Fill out the gaps, add a bunch of new text.
This commit is contained in:
jaseg
parent
0c0cbf8216
commit
31b10df850
1 changed files with 85 additions and 18 deletions
103
paper.tex
103
paper.tex
|
|
@ -45,7 +45,7 @@
|
|||
\author{Jan Sebastian Götte\inst{1} \and Björn Scheuermann\inst{2}}
|
||||
\institute{Technical University of Darmstadt, Darmstadt, Germany, \email{research@jaseg.de}\and
|
||||
Technical University of Darmstadt, Darmstadt, Germany, \email{bjoern.scheuermann@kom.tu-darmstadt.de}}
|
||||
\title{WIP: Optical Passthrough for a Tamper-Resistant Quantum Key Distribution Relay in a Inertial HSM}
|
||||
\title{Optical Passthrough for a Tamper-Resistant Quantum Key Distribution Relay in a Inertial HSM}
|
||||
\maketitle
|
||||
\keywords{Physical Security\and Tamper Resistance\and Hardware Security Module
|
||||
(HSM)\and Inertial Hardware Security Module (IHSM)\and Quantum Key Distribution}
|
||||
|
|
@ -189,10 +189,45 @@ overlapping them, since the mesh's rotation makes any attack on such a joint exc
|
|||
|
||||
\subsection{Customizable tamper sensing HSMs}
|
||||
|
||||
\subsection{Optical slip rings}
|
||||
\textcite{immlerSecurePhysicalEnclosures2018} introduce a HSM concept that utilizes a tamper-sensing mesh made from a
|
||||
lithographically patterned metallized polyimide foil. They pattern a grid of fine capacitive electrodes onto the foil,
|
||||
and demonstrate a simple multi-channel readout circuit that is capable of distinguishing changes in capacitance between
|
||||
electrodes down to the femto-Farad range. In contrast to conventional HSMs that require a continuous power supply to
|
||||
their tamper-sensing subsystem, their design introduces sufficient measurement fidelity that the tamper-sensing mesh
|
||||
foil can be viewed as a Physically Uncloneable Function (PUF) by demonstrating stability and statistical properties of
|
||||
its PUF response.
|
||||
|
||||
Later publications on their design expand upon the concept, but fundamentally, their design is limited in size by
|
||||
manufacturing limitations in the size of its tamper-sensing foil, as well as the poor scalability of the designs
|
||||
frontend architecture, which requires a separate charge amplifier for each electrode
|
||||
pair\cite{
|
||||
garbFORTRESSFORtifiedTamperResistant2021,
|
||||
garbWiretapChannelCapacitive2022,
|
||||
garbTamperSensitiveDesignPUFBased,
|
||||
obermaierMeasurementSystemCapacitive2018}.
|
||||
Applying their approach to a QKD relay would be difficult as it would ential not just miniaturizing the QKD relay to the
|
||||
size of a smartphone, but it would also require the development of a secure fiber passthrough specific to their design
|
||||
and other systems using a folded tamper-sensing mesh foil. Conventionally, electrical pass-throughs in such foils are
|
||||
made by folding the mesh and a Flat Flexible Cable (FFC) multiple times. Due to their required beding radius,
|
||||
alternative solutions would have to be found for a fiber-optic pass-through.
|
||||
|
||||
\subsection{Long-range QKD}
|
||||
|
||||
|
||||
\textcite{Hybrid Trusted/Untrusted Relay-Based Quantum Key Distribution Over Optical Backbone Networks} give a
|
||||
comprehensive overview of large-scale QKD networking. \textcite{lellaSecurityQuantumKey2023} analyze security threats in
|
||||
quantum key distribution networks and point out that achieving the information-theoretic security that QKD is often
|
||||
cited for providing is difficult to achieve in practice since currently, protocols based on cryptographic computational
|
||||
hardness assumptions cannot be avoided in a practical implementation. \textcite{yangQuantumKeyDistribution2018} approach
|
||||
key routing in a hypothetical quantum key distribution network and provide a solution based on measurements of each
|
||||
node's local secret key buffer.
|
||||
|
||||
\textcite{caoHybridTrustedUntrusted2021} discuss hybrid QKD networks that employ both physically trusted and untrusted
|
||||
nodes by applying a technique such as Measurement-Device Independent QKD (MDI-QKD) that enables one end of the QKD link
|
||||
to be untrusted. MDI-QKD can effectively double the reach of a trusted QKD link by placing an untrusted relay node in
|
||||
the middle. They present a precise problem formulation and introduce an algorithm for the optimization of deployment
|
||||
cost of a hybrid QKD network.
|
||||
|
||||
\section{QKD in an IHSM}
|
||||
|
||||
Since IHSMs are particularly suited to large payloads, fitting the components of a QKD node inside one is
|
||||
|
|
@ -312,10 +347,10 @@ in QKD application, the need for fiber optic passthrough is the limiting factor.
|
|||
the fibers in a series of in-plane S-bends requires a coarse tab spacing due to the fibers' large minimum bend radius.
