SlideShare a Scribd company logo

A Note on the Security in the Card Management System of the German E-Health Card

Marcel Winandy
Marcel Winandy
1 of 60
Download to read offline
A Note on the Security in the Card Management System of the German E-Health Card Marcel Winandy (Ruhr-University Bochum) 3rd International ICST Conference on Electronic Healthcare for the 21st Century (eHealth 2010) Casablanca, Morocco, 13-15 December 2010 Dienstag, 14. Dezember 2010
Introduction • The German electronic Health Card (eHC) • Core component of the Healthcare Telematics • Each insured person will have such a card • Supposed to enable new applications • Smartcard with small storage + cryptographic functions • German Healthcare Telematics • Under development, going to be rolled out "soon" (originally 2006) • Specifications by Gematik (company organization of health institutions) • Health Professional Card (HPC) • Similar card for all health professionals • For identification, authentication, digital signatures Dienstag, 14. Dezember 2010
Introduction: Use Cases of eHC Obligatory: Optional: • Identification, • Medical Emergency Data Authentication - directly stored on eHC - personalized cards - individual cryptographic keys • Medication History • European Health • Electronic Health Records - centrally stored on servers Insurance Card (EHIC) (in encrypted format) - printed on the backside - eHC used to encrypt/decrypt • Electronic Prescription and authorize access (via PIN) - issuing and filling - directly stored on eHC • Other applications Dienstag, 14. Dezember 2010
Introduction: Security & Privacy • German law requires strong privacy: "Data Sovereignty" (§291a.5 SGB V) „Only the patient can define who may access the data associated with the eHC.“ • German Ministry of Health*: eHC basic security requirements „Authentication, authorization, and audit mechanisms have to be chosen so that the data sovereignty of the insured party can be taken for granted.“ * German Federal Ministry of Health: „Entscheidungsvorlage - Festlegung der Authentisierungs-, Autorisierungs- und Auditmechanismen der Telematikinfrastruktur für die Fachanwendungen“,Version 0.9.0, March 2006. Dienstag, 14. Dezember 2010
German Healthcare Telematics Dienstag, 14. Dezember 2010
German Healthcare Telematics Dienstag, 14. Dezember 2010
German Healthcare Telematics Dienstag, 14. Dezember 2010
German Healthcare Telematics Dienstag, 14. Dezember 2010
German Healthcare Telematics Dienstag, 14. Dezember 2010
German Healthcare Telematics Dienstag, 14. Dezember 2010
German Healthcare Telematics Dienstag, 14. Dezember 2010
German Healthcare Telematics Dienstag, 14. Dezember 2010
German Healthcare Telematics Healthcare Telematics Boundary Dienstag, 14. Dezember 2010
German Healthcare Telematics Healthcare Telematics Boundary Dienstag, 14. Dezember 2010
German Healthcare Telematics Healthcare Telematics Boundary Dienstag, 14. Dezember 2010
German Healthcare Telematics Healthcare Telematics Boundary eHC Dienstag, 14. Dezember 2010
German Healthcare Telematics Healthcare Telematics Boundary HPC eHC Dienstag, 14. Dezember 2010
German Healthcare Telematics Healthcare Telematics Boundary HPC eHC Dienstag, 14. Dezember 2010
German Healthcare Telematics Healthcare Telematics Boundary HPC eHC Dienstag, 14. Dezember 2010
Existing Security Analyses Dienstag, 14. Dezember 2010
Existing Security Analyses SECURITY ANALYSIS OF THE HEALTH CARE TELEMATICS • Network security INFRASTRUCTURE IN GERMANY • Access control policies Michael Huber, Ali Sunyaev and Helmut Krcmar Chair for Information Systems, Technische Universit¨ t M¨ nchen, Germany a u {hubermic, sunyaev, krcmar}@in.tum.de Keywords: Security analysis, Health Care Telematics, Electronic Health Card, Information Security Management Sys- tems. Abstract: Based on ISO 27001 for Information Security Management Systems, this paper introduces a newly developed security analysis approach, suitable for technical security analyses in general. This approach is used for a security analysis of several components and processes of the Health Care Telematics in Germany. Besides the results of the analysis, basics for further analysis and verification activities is given. 1 INTRODUCTION outlook. The current security status of health care in Germany was evaluated and valuable hints for future In Germany, the Electronic Health Card (eHC) will developments in the health care sector could be de- replace the present health card as requested by law. rived. By establishing the eHC, several improvements, such The paper is based on a literature review (e.g. as cost savings, better ways of communication in the Computers & Security, Information Management & health care sector or the self-determination of the in- Computer Security, Information Systems Security, In- sured person concerning medical data, are supposed ternational Journal of Medical Informatics, Informa- to be achieved (Schabetsberger et al., 2006). tion Systems Journal, European Journal of Informa- The use of IT to administrate medical data of the tion Systems, International Journal of Information Se- insured, implicates the question, whether these sys- curity, security & privacy, Journal of computer secu- tems are safe enough to satisfy requirements like pri- rity, ACM Transaction on Information and Systems vacy, safety, security and availability (Heeks, 2006). Security und ACM Computing Surveys). The secu- The data administrated by the eHC and its infras- rity analysis approach presented in this paper differs tructure is mosltly strictly confidential as it contains from other approaches due to the following aspects: personal information about peoples state of health, Focus (health care sector; technical evaluation of se- course of disease and hereditary diseases (Lorence curity measures), being up-to-date (appliance of up- and Churchill, 2005). As for example insurance com- to-date techniques and standards) and regional dis- Dienstag, 14. Dezember 2010would be highly interested in panies or employers tinctions (located in germany, regional and political
Existing Security Analyses SECURITY ANALYSIS OF THE HEALTH CARE TELEMATICS • Network security INFRASTRUCTURE IN GERMANY • Access control policies Michael Huber, Ali Sunyaev and Helmut Krcmar Chair for Information Systems, Technische Universit¨ t M¨ nchen, Germany a u {hubermic, sunyaev, krcmar}@in.tum.de SECURITY ANALYSIS OF THE GERMAN ELECTRONIC • Peripheral parts HEALTH CARD’S PERIPHERAL PARTS (end-user systems) Keywords: Security analysis, Health Care Telematics, Electronic Health Card, Information Security Management Sys- tems. Ali Sunyaev, Alexander Kaletsch, Christian Mauro and Helmut Krcmar Chair for Information Systems, Technische Universität München, Boltzmannstraße 3, 85748 Garching, Germany Abstract: Based on ISO 27001 for Information Security Management Systems, this paper introduces a newly developed {sunyaev, kaletsch, mauro, krcmar}@in.tum.de security analysis approach, suitable for technical security analyses in general. This approach is used for a security analysis of several components and processes of the Health Care Telematics in Germany. Besides the results of the analysis, basics for further analysis and verification activities is given. Keywords: Security Analysis, Electronic Health Card, Health Care Telematics. 1 INTRODUCTION outlook. The current security status of health care in Abstract: This paper describes a technical security analysis which is based on experiments valuableahints for future Germany was evaluated and done in laboratory and verified in a physician’s practice. The health care telematics infrastructure in Germany stipulatesbe de- every In Germany, the Electronic Health Cardautomatically be given an electronic health smartcare sector could and a physician and every patient to (eHC) will developments in the health card (for patients) rived. replace the corresponding health as requested card law. health care providers). We analyzed these cards and the present health card professional by (for By establishing the eHC, several improvements, such The paper is based on a literature review (e.g. peripheral parts of the telematics infrastructure according to the ISO 27001 security standard. The as cost savings, betterattack scenarios show that there are several security & Security, peripheral parts of the German introduced ways of communication in the Computers issues in the Information Management & Computer Security, Information Systems Security, In- health care health carethe self-determination of the in-vulnerabilities we provide corresponding security measures to sector or telematics. Based on discovered sured person concerning medicalissues and supposed ternational Journal of Medical Informatics, Informa- overcome these open data, are derive conceivable consequences for the nation-wide introduction of to be achieved (Schabetsberger et al., 2006). electronic health card in Germany. tion Systems Journal, European Journal of Informa- The use of IT to administrate medical data of the tion Systems, International Journal of Information Se- insured, implicates the question, whether these sys- curity, security & privacy, Journal of computer secu- tems are safe enough to satisfy requirements like pri- rity, ACM Transaction on Information and Systems 1 vacy, safety, security and availability (Heeks, 2006). INTRODUCTION taking out a ACM Computing Surveys). insurance Security und loan or trying to find The secu- The data administrated by the eHC and its infras- (Anderson, 2001). Furthermore,inone’spaper differs rity analysis approach presented this reputation from other approaches due to the following aspects: During the is mosltly strictly confidential as it contains tructure next years in Germany the present health could get tarnished when the wrong pieces of own insurance card will be replaced by the health, personal information about peoples state of new sensitive medical sector; technical evaluation of se- Focus (health care information becomes publicly curity measures), being up-to-date (appliance of up- electronic of disease and hereditary diseases (Lorence course health card (eHC) (Sunyaev et al., 2009). accessible (Schneider, 2004). to-date techniques basedstandards) and regional dis- and Churchill, 2005). As for example insurance com- The introduction tends to improve the efficiency of This paper is and on extensive laboratory Dienstag, 14. Dezember 2010would be highly interested in panies or employers the health system and the patients’ rights (Bales, experiments and on detailed regional and political tinctions (located inagermany, review of gematik’s
Existing Security Analyses SECURITY ANALYSIS OF THE HEALTH CARE TELEMATICS • Network security INFRASTRUCTURE IN GERMANY • Access control policies Michael Huber, Ali Sunyaev and Helmut Krcmar Chair for Information Systems, Technische Universit¨ t M¨ nchen, Germany a u {hubermic, sunyaev, krcmar}@in.tum.de SECURITY ANALYSIS OF THE GERMAN ELECTRONIC • Peripheral parts HEALTH CARD’S PERIPHERAL PARTS (end-user systems) Keywords: Security analysis, Health Care Telematics, Electronic Health Card, Information Security Management Sys- tems. Ali Sunyaev, Alexander Kaletsch, Christian Mauro and Helmut Krcmar Chair for Information Systems, Technische Universität München, Boltzmannstraße 3, 85748 Garching, Germany Abstract: Securing the E-Health Cloud Based on ISO 27001 for Information Security Management Systems, this paper introduces a newly developed {sunyaev, kaletsch, mauro, krcmar}@in.tum.de security analysis approach, suitable for technical security analyses in general. This approach is used for a security analysis of several components and processes of the Health Care Telematics in Germany. Besides the • Platform security results of the analysis, basics for further analysis and verification activities is given. Hans Löhr Ahmad-Reza Sadeghi Marcel Winandy Horst Görtz Institute Horst Görtz Institute Horst Görtz Institute Keywords: Security Analysis, Electronic Health Card, IT SecurityTelematics. for IT Security for Health Care for IT Security Ruhr-University Bochum 1 INTRODUCTION Ruhr-University outlook. The current security status of health care in Bochum Ruhr-University Bochum Abstract: This paper describes a technical security Germany Germany Germany analysis which is based on experiments valuableahints for future Germany was evaluated and done in laboratory and verified in a physician’s practice. The health care telematics infrastructure in Germany stipulatesbe de- hans.loehr@trust.rub.de ahmad.sadeghi@trust.rub.de marcel.winandy@trust.rub.de every In Germany, the Electronic Health Cardautomatically be given an electronic health smartcare sector could and a physician and every patient to (eHC) will developments in the health card (for patients) rived. replace the corresponding health as requested card law. health care providers). We analyzed these cards and the present health card professional by (for By establishing the eHC, several improvements, such The paper is based on a literature review (e.g. ABSTRACT peripheral parts of the telematics infrastructurecountries in to the ISO 27001 security continuing The on according the recent years. There are standard. efforts as cost savings, betterattack scenarios show that there are several security & Security, peripheral parts of the German Computers Information Management & introduced ways of communication in the national and issues in the standardization for interoperabil- international health care health carethe self-determination of the in- sector or Modern information technology is increasingly used in health- Computer Security, Information Systems Security, In- care with the person concerning medical data, on discovered vulnerabilities we Journal corresponding security measures to to improvetelematics. Based are services sured goal overcome these open issues and supposed and enhance medical ity and data provide ternational exchange. Many different application scenarios of Medical Informatics, Informa- and to reduce costs. In this context, the outsourcing derive of conceivableenvisaged in electronic nation-wide (e-health), e.g., elec- are consequences for the healthcare introduction of to be achieved (Schabetsberger et al., 2006). tion Systemsrecords [12, 23, 22], accounting and billing [17, tronic health Journal, European Journal of Informa- computation and storage resources to in Germany.providers electronic health card general IT tion Systems, International Journal of Information Se- The use of ITbecome very appealing. data of the (cloud computing) has to administrate medical E-health 24], medical research, and trading intellectual property [15]. clouds insured, implicates the such as easy and ubiquitous offer new possibilities, question, whether these sys- curity, security & privacy, Journal of computer secu- In particular e-health systems like electronic health records tems are safe enough to satisfy requirements like pri- access to medical data, and opportunities for new business (EHRs) are Transaction on Informationin healthcare (e.g., rity, ACM believed to decrease costs and Systems 1 vacy, safety,they also bearavailabilityand raise 2006). taking outund and to Computing to find The secu- models. INTRODUCTION However, security and new risks (Heeks, chal- avoiding expensive doubletrying Surveys). insurance ad- Security a ACM or diagnoses, or repetitive drug loan lenges with respect to security and privacy aspects. infras- The data administrated by the eHC and its (Anderson, 2001). Furthermore, this reputation ministration) approach presented inone’spapermanagement rity analysis improve personal health differs In this paper,iswe point strictly confidential as it contains in general. approaches due to the following aspects: from other tructure mosltly out several shortcomings health During the next years in Germanyparticularly they do the present of cur- could get tarnished when the wrong the e-healthown pieces of personal information be replaced by the health, about peoples state of new rent e-health solutions and standards, Focus (health care sector; technical evaluation ofapproach Examples of national activities are sensitive medical information becomes publicly(eHC) se- not insurance ofclient willand hereditary which is a crucial address the card platform security, diseases (Lorence course disease in Austria [23], the German electronic Health Card curity measures), being up-to-date (appliance ofElectronic accessible (Schneider, 2004). up- aspect for the health card (eHC) e-health systems. 2009). electronic overall security of (Sunyaev et al., To fill system [12] under development, or the Taiwan and Churchill, 2005). As for example insurance com- this The introductiona tends to architecture for establishing gap, we present security improve the efficiency of Medical Record Templatestandards) and regional dis- in- to-date techniques based (TMT) [22]. In Germany each This paper is and on extensive laboratory Dienstag, 14. Dezember 2010would be highlyOur solution panies or employers interested in privacy domains in e-health the patients’ rights (Bales, sured person will get detailed regional and political tinctions (located inagermany, review of only contains ad- experiments and on a smartcard that not gematik’s the health system and infrastructures.
