summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--content/blog/epa-sgd-crypto/index.rst64
1 files changed, 64 insertions, 0 deletions
diff --git a/content/blog/epa-sgd-crypto/index.rst b/content/blog/epa-sgd-crypto/index.rst
new file mode 100644
index 0000000..f2dd79f
--- /dev/null
+++ b/content/blog/epa-sgd-crypto/index.rst
@@ -0,0 +1,64 @@
+---
+title: "75 Million Lives, Two Keys"
+date: 2025-01-05T23:42:00+01:00
+draft: true
+---
+
+2025 has begun. In this new year, with its new national healthcare record system, the country of Germany will start one
+of the largest rollouts of a cryptographic system in history. While the system has received scrutiny as well as
+resulting harsh criticism from a number of parties ranging from NGOs to everyday civilians, the system has received
+surprisingly little attention from the academic applied cryptography crowd. Additionally, previous criticism of
+the system has largely revolved around organizational issues. While valid, we belive that some cryptographic issues at
+the core of the system have escaped attention unitl now. In particular, at the core of the system is a key escrow system
+that contains several questionable design choices and that in its overall design seems out of place in 2025.
+
+The aim of the system is to serve as a shared storage for all healthcare records of a person. In the system, a person's
+entire patient file with all documentation on the treatment process including test results, images and other raw data
+will be stored in something vaguely resembling cloud storage such that all healthcare providers that the person visits
+can access the entire file. This centralized, synchronized storage eliminates the need for transferring this data
+between hospitals and doctors offices by fax, mail or physical media as it was common practice until now. After a
+development and testing phase lasting approximately five years, the German government decided to roll out the system to
+everybody insured under Germany's mandatory national health insurance scheme, totalling approximately 75 million people,
+on January 15th 2025.
+
+In this article, we will give an overview of the system's cryptographic design before highlighting a few odd
+design choices that could amount to a viable attack vector to the powerful adversaies
+
+## Context and involved parties
+
+Germany has a national, mandatory health insurance system. The system is open to any permanent resident of the country
+irrespective of citizenship. The system is mandatory in that while residents can choose between a number of both
+publically owned as well as private healthcare providers, it is not possible to opt out of the system. The public health
+insurance providers cover approximately 90% of German residents. These providers are organized in an umbrella
+organization named "GKV Spitzenverband". The resposibility of this umbrella organization largely revolves around
+negotiating prices with pharmaceutical companies and with healthcare providers as a publically sanctioned cartel, but
+also includes the specification and operation of shared IT infrastructure for billing and data exchange between
+healthcare providers.
+
+While GKV Spitzenverband is the party that ultimately holds responsibility for the regulatory administration of national
+healthcare IT infrastructure, it has delegated large parts of both the technical specification of this infrastructure as
+well as its day-to-day operation to Gematik GmbH, a state-owned limited liability corporation created specifically for
+the purpose of developing and implementing national healthcare IT standards. The electronic healthcare record system we
+describe in this article was standardized and implemented by Gematik GmbH under the direction of GKV Spitzenverband.
+
+Healthcare providers in Germany need to be registered with GKV Spitzenverband to serve members of public health
+insurance providers. Since these public providers constitute approximately 90% market share, the vast majority of
+healthcare providers are registered this way.
+
+## Design principles
+
+## Cryptographic design
+
+## The implied adversary model
+
+While Gematik GmbH publishes detailed specifications of the systems they standardize, these specifications and some
+associated implementation guidelines are about the extent of public information. Software implementations are being kept
+secret, and while standardization results are available, a large fraction of design rationale is discussed behind closed
+doors. From an academic perspective, the most glaring omission in Gematik GmbH's public documents is any definition of a
+threat model or an adversary model. As a result of this, we will deduce an adversary model below by contextualizing the
+published standards in the national healthcare setting. We will base our further analysis of the system on this
+adversary model.
+
+## Previous reviews and audits of the system
+
+[0] https://www.destatis.de/DE/Themen/Arbeit/Arbeitsmarkt/Qualitaet-Arbeit/Dimension-2/krankenversicherungsschutz.html
generated by cgit (git 2.34.1) at 2025-02-18 22:02:28 +0000