KIM 1.5: Even more Kaos in the Medical Telematics Infrastructure (TI)

Two years after the first KIM lecture at the 37C3: The weak points shown have now been closed. Furthermore, with the current KIM 1.5+, large files up to 500 MB can now be transferred, and signature handling has been simplified for users by no longer being able to view the detailed information of the signature. But is the system secure now or are there new problems? KIM has established itself as a service for medical e-mails: Electronic certificates of incapacity for work (eAU), dental treatment and cost plans, laboratory information, and medication dosages are to be transmitted securely via KIM. Security is to be guaranteed inconspicuously and automatically in the background, without interaction with the users. For this purpose, the encryption and decryption as well as the signing functionalities are abstracted in an extra software, the so-called client module. This talk will shed light on the design of this security abstraction and the vulnerabilities it causes, such as the forgery or decryption of KIMs. Continuation of 37C3: KIM: Kaos In the Medical Telematics Infrastructure (TI) [https://media.ccc.de/v/37c3-12030-kim_kaos_in_der_medizinischen_telematikinfrastruktur_ti] Licensed to the public under http://creativecommons.org/licenses/by/4.0

LicenseCreative Commons Attribution