{"guid":"f60110ec-38e4-4730-b906-5363e3a90f84","title":"KIM: Kaos In der Medizinischen Telematikinfrastruktur (TI)","subtitle":null,"slug":"37c3-12030-kim_kaos_in_der_medizinischen_telematikinfrastruktur_ti","link":"https://events.ccc.de/congress/2023/hub/event/kim_kaos_in_der_medizinischen_telematikinfrastruktur_ti/","description":"Elektronische Arbeitsunfähigkeitsbescheinigungen (eAU), Arztbriefe, medizinische Diagnosen, all diese sensiblen Daten werden heute mittels KIM – Kommunikation im Gesundheitswesen – über die Telematikinfrastruktur (TI) verschickt.\n\nAber ist der Dienst wirklich sicher? Wer kann die Nachrichten lesen, wo werden die E-Mails entschlüsselt und wie sicher ist die KIM-Software? Im Live-Setup einer Zahnarztpraxis haben wir Antworten auf diese Fragen gesucht.\n\nDie sichere E-Mail-Infrastruktur für Ärzt\\*innen, Apotheker\\*innen, Krankenversicherungen und Kliniken in Deutschland, KIM – Kommunikation im Gesundheitswesen – ist mit über 200 Millionen E-Mails in den letzten zwei Jahren eine der am meisten genutzten Anwendungen in der Telematikinfrastruktur (TI). KIM verspricht sichere Ende-zu-Ende-Verschlüsselung zwischen Heilberufler\\*innen in ganz Deutschland, wofür S/MIME-Zertifikate für alle medizinisch Beteiligten in Deutschland ausgegeben wurden.\n\nWas aber passiert, wenn man die Schlüsselausgabe-Prozesse in der TI falsch designt? Was passiert, wenn man unsichere Software im Feld nicht patcht? Was passiert, wenn man zu viel Sicherheit vor den Nutzenden abstrahieren möchte?\n\nDie Antwort: Man bekommt eine theoretisch kryptographisch sichere Lösung, die in der Praxis die gesteckten Ziele nicht erreicht.\n\nAlle gefundenen Schwachstellen wurden den Betroffenen im Rahmen abgeschlossener Responsible Disclosure-Prozesse mitgeteilt.","original_language":"deu","persons":["Christoph Saatjohann","Sebastian Schinzel"],"tags":["37c3","12030","2023","Security",""],"view_count":16575,"promoted":false,"date":"2023-12-27T16:00:00.000+01:00","release_date":"2023-12-28T00:00:00.000+01:00","updated_at":"2026-04-16T10:30:05.588+02:00","length":3534,"duration":3534,"thumb_url":"https://static.media.ccc.de/media/congress/2023/12030-f60110ec-38e4-4730-b906-5363e3a90f84.jpg","poster_url":"https://static.media.ccc.de/media/congress/2023/12030-f60110ec-38e4-4730-b906-5363e3a90f84_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2023/12030-f60110ec-38e4-4730-b906-5363e3a90f84.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2023/12030-f60110ec-38e4-4730-b906-5363e3a90f84.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/37c3-12030-kim_kaos_in_der_medizinischen_telematikinfrastruktur_ti","url":"https://api.media.ccc.de/public/events/f60110ec-38e4-4730-b906-5363e3a90f84","conference_title":"37C3: Unlocked","conference_url":"https://api.media.ccc.de/public/conferences/37c3","related":[],"recordings":[{"size":53,"length":3534,"mime_type":"audio/mpeg","language":"eng","filename":"37c3-12030-eng-KIM_Kaos_In_der_Medizinischen_Telematikinfrastruktur_TI_mp3-2.mp3","state":"new","folder":"mp3-translated","high_quality":false,"width":0,"height":0,"updated_at":"2023-12-28T00:25:35.719+01:00","recording_url":"https://cdn.media.ccc.de/congress/2023/mp3-translated/37c3-12030-eng-KIM_Kaos_In_der_Medizinischen_Telematikinfrastruktur_TI_mp3-2.mp3","url":"https://api.media.ccc.de/public/recordings/72121","event_url":"https://api.media.ccc.de/public/events/f60110ec-38e4-4730-b906-5363e3a90f84","conference_url":"https://api.media.ccc.de/public/conferences/37c3"},{"size":34,"length":3534,"mime_type":"audio/opus","language":"eng","filename":"37c3-12030-eng-KIM_Kaos_In_der_Medizinischen_Telematikinfrastruktur_TI_opus-2.opus","state":"new","folder":"opus-translation","high_quality":false,"width":0,"height":0,"updated_at":"2023-12-28T00:24:59.350+01:00","recording_url":"https://cdn.media.ccc.de/congress/2023/opus-translation/37c3-12030-eng-KIM_Kaos_In_der_Medizinischen_Telematikinfrastruktur_TI_opus-2.opus","url":"https://api.media.ccc.de/public/recordings/72119","event_url":"https://api.media.ccc.de/public/events/f60110ec-38e4-4730-b906-5363e3a90f84","conference_url":"https://api.media.ccc.de/public/conferences/37c3"},{"size":null,"length":null,"mime_type":"text/vtt","language":"deu","filename":"f60110ec-38e4-4730-b906-5363e3a90f84-deu.vtt","state":"todo","folder":"","high_quality":true,"width":null,"height":null,"updated_at":"2024-03-24T16:20:02.753+01:00","recording_url":"https://cdn.media.ccc.de/congress/2023/f60110ec-38e4-4730-b906-5363e3a90f84-deu.vtt","url":"https://api.media.ccc.de/public/recordings/74759","event_url":"https://api.media.ccc.de/public/events/f60110ec-38e4-4730-b906-5363e3a90f84","conference_url":"https://api.media.ccc.de/public/conferences/37c3"},{"size":426,"length