Finish HSM basics post
This commit is contained in:
jaseg
parent
3dfca328ee
commit
c4af22d852
1 changed files with 18 additions and 13 deletions
|
|
@ -113,21 +113,26 @@ The core component of an HSM blueprint would be a suite of tamper detection mech
|
|||
to improve on the current state of the art of membrane tamper switches plus temperature sensors plus PCB and printed
|
||||
security meshes plus potting.
|
||||
|
||||
Improvements on existing techniques
|
||||
-----------------------------------
|
||||
|
||||
Light sensors
|
||||
~~~~~~~~~~~~~
|
||||
**Advanced analog sensing**
|
||||
**Self-test functionality**
|
||||
|
||||
Security meshes
|
||||
~~~~~~~~~~~~~~~
|
||||
**Analog sensing**
|
||||
|
||||
|
||||
DIY or small lab mesh production
|
||||
--------------------------------
|
||||
**Analog sensing** meshes are a proven technology where instead of just monitoring for continuity and shorts, analog
|
||||
parameters of the mesh traces such as inductance and mutual capacitance are monitored. In 2019, `Immler et al. published
|
||||
a paper <https://tches.iacr.org/index.php/TCHES/article/view/7334>`__ where took this principle and turned it all the
|
||||
way up. They directly derived a cryptographic secret from the analog properties of their HSM's security mesh in an
|
||||
attempt to built a `Physically Unclonable Function, or PUF
|
||||
<https://en.wikipedia.org/wiki/Physical_unclonable_function>`__. The idea with PUFs is that they reproduce some entropy
|
||||
that comes from random tolerances of their production process. The same PUF will always yield (approximately) the same
|
||||
key, but since you cannot control these random production variations, in practice the resulting PUF cannot be cloned.
|
||||
Note however, that its secrets can of course be copied if you find a way to read them out.
|
||||
|
||||
As Immler et al. demonstrated in their paper, you don't need any secret sauce to create an analog mesh sensing circuit.
|
||||
All you need are a bunch of (admittedly, expensive) off-the-shelf analog ICs. The interesting bit here is that by
|
||||
applying more advanced analog sensing, weaknesses of an otherwise coarse mesh desing could maybe be alleviated. That is,
|
||||
instead of monitoring a very fine mesh for continuity, you could instead closely monitor inductance and capacitance of a
|
||||
more coarse mesh. This trade-off between sensing circuit complexity (resp. cost) and mesh production capabilities may
|
||||
allow someone with a poorly equipped lab to still make a decent HSM. The question is, how do you produce a "decent" mesh
|
||||
given only basic tools? Here are some ideas.
|
||||
|
||||
**3D metal patterning techniques** refers to any technique for producing thin, patterned metal structures on a
|
||||
three-dimensional plastic substrate. The basic process would consist of 3D-printing the polymer substrate, depositing a
|
||||
thin metal layer on top and then patterning this metal layer. A good starting point here would be the recent work of
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue