) and/or FERPA (transcript records) data, they are therefore too valuable/dangerous to be kept locally, but instead must be kept in very secure storage and never accessed. This project allows (LDAP) authenticated and group authorized users to create new CDs with encrypted versions of the files on these CDs using AES 128 bit encryption. A unique key part is generated for each file and is stored along with the imported index information. This key part is combined with a key in the code and a key from the LDAP server unique for the database when encrypting and decrypting. These CDs can then be stored and retrieved securely locally using physical security methods. Separately an (LDAP) authenticated and authorized user can search the database, insert the appropriate (now file-encrypted) CD and then view or print the records. A successful attacker would need the CD's, machine and the key part from LDAP to decrypt the files.
Current thread:
- ESIR (Encrypted Storage of Imaged Records) v 0.0.1.0 available Faigle, Chris (Nov 14)