# ICNML web application This repository contains the web app at the core of the platform. It contains the python code to run the web interface, file processing and external libs serving (CDN). The other libs mandatory for this application to run (NIST, MDmisc, PMlib, PiAnoS and WSQ) are located in the docker repository (https://esc-md-git.unil.ch/ICNML/docker). This repository cannot (and is not intended) to be run as-is since the mandatory libraries are not located here. For development, install those libraries separately in your dev environment. # Encryption keys and Hashing functions All the data that is "encrypted" is encrypted with AES256. The passed in parameters is hashed with a SHA256 function to uniformize the encryption key ("key"). The initialization vector is always set to a random value (with the Crypto library), every time a value is encrypted. The encryption function as noted as follows: AES( data, key ) The hashing process is done with a key derivation function, in particular PBKDF2 with a SHA512 hashing function. The data and the salt are described as needed. The function is as follows: PBKDF2( data, salt, iterations ) If the number of iterations is not indicated, the default value is 20'000. # Login ## Password The login process is done in multiple steps. First, the password is hashed as follows on the cilent side (HPWCS - Hashed Password Client Side): HPWCS = PBDKF2( password, "icnml_" + username, 20'000 ) This hash is done not to transmit the user password in clear to the server (avoiding a memory dump or any stealing of the password). This hasing is done on the client-side, 20'000 iterations for performance issues. This hashed password is hashed a second time on the server side as follows (HPWCSSS): HPWCSSS = PBDKF2( HPWCS, random_data( 65 ), 50'000 ) This hash is one with some random data as salt, and with more iterations (more performances possible on the server). This second step is done because the user input can never be trusted (computer basic rule) and to be able to change the security of the stored hashed (the number of iterations can be changed as needed on the client side without impacting the performance on the client-side. This final hash is stored in the database and used to login the users. ## Second factor One second factor is mandatory for all accounts. For non-admin account, a Time Based One Time Password (TOTP) is sufficient. For the admin accounts, a physical security key (yubikey) is mandatory. # Data Encryption Workflow The general idea is to provide security without impacting the usability or the workflow of the user. All encryption is done completely transparently to the user. All the data is protected by different solutions, according to the type of data and usage. ## Client-Side Key While logging-in, a secondary key is derived from the password as follows: CSK = PBDKF2( password, "icnml_" + username + "_localpassword", 50'000 ) This key never leave the browser of the user. This key is used as encryption key for the client-side encrypted data. This key is stored in the browser with a session encryption key manadged by the server. ## Data Encryption Key (DEK) When a new donor is created, a Data Encryption Key (DEK) is created to encrypt all images. The donor email address is hashed as follows: email_hash = PBDKF2( email, "icnml_user_DEK", 20'000 ) The DEK is then generated as follows: DEK = PBDKF2( username + ":" + email_hash, random_data( 100 ), 500'000 ) This key is used as AES encryption key for all the images. The derivation of this key is done based upon the username and the email address of the donor. That information is only known by the submitter and the donor for the email and only by the donor and the server for the donor username. This key cannot be reconstructed only by the server operator. The key can be reconstructed by the donor+server or by the submitter+server. To delete his information, the donor will only delete the DEK, hence removing any possibility to get the images from the live database AND ALL the backups. The submitter will have the possibility to see the images but is not a problem because his has access to the original images anyway. This feature is done to protect the privacy of the donor : the submitter cannot know if the data of the donor is still available or not because he will see his submission as usual, even if the data is not decryptable for the users. The database table containing the DEKs is not part of the usual backups, but treated separately. ## Submission ### Nickname The "nickname" is a field used by the submitter to identify the donor. This field is encrypted on the client-side with AES with the CSK as encryption key. ### Donor email The "donor email" address is encrypted with AES (CSK key) on the client side (to be able to show it to the submitter while updating the upload data). On the creation of the upload process, the email is sent to the server in clear (to be able to send the email to the donor), and hashed directly on the server side (PBKDF2 with 100 characters of random data and 50'000 iterations of SHA512). ### Notes Some notes can be saved by the submitter for tenprintcard and latent images. The notes are encrypted on the client-side using AES with the CSK key. ### Files names The names of the files uploaded by the submitter are encrypted on the client-side using AES with the CSK key. The filenames are important for the submitter to recognize the files already uploaded, but could contain some personal information regarding the laboratory, donor, ..., hence are encrypted.