":3534,"mime_type":"video/webm","language":"deu-eng","filename":"37c3-12030-deu-eng-KIM_Kaos_In_der_Medizinischen_Telematikinfrastruktur_TI_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2023-12-28T04:34:13.952+01:00","recording_url":"https://cdn.media.ccc.de/congress/2023/webm-hd/37c3-12030-deu-eng-KIM_Kaos_In_der_Medizinischen_Telematikinfrastruktur_TI_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/72220","event_url":"https://api.media.ccc.de/public/events/f60110ec-38e4-4730-b906-5363e3a90f84","conference_url":"https://api.media.ccc.de/public/conferences/37c3"},{"size":196,"length":3534,"mime_type":"video/webm","language":"deu-eng","filename":"37c3-12030-deu-eng-KIM_Kaos_In_der_Medizinischen_Telematikinfrastruktur_TI_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2023-12-28T01:47:23.548+01:00","recording_url":"https://cdn.media.ccc.de/congress/2023/webm-sd/37c3-12030-deu-eng-KIM_Kaos_In_der_Medizinischen_Telematikinfrastruktur_TI_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/72139","event_url":"https://api.media.ccc.de/public/events/f60110ec-38e4-4730-b906-5363e3a90f84","conference_url":"https://api.media.ccc.de/public/conferences/37c3"},{"size":202,"length":3534,"mime_type":"video/mp4","language":"deu-eng","filename":"37c3-12030-deu-eng-KIM_Kaos_In_der_Medizinischen_Telematikinfrastruktur_TI_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2023-12-28T00:30:32.294+01:00","recording_url":"https://cdn.media.ccc.de/congress/2023/h264-sd/37c3-12030-deu-eng-KIM_Kaos_In_der_Medizinischen_Telematikinfrastruktur_TI_sd.mp4","url":"https://api.media.ccc.de/public/recordings/72131","event_url":"https://api.media.ccc.de/public/events/f60110ec-38e4-4730-b906-5363e3a90f84","conference_url":"https://api.media.ccc.de/public/conferences/37c3"},{"size":32,"length":3534,"mime_type":"audio/opus","language":"deu","filename":"37c3-12030-deu-KIM_Kaos_In_der_Medizinischen_Telematikinfrastruktur_TI_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2023-12-28T00:23:59.401+01:00","recording_url":"https://cdn.media.ccc.de/congress/2023/opus/37c3-12030-deu-KIM_Kaos_In_der_Medizinischen_Telematikinfrastruktur_TI_opus.opus","url":"https://api.media.ccc.de/public/recordings/72116","event_url":"https://api.media.ccc.de/public/events/f60110ec-38e4-4730-b906-5363e3a90f84","conference_url":"https://api.media.ccc.de/public/conferences/37c3"},{"size":53,"length":3534,"mime_type":"audio/mpeg","language":"deu","filename":"37c3-12030-deu-KIM_Kaos_In_der_Medizinischen_Telematikinfrastruktur_TI_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2023-12-28T00:23:40.487+01:00","recording_url":"https://cdn.media.ccc.de/congress/2023/mp3/37c3-12030-deu-KIM_Kaos_In_der_Medizinischen_Telematikinfrastruktur_TI_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/72115","event_url":"https://api.media.ccc.de/public/events/f60110ec-38e4-4730-b906-5363e3a90f84","conference_url":"https://api.media.ccc.de/public/conferences/37c3"},{"size":517,"length":3534,"mime_type":"video/mp4","language":"deu-eng","filename":"37c3-12030-deu-eng-KIM_Kaos_In_der_Medizinischen_Telematikinfrastruktur_TI_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2023-12-28T00:17:29.762+01:00","recording_url":"https://cdn.media.ccc.de/congress/2023/h264-hd/37c3-12030-deu-eng-KIM_Kaos_In_der_Medizinischen_Telematikinfrastruktur_TI_hd.mp4","url":"https://api.media.ccc.de/public/recordings/72111","event_url":"https://api.media.ccc.de/public/events/f60110ec-38e4-4730-b906-5363e3a90f84","conference_url":"https://api.media.ccc.de/public/conferences/37c3"},{"size":462,"length":3534,"mime_type":"video/mp4","language":"eng","filename":"37c3-12030-eng-KIM_Kaos_In_der_Medizinischen_Telematikinfrastruktur_TI.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2023-12-28T00:17:18.057+01:00","recording_url":"https://cdn.media.ccc.de/congress/2023/h264-hd/37c3-12030-eng-KIM_Kaos_In_der_Medizinischen_Telematikinfrastruktur_TI.mp4","url":"https://api.media.ccc.de/public/recordings/72110","event_url":"https://api.media.ccc.de/public/events/f60110ec-38e4-4730-b906-5363e3a90f84","conference_url":"https://api.media.ccc.de/public/conferences/37c3"},{"size":462,"length":3534,"mime_type":"video/mp4","language":"deu","filename":"37c3-12030-deu-KIM_Kaos_In_der_Medizinischen_Telematikinfrastruktur_TI.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2023-12-28T00:17:06.198+01:00","recording_url":"https://cdn.media.ccc.de/congress/2023/h264-hd/37c3-12030-deu-KIM_Kaos_In_der_Medizinischen_Telematikinfrastruktur_TI.mp4","url":"https://api.media.ccc.de/public/recordings/72109","event_url":"https://api.media.ccc.de/public/events/f60110ec-38e4-4730-b906-5363e3a90f84","conference_url":"https://api.media.ccc.de/public/conferences/37c3"}]}