From 75c0da19d83de4a9c01bc5052361b707bd64a3bb Mon Sep 17 00:00:00 2001 From: jaseg Date: Fri, 28 Nov 2025 16:47:45 +0100 Subject: [PATCH] More notes from leo included --- chapter-epa/chapter.tex | 76 +++++++++++++++++++---------------------- main.bib | 12 +++++++ 2 files changed, 48 insertions(+), 40 deletions(-) diff --git a/chapter-epa/chapter.tex b/chapter-epa/chapter.tex index 3466696..46258d8 100644 --- a/chapter-epa/chapter.tex +++ b/chapter-epa/chapter.tex @@ -10,38 +10,39 @@ \label{chapter-epa} \todo{FIXME: Proper citation here} -\sourceattrib{This part is based on a short paper written by me and presented by me at the HS3 workshop at ESORICS -2025.} +\sourceattrib{This part is based on a short paper written by me and presented by Jan Sebastian Götte at the HS3 workshop +at ESORICS 2025.} Looking at the landscape of computer security solutions, we are presented with a wide variety of vendors and products that may give the impression that hardware security is a solved problem. Vendors sell various claims rangning from -\emph{You don't need hardware security, just do it in the cloud!}~\cite{ +\emph{``You don't need hardware security, just do it in the cloud!''}~\cite{ utimacoWhatCloudHSM2025, microsoftOverviewAzureCloud, ibmCloudHSM2016, amazonAWSCloudHSM, googleCloudHSMCloud2025, WhatCloudHSM} -to \emph{Buy our HSM and you will be secure!}~\cite{utimacoUseCases,thalesLunaNetworkHardware}. In +to \emph{``Buy our HSM and you will be secure!''}~\cite{utimacoUseCases,thalesLunaNetworkHardware}. In practice, things are not as easy and even well-intentioned projects still often go awry on the hardware security dimension. To motivate our research into physical security in this thesis, in this chapter we will have a look at one such project that was done by capable people with the best intentions, yet it resulted in a hardware security design that is dangerously inadequate for the purpose. Beginning May 2025, after several delays, Germany has started the nation-scale rollout of its new electronic medical -record system, named ePA (short for \emph{elektronische Patientenakte}, ``electronic patient record''). The system aims -to create a national database accessible to all healthcare providers that holds the complete electronic medical records -of all publically insured people living in Germany. The system aims to replace paper-based workflows that are -error-prone and lead to healthcare providers often only having access to a subset of patient's medical records. Data in -scope for the system includes medical letters, laboratory results, and medical imaging files. +record system, named ePA (short for \emph{elektronische Patientenakte}, ``electronic patient +record'')~\cite{kochNochVieleUnklarheiten2025}. The system aims to create a national database accessible to all +healthcare providers that holds the complete electronic medical records of all publically insured people living in +Germany. The system aims to replace paper-based workflows that are error-prone and lead to healthcare providers often +only having access to a subset of patient's medical records. Data in scope for the system includes medical letters, +laboratory results, and medical imaging files. Due to Germany's mandatory health insurance laws, the system's user base encompasses the majority of all German -residents. People who have replaced their public health insurance with private insurance as of now are not subject to -the system. In Germany, by law private health insurance is only available to people from the top 10th percentile of -household income. This means that the system disproportionally affects people who have low income, creating an equity -issue. While it is possible to opt out from the use of the new digital record, the process of opting out is difficult. -Additionally, the government and health insurance providers have publically depicted the system in a one-sidedly -positive way, meaning that it is unlikely the majority of people subject to the system have a comprehensive -understanding of the system's benefits and risks that would be necessary for an informed decision. +residents, approximately 90\textpercent. People who have replaced their public health insurance with private insurance +as of now are not subject to the system. In Germany, by law private health insurance is only available to people from +the top 10th percentile of household income. This means that the system disproportionally affects people who have low +income, creating an equity issue. While it is possible to opt out from the use of the new digital record, the process of +opting out is difficult. Additionally, the government and health insurance providers have publically depicted the system +in a one-sidedly positive way, meaning that it is unlikely the majority of people subject to the system have a +comprehensive understanding of the system's benefits and risks that would be necessary for an informed decision. While there has been loud criticism of the system's security from civil society organizations such as digital rights nonprofit organization Chaos Computer Club (CCC) \cite{kochMoreMoreExperts2025} and several severe security flaws have @@ -49,7 +50,7 @@ been demonstrated practically, this criticism has largely been ignored by the po that despite this civil society outrage and the system's large scale, it has received little attention from the academic cryptography and information security community. -In this chapter, we aim to point out some unconventional cryptographic engineering decisions in the system. In +In this chapter, we aim to highlight some unconventional cryptographic engineering decisions in the system. In particular, we point out that the system's core per-user secrets are kept in a rudimentary key escrow system whose security is based on engineering assumptions, not on cryptographic principles. Furthermore, we observe that by specification, the individual user keys of the system are derived from a per-user cleartext salt based on a system-wide @@ -61,40 +62,35 @@ long-term secret with only 256 bits of entropy\footnote{ The current standard only requires one escrow service, and drops the entropy requirement of the root keys from 512 bits to 256 bits. The apparent reason for the long-term nature of these keys is that they are updated manually. }. Finally, we note that according to specification, the only physical security requirement for the protection of this -highly sensitive secret is a ``hard, opaque potting material'', with no tamper detection and response required. We -belive that Inertial HSMs provide a path forward for systems like this, enabling physical