Existing Security Analyses SECURITY ANALYSIS OF THE HEALTH CARE TELEMATICS • Network security INFRASTRUCTURE IN GERMANY • Access control policies Michael Huber, Ali Sunyaev and Helmut Krcmar Chair for Information Systems, Technische Universit¨ t M¨ nchen, Germany a u {hubermic, sunyaev, krcmar}@in.tum.de SECURITY ANALYSIS OF THE GERMAN ELECTRONIC • Peripheral parts HEALTH CARD’S PERIPHERAL PARTS (end-user systems) Keywords: Security analysis, Health Care Telematics, Electronic Health Card, Information Security Management Sys- tems. Ali Sunyaev, Alexander Kaletsch, Christian Mauro and Helmut Krcmar Chair for Information Systems, Technische Universität München, Boltzmannstraße 3, 85748 Garching, Germany Abstract: Securing the E-Health Cloud Based on ISO 27001 for Information Security Management Systems, this paper introduces a newly developed {sunyaev, kaletsch, mauro, krcmar}@in.tum.de security analysis approach, suitable for technical security analyses in general. This approach is used for a security analysis of several components and processes of the Health Care Telematics in Germany. Besides the • Platform security results of the analysis, basics for further analysis and verification activities is given. Hans Löhr Ahmad-Reza Sadeghi Marcel Winandy Keywords: Horst Görtz Institute !"#$%&#'()*+,%*&&(#&%*$%-#)./$%0#/1+0'/)#% Ruhr-University Bochum 1 INTRODUCTION Horst Görtz Institute Security Analysis, Electronic Health Card, IT SecurityTelematics. for IT Security for Health Care Horst Görtz Institute for IT Security Ruhr-University outlook. The current security status of health care in This paper describes a technical security Germany Germany Bochum Ruhr-University Bochum Germany • Other open security issues Abstract: analysis which is based on experiments valuableahints for future Germany was evaluated and done in laboratory and +#1#./+*'&% verified in a physician’s practice. The health care telematics infrastructure in Germany stipulatesbe de- hans.loehr@trust.rub.de ahmad.sadeghi@trust.rub.de marcel.winandy@trust.rub.de every In Germany, the Electronic Health Cardautomatically be given an electronic health smartcare sector could and a physician and every patient to (eHC) will developments in the health card (for patients) rived. replace the corresponding health as requested card law. health care providers). We analyzed these cards and the present health card professional by (for By establishing the eHC, several improvements, such The paper is based on a literature review (e.g. ABSTRACT peripheral parts of the telematics !"#$%&'()*+$ infrastructurecountries in to the ISO 27001 security continuing The on according the recent years. There are standard. efforts as cost savings, betterattack scenarios show that there are several security & Security, peripheral parts of the German Computers Information Management & introduced ways of communication in the national and issues in the standardization for interoperabil- international health care health carethe self-determination of the in- sector or technology is increasingly used in health- Computer Security, Information Systems Security, In- Modern information!"#$%&'"(&)*+),(+*%'$&-./0)1".2(-/.2")3(-4"%/-&5&)67(.2"(0)68(-.20)9"%'$(:) care with the person concerning medical data, on discovered vulnerabilities we Journal corresponding security measures to to improvetelematics. Based are supposed ity and data provide ternational exchange. Many different application scenarios of Medical Informatics, Informa- sured goal overcome these open issues and/8(:$"4;-(<&8'<=") consequences for the nation-wide (e-health), e.g., elec- and enhance medical services and to reduce costs. In this context, the outsourcing derive of conceivableenvisaged in electronic healthcare introduction of are to be achieved (Schabetsberger et al., 2006). tion Systemsrecords [12, 23, 22], accounting and billing [17, tronic health Journal, European Journal of Informa- computation and storage resources to in Germany.providers electronic health card general IT The use of ITbecome very appealing. data of the (cloud computing) has to administrate medical E-health 24], medical International Journal of Information Se- tion Systems, ,)'$-)./0$1*#2*#34*.$ research, and trading intellectual property [15]. clouds insured, implicates the such as easy and ubiquitous offer new possibilities, question, whether these sys- curity, security & privacy, Journal of computer secu- In particular e-health systems like electronic health records !"#$%&'"(&)*+)>.*(*'-./0)3(-4"%/-&5&)?$//"@0)9"%'$(:) on Informationin healthcare (e.g., (EHRs) are Transaction decrease costs and Systems rity, ACM believed to tems are safe enough to satisfy requirements like pri- access to medical data, and opportunities for new business @"-'"-/&"%;8(-AB$//"@<=") expensive double diagnoses, or repetitive drug ad- avoiding und ACM Computing Surveys). insurance Security models. INTRODUCTION However, security and new risks (Heeks, chal- loan or trying to find The secu- 1 vacy, safety,they also bearavailabilityand raise 2006). taking out a and to improve personal health management lenges with respect to security and privacy aspects. infras- The data administrated by the eHC and its (Anderson, 2001). Furthermore, this reputation ministration) approach presented inone’spaper differs rity analysis 5*"2&4$6./2).$ get tarnished when the wrong pieces of own In this paper,iswe point strictly confidential as it contains tructure mosltly out several shortcomings health During the next years in Germanyparticularly they do the present of cur- in general. could other approaches activities are the e-health approach from due to the following aspects: Examples of national personal information be replaced by the health, about peoples state of new rent e-health solutions and standards, Focus (health care sector; technical evaluation of se- !"#$%&'"(&)*+),(+*%'$&-./0)1".2(-/.2")3(-4"%/-&5&)67(.2"(0)68(-.20)9"%'$(:) sensitive medical information becomes publicly not insurance ofclient willand hereditary which is B%.'$%;-(<&8'<=") measures), being up-to-date (appliance Card (eHC) address the card platform security, diseases a crucial course disease (Lorence in Austria [23], the German electronic Health curity accessible (Schneider, 2004). of up- electronic health card (eHC) e-health systems. 2009). aspect for the overall security of (Sunyaev et al., To fill system [12] under development, or the Taiwan Electronic and Churchill, 2005). As for example insurance com- this The introductiona tends to architecture for establishing gap, we present security improve the efficiency of Medical Record Templatestandards) and regional dis- in- to-date techniques based (TMT) [22]. In Germany each This paper is and on extensive laboratory Dienstag, 14. Dezember 2010would be highlyOur solution panies or employers interested in privacy domains in e-health the patients’ rights (Bales, sured person will get detailed regional and political tinctions (located inagermany, review of only contains ad- experiments and on a smartcard that not gematik’s the health system and infrastructures.
Open Problem: Card Management System !!! Dienstag, 14. Dezember 2010
Open Problem: Card Management System !!! Einführung der Gesundheitskarte Einführung der Gesundheitskarte Kartenmanagement eGK Facharchitektur Kartenmanagement eGK Fachkonzept Version: 1.6.0 Revision: main/rel_main/8 Stand: 07.07.2008 Status: freigegeben Version: 1.3.0 gematik_CMS_Facharchitektur_Kartenmanagement_eGK.doc Seite 1 von 81 Revision: main/rel_main/5 Version: 1.6.0 © gematik Stand: 07.07.2008 Stand: 20.06.2008 Status: freigegeben gematik_CMS_Fachkonzept_Kartenmanagement_eGK_V1.3.0.doc Seite 1 von 62 Version: 1.3.0 © gematik Stand: 20.06.2008 Dienstag, 14. Dezember 2010
Open Problem: Card Management System !!! Einführung der Gesundheitskarte Einführung der Gesundheitskarte Kartenmanagement eGK Facharchitektur Kartenmanagement eGK Fachkonzept Version: 1.6.0 Revision: main/rel_main/8 Stand: 07.07.2008 Status: freigegeben Version: 1.3.0 gematik_CMS_Facharchitektur_Kartenmanagement_eGK.doc Seite 1 von 81 Revision: main/rel_main/5 Version: 1.6.0 © gematik Stand: 07.07.2008 Stand: 20.06.2008 Status: freigegeben gematik_CMS_Fachkonzept_Kartenmanagement_eGK_V1.3.0.doc Seite 1 von 62 Version: 1.3.0 © gematik Stand: 20.06.2008 Dienstag, 14. Dezember 2010
Card Management System Dienstag, 14. Dezember 2010
Card Management System Dienstag, 14. Dezember 2010
Card Management System Dienstag, 14. Dezember 2010
Card Management System Dienstag, 14. Dezember 2010
Card Management System Dienstag, 14. Dezember 2010
Card Management System Dienstag, 14. Dezember 2010
Card Management System Dienstag, 14. Dezember 2010
Card Management System Dienstag, 14. Dezember 2010
Card Management System Dienstag, 14. Dezember 2010
Card Management System Dienstag, 14. Dezember 2010
Card Management System Dienstag, 14. Dezember 2010
Card Management System Dienstag, 14. Dezember 2010
Card Management System Dienstag, 14. Dezember 2010
Card Management System Dienstag, 14. Dezember 2010
(1) Conflicting Requirements • Security Requirement: „At any time, the card management is not allowed to obtain inform- ation about application contents [...] for which it is not authorized.“ „The card issuer MUST NOT get possession of unencrypted medical application data.“ • Availability Requirement: „When a replacement or renewal card is created, it MUST be assured that application data stored on a server (e.g., EHR) can be accessed using the new eHC.“ Dienstag, 14. Dezember 2010
(1) Conflicting Requirements • Security Requirement: „At any time, the card management is not technical obtain inform- Specification requires particular allowed to solution: ation about application contents [...] for which it is not authorized.“ „The following secret keys MUST be presently managed in „The card issuer MUST NOT get possession of unencrypted medical application data.“ card management: [a list of keys follows].“ the context of the • Availability Requirement: ⟹ Copies of the keys are stored !!! „When a replacement or renewal card is created, it MUST be assured that application data stored on a server (e.g., EHR) can be accessed using the new eHC.“ Dienstag, 14. Dezember 2010
Card Management System Dienstag, 14. Dezember 2010
Card Management System Dienstag, 14. Dezember 2010
Card Management System Dienstag, 14. Dezember 2010
(2) Creating Replacement Cards • Lost/stolen eHC or switching health insurance implies creating a replacement card • Copies of the keys from the old card are used: „All data required for the production of the card are available.“ „The card issuer may assign the creation of the card to one or more service providers.“ Dienstag, 14. Dezember 2010
Card Management System Dienstag, 14. Dezember 2010
Card Management System Dienstag, 14. Dezember 2010
(3) Re-Encrypting Data • Issuing replacement or renewal card implies re-encryption of data • Input needed for Card Issuer: ICCSN (eHC ID) • Input for the Application Operator: „[Card Issuer] transmits the ICCSN of the insured party and other data to the application operator.“ Application Operator „processes the application data“. Dienstag, 14. Dezember 2010
(3) Re-Encrypting Data • Issuing replacement or renewal card implies re-encryption of data • Input needed for Card Issuer: ICCSN (eHC ID) • Input for the Application Operator: „[Card Issuer] transmits the ICCSN of the insured party and other data to the application operator.“ Application Operator „processes the application data“. Dienstag, 14. Dezember 2010
(3) Re-Encrypting Data • Issuing replacement or renewal card implies re-encryption of data • Input needed for Card Issuer: ICCSN (eHC ID) • Input for the Application Operator: „[Card Issuer] transmits the ICCSN of the insured party and other data to the application operator.“ Application Operator „processes the application data“. Dienstag, 14. Dezember 2010
(3) Re-Encrypting Data • Issuing replacement or renewal card implies re-encryption of data • Input needed for Card Issuer: ICCSN (eHC ID) • Input for the Application Operator: „[Card Issuer] transmits the ICCSN of the insured party and other data to the application operator.“ Application Operator „processes the application data“. Dienstag, 14. Dezember 2010
Card Management System Dienstag, 14. Dezember 2010
Card Management System Dienstag, 14. Dezember 2010
Card Management System Violation of Data Sovereignty of the Patient !!!! Dienstag, 14. Dezember 2010
Conclusion • German E-Health Card: complex security architecture • Card Management System has serious flaws: • Copies of the secret keys of the patients are stored and could spread to other (unauthorized) parties • Data Sovereignty of the patient is violated! • Possible solution: remove technical requirement (instead: designs could use, e.g., secret key sharing) Dienstag, 14. Dezember 2010
Conclusion • German E-Health Card: complex security architecture • Card Management System has serious flaws: • Copies of the secret keys of the patients are stored and could spread to other (unauthorized) parties • Data Sovereignty of the patient is violated! • Possible solution: remove technical requirement (instead: designs could use, e.g., secret key sharing) MediTrust (Platform security for end-users) Dienstag, 14. Dezember 2010
Conclusion • German E-Health Card: complex security architecture • Card Management System has serious flaws: • Copies of the secret keys of the patients are stored and could spread to other (unauthorized) parties • Data Sovereignty of the patient is violated! • Possible solution: remove technical requirement (instead: designs could use, e.g., secret key sharing) MediTrust (Platform security for end-users) eBPG (Alternative security solution for eBusiness Plattform Gesundheit accessing electronic health records) Dienstag, 14. Dezember 2010
Questions? Contact: Marcel Winandy Ruhr-University Bochum marcel.winandy@trust.rub.de http://www.trust.rub.de Twitter: @marwinK Dienstag, 14. Dezember 2010

