bbRad security
(→bbRad Security and encryption details) |
|||
| Line 2: | Line 2: | ||
[[Category:GPG]] | [[Category:GPG]] | ||
| − | == bbRad | + | == bbRad and ShareMyXray Security Details == |
| − | Note: This page describes security details of bbRad for technical readers. | + | Note: This page describes security details of bbRad Gateways and the ShareMyXray portal for technical readers. |
For our Information Governance and Security Compliance Statement please see our [http://cypherit.co.uk/information-governance-and-security-compliance-statement/ Security statement]. | For our Information Governance and Security Compliance Statement please see our [http://cypherit.co.uk/information-governance-and-security-compliance-statement/ Security statement]. | ||
| Line 11: | Line 11: | ||
bbRad has always strong-encrypted all data. This page gives details of the encryption used. | bbRad has always strong-encrypted all data. This page gives details of the encryption used. | ||
| − | ==== Encryption when using | + | ==== Encryption in transit when using ShareMyXray ==== |
| − | bbRad uses Transport Layer Security (TLS) encryption (also known as HTTPS) for all transmitted data. This means that ''all'' data - metadata as well as patient data such as images, reports, memos, attached files, requests etc - is sent across an encrypted TLS channel when you're communicating with | + | bbRad uses Transport Layer Security (TLS) encryption (also known as HTTPS) for all transmitted data. This means that ''all'' data - metadata as well as patient data such as images, reports, memos, attached files, requests etc - is sent across an encrypted TLS channel when you're communicating with ShareMyXray. |
SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are mechanisms for safely transmitting data. On the web, SSL and TLS try to do two things: | SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are mechanisms for safely transmitting data. On the web, SSL and TLS try to do two things: | ||
| Line 24: | Line 24: | ||
HTTPS (Hypertext Transfer Protocol Secure) is the combination of SSL/TLS and HTTP to secure communications between the browser and the server. | HTTPS (Hypertext Transfer Protocol Secure) is the combination of SSL/TLS and HTTP to secure communications between the browser and the server. | ||
| + | ==== Encryption at rest when using ShareMyXray ==== | ||
| − | ==== Encryption between bbRad Gateways | + | The ShareMyXray Portal enforces BitLocker whole disk encryption, ensuring AES256 encryption of the entire system, including all saved files, the database, pipes/temporary files, and paging/swapfiles. |
| + | |||
| + | ==== Encryption between bbRad Gateways, including Gateway<->ShareMyXray) ==== | ||
bbRad conforms to the highest standards of security, including those required by the NHS, namely | bbRad conforms to the highest standards of security, including those required by the NHS, namely | ||
* AES-256 encryption | * AES-256 encryption | ||
| − | * | + | * TLS1.2 connections |
| − | All data - metadata as well as patient data such as images, reports, memos, attached files, requests etc - is first encrypted on the Gateway or | + | All data - metadata as well as patient data such as images, reports, memos, attached files, requests etc - is first encrypted on the Gateway or ShareMyXray, using public key cryptography. The patient data (ie images, reports, memos, attachments, requests) are encrypted to the recipient's public key. The corresponding private key is held on the bbRad Gateway itself. Only the meta-data is encrypted to bbRad's public key. The metadata has routing information telling our system where to send the encrypted payload. |
| − | This means that all patient data enjoys end-to-end encryption. Patient data is not decrypted until safely on the recipient hospital's network, or in the case of gateway to | + | This means that all patient data enjoys end-to-end encryption. Patient data is not decrypted until safely on the recipient hospital's network, or in the case of gateway to ShareMyXray transfers, on the secure ShareMyXray Portal. |
bbRad uses RSA keys with 2048 bit key-lengths. The keys also indicate which symmetric encryption algorithm to use - so far always AES. By default we create all Gateways keys to require the military-strength algorithm called AES-256 when data is encrypted to that public key. In addition we never do '[https://security.stackexchange.com/questions/18197/why-shouldnt-we-roll-our-own roll your own]' cryptography (see also [Bruce Schneier article]). Within bbRad, cryptographic operations are performed by OS calls to [https://en.wikipedia.org/wiki/GNU_Privacy_Guard GPG], an open source implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). As as a result of using out-of-process calls to the GPG executable, possible security problems in the application do not propagate to the actual crypto code, due to the process barrier. | bbRad uses RSA keys with 2048 bit key-lengths. The keys also indicate which symmetric encryption algorithm to use - so far always AES. By default we create all Gateways keys to require the military-strength algorithm called AES-256 when data is encrypted to that public key. In addition we never do '[https://security.stackexchange.com/questions/18197/why-shouldnt-we-roll-our-own roll your own]' cryptography (see also [Bruce Schneier article]). Within bbRad, cryptographic operations are performed by OS calls to [https://en.wikipedia.org/wiki/GNU_Privacy_Guard GPG], an open source implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). As as a result of using out-of-process calls to the GPG executable, possible security problems in the application do not propagate to the actual crypto code, due to the process barrier. | ||
