diff --git a/paper.bib b/paper.bib index 58ae207..ef0ef14 100644 --- a/paper.bib +++ b/paper.bib @@ -373,6 +373,22 @@ file = {/home/jaseg/Sync/Research/Zotero/Barooti et al_2023_Public-Key Encryption with Quantum Keys.pdf} } +@article{barrettUSSuspectsHackers2015, + entrysubtype = {newspaper}, + title = {U.{{S}}. {{Suspects Hackers}} in {{China Breached About}} 4 {{Million People}}’s {{Records}}, {{Officials Say}}}, + author = {Barrett, Devlin and Yadron, Danny and Paletta, Damian}, + date = {2015-06-04T21:04:00Z}, + journaltitle = {Wall Street Journal}, + issn = {0099-9660}, + url = {http://www.wsj.com/articles/u-s-suspects-hackers-in-china-behind-government-data-breach-sources-say-1433451888}, + urldate = {2025-05-15}, + abstract = {The Federal Bureau of Investigation is probing an apparently far-reaching penetration of data held by the Office of Personnel Management, in which the records of approximately four million individuals were compromised.}, + journalsubtitle = {US}, + langid = {american}, + keywords = {Asia,Asia Pacific,BRICS Countries,C&E Executive News Filter,China,Content Types,courts,crime,Crime/Courts,cybercrime,Cybercrime/Hacking,Developing Economies,Eastern Asia,Emerging Market Countries,Factiva Filters,general news,Greater China,hacking,North America,OASN,OCHN,political,Political/General News,SYND,United States,US News}, + file = {/home/jaseg/Zotero/storage/86GYMVME/u-s-suspects-hackers-in-china-behind-government-data-breach-sources-say-1433451888.html} +} + @online{bartusekCryptographyCertifiedDeletion2023, title = {Cryptography with {{Certified Deletion}}}, author = {Bartusek, James and Khurana, Dakshita}, @@ -3482,6 +3498,20 @@ file = {/home/jaseg/Zotero/storage/TMI3LX3I/Melara et al. - CONIKS Bringing Key Transparency to End Users.pdf} } +@article{mennChineseGovernmentHackers2024, + entrysubtype = {newspaper}, + title = {Chinese Government Hackers Penetrate {{U}}.{{S}}. Internet Providers to Spy}, + author = {Menn, Joseph}, + date = {2024-08-27}, + journaltitle = {The Washington Post}, + issn = {0190-8286}, + url = {https://www.washingtonpost.com/technology/2024/08/27/chinese-government-hackers-penetrate-us-internet-providers-spy/}, + urldate = {2025-05-15}, + abstract = {Beijing’s hacking effort has “dramatically stepped up from where it used to be,” says former top U.S cybersecurity official.}, + langid = {american}, + file = {/home/jaseg/Zotero/storage/4FLHNCC6/chinese-government-hackers-penetrate-us-internet-providers-spy.html} +} + @video{mikeselectricstuffNeopostPostalFranking2023, entrysubtype = {video}, title = {Neopost {{Postal Franking Machines}}}, diff --git a/paper.tex b/paper.tex index 4d83273..2bc3aee 100644 --- a/paper.tex +++ b/paper.tex @@ -48,22 +48,22 @@ population, with low-income people being over-represented in the system's user base. While there has been considerable criticism of the system coming from civil society, independent academic analysis of the system by the cryptography and information security community has been largely non-existent. In this paper, we want to raise - awareness of the system's existance, and we want to highlight some moderately spicy cryptographic engineering - decisions. In particular, most sensitive, long-term user keys in the system are derived by a simple, home-grown - centralized key escrow system from a per-use cleartext salt and only 1024 bit of entropy shared globally across all - users. Physically, only the insecure level 3 of the obsolete FIPS 140-2 security standard (requiring ``hard, opaque - potting'' but no active tamper sensing) is required in the system's standardization, leaving it open to attacks by - nation-state and other well-funded adversaries. + awareness of the system's existance, and based on the system's public specifications, we want to highlight some + moderately spicy cryptographic engineering decisions. In particular, most sensitive, long-term user keys in the + system are derived by a simple, home-grown centralized key escrow system comprising of two HSMs from a per-use salt + and only 1024 bit of entropy shared globally across millions of users. Physically, only the insecure level 3 of the + obsolete FIPS 140-2 security standard (requiring ``hard, opaque potting'' but no active tamper sensing) is required + in the system's standardization, leaving it open to attacks by nation-state and other well-funded adversaries. \end{abstract} \section{Introduction} -Beginning end of April 2025, after several delays, Germany has started the nation-scale rollout of its new electronic -medical record system. The system aims to create a national database holding the complete electronic medical records of -all publically insured people living in Germany that can be accessed by any healthcare provider. The system