Recommended

European Journal Epractice Volume 8.2
European Journal Epractice Volume 8.2European Journal Epractice Volume 8.2
European Journal Epractice Volume 8.2ePractice.eu
 
An automated health care computing model for continuous monitoring of patient...
An automated health care computing model for continuous monitoring of patient...An automated health care computing model for continuous monitoring of patient...
An automated health care computing model for continuous monitoring of patient...Made Artha
 
Ijcet 06 06_004
Ijcet 06 06_004Ijcet 06 06_004
Ijcet 06 06_004IAEME Publication
 
iCareU Usage based Insurance in India
iCareU Usage based Insurance in IndiaiCareU Usage based Insurance in India
iCareU Usage based Insurance in IndiaWadhwani Foundation
 
Insurance Telematics Study
Insurance Telematics StudyInsurance Telematics Study
Insurance Telematics Studybukszi
 
Experience and Outcomes of the New German Electronic ID Card
Experience and Outcomes of the New German Electronic ID CardExperience and Outcomes of the New German Electronic ID Card
Experience and Outcomes of the New German Electronic ID CardAtos_Worldline
 
Al Amaan Medical Record
Al Amaan Medical RecordAl Amaan Medical Record
Al Amaan Medical RecordDrHesham El Dabah
 
Canadian Healthcare System
Canadian Healthcare SystemCanadian Healthcare System
Canadian Healthcare SystemThiha Naing
 

Recommended

European Journal Epractice Volume 8.2
European Journal Epractice Volume 8.2European Journal Epractice Volume 8.2
European Journal Epractice Volume 8.2ePractice.eu
 
An automated health care computing model for continuous monitoring of patient...
An automated health care computing model for continuous monitoring of patient...An automated health care computing model for continuous monitoring of patient...
An automated health care computing model for continuous monitoring of patient...Made Artha
 
Ijcet 06 06_004
Ijcet 06 06_004Ijcet 06 06_004
Ijcet 06 06_004IAEME Publication
 
iCareU Usage based Insurance in India
iCareU Usage based Insurance in IndiaiCareU Usage based Insurance in India
iCareU Usage based Insurance in IndiaWadhwani Foundation
 
Insurance Telematics Study
Insurance Telematics StudyInsurance Telematics Study
Insurance Telematics Studybukszi
 
Experience and Outcomes of the New German Electronic ID Card
Experience and Outcomes of the New German Electronic ID CardExperience and Outcomes of the New German Electronic ID Card
Experience and Outcomes of the New German Electronic ID CardAtos_Worldline
 
Al Amaan Medical Record
Al Amaan Medical RecordAl Amaan Medical Record
Al Amaan Medical RecordDrHesham El Dabah
 
Canadian Healthcare System
Canadian Healthcare SystemCanadian Healthcare System
Canadian Healthcare SystemThiha Naing
 
Gregory Taylor, Deputy Chief Public Health Officer, Public Health Agency of C...
Gregory Taylor, Deputy Chief Public Health Officer, Public Health Agency of C...Gregory Taylor, Deputy Chief Public Health Officer, Public Health Agency of C...
Gregory Taylor, Deputy Chief Public Health Officer, Public Health Agency of C...Sosiaali- ja terveysministeriö / yleiset
 
Electronic Patient Record Development following GEMSS 2 - Will Lusher
Electronic Patient Record Development following GEMSS 2 - Will LusherElectronic Patient Record Development following GEMSS 2 - Will Lusher
Electronic Patient Record Development following GEMSS 2 - Will LusherMS Trust
 
Addressing Security in the Automotive Industry
Addressing Security in the Automotive IndustryAddressing Security in the Automotive Industry
Addressing Security in the Automotive IndustrySasken Technologies Ltd.
 
