jaseg/phd-thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Finish the rest of leo's annotations

Browse source
This commit is contained in:
jaseg 2025-11-28 18:10:56 +01:00
parent 75c0da19d8
commit 18956ffe75
5 changed files with 223 additions and 177 deletions
Download patch file Download diff file Expand all files Collapse all files

65
chapter-epa/chapter.tex
View file

@ -36,13 +36,13 @@ only having access to a subset of patient's medical records. Data in scope for t
laboratory results, and medical imaging files.
Due to Germany's mandatory health insurance laws, the system's user base encompasses the majority of all German
residents, approximately 90\textpercent. People who have replaced their public health insurance with private insurance
as of now are not subject to the system. In Germany, by law private health insurance is only available to people from
the top 10th percentile of household income. This means that the system disproportionally affects people who have low
income, creating an equity issue. While it is possible to opt out from the use of the new digital record, the process of
opting out is difficult. Additionally, the government and health insurance providers have publically depicted the system
in a one-sidedly positive way, meaning that it is unlikely the majority of people subject to the system have a
comprehensive understanding of the system's benefits and risks that would be necessary for an informed decision.
residents, approximately 90\%. People who have replaced their public health insurance with private insurance as of now
are not subject to the system. In Germany, by law private health insurance is only available to people from the top 10th
percentile of household income. This means that the system disproportionally affects people who have low income,
creating an equity issue. While it is possible to opt out from the use of the new digital record, the process of opting
out is difficult. Additionally, the government and health insurance providers have publically depicted the system in a
one-sidedly positive way, meaning that it is unlikely the majority of people subject to the system have a comprehensive
understanding of the system's benefits and risks that would be necessary for an informed decision.
While there has been loud criticism of the system's security from civil society organizations such as digital rights
nonprofit organization Chaos Computer Club (CCC) \cite{kochMoreMoreExperts2025} and several severe security flaws have
@ -118,19 +118,20 @@ records can be accessed.
\subsection{Related Work}
The state-owned company specifying the system commissioned several security assessments of the system relating to the
key escrow service. \textcite{fischlinKryptographischeAnalyseSpezifikation2021} focuses on the cryptographic
dimension of the key escrow service used in an older version of the standard, and is now obsolete.
\textcite{slanySicherheitsanalyseZurSicherheit2020} approaches the system at a higher level, and focuses on the
cryptography of the inner protocol layers spoken between the system's components. Industry research organization
\emph{gematik}, the state-owned company specifying the system, commissioned several security assessments of the system
relating to the key escrow service.
\citeauthor{fischlinKryptographischeAnalyseSpezifikation2021}~\cite{fischlinKryptographischeAnalyseSpezifikation2021}
focuses on the cryptographic dimension of the key escrow service used in an older version of the standard, and is now
obsolete. \textcite{slanySicherheitsanalyseZurSicherheit2020} approaches the system at a higher level, and focuses on
the cryptography of the inner protocol layers spoken between the system's components. Industry research organization
Fraunhofer SIT was comissioned for a structured, theoretical assessment of attack paths to the system
\cite{fraunhofersitAbschlussberichtSicherheitsanalyseGesamtsystems2024}. We are not currently aware of
independent academic security research on the system.
\cite{fraunhofersitAbschlussberichtSicherheitsanalyseGesamtsystems2024}. We are not currently aware of independent
academic security research on the system.
The design and operation of the system have been independently described in detail by civil society activists, who have
demonstrated several successful attacks on the system. \textcite{tschirsichHackerHinOder0100} demonstrated how they
demonstrated several successful attacks on the system. \textcite{tschirsichHackerHinOder2019} demonstrated how they
could trivially acquire each of the smartcards as well as the Konnektor necessary for accessing the system.
\textcite{tschirsichKonnteBisherNoch0100} summarize the history of attacks demonstrated on the system and show multiple
\textcite{tschirsichKonnteBisherNoch2024} summarize the history of attacks demonstrated on the system and show multiple
practical attacks on various parts of the system's implementation.
\section{Concerning Cryptographic Engineering Choices}
@ -140,11 +141,11 @@ by no means an exhaustive list, and is only meant to underscore why we believe t
\subsection{Use of Key Escrow}
First, the system's general approach of using a key escrow service instead of securely storing the keys inside the
system's already existing smart card infrastructure is concerning, given that this key escrow service poses a
centralized security risk. The system's designers made this decision since it was deemed important that access to an
encrypted record can be restored quickly after an insurance ID card is lost, without requiring the cooperation of the
healthcare providers holding the primary copies of the person's medical records.
Key escrow describes a concept that was originally devised during the 1990ies out of a fear that the widespread