| Line 40: | Line 43: | ||
Furthermore, this architecture future-proofs bbRad because it is easy to upgrade your encryption without even needing to change bbRad. For example if a flaw were found in AES256, we or a hospital's IT department can rapidly upgrade GPG on the Gateway server, and/or we can re-generate and replace encryption keys and corresponding signatures. No new bbRad version is needed. | Furthermore, this architecture future-proofs bbRad because it is easy to upgrade your encryption without even needing to change bbRad. For example if a flaw were found in AES256, we or a hospital's IT department can rapidly upgrade GPG on the Gateway server, and/or we can re-generate and replace encryption keys and corresponding signatures. No new bbRad version is needed. | ||
| − | The | + | The FTP protocol used is Secure FTP called [http://www.enterprisedt.com/products/edtftpjssl/doc/manual/index.html Explicit FTPS], also known as Explicit FTP over TLS. The current version of bbRad enforces TLS1.2; TLS1.3 will be supporting in future versions. This means that hospitals do not need to make any firewall rule changes beyond enabling outbound FTP (no inbound FTP is needed). |
| − | Within the hospital LAN, all communications from the client in the Radiology department to the bbRad gateway are also encrypted using | + | Within the hospital LAN, all communications from the bbRad client in the Radiology department to the bbRad gateway are also encrypted using TLS. |
Revision as of 14:55, 29 October 2018
Contents |
Note: This page describes security details of bbRad Gateways and the ShareMyXray portal for technical readers. For our Information Governance and Security Compliance Statement please see our Security statement.
Security of data
bbRad has always strong-encrypted all data. This page gives details of the encryption used.
bbRad uses Transport Layer Security (TLS) encryption (also known as HTTPS) for all transmitted data. This means that all data - metadata as well as patient data such as images, reports, memos, attached files, requests etc - is sent across an encrypted TLS channel when you're communicating with ShareMyXray.
SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are mechanisms for safely transmitting data. On the web, SSL and TLS try to do two things:
- Encrypt and verify the integrity of traffic between the browser and the server.
- Verify the browser is talking to the correct server.
Whilst the SSL protocol is both outdated and insecure, and has since been replaced by TLS, the term "SSL" continues to be colloquially used, referring to a general mechanism for protecting transmitted data.
HTTPS (Hypertext Transfer Protocol Secure) is the combination of SSL/TLS and HTTP to secure communications between the browser and the server.
The ShareMyXray Portal enforces BitLocker whole disk encryption, ensuring AES256 encryption of the entire system, including all saved files, the database, pipes/temporary files, and paging/swapfiles.
bbRad conforms to the highest standards of security, including those required by the NHS, namely
- AES-256 encryption
- TLS1.2 connections
All data - metadata as well as patient data such as images, reports, memos, attached files, requests etc - is first encrypted on the Gateway or ShareMyXray, using public key cryptography. The patient data (ie images, reports, memos, attachments, requests) are encrypted to the recipient's public key. The corresponding private key is held on the bbRad Gateway itself. Only the meta-data is encrypted to bbRad's public key. The metadata has routing information telling our system where to send the encrypted payload.
This means that all patient data enjoys end-to-end encryption. Patient data is not decrypted until safely on the recipient hospital's network, or in the case of gateway to ShareMyXray transfers, on the secure ShareMyXray Portal.
bbRad uses RSA keys with 2048 bit key-lengths. The keys also indicate which symmetric encryption algorithm to use - so far always AES. By default we create all Gateways keys to require the military-strength algorithm called AES-256 when data is encrypted to that public key. In addition we never do 'roll your own' cryptography (see also [Bruce Schneier article]). Within bbRad, cryptographic operations are performed by OS calls to GPG, an open source implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). As as a result of using out-of-process calls to the GPG executable, possible security problems in the application do not propagate to the actual crypto code, due to the process barrier.
Furthermore, this architecture future-proofs bbRad because it is easy to upgrade your encryption without even needing to change bbRad. For example if a flaw were found in AES256, we or a hospital's IT department can rapidly upgrade GPG on the Gateway server, and/or we can re-generate and replace encryption keys and corresponding signatures. No new bbRad version is needed.
The FTP protocol used is Secure FTP called Explicit FTPS, also known as Explicit FTP over TLS. The current version of bbRad enforces TLS1.2; TLS1.3 will be supporting in future versions. This means that hospitals do not need to make any firewall rule changes beyond enabling outbound FTP (no inbound FTP is needed).
Within the hospital LAN, all communications from the bbRad client in the Radiology department to the bbRad gateway are also encrypted using TLS.