Insurtech.news - INSIGHT: INSURANCE INTERNET OF THINGS INDUSTRY SURVEY
Insurtech.news - INSIGHT: INSURANCE INTERNET OF THINGS INDUSTRY SURVEYInsurtech.news - INSIGHT: INSURANCE INTERNET OF THINGS INDUSTRY SURVEY
Insurtech.news - INSIGHT: INSURANCE INTERNET OF THINGS INDUSTRY SURVEYInsurtechNews.com
 
Rooban
RoobanRooban
Roobanyopirates
 
Rethinking the Insurance Business in a Connected World - Insurance IoT EU Sum...
Rethinking the Insurance Business in a Connected World - Insurance IoT EU Sum...Rethinking the Insurance Business in a Connected World - Insurance IoT EU Sum...
Rethinking the Insurance Business in a Connected World - Insurance IoT EU Sum...Praveen Velichety
 
Health care system in canada
Health care system in canadaHealth care system in canada
Health care system in canadaTamanna
 
How the Internet of Things will disrupt your industry (Avanade Inspire 2015)
How the Internet of Things will disrupt your industry (Avanade Inspire 2015)How the Internet of Things will disrupt your industry (Avanade Inspire 2015)
How the Internet of Things will disrupt your industry (Avanade Inspire 2015)Geert van der Cruijsen
 
Learn How to Prepare for Usage Based Insurance Roll-Out
Learn How to Prepare for Usage Based Insurance Roll-OutLearn How to Prepare for Usage Based Insurance Roll-Out
Learn How to Prepare for Usage Based Insurance Roll-OutRuthana Foulkes
 
Insurtech what’s in it for the customer
Insurtech what’s in it for the customerInsurtech what’s in it for the customer
Insurtech what’s in it for the customerMatteo Carbone
 
IoT: Disruption and Opportunity in the Insurance Industry
IoT: Disruption and Opportunity in the Insurance IndustryIoT: Disruption and Opportunity in the Insurance Industry
IoT: Disruption and Opportunity in the Insurance IndustryNTT DATA Consulting, Inc.
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment SystemRitesh Goyal
 
User Research im Kontext - Erfolg von Produkten und Services durch Contextual...
User Research im Kontext - Erfolg von Produkten und Services durch Contextual...User Research im Kontext - Erfolg von Produkten und Services durch Contextual...
User Research im Kontext - Erfolg von Produkten und Services durch Contextual...Marc Busch
 
LinkedIn SlideShare: Knowledge, Well-Presented
LinkedIn SlideShare: Knowledge, Well-PresentedLinkedIn SlideShare: Knowledge, Well-Presented
LinkedIn SlideShare: Knowledge, Well-PresentedSlideShare
 
Securing the e health cloud
Securing the e health cloudSecuring the e health cloud
Securing the e health cloudBong Young Sung
 
Computers in medicine (revised) 2 (1)
Computers in medicine (revised) 2 (1)Computers in medicine (revised) 2 (1)
Computers in medicine (revised) 2 (1)Abhijit Mukherji
 
An Data Center Solution Architecture Architecture For Advanced Healthcare Mon...
An Data Center Solution Architecture Architecture For Advanced Healthcare Mon...An Data Center Solution Architecture Architecture For Advanced Healthcare Mon...
An Data Center Solution Architecture Architecture For Advanced Healthcare Mon...ijceronline
 
Future Internet of IoT- A Survey of Healthcare Internet of Things (HIoT) : A ...
Future Internet of IoT- A Survey of Healthcare Internet of Things (HIoT) : A ...Future Internet of IoT- A Survey of Healthcare Internet of Things (HIoT) : A ...
Future Internet of IoT- A Survey of Healthcare Internet of Things (HIoT) : A ...M Shamim Iqbal
 
IoT tietoturva terveydenhuollossa, 2017-03-21, gko
IoT tietoturva terveydenhuollossa, 2017-03-21, gkoIoT tietoturva terveydenhuollossa, 2017-03-21, gko
IoT tietoturva terveydenhuollossa, 2017-03-21, gkoGlen Koskela
 
Intelligent data analysis for medicinal diagnosis
Intelligent data analysis for medicinal diagnosisIntelligent data analysis for medicinal diagnosis
Intelligent data analysis for medicinal diagnosisIRJET Journal
 
Secret key generation
Secret key generationSecret key generation
Secret key generationKarthikeyan Ece venkatesan
 
Secure Transmission of Patient Physiological Information in Point of Care System
Secure Transmission of Patient Physiological Information in Point of Care SystemSecure Transmission of Patient Physiological Information in Point of Care System
Secure Transmission of Patient Physiological Information in Point of Care SystemIJTET Journal
 

More Related Content

Viewers also liked

Gregory Taylor, Deputy Chief Public Health Officer, Public Health Agency of C...
Gregory Taylor, Deputy Chief Public Health Officer, Public Health Agency of C...Gregory Taylor, Deputy Chief Public Health Officer, Public Health Agency of C...
Gregory Taylor, Deputy Chief Public Health Officer, Public Health Agency of C...Sosiaali- ja terveysministeriö / yleiset
 
Electronic Patient Record Development following GEMSS 2 - Will Lusher
Electronic Patient Record Development following GEMSS 2 - Will LusherElectronic Patient Record Development following GEMSS 2 - Will Lusher
Electronic Patient Record Development following GEMSS 2 - Will LusherMS Trust
 
Addressing Security in the Automotive Industry
Addressing Security in the Automotive IndustryAddressing Security in the Automotive Industry
Addressing Security in the Automotive IndustrySasken Technologies Ltd.
 
Insurtech.news - INSIGHT: INSURANCE INTERNET OF THINGS INDUSTRY SURVEY
Insurtech.news - INSIGHT: INSURANCE INTERNET OF THINGS INDUSTRY SURVEYInsurtech.news - INSIGHT: INSURANCE INTERNET OF THINGS INDUSTRY SURVEY
Insurtech.news - INSIGHT: INSURANCE INTERNET OF THINGS INDUSTRY SURVEYInsurtechNews.com
 
Rethinking the Insurance Business in a Connected World - Insurance IoT EU Sum...
Rethinking the Insurance Business in a Connected World - Insurance IoT EU Sum...Rethinking the Insurance Business in a Connected World - Insurance IoT EU Sum...
Rethinking the Insurance Business in a Connected World - Insurance IoT EU Sum...Praveen Velichety
 
Health care system in canada
Health care system in canadaHealth care system in canada
Health care system in canadaTamanna
 
How the Internet of Things will disrupt your industry (Avanade Inspire 2015)
How the Internet of Things will disrupt your industry (Avanade Inspire 2015)How the Internet of Things will disrupt your industry (Avanade Inspire 2015)
How the Internet of Things will disrupt your industry (Avanade Inspire 2015)Geert van der Cruijsen
 
Learn How to Prepare for Usage Based Insurance Roll-Out
Learn How to Prepare for Usage Based Insurance Roll-OutLearn How to Prepare for Usage Based Insurance Roll-Out
Learn How to Prepare for Usage Based Insurance Roll-OutRuthana Foulkes
 
Insurtech what’s in it for the customer
Insurtech what’s in it for the customerInsurtech what’s in it for the customer
Insurtech what’s in it for the customerMatteo Carbone
 
IoT: Disruption and Opportunity in the Insurance Industry
IoT: Disruption and Opportunity in the Insurance IndustryIoT: Disruption and Opportunity in the Insurance Industry
IoT: Disruption and Opportunity in the Insurance IndustryNTT DATA Consulting, Inc.
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment SystemRitesh Goyal
 
User Research im Kontext - Erfolg von Produkten und Services durch Contextual...
User Research im Kontext - Erfolg von Produkten und Services durch Contextual...User Research im Kontext - Erfolg von Produkten und Services durch Contextual...
User Research im Kontext - Erfolg von Produkten und Services durch Contextual...Marc Busch
 
LinkedIn SlideShare: Knowledge, Well-Presented
LinkedIn SlideShare: Knowledge, Well-PresentedLinkedIn SlideShare: Knowledge, Well-Presented
LinkedIn SlideShare: Knowledge, Well-PresentedSlideShare
 

Viewers also liked (14)

Gregory Taylor, Deputy Chief Public Health Officer, Public Health Agency of C...
Gregory Taylor, Deputy Chief Public Health Officer, Public Health Agency of C...Gregory Taylor, Deputy Chief Public Health Officer, Public Health Agency of C...
Gregory Taylor, Deputy Chief Public Health Officer, Public Health Agency of C...
 
Electronic Patient Record Development following GEMSS 2 - Will Lusher
Electronic Patient Record Development following GEMSS 2 - Will LusherElectronic Patient Record Development following GEMSS 2 - Will Lusher
Electronic Patient Record Development following GEMSS 2 - Will Lusher
 
Addressing Security in the Automotive Industry
Addressing Security in the Automotive IndustryAddressing Security in the Automotive Industry
Addressing Security in the Automotive Industry
 
Insurtech.news - INSIGHT: INSURANCE INTERNET OF THINGS INDUSTRY SURVEY
Insurtech.news - INSIGHT: INSURANCE INTERNET OF THINGS INDUSTRY SURVEYInsurtech.news - INSIGHT: INSURANCE INTERNET OF THINGS INDUSTRY SURVEY
Insurtech.news - INSIGHT: INSURANCE INTERNET OF THINGS INDUSTRY SURVEY
 
Rooban
RoobanRooban
Rooban
 
Rethinking the Insurance Business in a Connected World - Insurance IoT EU Sum...
Rethinking the Insurance Business in a Connected World - Insurance IoT EU Sum...Rethinking the Insurance Business in a Connected World - Insurance IoT EU Sum...
Rethinking the Insurance Business in a Connected World - Insurance IoT EU Sum...
 
