search

ohcnetwork / care

Care is a Digital Public Good enabling TeleICU & Decentralised Administration of Healthcare Capacity across States.
https://careapi.ohc.network/swagger
MIT License
256 stars 307 forks source link

Replace fidelius with a python alternative #1871

Closed khavinshankar closed 1 month ago

khavinshankar commented 10 months ago

Project Detail

CARE is a centralized capacity management and patient management system, central to the 10BedICU Project, integrating patients, doctors, hospitals, labs, specialized treatment centers, hospital administrators, and shifting control cells. Hospitals update crucial information about their assets, providing district administration with a comprehensive view of the healthcare system via smart dashboards. CARE digitizes patient records, streamlines workflows for pandemic management, and is deployed in remote areas, enabling TeleICU services for underserved citizens. It revolutionizes healthcare management, enhancing efficiency, accessibility, and patient outcomes.

Features To Be Implemented

  1. Implement the features of fidelius service in Python. Basically, we need the following 3 features to be implemented in python 3.
    • [ ] Generate key pairs according to the ABDM specifications
    • [ ] Encrypt the data according to the ABDM specifications
    • [ ] Decrypt the data according to the ABDM specifications
  2. Replace the fidelius service with the newly built utility Fidelius is used in 2 places, decrypting the incoming data from ABDM and encrypting the outgoing data.
  3. Add tests for the newly built utility.

You can use any existing standard python packages to facilitate this.

Context We are currently using a service called fidelius as a docker container for encrypting and decrypting data. It's used while sending and receiving data through ABDM (Ayushman Bharat Digital Mission or ABDM is a government initiative similar to UPI for exchanging medical records between entities.).

ABDM expects the data to be encrypted and decrypted in a certain way. You can read more about the ABDM specifications here: https://sandbox.abdm.gov.in/abdm-docs/EncryptionAndDecryptionData

Supportive Materials

These material (threads) discuss the issues with python implementation:

Learning Path

Details
Complexity Medium
Required Skills Python, Django
Mentors @vigneshhari , @khavinshankar , @rithviknishad , @gigincg , @Ashesh3 , @sainak
Project Size 175 Hours

Link to documentation for Product Set-Up

  1. For setting up the frontend, please refer to the readme file available at: https://github.com/coronasafe/care_fe
  2. For setting up the backend, please refer to the readme file available at: https://github.com/coronasafe/care

Acceptance Criteria

Milestone

praptisharma28 commented 9 months ago

Would love to work on this under gsoc. @khavinshankar

nihal467 commented 9 months ago

Hey everyone,

Thank you for showing interest in the projects. I would like to inform you that we have scheduled EOD calls on Zoom from Monday to Saturday at 7:30 PM to discuss your work and address any doubts with the core team. Alternatively, feel free to use our #care_general Slack channel.

The meeting links will be shared in our #reminder channel in our Slack workspace.

Link to join the Slack: Slack Workspace

Meanwhile, please explore the care platform and familiarize yourself with its features. Feel free to play around with it and assign any open issues as you see fit.

Talikamuhib commented 9 months ago

Hey @khavinshankar i really wanna contribute in this project 💯

khavinshankar commented 8 months ago

Here are some previous research done on this issue by @Ashesh3,

Paper: https://www.iacr.org/cryptodb/archive/2006/PKC/3351/3351.pdf

RFC: https://datatracker.ietf.org/doc/html/rfc7748#section-4.1 EC-Curve25519 - Montgomery curve p 2^255 - 19 A 486662 order 2^252 + 0x14def9dea2f79cd65812631a5cf5d3ed cofactor 8

Java: EC-Curve25519 -> https://github.com/bcgit/bc-java/blob/main/core/src/main/java/org/bouncycastle/math/ec/custom/djb/Curve25519.java#L19-L20 Parameters: (q=-19, a=1226088772, b=1997588580, n=1559614445, cofactor=8) Note: https://github.com/bcgit/bc-java/blob/main/core/src/main/java/org/bouncycastle/crypto/ec/CustomNamedCurves.java#L90-L96

C#: X25519 -> https://github.com/bcgit/bc-csharp/blob/master/crypto/src/math/ec/rfc7748/X25519.cs#L17-L18

Seems like the Java library uses the Weierstrass form, rather than the Montgomery curve mentioned originally in the paper, whereas their c# library uses Montgomery curve by default. ( Source: https://github.com/bcgit/bc-java/issues/399 )

We need a manual curve if we want to use Weierstrass form in their c# library: https://github.com/bcgit/bc-csharp/blob/master/crypto/test/src/crypto/test/ECTest.cs#L748-L753 since it uses Montgomery curve (a=486662) by default.

If we can get Montgomery form of the Curve25519 working by using a custom EC curve we can replicate the fidelius enc/dec. This library could help: https://github.com/alexmgr/tinyec#working-on-custom-curves

I was unable to find the above in a python library, most use openssl's built in implementation which do not match the parameters we need. I was able to replicate this in c# and create a native machine executable which would be a drop-in offline replacement for fidelius-cli and is 2x faster. But not really a permanent solution.

The link sent above ( https://github.com/cslashm/ECPy/blob/master/src/ecpy/curve_defs.py#L472 ) for Curve25519 MONTGOMERY has a mismatching 'b' value with the Java Curve25519, hence won't work in our case, unless we can edit it and use it as a custom curve.

For anyone who takes this in future, basically this is what you need implemented in Python: Algorithm: ECDH (hash: SHA256) Curve: Curve25519 Type: Weierstrass form Parameters: (q=-19, a=1226088772, b=1997588580, order=1559614445, cofactor=8) Basepoint: (-1431493542, 2127483865) Salt: Random 32bit data

khavinshankar commented 8 months ago

To encrypt and decrypt using existing fedelius service, Try these following steps: