Question

Document Encryption At Rest - How To

2

Mendix community, My app contains document images (received via fax). It also contains documents generated by the app using the PDF document generator. These images and documents contain protected health information regarding hospital patients that needs to be protected in case of a security breach. Has anyone encrypted System.FileDocument or System.Image objects inside of a Mendix app while they are stored? I know that these documents are secure while in transit due to the use of https, I am concerned about encryption when they are stored inside of the app. Thanks, Mike

asked 2015-02-06

Mike Kumpf

2 answers

Sebastiaan van den Broek · Answer 1 · 2015-02-06

If you can decrypt something in the app then there's no way to make this watertight, it's a fundamental problem of encryption.

The way that some applicaitons do this when it's absolutely imperative that the server cannot decrypt anything is that they encrypt something client-side and store only the encrypted version on the server, but that of course means that the server can never know about the key and the clients themselves are responsible for keeping the encryption key AND for decrypting the document when they retrieve it. For example PGP is based on this mechanism. Mails are stored on the server but only the client knows the key to decrypt them. Some cloud file storage providers do this as well, or people build custom solutions around this, like a client side encryption tool for Dropbox.

You can also do a security by obscurity approach, storing the decryption key somewhere in a somewhat hidden way, but that is generally seen as a bad approach. To understand if this is worth it really depends on your actual requirements, why do you actually want this? If it's for example alright that the documents are safe when a hacker has all the files but no access to the database where the key is stored, then this may be enough for you.

Mike Kumpf · Answer 2 · 2015-02-06

Bas,

You are right about the limitations of encryption. The business case I have is as follows:

U.S. health data protection laws state that companies must make good faith efforts to secure personal health information (like name, date of birth, surgery date, gender, etc.)
this app receives faxes from hospitals containing those pieces of information.
information from these faxes is entered into the app (encryption of this entered data can be accomplished with current tools available in Mendix)
the original fax is stored as an image in the app, attached the records that have been key entered
a breach of the second largest U.S. health insurance company was announced this week, 80 million patient records were taken
personal health information was stored by this insurance company unencrypted.

So in order to show good faith efforts in the event of a breach or government audit, I am exploring ways to encrypt the stored faxes inside of this app.

BTW, I always work under the assumption that preventing intrusion is not do-able. But that is a whole different post.

Hope that is an adequate description of the requirement.

Mike