Health care system in canada
Health care system in canadaHealth care system in canada
Health care system in canada
 
How the Internet of Things will disrupt your industry (Avanade Inspire 2015)
How the Internet of Things will disrupt your industry (Avanade Inspire 2015)How the Internet of Things will disrupt your industry (Avanade Inspire 2015)
How the Internet of Things will disrupt your industry (Avanade Inspire 2015)
 
Learn How to Prepare for Usage Based Insurance Roll-Out
Learn How to Prepare for Usage Based Insurance Roll-OutLearn How to Prepare for Usage Based Insurance Roll-Out
Learn How to Prepare for Usage Based Insurance Roll-Out
 
Insurtech what’s in it for the customer
Insurtech what’s in it for the customerInsurtech what’s in it for the customer
Insurtech what’s in it for the customer
 
IoT: Disruption and Opportunity in the Insurance Industry
IoT: Disruption and Opportunity in the Insurance IndustryIoT: Disruption and Opportunity in the Insurance Industry
IoT: Disruption and Opportunity in the Insurance Industry
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment System
 
User Research im Kontext - Erfolg von Produkten und Services durch Contextual...
User Research im Kontext - Erfolg von Produkten und Services durch Contextual...User Research im Kontext - Erfolg von Produkten und Services durch Contextual...
User Research im Kontext - Erfolg von Produkten und Services durch Contextual...
 
LinkedIn SlideShare: Knowledge, Well-Presented
LinkedIn SlideShare: Knowledge, Well-PresentedLinkedIn SlideShare: Knowledge, Well-Presented
LinkedIn SlideShare: Knowledge, Well-Presented
 

Similar to A Note on the Security in the Card Management System of the German E-Health Card

Securing the e health cloud
Securing the e health cloudSecuring the e health cloud
Securing the e health cloudBong Young Sung
 
Computers in medicine (revised) 2 (1)
Computers in medicine (revised) 2 (1)Computers in medicine (revised) 2 (1)
Computers in medicine (revised) 2 (1)Abhijit Mukherji
 
An Data Center Solution Architecture Architecture For Advanced Healthcare Mon...
An Data Center Solution Architecture Architecture For Advanced Healthcare Mon...An Data Center Solution Architecture Architecture For Advanced Healthcare Mon...
An Data Center Solution Architecture Architecture For Advanced Healthcare Mon...ijceronline
 
Future Internet of IoT- A Survey of Healthcare Internet of Things (HIoT) : A ...
Future Internet of IoT- A Survey of Healthcare Internet of Things (HIoT) : A ...Future Internet of IoT- A Survey of Healthcare Internet of Things (HIoT) : A ...
Future Internet of IoT- A Survey of Healthcare Internet of Things (HIoT) : A ...M Shamim Iqbal
 
IoT tietoturva terveydenhuollossa, 2017-03-21, gko
IoT tietoturva terveydenhuollossa, 2017-03-21, gkoIoT tietoturva terveydenhuollossa, 2017-03-21, gko
IoT tietoturva terveydenhuollossa, 2017-03-21, gkoGlen Koskela
 
Intelligent data analysis for medicinal diagnosis
Intelligent data analysis for medicinal diagnosisIntelligent data analysis for medicinal diagnosis
Intelligent data analysis for medicinal diagnosisIRJET Journal
 
Secure Transmission of Patient Physiological Information in Point of Care System
Secure Transmission of Patient Physiological Information in Point of Care SystemSecure Transmission of Patient Physiological Information in Point of Care System
Secure Transmission of Patient Physiological Information in Point of Care SystemIJTET Journal
 
eHealth_Bulgaria
eHealth_BulgariaeHealth_Bulgaria
eHealth_Bulgariatobyo_init
 
[DSC Europe 23][DigiHealth] Vladimir Brusic - SMART HEALTH HOME: Technology,...
[DSC Europe 23][DigiHealth] Vladimir Brusic - SMART HEALTH HOME: Technology,...[DSC Europe 23][DigiHealth] Vladimir Brusic - SMART HEALTH HOME: Technology,...
[DSC Europe 23][DigiHealth] Vladimir Brusic - SMART HEALTH HOME: Technology,...DataScienceConferenc1
 
Health IT & Picture Archiving and Communication Systems
Health IT & Picture Archiving and Communication SystemsHealth IT & Picture Archiving and Communication Systems
Health IT & Picture Archiving and Communication SystemsRogier Van de Wetering, PhD
 
CTIT and Innovation, Iddo Bante
CTIT and Innovation, Iddo BanteCTIT and Innovation, Iddo Bante
CTIT and Innovation, Iddo BanteIddo Bante
 
1-78-blockchainandhealthitalgorithmsprivacydata_whitepaper
1-78-blockchainandhealthitalgorithmsprivacydata_whitepaper1-78-blockchainandhealthitalgorithmsprivacydata_whitepaper
1-78-blockchainandhealthitalgorithmsprivacydata_whitepaperRaúl van Riezen
 
Cisco Medical Data Exchange Solution
Cisco Medical Data Exchange SolutionCisco Medical Data Exchange Solution
Cisco Medical Data Exchange SolutionMainstay
 
Opportunistic Computing Framework for Mobile-Healthcare Emergency
Opportunistic Computing Framework for Mobile-Healthcare EmergencyOpportunistic Computing Framework for Mobile-Healthcare Emergency
Opportunistic Computing Framework for Mobile-Healthcare EmergencyAM Publications
 
Nur 3563 cis_group_project
Nur 3563 cis_group_projectNur 3563 cis_group_project
Nur 3563 cis_group_projectCindi Aurentz
 
Sensor networks for personalized health monitoring - Vladimir Brusic
Sensor networks for personalized health monitoring - Vladimir BrusicSensor networks for personalized health monitoring - Vladimir Brusic
Sensor networks for personalized health monitoring - Vladimir BrusicInstitute of Contemporary Sciences
 

Similar to A Note on the Security in the Card Management System of the German E-Health Card (20)

Securing the e health cloud
Securing the e health cloudSecuring the e health cloud
Securing the e health cloud
 
Computers in medicine (revised) 2 (1)
Computers in medicine (revised) 2 (1)Computers in medicine (revised) 2 (1)
Computers in medicine (revised) 2 (1)
 
An Data Center Solution Architecture Architecture For Advanced Healthcare Mon...
An Data Center Solution Architecture Architecture For Advanced Healthcare Mon...An Data Center Solution Architecture Architecture For Advanced Healthcare Mon...
An Data Center Solution Architecture Architecture For Advanced Healthcare Mon...
 
Future Internet of IoT- A Survey of Healthcare Internet of Things (HIoT) : A ...
Future Internet of IoT- A Survey of Healthcare Internet of Things (HIoT) : A ...Future Internet of IoT- A Survey of Healthcare Internet of Things (HIoT) : A ...
Future Internet of IoT- A Survey of Healthcare Internet of Things (HIoT) : A ...
 
IoT tietoturva terveydenhuollossa, 2017-03-21, gko
IoT tietoturva terveydenhuollossa, 2017-03-21, gkoIoT tietoturva terveydenhuollossa, 2017-03-21, gko
IoT tietoturva terveydenhuollossa, 2017-03-21, gko
 
Intelligent data analysis for medicinal diagnosis
Intelligent data analysis for medicinal diagnosisIntelligent data analysis for medicinal diagnosis
Intelligent data analysis for medicinal diagnosis
 
Secret key generation
Secret key generationSecret key generation
Secret key generation
 
Secure Transmission of Patient Physiological Information in Point of Care System
Secure Transmission of Patient Physiological Information in Point of Care SystemSecure Transmission of Patient Physiological Information in Point of Care System
Secure Transmission of Patient Physiological Information in Point of Care System
 
eHealth_Bulgaria
eHealth_BulgariaeHealth_Bulgaria
eHealth_Bulgaria
 
Image data beyond radiology: new developments
Image data beyond radiology: new developmentsImage data beyond radiology: new developments
Image data beyond radiology: new developments
 
[DSC Europe 23][DigiHealth] Vladimir Brusic - SMART HEALTH HOME: Technology,...
[DSC Europe 23][DigiHealth] Vladimir Brusic - SMART HEALTH HOME: Technology,...[DSC Europe 23][DigiHealth] Vladimir Brusic - SMART HEALTH HOME: Technology,...
[DSC Europe 23][DigiHealth] Vladimir Brusic - SMART HEALTH HOME: Technology,...
 
Health IT & Picture Archiving and Communication Systems
Health IT & Picture Archiving and Communication SystemsHealth IT & Picture Archiving and Communication Systems
Health IT & Picture Archiving and Communication Systems
 
CTIT and Innovation, Iddo Bante
CTIT and Innovation, Iddo BanteCTIT and Innovation, Iddo Bante
CTIT and Innovation, Iddo Bante
 
Virkki presentation VTT SmartHealth Ecosystem Event 12.6.2019
Virkki presentation VTT SmartHealth Ecosystem Event 12.6.2019Virkki presentation VTT SmartHealth Ecosystem Event 12.6.2019
Virkki presentation VTT SmartHealth Ecosystem Event 12.6.2019
 
1-78-blockchainandhealthitalgorithmsprivacydata_whitepaper
1-78-blockchainandhealthitalgorithmsprivacydata_whitepaper1-78-blockchainandhealthitalgorithmsprivacydata_whitepaper
1-78-blockchainandhealthitalgorithmsprivacydata_whitepaper
 
Cisco Medical Data Exchange Solution
Cisco Medical Data Exchange SolutionCisco Medical Data Exchange Solution
Cisco Medical Data Exchange Solution
 
Integration MT and IT
Integration MT and ITIntegration MT and IT
Integration MT and IT
 
Opportunistic Computing Framework for Mobile-Healthcare Emergency
Opportunistic Computing Framework for Mobile-Healthcare EmergencyOpportunistic Computing Framework for Mobile-Healthcare Emergency
Opportunistic Computing Framework for Mobile-Healthcare Emergency
 
Nur 3563 cis_group_project
Nur 3563 cis_group_projectNur 3563 cis_group_project
Nur 3563 cis_group_project
 
Sensor networks for personalized health monitoring - Vladimir Brusic
Sensor networks for personalized health monitoring - Vladimir BrusicSensor networks for personalized health monitoring - Vladimir Brusic
Sensor networks for personalized health monitoring - Vladimir Brusic
 

More from Marcel Winandy

Security Patterns - An Introduction
Security Patterns - An IntroductionSecurity Patterns - An Introduction
Security Patterns - An IntroductionMarcel Winandy
 
