bbRad security

(Difference between revisions)
Jump to: navigation, search
Line 1: Line 1:
 
[[Category:Distributor]]
 
[[Category:Distributor]]
 
[[Category:GPG]]
 
[[Category:GPG]]
 +
 +
== bbRad Security and encryption details ==
 +
 +
Note: This page describes security details of bbRad for technical readers.
 +
For our Information Governance and Security Compliance Statement please see here.
  
 
=== Security of data in transit ===
 
=== Security of data in transit ===
Line 11: Line 16:
  
 
* AES-256 encryption
 
* AES-256 encryption
 +
* SSL/TLS connections
  
All data - metadata as well as patient data such as images, reports, memos, attached files, requests etc - is encrypted using public key cryptography.
+
All data - metadata as well as patient data such as images, reports, memos, attached files, requests etc - is first encrypted on the Gateway or Serverless, using public key cryptography. The patient data (ie images, reports, memos, attachments, requests) are encrypted to the recipient's public key. The corresponding private key is held on the bbRad Gateway itself. Only the meta-data is encrypted to bbRad's public key. The metadata has routing information telling our system where to send the encrypted payload.
 
+
The patient data (ie images, reports, memos, attachments, requests) are encrypted to the recipient's public key. The corresponding private key is held on the bbRad Gateway itself.  
+
 
+
Only the meta-data is encrypted to bbRad's public key. The metadata has routing information telling our system where to send the encrypted payload.
+
 
+
This means that all patient data is encrypted end-to-end in bbRad  it is not decrypted until safely on the recipient hospital's network - not even within our secure bbRad.net data centre.
+
 
+
bbRad uses RSA keys with 2048 bit key-lengths. The keys also indicate which symmetric encryption algorithm to use - so far always AES. By default we create all Gateways keypairs to require the military-strength algorithm called AES-256 when data is encrypted to their public key.
+
 
+
This architecture means that it is easy for bbRad to upgrade encryption by simply means that it is trivial to upgrade encryption
+
  
 +
This means that all patient data enjoys end-to-end encryption. Patient data is not decrypted until safely on the recipient hospital's network, or in the case of gateway to Serverless transfers, on the recipient bbRad Serverless infrastructure.
  
 +
bbRad uses RSA keys with 2048 bit key-lengths. The keys also indicate which symmetric encryption algorithm to use - so far always AES. By default we create all Gateways keys to require the military-strength algorithm called AES-256 when data is encrypted to that public key. In addition we never do '[https://security.stackexchange.com/questions/18197/why-shouldnt-we-roll-our-own roll your own]' cryptography. Within bbRad, cryptographic operations are performed by OS calls to [https://en.wikipedia.org/wiki/GNU_Privacy_Guard GPG], an open source implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). As as a result of using out-of-process calls to the GPG executable, possible security problems in the application do not propagate to the actual crypto code, due to the process barrier.
  
 +
Furthermore, this architecture future-proofs bbRad because it is easy to upgrade your encryption without even needing to change bbRad. For example if a flaw were found in AES256, we or a hospital's IT department can rapidly upgrade GPG on the Gateway server, and/or we can re-generate and replace encryption keys and corresponding signatures. No new bbRad version is needed.
  
 +
The transfer protocol used is Secure FTP, using the latest Secure FTP protocol called  [http://www.enterprisedt.com/products/edtftpjssl/doc/manual/index.html Explicit FTPS], also known as FTP over SSL/TLS.  This means that hospitals do not need to make any firewall rule changes beyond enabling FTP. Hospitals can also double-encrypt data by setting [[bbRad Admin Console - Setting up Secure FTP|an option]] to use Secure FTP for the FTP data channel. This is appropriate for countries or and policies that specifically mandate SSL/TLS.
  
The transfer is done using Secure FTP - bbRad uses the latest Secure FTP protocol called  [http://www.enterprisedt.com/products/edtftpjssl/doc/manual/index.html Explicit FTPS], also known as FTP over SSL/TLS.  This means that hospitals do not need to make any firewall rule changes beyond enabling FTP. As at [[bbRad Version 2.13]], only the Control Channel is encrypted, but an [[Setting FTP over SSL/TLS|option]] to also encrypt of the Data Channel is scheduled for [[bbRad Version 2.14]].
+
Within the hospital LAN, all communications from the client in the Radiology department to the bbRad gateway are also encrypted using SSL/TLS.

Revision as of 18:07, 10 April 2016


bbRad Security and encryption details 

Note: This page describes security details of bbRad for technical readers.
For our Information Governance and Security Compliance Statement please see here.

Security of data in transit

bbRad has always strong-encrypted all data. This page gives details of the encryption used.

Encryption between bbRad Gateways, including Gateway<->Serverless

bbRad conforms to the highest standards of security, including those required by the NHS, namely

  • AES-256 encryption
  • SSL/TLS connections

All data - metadata as well as patient data such as images, reports, memos, attached files, requests etc - is first encrypted on the Gateway or Serverless, using public key cryptography. The patient data (ie images, reports, memos, attachments, requests) are encrypted to the recipient's public key. The corresponding private key is held on the bbRad Gateway itself. Only the meta-data is encrypted to bbRad's public key. The metadata has routing information telling our system where to send the encrypted payload.

This means that all patient data enjoys end-to-end encryption. Patient data is not decrypted until safely on the recipient hospital's network, or in the case of gateway to Serverless transfers, on the recipient bbRad Serverless infrastructure.

bbRad uses RSA keys with 2048 bit key-lengths. The keys also indicate which symmetric encryption algorithm to use - so far always AES. By default we create all Gateways keys to require the military-strength algorithm called AES-256 when data is encrypted to that public key. In addition we never do 'roll your own' cryptography. Within bbRad, cryptographic operations are performed by OS calls to GPG, an open source implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). As as a result of using out-of-process calls to the GPG executable, possible security problems in the application do not propagate to the actual crypto code, due to the process barrier.

Furthermore, this architecture future-proofs bbRad because it is easy to upgrade your encryption without even needing to change bbRad. For example if a flaw were found in AES256, we or a hospital's IT department can rapidly upgrade GPG on the Gateway server, and/or we can re-generate and replace encryption keys and corresponding signatures. No new bbRad version is needed.

The transfer protocol used is Secure FTP, using the latest Secure FTP protocol called Explicit FTPS, also known as FTP over SSL/TLS. This means that hospitals do not need to make any firewall rule changes beyond enabling FTP. Hospitals can also double-encrypt data by setting an option to use Secure FTP for the FTP data channel. This is appropriate for countries or and policies that specifically mandate SSL/TLS.

Within the hospital LAN, all communications from the client in the Radiology department to the bbRad gateway are also encrypted using SSL/TLS.

Retrieved from ‘https://cypherit.co.uk/wiki/index.php?title=bbRad_security&oldid=3194
Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox