ESIR (Encrypted Storage of Imaged Records) v 0.0.1.0 available

["Faigle, Chris" <cfaigle () RICHMOND EDU>]

Hi.

        I am releasing ESIR (Encrypted Storage for Imaged Records)
version 0.0.1.0 with full source under GPL:

Download: http://is.richmond.edu/techsupport/security/Downloads.htm
Documentation:
http://is.richmond.edu/techsupport/security/download/ESIR.doc


        This Java application takes records (medical, transcripts, etc)
that are imaged (multi-page tiffs) onto CD's by a vendor and produces
file-encrypted versions onto new CDs, secured by LDAP authorization and
the splitting of the (128-bit) AES key for each file into three parts:
in the code, database and LDAP server.

        This allows the original CDs to be very securely stored
(off-site vault) with only the encrypted versions in use.  The encrypted
CD's should still be physically protected.

        ESIR is written 100% in Java, however it is specific to the
Windows platform (for folder creation and database it execs commands and
uses the Microsoft Office Image viewer for viewing decrypted TIFF
files), although this could be modified.  It uses the standard
javax.crypto package, wrapped by the AESCrypt package and uses MySQL for
its database.

        Each stand-alone ESIR machine has its network connection limited
to only a single connection to our LDAP server and port. Login is only
local as is printing.

        During encryption, ESIR reads the data from CD-R and writes to
CD-RW. During decryption, it writes onto a RAM drive.  Further, paging
is disabled. Given all these, no decrypted data should ever make it to
the hard drive.
 
        It was developed to the CD format in which the vendor delivers,
but this should be fairly easily modifiable to other formats.

        Following are the intro notes from the documentation.

        Bug-reports, comments and suggestions off-line please.

Best,
Chris Faigle
IS Security
University of Richmond


Issues:

Please e-mail cfaigle () richmond edu with bugs, comments or modifications.

URLs:

Download Package:
http://is.richmond.edu/techsupport/security/Downloads.htm
Test Server:   No test server is available.
This Document:
http://is.richmond.edu/techsupport/security/download/ESIR.doc
REQUIRED:          AESCrypt - Needed to run and is available on the
download site above. Place the AESCrypt.jar file from the dist folder
into your jre/lib/ext folder.

Background:

        This project is designed to securely store imaged records, such
as medical image or transcripts.  This data is currently in paper format
and will be imaged by a vendor.  These images will be delivered on CD in
a single folder with an Access database, indexing a set of un-encrypted
multi-page TIFF files.

        Since these unencrypted TIFF files contain HIPPA (medical
records) and/or FERPA (transcript records) data, they are therefore too
valuable/dangerous to be kept locally, but instead must be kept in very
secure storage and never accessed.

        This project allows (LDAP) authenticated and group authorized
users to create new CDs with encrypted versions of the files on these
CDs using AES 128 bit encryption.  A unique key part is generated for
each file and is stored along with the imported index information.  This
key part is combined with a key in the code and a key from the LDAP
server unique for the database when encrypting and decrypting.

        These CDs can then be stored and retrieved securely locally
using physical security methods.  Separately an (LDAP) authenticated and
authorized user can search the database, insert the appropriate (now
file-encrypted) CD and then view or print the records.  A successful
attacker would need the CD's, machine and the key part from LDAP to
decrypt the files.