Applying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysApplying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysMarcel Winandy
 
Uni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One DeviceUni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One DeviceMarcel Winandy
 
MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...
MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...
MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...Marcel Winandy
 
Securing the E-Health Cloud
Securing the E-Health CloudSecuring the E-Health Cloud
Securing the E-Health CloudMarcel Winandy
 
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop EnvironmentsTrusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop EnvironmentsMarcel Winandy
 
Patterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer SystemsPatterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer SystemsMarcel Winandy
 
A Pattern for Secure Graphical User Interface Systems
A Pattern for Secure Graphical User Interface SystemsA Pattern for Secure Graphical User Interface Systems
A Pattern for Secure Graphical User Interface SystemsMarcel Winandy
 
TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
TruWallet: Trustworthy and Migratable Wallet-Based Web AuthenticationTruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
TruWallet: Trustworthy and Migratable Wallet-Based Web AuthenticationMarcel Winandy
 
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...Marcel Winandy
 
Modeling Trusted Computing Support in a Protection Profile for High Assurance...
Modeling Trusted Computing Support in a Protection Profile for High Assurance...Modeling Trusted Computing Support in a Protection Profile for High Assurance...
Modeling Trusted Computing Support in a Protection Profile for High Assurance...Marcel Winandy
 
Property-Based TPM Virtualization
Property-Based TPM VirtualizationProperty-Based TPM Virtualization
Property-Based TPM VirtualizationMarcel Winandy
 
Compartmented Security for Browsers
Compartmented Security for BrowsersCompartmented Security for Browsers
Compartmented Security for BrowsersMarcel Winandy
 

More from Marcel Winandy (13)

Security Patterns - An Introduction
Security Patterns - An IntroductionSecurity Patterns - An Introduction
Security Patterns - An Introduction
 
Applying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysApplying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter Gateways
 
Uni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One DeviceUni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One Device
 
MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...
MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...
MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...
 
Securing the E-Health Cloud
Securing the E-Health CloudSecuring the E-Health Cloud
Securing the E-Health Cloud
 
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop EnvironmentsTrusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
 
Patterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer SystemsPatterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer Systems
 
A Pattern for Secure Graphical User Interface Systems
A Pattern for Secure Graphical User Interface SystemsA Pattern for Secure Graphical User Interface Systems
A Pattern for Secure Graphical User Interface Systems
 
TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
TruWallet: Trustworthy and Migratable Wallet-Based Web AuthenticationTruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
 
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...
 
Modeling Trusted Computing Support in a Protection Profile for High Assurance...
Modeling Trusted Computing Support in a Protection Profile for High Assurance...Modeling Trusted Computing Support in a Protection Profile for High Assurance...
Modeling Trusted Computing Support in a Protection Profile for High Assurance...
 
Property-Based TPM Virtualization
Property-Based TPM VirtualizationProperty-Based TPM Virtualization
Property-Based TPM Virtualization
 
Compartmented Security for Browsers
Compartmented Security for BrowsersCompartmented Security for Browsers
Compartmented Security for Browsers
 