availability of strong encryption would stifle the ability of law enforcement agencies to wiretap communications in the
prosecution of crime. At the core of the concept rests the idea that a trusted \emph{key escrow} service should hold a
copy of every private key in use. In case the government wants to access one of these keys, the key escrow service can
provide this access\textcite{andersonSecurityEngineeringGuide2020,jarvisCryptoWarsFight2020}.
While key escrow services have been a topic of political debate in decades past, in the cryptographic community,
consensus generally is that they are a bad idea since they pose a centralized target for attack, and increase attack
@ -155,6 +156,12 @@ surface \cite{
rogawayMoralCharacterCryptographic2015,
}.
Our first concern is the system's general approach of using a key escrow service instead of securely storing the keys
inside the system's already existing smart card infrastructure. Like any other key escrow system, this key escrow
service poses a centralized security risk. The system's designers made this decision since it was deemed important that
access to an encrypted record can be restored quickly after an insurance ID card is lost, without requiring the
cooperation of the healthcare providers holding the primary copies of the person's medical records.
\subsection{Cryptographic Design}
The system's overall cryptographic design is intentionally kept simple. The standard explicitly mentions that symmetric
@ -178,21 +185,21 @@ the key escrow service in an identifiable way.
We observe that the system as a whole does not appear to be designed to defend against well-resourced adversaries. The
series of practical attacks that have been demonstrated on the system confirm this impression. In
\textcite{tschirsichKonnteBisherNoch0100} summarize a series of successful attacks. Attacks include social engineering
\textcite{tschirsichKonnteBisherNoch2024} summarize a series of successful attacks. Attacks include social engineering
resulting in access to copies of smartcards enabling accessing patient records, using misconfigured Konnektor VPN
appliances with their LAN DMZ and authentication interface exposed on the public internet, circumventing video-based
authentication processes resulting in duplicate file keys being provided, classis SQL injection on a backend service
maintaining an authentication database, accessing all national patient records through brute-force enumeration of weak
identifiers, and several more.
We believe that a system like this must be designed to withstand well-resourced adversaries such as enemy secret
We believe that a system like this must be designed to withstand well-resourced adversaries such as foreign secret
services, since the medical data stored in such as information on chronic illness, sexually transmittable disease or
severe food allergies has intelligence value. Repeated breaches of national digital infrastructure such as the 2015
breach of the US Office of Personnel Management \cite{barrettUSSuspectsHackers2015} or the 2024 compromise of US
telecommunications wiretapping systems \cite{mennChineseGovernmentHackers2024} demonstrate that such state-sponsored
attacks on national digital infrastructure are a realistic concern. A possible scenario in the ePA system would be an
enemy secret service gaining access to one of the HSMs storing the systems' root secrets, extracting the root secret by
an advanced physical attack, then being able to decrypt captured encrypted health records at will. Similarly, a
foreign secret service gaining access to one of the HSMs storing the systems' root secrets, extracting the root secret
by an advanced physical attack, then being able to decrypt captured encrypted health records at will. Similarly, a
nation-state adversary might have access to an exploit allowing the compromise of the system's TEEs, which would enable
the extraction of any patient records being processed in plaintext inside these TEEs.
@ -203,8 +210,8 @@ for authentication. Second, Hardware Security Modules are used in key locations
cryptographic secrets. The core of the system's key escrow service is implemented inside an HSM. However, it is notable
that the actual security level required for this HSM is only FIPS 140-2 level 3
\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2002}. FIPS 140-2 is a US government
standard that used to be popular for the specification of HSMs. However, not only has FIPS 140-2 been superseded by FIPS
140-3 since 2019 \cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2019}, its security
standard that used to be popular for the specification of HSMs. However, not only has FIPS 140-2 been made obsolete by
FIPS 140-3 in 2019 \cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2019}, its security
level 3 mostly provides logical separation of cryptographic functions from other logic and is not very meaningful in the
context of physical attacks. The only physical requirement of FIPS 140-2 level 3 is that the HSM has a hard, opaque
coating. This coating is specified to be tamper-evident, but notably no active tamper detection or response features are
@ -239,5 +246,7 @@ that better accomodate real-world use cases.
We believe that Inertial HSMs can address this use case by cleanly separating the physical security primitive into a
retargetable design that can be applied to entire servers if needed, and augment or replace technology like conventional
HSMs or trusted execution environments to provide high-level hardware security.
HSMs or trusted execution environments to provide high-level hardware security. Before introducing IHSMs in
Chapter~\ref{chapter-ihsm}, in the following chapter, we will first complement this chapter's outlook on the state of
the art in hardware security with a survey of tamper sensing meshes in a wide range of real world devices.