aims to -replace paper-based workflows that are error-prone and lead to healthcare providers often only having access to a subset -of patient's medical records. Data in scope for the system includes, among others, medical letters, laboratory results, -and medical imaging files. +Beginning May 2025, after several delays, Germany has started the nation-scale rollout of its new electronic medical +record system. The system aims to create a national database accessible to all healthcare providers that holds the +complete electronic medical records of all publically insured people living in Germany. The system aims to replace +paper-based workflows that are error-prone and lead to healthcare providers often only having access to a subset of +patient's medical records. Data in scope for the system includes medical letters, laboratory results, and medical +imaging files. Due to Germany's mandatory health insurace laws, the system's user base encompasses the majority of all German residents. People who have replaced their public health insurance with private insurance are not (yet) subject to the @@ -89,14 +89,10 @@ secrets with a combined entropy of only 1 kbit. Finally, we note that according security requirement for the protection of these highly sensitive secrets is a ``hard, opaque potting material'', with no tamper detection and response required. -Given that nation-state adversaries are well within the scope of an attacker model of the system, we conclude that the -combination of a small amount of entropy as well as the system's bare minimum of physical security requirements are -insufficient for the level of sensitive data processed in the system. - -We base our analysis on the system's publicly available standards in their latest version as of writing of this paper. -We note that the implementation might well deviate from these standards and be more secure - however, with the system's -history of flaws, we believe that is unlikely to be the case. As of now, there is no meaningful way for either the -public or for researchers such as us to ascertain the concrete implementation security of the system. +We base our analysis on the system's publicly available standards in their latest version as of writing of this paper in +April 2025. We note that the implementation might well deviate from these standards and be more secure - however, with +the system's history of flaws, we believe that is unlikely to be the case. As of now, there is no meaningful way for +either the public or for researchers such as us to ascertain the concrete implementation security of the system. \section{The Design of ePA} @@ -110,16 +106,16 @@ that store keys used for authentication. Every person enrolled in the system as well as every healthcare professional providing services in it is issued a ID card that contains a smart card that contains keys used to authenticate towards the central infrastructure. The primary use of these smart cards up to now is that when someone visits a healthcare provider, they will insert their ID card -into a terminal so the healthcare provider can automatically fetch their personal information such as name, birth date -and address from their insurance provider. +into a terminal so the healthcare provider can automatically fetch their personal information such as name, birth date, +address and enrollment status from their insurance provider. -ePA is implemented inside the TI system.Its centralized services are reached through the TI's VPN, and encryption and +ePA is implemented inside the TI system. Its centralized services are reached through the TI's VPN, and encryption and decryption of files stored in ePA are done on the Konnektor. The various smart cards are used to authenticate parties to each other. Each insurance provider picks one of several implementations of ePA's server-side infrastructure to run for its clients. Currently, there are two approved implementations of this server-side infrastructure. The primary services offered by the server side are authentication services, one of two instances of the key escrow -service (``Schlüsselgenerierungsdienst'' or SGD) a database storing wrapped record keys, and a database storing the +service (``Schlüsselgenerierungsdienst'' or SGD), a database storing wrapped record keys, and a database storing the encrypted records themselves. Records are symmetrically encrypted twice. One encryption layer is done at the client side, inside the Konnektor, and the other encryption layer is processed inside a trusted execution environment (TEE, tranlated to ``VAU'' in the German specifications) at the server side. The keys for both encryption layers are wrapped @@ -131,7 +127,9 @@ infrastructure. The other instance is a single instance for the whole system