A Note on the Security in the Card Management System of the German E-Health Card

  • 1. A Note on the Security in the Card Management System of the German E-Health Card Marcel Winandy (Ruhr-University Bochum) 3rd International ICST Conference on Electronic Healthcare for the 21st Century (eHealth 2010) Casablanca, Morocco, 13-15 December 2010 Dienstag, 14. Dezember 2010
  • 2. Introduction • The German electronic Health Card (eHC) • Core component of the Healthcare Telematics • Each insured person will have such a card • Supposed to enable new applications • Smartcard with small storage + cryptographic functions • German Healthcare Telematics • Under development, going to be rolled out "soon" (originally 2006) • Specifications by Gematik (company organization of health institutions) • Health Professional Card (HPC) • Similar card for all health professionals • For identification, authentication, digital signatures Dienstag, 14. Dezember 2010
  • 3. Introduction: Use Cases of eHC Obligatory: Optional: • Identification, • Medical Emergency Data Authentication - directly stored on eHC - personalized cards - individual cryptographic keys • Medication History • European Health • Electronic Health Records - centrally stored on servers Insurance Card (EHIC) (in encrypted format) - printed on the backside - eHC used to encrypt/decrypt • Electronic Prescription and authorize access (via PIN) - issuing and filling - directly stored on eHC • Other applications Dienstag, 14. Dezember 2010
  • 4. Introduction: Security & Privacy • German law requires strong privacy: "Data Sovereignty" (§291a.5 SGB V) „Only the patient can define who may access the data associated with the eHC.“ • German Ministry of Health*: eHC basic security requirements „Authentication, authorization, and audit mechanisms have to be chosen so that the data sovereignty of the insured party can be taken for granted.“ * German Federal Ministry of Health: „Entscheidungsvorlage - Festlegung der Authentisierungs-, Autorisierungs- und Auditmechanismen der Telematikinfrastruktur für die Fachanwendungen“,Version 0.9.0, March 2006. Dienstag, 14. Dezember 2010
  • 13. German Healthcare Telematics Healthcare Telematics Boundary Dienstag, 14. Dezember 2010
  • 14. German Healthcare Telematics Healthcare Telematics Boundary Dienstag, 14. Dezember 2010
  • 15. German Healthcare Telematics Healthcare Telematics Boundary Dienstag, 14. Dezember 2010
  • 16. German Healthcare Telematics Healthcare Telematics Boundary eHC Dienstag, 14. Dezember 2010
  • 17. German Healthcare Telematics Healthcare Telematics Boundary HPC eHC Dienstag, 14. Dezember 2010
  • 18. German Healthcare Telematics Healthcare Telematics Boundary HPC eHC Dienstag, 14. Dezember 2010
  • 19. German Healthcare Telematics Healthcare Telematics Boundary HPC eHC Dienstag, 14. Dezember 2010
  • 21. Existing Security Analyses SECURITY ANALYSIS OF THE HEALTH CARE TELEMATICS • Network security INFRASTRUCTURE IN GERMANY • Access control policies Michael Huber, Ali Sunyaev and Helmut Krcmar Chair for Information Systems, Technische Universit¨ t M¨ nchen, Germany a u {hubermic, sunyaev, krcmar}@in.tum.de Keywords: Security analysis, Health Care Telematics, Electronic Health Card, Information Security Management Sys- tems. Abstract: Based on ISO 27001 for Information Security Management Systems, this paper introduces a newly developed security analysis approach, suitable for technical security analyses in general. This approach is used for a security analysis of several components and processes of the Health Care Telematics in Germany. Besides the results of the analysis, basics for further analysis and verification activities is given. 1 INTRODUCTION outlook. The current security status of health care in Germany was evaluated and valuable hints for future In Germany, the Electronic Health Card (eHC) will developments in the health care sector could be de- replace the present health card as requested by law. rived. By establishing the eHC, several improvements, such The paper is based on a literature review (e.g. as cost savings, better ways of communication in the Computers & Security, Information Management & health care sector or the self-determination of the in- Computer Security, Information Systems Security, In- sured person concerning medical data, are supposed ternational Journal of Medical Informatics, Informa- to be achieved (Schabetsberger et al., 2006). tion Systems Journal, European Journal of Informa- The use of IT to administrate medical data of the tion Systems, International Journal of Information Se- insured, implicates the question, whether these sys- curity, security & privacy, Journal of computer secu- tems are safe enough to satisfy requirements like pri- rity, ACM Transaction on Information and Systems vacy, safety, security and availability (Heeks, 2006). Security und ACM Computing Surveys). The secu- The data administrated by the eHC and its infras- rity analysis approach presented in this paper differs tructure is mosltly strictly confidential as it contains from other approaches due to the following aspects: personal information about peoples state of health, Focus (health care sector; technical evaluation of se- course of disease and hereditary diseases (Lorence curity measures), being up-to-date (appliance of up- and Churchill, 2005). As for example insurance com- to-date techniques and standards) and regional dis- Dienstag, 14. Dezember 2010would be highly interested in panies or employers tinctions (located in germany, regional and political
  • 22. Existing Security Analyses SECURITY ANALYSIS OF THE HEALTH CARE TELEMATICS • Network security INFRASTRUCTURE IN GERMANY • Access control policies Michael Huber, Ali Sunyaev and Helmut Krcmar Chair for Information Systems, Technische Universit¨ t M¨ nchen, Germany a u {hubermic, sunyaev, krcmar}@in.tum.de SECURITY ANALYSIS OF THE GERMAN ELECTRONIC • Peripheral parts HEALTH CARD’S PERIPHERAL PARTS (end-user systems) Keywords: Security analysis, Health Care Telematics, Electronic Health Card, Information Security Management Sys- tems. Ali Sunyaev, Alexander Kaletsch, Christian Mauro and Helmut Krcmar Chair for Information Systems, Technische Universität München, Boltzmannstraße 3, 85748 Garching, Germany Abstract: Based on ISO 27001 for Information Security Management Systems, this paper introduces a newly developed {sunyaev, kaletsch, mauro, krcmar}@in.tum.de security analysis approach, suitable for technical security analyses in general. This approach is used for a security analysis of several components and processes of the Health Care Telematics in Germany. Besides the results of the analysis, basics for further analysis and verification activities is given. Keywords: Security Analysis, Electronic Health Card, Health Care Telematics. 1 INTRODUCTION outlook. The current security status of health care in Abstract: This paper describes a technical security analysis which is based on experiments valuableahints for future Germany was evaluated and done in laboratory and verified in a physician’s practice. The health care telematics infrastructure in Germany stipulatesbe de- every In Germany, the Electronic Health Cardautomatically be given an electronic health smartcare sector could and a physician and every patient to (eHC) will developments in the health card (for patients) rived. replace the corresponding health as requested card law. health care providers). We analyzed these cards and the present health card professional by (for By establishing the eHC, several improvements, such The paper is based on a literature review (e.g. peripheral parts of the telematics infrastructure according to the ISO 27001 security standard. The as cost savings, betterattack scenarios show that there are several security & Security, peripheral parts of the German introduced ways of communication in the Computers issues in the Information Management & Computer Security, Information Systems Security, In- health care health carethe self-determination of the in-vulnerabilities we provide corresponding security measures to sector or telematics. Based on discovered sured person concerning medicalissues and supposed ternational Journal of Medical Informatics, Informa- overcome these open data, are derive conceivable consequences for the nation-wide introduction of to be achieved (Schabetsberger et al., 2006). electronic health card in Germany. tion Systems Journal, European Journal of Informa- The use of IT to administrate medical data of the tion Systems, International Journal of Information Se- insured, implicates the question, whether these sys- curity, security & privacy, Journal of computer secu- tems are safe enough to satisfy requirements like pri- rity, ACM Transaction on Information and Systems 1 vacy, safety, security and availability (Heeks, 2006). INTRODUCTION taking out a ACM Computing Surveys). insurance Security und loan or trying to find The secu- The data administrated by the eHC and its infras- (Anderson, 2001). Furthermore,inone’spaper differs rity analysis approach presented this reputation from other approaches due to the following aspects: During the is mosltly strictly confidential as it contains tructure next years in Germany the present health could get tarnished when the wrong pieces of own insurance card will be replaced by the health, personal information about peoples state of new sensitive medical sector; technical evaluation of se- Focus (health care information becomes publicly curity measures), being up-to-date (appliance of up- electronic of disease and hereditary diseases (Lorence course health card (eHC) (Sunyaev et al., 2009). accessible (Schneider, 2004). to-date techniques basedstandards) and regional dis- and Churchill, 2005). As for example insurance com- The introduction tends to improve the efficiency of This paper is and on extensive laboratory Dienstag, 14. Dezember 2010would be highly interested in panies or employers the health system and the patients’ rights (Bales, experiments and on detailed regional and political tinctions (located inagermany, review of gematik’s
  • 23. Existing Security Analyses SECURITY ANALYSIS OF THE HEALTH CARE TELEMATICS • Network security INFRASTRUCTURE IN GERMANY • Access control policies Michael Huber, Ali Sunyaev and Helmut Krcmar Chair for Information Systems, Technische Universit¨ t M¨ nchen, Germany a u {hubermic, sunyaev, krcmar}@in.tum.de SECURITY ANALYSIS OF THE GERMAN ELECTRONIC • Peripheral parts HEALTH CARD’S PERIPHERAL PARTS (end-user systems) Keywords: Security analysis, Health Care Telematics, Electronic Health Card, Information Security Management Sys- tems. Ali Sunyaev, Alexander Kaletsch, Christian Mauro and Helmut Krcmar Chair for Information Systems, Technische Universität München, Boltzmannstraße 3, 85748 Garching, Germany Abstract: Securing the E-Health Cloud Based on ISO 27001 for Information Security Management Systems, this paper introduces a newly developed {sunyaev, kaletsch, mauro, krcmar}@in.tum.de security analysis approach, suitable for technical security analyses in general. This approach is used for a security analysis of several components and processes of the Health Care Telematics in Germany. Besides the • Platform security results of the analysis, basics for further analysis and verification activities is given. Hans Löhr Ahmad-Reza Sadeghi Marcel Winandy Horst Görtz Institute Horst Görtz Institute Horst Görtz Institute Keywords: Security Analysis, Electronic Health Card, IT SecurityTelematics. for IT Security for Health Care for IT Security Ruhr-University Bochum 1 INTRODUCTION Ruhr-University outlook. The current security status of health care in Bochum Ruhr-University Bochum Abstract: This paper describes a technical security Germany Germany Germany analysis which is based on experiments valuableahints for future Germany was evaluated and done in laboratory and verified in a physician’s practice. The health care telematics infrastructure in Germany stipulatesbe de- hans.loehr@trust.rub.de ahmad.sadeghi@trust.rub.de marcel.winandy@trust.rub.de every In Germany, the Electronic Health Cardautomatically be given an electronic health smartcare sector could and a physician and every patient to (eHC) will developments in the health card (for patients) rived. replace the corresponding health as requested card law. health care providers). We analyzed these cards and the present health card professional by (for By establishing the eHC, several improvements, such The paper is based on a literature review (e.g. ABSTRACT peripheral parts of the telematics infrastructurecountries in to the ISO 27001 security continuing The on according the recent years. There are standard. efforts as cost savings, betterattack scenarios show that there are several security & Security, peripheral parts of the German Computers Information Management & introduced ways of communication in the national and issues in the standardization for interoperabil- international health care health carethe self-determination of the in- sector or Modern information technology is increasingly used in health- Computer Security, Information Systems Security, In- care with the person concerning medical data, on discovered vulnerabilities we Journal corresponding security measures to to improvetelematics. Based are services sured goal overcome these open issues and supposed and enhance medical ity and data provide ternational exchange. Many different application scenarios of Medical Informatics, Informa- and to reduce costs. In this context, the outsourcing derive of conceivableenvisaged in electronic nation-wide (e-health), e.g., elec- are consequences for the healthcare introduction of to be achieved (Schabetsberger et al., 2006). tion Systemsrecords [12, 23, 22], accounting and billing [17, tronic health Journal, European Journal of Informa- computation and storage resources to in Germany.providers electronic health card general IT tion Systems, International Journal of Information Se- The use of ITbecome very appealing. data of the (cloud computing) has to administrate medical E-health 24], medical research, and trading intellectual property [15]. clouds insured, implicates the such as easy and ubiquitous offer new possibilities, question, whether these sys- curity, security & privacy, Journal of computer secu- In particular e-health systems like electronic health records tems are safe enough to satisfy requirements like pri- access to medical data, and opportunities for new business (EHRs) are Transaction on Informationin healthcare (e.g., rity, ACM believed to decrease costs and Systems 1 vacy, safety,they also bearavailabilityand raise 2006). taking outund and to Computing to find The secu- models. INTRODUCTION However, security and new risks (Heeks, chal- avoiding expensive doubletrying Surveys). insurance ad- Security a ACM or diagnoses, or repetitive drug loan lenges with respect to security and privacy aspects. infras- The data administrated by the eHC and its (Anderson, 2001). Furthermore, this reputation ministration) approach presented inone’spapermanagement rity analysis improve personal health differs In this paper,iswe point strictly confidential as it contains in general. approaches due to the following aspects: from other tructure mosltly out several shortcomings health During the next years in Germanyparticularly they do the present of cur- could get tarnished when the wrong the e-healthown pieces of personal information be replaced by the health, about peoples state of new rent e-health solutions and standards, Focus (health care sector; technical evaluation ofapproach Examples of national activities are sensitive medical information becomes publicly(eHC) se- not insurance ofclient willand hereditary which is a crucial address the card platform security, diseases (Lorence course disease in Austria [23], the German electronic Health Card curity measures), being up-to-date (appliance ofElectronic accessible (Schneider, 2004). up- aspect for the health card (eHC) e-health systems. 2009). electronic overall security of (Sunyaev et al., To fill system [12] under development, or the Taiwan and Churchill, 2005). As for example insurance com- this The introductiona tends to architecture for establishing gap, we present security improve the efficiency of Medical Record Templatestandards) and regional dis- in- to-date techniques based (TMT) [22]. In Germany each This paper is and on extensive laboratory Dienstag, 14. Dezember 2010would be highlyOur solution panies or employers interested in privacy domains in e-health the patients’ rights (Bales, sured person will get detailed regional and political tinctions (located inagermany, review of only contains ad- experiments and on a smartcard that not gematik’s the health system and infrastructures.
