Sunday, July 26, 2009

i've got the key, i've got the secret...whoops

Further, after the last post, BT futurologist says we're living in science fiction. And what particular works does she mention? Blade Runner, Judge Dredd and Solyent Green.

Well.

In the world of Halting State, meanwhile, the Germans have had a wee probby with their electronic health cards. Partly it's due to a reasonably sensible design; they decided to store information on the card, rather than on a remote system, and to protect it using a public-key infrastructure.

Data on the cards would have been both encrypted for privacy, and signed for integrity, using keys that were themselves signed by the issuing authority, whose keysigning key would be signed by the ministry's root certification authority, operated by the equivalent of HM Stationery Office.

Not just any PKI, either; it would have been the biggest PKI in the world. Unfortunately, a hardware security module failed - with the keysigning key for the root CA on it, and there are NO BACKUPS. This means that all the existing cards will have to be withdrawn as soon as any new ones are issued, because they will need to create a new root KSK, and therefore all existing cards will fail validation against the new ones.

It's certainly an EPIC FAIL, and alert readers will notice that it's a sizeable chunk of the plot of Charlie's novel. But it's a considerably less epic fail than it might have been; if the system had been a British-style massive central database, and the root CA had been lost or compromised, well...as it is, no security violation or data loss has occurred and the system can be progressively restored, trapping and issuing new cards.

In that sense, it's actually reasonably good government IT; at least it failed politely.

No comments:

kostenloser Counter