HIPAA Compliant App, using Encrypted Core Data vs Core Data Attribute Encryption

Question

I am writing an iOS app which needs to be HIPAA compliant. The app should preferably function offline, so data needs to be stored on the phone.

So here is what I was thinking of doing:

• On First Launch user enters username, password and a pass-phrase. The server authenticates the user using username, password and UDID(Advertising ID) of the device. The communication with server will be done using HTTPS.

If authentication is successful:

• username is stored in Key Chain.

• Pass-phrase+UDID is hashed using "PBKDF2" available in OpenSSL Library. This is also stored in Key Chain. The salt for this operation is stored in the Key Chain. For subsequent validations salt is obtained from the Key Chain.

• Username+Pass-phrase+UDID+Static-Key is used to generate a key using "PBKDF2" and again salt is stored in the Key Chain and retrieved from Key Chain from subsequent uses. The generated key is stored in-memory and pass-phrase is forgotten after key has been generated. The Static-Key is present in the code.

• When the app goes to background, the Key is forgotten i.e. the variable is set to nil.

• Upon resuming or re-launching the app, the user is presented a screen to enter the pass-phrase. If the pass-phrase entered is correct the app will generate the key again. Otherwise on around five consecutive attempts the app will wipe the data and take the user back to login screen(if possible also send a message to server regarding the event with necessary information).

Now here are my two question:

• I would like to know that how stable is project-imax/EncryptedCoreData? I know they do not support many-to-many relations. But, I worked around this problem by creating an entity to represent the relationship(similar to the way this is done in actual SQL DB by using a third table). I would like to listen from anyone having experience with Encrypted Core Data about their experiences and problems they faced. Specially, how would this compare to encrypting the individual attributes performance wise?

• Secondly, do you guys see any problem with the security measure I am planning to put in place. Any suggestions or improvements you will like to mention.

Answer 1

Taha,

Answering your second question:

Have you considered that iOS data security already encrypts your disk files and that you can assert this global policy on your app?

While only your attorneys can answer this question, you need to ask them exactly what is needed by the law. I suspect you will find that with the appropriate password management in the keychain and precluding the backing up of data to the cloud or desktop machines that Apple's security is HIPAA ready.

Apple recently published a strong discussion of iOS security (Feb. 2014). It is very enlightening reading. If Apple's existing security is not sufficient, I doubt the encrypted Core Data project is going to be sufficient. If you still need to implement your own security, then reading and understanding Schneier and Ferguson's "Practical Cryptography" is the place to start.

Anon, Andrew

P.S. You have chosen to add a great deal of complexity to your key management to duplicate features of the Apple keychain. I would counsel you to scale back your code. If "goto fail;" teaches us anything, it is: every line of code is a security vulnerability. You are implementing a lot of code to duplicate the functions of the keychain.