  • 24. Existing Security Analyses SECURITY ANALYSIS OF THE HEALTH CARE TELEMATICS • Network security INFRASTRUCTURE IN GERMANY • Access control policies Michael Huber, Ali Sunyaev and Helmut Krcmar Chair for Information Systems, Technische Universit¨ t M¨ nchen, Germany a u {hubermic, sunyaev, krcmar}@in.tum.de SECURITY ANALYSIS OF THE GERMAN ELECTRONIC • Peripheral parts HEALTH CARD’S PERIPHERAL PARTS (end-user systems) Keywords: Security analysis, Health Care Telematics, Electronic Health Card, Information Security Management Sys- tems. Ali Sunyaev, Alexander Kaletsch, Christian Mauro and Helmut Krcmar Chair for Information Systems, Technische Universität München, Boltzmannstraße 3, 85748 Garching, Germany Abstract: Securing the E-Health Cloud Based on ISO 27001 for Information Security Management Systems, this paper introduces a newly developed {sunyaev, kaletsch, mauro, krcmar}@in.tum.de security analysis approach, suitable for technical security analyses in general. This approach is used for a security analysis of several components and processes of the Health Care Telematics in Germany. Besides the • Platform security results of the analysis, basics for further analysis and verification activities is given. Hans Löhr Ahmad-Reza Sadeghi Marcel Winandy Keywords: Horst Görtz Institute !"#$%&#'()*+,%*&&(#&%*$%-#)./$%0#/1+0'/)#% Ruhr-University Bochum 1 INTRODUCTION Horst Görtz Institute Security Analysis, Electronic Health Card, IT SecurityTelematics. for IT Security for Health Care Horst Görtz Institute for IT Security Ruhr-University outlook. The current security status of health care in This paper describes a technical security Germany Germany Bochum Ruhr-University Bochum Germany • Other open security issues Abstract: analysis which is based on experiments valuableahints for future Germany was evaluated and done in laboratory and +#1#./+*'&% verified in a physician’s practice. The health care telematics infrastructure in Germany stipulatesbe de- hans.loehr@trust.rub.de ahmad.sadeghi@trust.rub.de marcel.winandy@trust.rub.de every In Germany, the Electronic Health Cardautomatically be given an electronic health smartcare sector could and a physician and every patient to (eHC) will developments in the health card (for patients) rived. replace the corresponding health as requested card law. health care providers). We analyzed these cards and the present health card professional by (for By establishing the eHC, several improvements, such The paper is based on a literature review (e.g. ABSTRACT peripheral parts of the telematics !"#$%&'()*+$ infrastructurecountries in to the ISO 27001 security continuing The on according the recent years. There are standard. efforts as cost savings, betterattack scenarios show that there are several security & Security, peripheral parts of the German Computers Information Management & introduced ways of communication in the national and issues in the standardization for interoperabil- international health care health carethe self-determination of the in- sector or technology is increasingly used in health- Computer Security, Information Systems Security, In- Modern information!"#$%&'"(&)*+),(+*%'$&-./0)1".2(-/.2")3(-4"%/-&5&)67(.2"(0)68(-.20)9"%'$(:) care with the person concerning medical data, on discovered vulnerabilities we Journal corresponding security measures to to improvetelematics. Based are supposed ity and data provide ternational exchange. Many different application scenarios of Medical Informatics, Informa- sured goal overcome these open issues and/8(:$"4;-(<&8'<=") consequences for the nation-wide (e-health), e.g., elec- and enhance medical services and to reduce costs. In this context, the outsourcing derive of conceivableenvisaged in electronic healthcare introduction of are to be achieved (Schabetsberger et al., 2006). tion Systemsrecords [12, 23, 22], accounting and billing [17, tronic health Journal, European Journal of Informa- computation and storage resources to in Germany.providers electronic health card general IT The use of ITbecome very appealing. data of the (cloud computing) has to administrate medical E-health 24], medical International Journal of Information Se- tion Systems, ,)'$-)./0$1*#2*#34*.$ research, and trading intellectual property [15]. clouds insured, implicates the such as easy and ubiquitous offer new possibilities, question, whether these sys- curity, security & privacy, Journal of computer secu- In particular e-health systems like electronic health records !"#$%&'"(&)*+)>.*(*'-./0)3(-4"%/-&5&)?$//"@0)9"%'$(:) on Informationin healthcare (e.g., (EHRs) are Transaction decrease costs and Systems rity, ACM believed to tems are safe enough to satisfy requirements like pri- access to medical data, and opportunities for new business @"-'"-/&"%;8(-AB$//"@<=") expensive double diagnoses, or repetitive drug ad- avoiding und ACM Computing Surveys). insurance Security models. INTRODUCTION However, security and new risks (Heeks, chal- loan or trying to find The secu- 1 vacy, safety,they also bearavailabilityand raise 2006). taking out a and to improve personal health management lenges with respect to security and privacy aspects. infras- The data administrated by the eHC and its (Anderson, 2001). Furthermore, this reputation ministration) approach presented inone’spaper differs rity analysis 5*"2&4$6./2).$ get tarnished when the wrong pieces of own In this paper,iswe point strictly confidential as it contains tructure mosltly out several shortcomings health During the next years in Germanyparticularly they do the present of cur- in general. could other approaches activities are the e-health approach from due to the following aspects: Examples of national personal information be replaced by the health, about peoples state of new rent e-health solutions and standards, Focus (health care sector; technical evaluation of se- !"#$%&'"(&)*+),(+*%'$&-./0)1".2(-/.2")3(-4"%/-&5&)67(.2"(0)68(-.20)9"%'$(:) sensitive medical information becomes publicly not insurance ofclient willand hereditary which is B%.'$%;-(<&8'<=") measures), being up-to-date (appliance Card (eHC) address the card platform security, diseases a crucial course disease (Lorence in Austria [23], the German electronic Health curity accessible (Schneider, 2004). of up- electronic health card (eHC) e-health systems. 2009). aspect for the overall security of (Sunyaev et al., To fill system [12] under development, or the Taiwan Electronic and Churchill, 2005). As for example insurance com- this The introductiona tends to architecture for establishing gap, we present security improve the efficiency of Medical Record Templatestandards) and regional dis- in- to-date techniques based (TMT) [22]. In Germany each This paper is and on extensive laboratory Dienstag, 14. Dezember 2010would be highlyOur solution panies or employers interested in privacy domains in e-health the patients’ rights (Bales, sured person will get detailed regional and political tinctions (located inagermany, review of only contains ad- experiments and on a smartcard that not gematik’s the health system and infrastructures.
  • 25. Open Problem: Card Management System !!! Dienstag, 14. Dezember 2010
  • 26. Open Problem: Card Management System !!! Einführung der Gesundheitskarte Einführung der Gesundheitskarte Kartenmanagement eGK Facharchitektur Kartenmanagement eGK Fachkonzept Version: 1.6.0 Revision: main/rel_main/8 Stand: 07.07.2008 Status: freigegeben Version: 1.3.0 gematik_CMS_Facharchitektur_Kartenmanagement_eGK.doc Seite 1 von 81 Revision: main/rel_main/5 Version: 1.6.0 © gematik Stand: 07.07.2008 Stand: 20.06.2008 Status: freigegeben gematik_CMS_Fachkonzept_Kartenmanagement_eGK_V1.3.0.doc Seite 1 von 62 Version: 1.3.0 © gematik Stand: 20.06.2008 Dienstag, 14. Dezember 2010
  • 27. Open Problem: Card Management System !!! Einführung der Gesundheitskarte Einführung der Gesundheitskarte Kartenmanagement eGK Facharchitektur Kartenmanagement eGK Fachkonzept Version: 1.6.0 Revision: main/rel_main/8 Stand: 07.07.2008 Status: freigegeben Version: 1.3.0 gematik_CMS_Facharchitektur_Kartenmanagement_eGK.doc Seite 1 von 81 Revision: main/rel_main/5 Version: 1.6.0 © gematik Stand: 07.07.2008 Stand: 20.06.2008 Status: freigegeben gematik_CMS_Fachkonzept_Kartenmanagement_eGK_V1.3.0.doc Seite 1 von 62 Version: 1.3.0 © gematik Stand: 20.06.2008 Dienstag, 14. Dezember 2010
  • 28. Card Management System Dienstag, 14. Dezember 2010
  • 29. Card Management System Dienstag, 14. Dezember 2010
  • 30. Card Management System Dienstag, 14. Dezember 2010
  • 31. Card Management System Dienstag, 14. Dezember 2010
  • 32. Card Management System Dienstag, 14. Dezember 2010
  • 33. Card Management System Dienstag, 14. Dezember 2010
  • 34. Card Management System Dienstag, 14. Dezember 2010
  • 35. Card Management System Dienstag, 14. Dezember 2010
  • 36. Card Management System Dienstag, 14. Dezember 2010
  • 37. Card Management System Dienstag, 14. Dezember 2010
  • 38. Card Management System Dienstag, 14. Dezember 2010
  • 39. Card Management System Dienstag, 14. Dezember 2010
  • 40. Card Management System Dienstag, 14. Dezember 2010
  • 41. Card Management System Dienstag, 14. Dezember 2010
  • 42. (1) Conflicting Requirements • Security Requirement: „At any time, the card management is not allowed to obtain inform- ation about application contents [...] for which it is not authorized.“ „The card issuer MUST NOT get possession of unencrypted medical application data.“ • Availability Requirement: „When a replacement or renewal card is created, it MUST be assured that application data stored on a server (e.g., EHR) can be accessed using the new eHC.“ Dienstag, 14. Dezember 2010
  • 43. (1) Conflicting Requirements • Security Requirement: „At any time, the card management is not technical obtain inform- Specification requires particular allowed to solution: ation about application contents [...] for which it is not authorized.“ „The following secret keys MUST be presently managed in „The card issuer MUST NOT get possession of unencrypted medical application data.“ card management: [a list of keys follows].“ the context of the • Availability Requirement: ⟹ Copies of the keys are stored !!! „When a replacement or renewal card is created, it MUST be assured that application data stored on a server (e.g., EHR) can be accessed using the new eHC.“ Dienstag, 14. Dezember 2010
  • 44. Card Management System Dienstag, 14. Dezember 2010
  • 45. Card Management System Dienstag, 14. Dezember 2010
  • 46. Card Management System Dienstag, 14. Dezember 2010
  • 47. (2) Creating Replacement Cards • Lost/stolen eHC or switching health insurance implies creating a replacement card • Copies of the keys from the old card are used: „All data required for the production of the card are available.“ „The card issuer may assign the creation of the card to one or more service providers.“ Dienstag, 14. Dezember 2010
  • 48. Card Management System Dienstag, 14. Dezember 2010
  • 49. Card Management System Dienstag, 14. Dezember 2010
  • 50. (3) Re-Encrypting Data • Issuing replacement or renewal card implies re-encryption of data • Input needed for Card Issuer: ICCSN (eHC ID) • Input for the Application Operator: „[Card Issuer] transmits the ICCSN of the insured party and other data to the application operator.“ Application Operator „processes the application data“. Dienstag, 14. Dezember 2010
  • 51. (3) Re-Encrypting Data • Issuing replacement or renewal card implies re-encryption of data • Input needed for Card Issuer: ICCSN (eHC ID) • Input for the Application Operator: „[Card Issuer] transmits the ICCSN of the insured party and other data to the application operator.“ Application Operator „processes the application data“. Dienstag, 14. Dezember 2010
  • 52. (3) Re-Encrypting Data • Issuing replacement or renewal card implies re-encryption of data • Input needed for Card Issuer: ICCSN (eHC ID) • Input for the Application Operator: „[Card Issuer] transmits the ICCSN of the insured party and other data to the application operator.“ Application Operator „processes the application data“. Dienstag, 14. Dezember 2010
  • 53. (3) Re-Encrypting Data • Issuing replacement or renewal card implies re-encryption of data • Input needed for Card Issuer: ICCSN (eHC ID) • Input for the Application Operator: „[Card Issuer] transmits the ICCSN of the insured party and other data to the application operator.“ Application Operator „processes the application data“. Dienstag, 14. Dezember 2010
  • 54. Card Management System Dienstag, 14. Dezember 2010
  • 55. Card Management System Dienstag, 14. Dezember 2010
  • 56. Card Management System Violation of Data Sovereignty of the Patient !!!! Dienstag, 14. Dezember 2010
  • 57. Conclusion • German E-Health Card: complex security architecture • Card Management System has serious flaws: • Copies of the secret keys of the patients are stored and could spread to other (unauthorized) parties • Data Sovereignty of the patient is violated! • Possible solution: remove technical requirement (instead: designs could use, e.g., secret key sharing) Dienstag, 14. Dezember 2010
  • 58. Conclusion • German E-Health Card: complex security architecture • Card Management System has serious flaws: • Copies of the secret keys of the patients are stored and could spread to other (unauthorized) parties • Data Sovereignty of the patient is violated! • Possible solution: remove technical requirement (instead: designs could use, e.g., secret key sharing) MediTrust (Platform security for end-users) Dienstag, 14. Dezember 2010
  • 59. Conclusion • German E-Health Card: complex security architecture • Card Management System has serious flaws: • Copies of the secret keys of the patients are stored and could spread to other (unauthorized) parties • Data Sovereignty of the patient is violated! • Possible solution: remove technical requirement (instead: designs could use, e.g., secret key sharing) MediTrust (Platform security for end-users) eBPG (Alternative security solution for eBusiness Plattform Gesundheit accessing electronic health records) Dienstag, 14. Dezember 2010
  • 60. Questions? Contact: Marcel Winandy Ruhr-University Bochum marcel.winandy@trust.rub.de http://www.trust.rub.de Twitter: @marwinK Dienstag, 14. Dezember 2010