security in applications that -currently rely on insecure, legacy systems. Even if for regulatory reasons a poorly secured conventional HSM without -active tamper sensing is chosen, it would be conceivable to construct an IHSM enclosure \emph{around} this conventional -HSM, in effect retrofitting the missing active tamper-sensing envelope. +highly sensitive secret is a ``hard, opaque potting material'', with no tamper detection and response required. We base our analysis of the ePA on the system's publicly available standards in their latest version as of the writing of the paper underlying this chapter in April 2025, describing version 3.0 of the healthcare record system \cite{ gematikSpezifikationAktensystemEPA2025, gematikUbergreifendeSpezifikationVerwendung2024, -}. We note that the implementation might well deviate from these standards and be more secure---however, with the -system's history of flaws, we believe this is unlikely to be the case. The reference implementation provided by the -specification authority \cite{GithubRepositoryERPFD} follows the specified minimum requirements closely. As of now, -there is no meaningful way for either the public or for researchers such as us to ascertain the concrete implementation -security of the system. +}. We note that hypothetically, the implementation might deviate from these standards and be more secure. The reference +implementation provided by the specification authority \cite{GithubRepositoryERPFD} follows the specified minimum +requirements closely. As of now, there is no meaningful way for either the public or for researchers such as us to +ascertain the concrete implementation security of the system. \section{The Design of ePA} -ePA is embedded into Germany's national public healthcare backend system ``Telematikinfrastruktur'' (TI). TI is a highly -complex system, and a detailed description would exceed the limits of this analysis. Briefly put, TI consists of a -shared demilitarized zone (DMZ) that parties like insurance providers and healthcare providers connect to through a VPN. -At the client location, usually an individual doctor's office or a hospital, this VPN connection is terminated by a -specialized VPN appliance named ``Konnektor'' that simultaneously acts as a trusted component inside the client network -hosting some software for purposes such as authentication. The Konnektor contains several smart cards that store keys -used for authentication. Konnektor devices are offered by several vendors and healthcare providers like doctor's offices -are indivudally responsible for purchasing and maintaining a Konnektor. +ePA is embedded into Germany's national public healthcare backend system ``Telematikinfrastruktur'' (abbreviated TI; +German for ``telematics infrastructure''). TI is a highly complex system, and a detailed description would exceed the +limits of this analysis. Briefly put, TI consists of a shared demilitarized zone (DMZ) that parties like insurance +providers and healthcare providers connect to through a VPN. At the client location, usually an individual doctor's +office or a hospital, this VPN connection is terminated by a specialized VPN appliance named ``Konnektor'' that +simultaneously acts as a trusted component inside the client network hosting some software for purposes such as +authentication. The Konnektor contains several smart cards that store keys used for authentication. Konnektor devices +are offered by several vendors and healthcare providers like doctor's offices are indivudally responsible for purchasing +and maintaining a Konnektor. % FIXME: Is there a threat/trust model of the system that you could summarise in a few sentences? Every person enrolled in the system as well as every healthcare professional providing services under it is issued an ID card that contains a smart card with keys to authenticate towards the central infrastructure. The primary use of these -smart cards up to now is that when an enrolled person visits a healthcare provider, they will insert their ID card into -a terminal so the healthcare provider can automatically fetch their personal information such as name, birth date, -address and enrollment status from their insurance provider. +smart cards previously was to automatically provide personal information such as name, birth date, address and insurance +enrollment status when an enrolled person visits a healthcare provider. ePA is implemented inside the TI system. Its centralized services are accessed by healthcare providers through the TI's VPN, and by patients through proxy servers connected to TI's VPN. Patient records are encrypted and decrypted inside @@ -104,8 +100,8 @@ approved implementations of this server-side infrastructure. With the current version of the specificatoin, the overall architecture of ePA heavily relies on Trusted Execution Environments (TEEs). Data processing on the server side is done in plaintext inside TEEs, with some cryptographic key -management delegated to a Hardware Security Module. While attacks on the TEEs are considered in the system, the HSMs are -assumed to be perfectly secure, and the system does not include mitigations for a compromised HSM. The primary +management delegated to a Hardware Security Module (HSM). While attacks on the TEEs are considered in the system, the +HSMs are assumed to be perfectly secure, and the system does not include mitigations for a compromised HSM. The primary motivation for plaintext processing seems to be to enable large-scale data analysis for research purposes without requiring consent or cooperation of the people whose records are being processed~\cite{gematikWhitepaperDatenschutzUnd2025}. diff --git a/main.bib b/main.bib index 7abb687..c12b876 100644 --- a/main.bib +++ b/main.bib @@ -3776,6 +3776,18 @@ organization = {heise online} } +@online{kochNochVieleUnklarheiten2025, + title = {Noch viele Unklarheiten bei der elektronischen Patientenakte}, + author = {Koch, Marie-Claire}, + date = {2025-05-08}, + issn = {1037-7344}, + url = {https://www.heise.de/hintergrund/Elektronische-Patientenakte-Welche-Unklarheiten-es-noch-gibt-10377344.html}, + urldate = {2025-11-28}, + abstract = {Rund um die elektronische Patientenakte gibt es noch viele offene (Sicherheits-)Fragen. Dabei ist sie gerade erst bundesweit gestartet, zumindest theoretisch.}, + langid = {ngerman}, + organization = {heise online} +} + @inproceedings{kodwaniSecurityKeyDerivation2021, title = {On {{Security}} of {{Key Derivation Functions}} in {{Password-based Cryptography}}}, booktitle = {2021 {{IEEE International Conference}} on {{Cyber Security}} and {{Resilience}} ({{CSR}})},