sha instance is run by a state-owned company. When a new record is created, each of these escrow services generates a salt that is stored along with the wrapped keys. The keys are deterministically generated from the escrow service's master key, this salt, and the healthcare ID number of the person owning the record. According to the standards, this key -derivation step must be done inside of a Hardware Security Module (HSM). +derivation step must be done inside of a Hardware Security Module (HSM). The specification requires new master keys to +be generated every six months, but does not include provisions for a true key rollover. Instead, old master keys have to +be kept around indefinitely such that the records encrypted under them remain accessible. \section{Related Work} @@ -166,14 +164,15 @@ are a bad idea since they pose a centralized target for attack, and increase the \subsection{Cryptographic Design} The system's overall cryptographic design is intentionally kept simple. The standard explicitly mentions that symmetric -primitives have been preferred over asymmetric primitives due to the risk of an attack on asymmetric primitives in the -long term. Notably, besides asymmetric encryption, other advanced cryptographic techniques such as secret sharing -schemes, oblivious pseudo-random functions or multiparty computation that could help with the security of the key escrow -service are also absent. +primitives have been preferred over asymmetric primitives in the core key escrow functions due to the risk of an attack +on asymmetric primitives in the long term. Notably, other advanced cryptographic techniques such as secret sharing +schemes, oblivious pseudo-random functions or multiparty computation that could help with the security and privacy of +the key escrow service are also absent. The system trusts its components to a large degree. For instance, the system leaks a person's insurance ID number to each of the two key escrow services every time record keys are requested. Along with the timing and frequency of -these requests, this leaks information on the person's condition to each SGD in an identifiable way. +these requests, this leaks information on the person's condition to both instances of the key escrow service in an +identifiable way. \subsection{A Realistic Attacker Model} @@ -186,7 +185,7 @@ breach of the US Office of Personnel Management\cite{barrettUSSuspectsHackers201 telecommunications wiretapping systems\cite{mennChineseGovernmentHackers2024} demonstrate that such state-sponsored attacks on national digital infrastructure are a realistic concern. -\section{Physical Security} +\subsection{Physical Security} Physical security has received some consideration in the system's specification. First, smart cards are used extensively for authentication. Second, Hardware Security Modules are used in key locations of the system to process some @@ -212,12 +211,12 @@ Even assuming that nation-scale key escrow is a good idea, the implementation of from current best practice. The system uses secret keys with only 1 kbit of entropy to derive highly sensitive secret keys for several tens of millions of people. The cryptographic design of this escrow system is primitive, ignoring the past three decades in crytographic developments in particular in multiparty computation (MPC) and other secret sharing -techniques in favor of a simplistic engineering approach. In the engineering dimension, the system's physical security -is only held to the basic level 3 of the obsolete FIPS 140-2 standard, which is considerably less secure an average -credit card payment terminal. The low-entropy secret keys are only protected by a ``hard, opaque potting material'' and -no tamper detection and response is required. We estimate that the system poses an attractive and easy target to -nation-state adversaries. The system's shortcomings are made more severe by the fact that the system disproportionally -affects the lives of people with low income. +techniques in favor of an unsophisticated engineering approach. In the engineering dimension, the system's physical +security is only held to the basic level 3 of the obsolete FIPS 140-2 standard, which is considerably less secure than +an average credit card payment terminal. The low-entropy secret keys are only protected by a ``hard, opaque potting +material'' and no tamper detection and response is required. We estimate that the system poses an attractive and soft +target to nation-state adversaries. The system's shortcomings are made more severe by the fact that the system +disproportionally affects the lives of people with low income. %\begin{credits} %This is version \texttt{\input{version.tex}\unskip} of this paper, generated on \today. The git repository with the