|
||||
However, we can apply the approach we proposed above for the shaft entrance here, too, and thread the fibers between the
|
||||
meshes by helically coiling them, increasing the fibers' bend radius to one half of the distance between both mesh
|
||||
discs minus the fibers' diameter and clearances\todo{Formulas here and elsewhere, define variables}. When the resulting
|
||||
useable part of the distance is larger than twice the bend radius, the minimum tab spacing is only limited by the
|
||||
fiber's diameter and the stability of the star bracket. When the discs are placed closer, and a larger pitch is
|
||||
necssary, the resulting pitch of the helix determines the minimum tab spacing.
|
||||
discs minus the fibers' diameter and clearances. When the resulting useable part of the distance is larger than twice
|
||||
the bend radius, the minimum tab spacing is only limited by the fiber's diameter and the stability of the star bracket.
|
||||
When the discs are placed closer, and a larger pitch is necssary, the resulting pitch of the helix determines the
|
||||
minimum tab spacing.
|
||||
|
||||
Designing a labyrinth mesh for intrusion prevention is similar to the design of the shape of the jamb of a safe door or
|
||||
of a high end apartment door. In these, the objective is to prevent would-be burglars from inserting opening tools
|
||||
|
|
@ -324,12 +359,12 @@ not unlike an IHSM's defense against electrical or electromagnetic probes. The o
|
|||
what we can do in IHSMs is that these doors are limited to outwards-facing steps because they must be opened and closed.
|
||||
In IHSM labyrinth meshes, we can use both outwards-facing and inwards-facing steps.
|
||||
|
||||
Concentric labyrinth meshes allow for a wide range of different configurations. The pitch from one mesh tab to the
|
||||
next is the sum of the required width of the inter-mesh space and the safety margin needed betwween any cables or the
|
||||
inter-mesh bracket and the tabs. When the mesh is constructed using rigid PCB tabs that are inserted as-is, without
|
||||
bending them, and when all tabs have the same width and thickness, the radial width of the swept area decreases from tab
|
||||
to tab going outwards. A consequence of this is that when the design target are constant width inter-mesh spaces, the
|
||||
tabs' pitch decreases going outwards.
|
||||
Concentric labyrinth meshes allow for a range configurations. The pitch from one mesh tab to the next is the sum of the
|
||||
required width of the inter-mesh space and the safety margin needed betwween any cables or the inter-mesh bracket and
|
||||
the tabs. When the mesh is constructed using rigid PCB tabs that are inserted as-is, without bending them, and when all
|
||||
tabs have the same width and thickness, the radial width of the swept area decreases from tab to tab going outwards. A
|
||||
consequence of this is that when the design target are constant width inter-mesh spaces, the tabs' pitch decreases going
|
||||
outwards.
|
||||
|
||||
The safety margin required to avoid collisions between the meshes and the stator can be kept low for the primary mesh
|
||||
because this mesh has high-quality bearings on both ends, leading to good axis alignment. In contrast, for the secondary
|
||||
|
|
@ -380,12 +415,18 @@ Thus, instead of passing it straight through the labyrinth, the payload's fiber
|
|||
labyrinth in a three-dimensional spiral shape, avoiding the meshes while simultaneously maximizing the fibers' bend
|
||||
radii.
|
||||
|
||||
\subsection{Experimental Validation}
|
||||
|
||||
To prove the mechanical viability of the offset labyrinth mesh concept, we created a mechanical prototype of one such
|
||||
mesh. Figure\ \ref{qkd_fig_offset_lab_fiber} shows the dimensions of the meshes' tabs along with the resulting tab rings
|
||||
and a 2D projection of our chosen fiber layout. The fiber is laid out in such a way that it crosses each tab ring at
|
||||
opposite sides, and traverses the vertical distance in the larger part of the inter-mesh space. Figures\
|
||||
\ref{qkd_fig_lab_mesh_exp_1} and \ref{qkd_fig_lab_mesh_exp_2} show an exploded view of our mechanical prototype from two
|
||||
perspectives.
|
||||
opposite sides, and traverses the vertical distance in the larger part of the inter-mesh space. Figure\
|
||||
\ref{qkd_fig_lab_mesh_exp_1} shows an exploded view of our mechanical prototype.
|
||||
|
||||
We threaded a standard \qty{50}{\micro\meter}/\qty{125}{\micro\meter} fiber through the bracket, spliced it to a
|
||||
connector pigtail at the remote end, and measured its loss using a NK4000D handheld OTDR/OPM manufactured by Qingdao
|
||||
Novker Communication Ltd. Comparing measurements of loss between a coiled fiber and a fiber fed through the bracket
|
||||
resulted in a difference below the measurement floor of approximately \qty{0.25}{\decibel}.
|
||||
|
||||
\begin{figure}
|
||||
\centering
|
||||
|
|
@ -477,6 +518,7 @@ by explosive, but a thick metal shield around the payload would make it more dif
|
|||
using a projectile.
|
||||
|
||||
\section{Outlook}
|
||||
|
||||
\subsection{Achievable security guarantees}
|
||||
|
||||
Like conventional HSMs, Inertial HSMs are only ever an engeineering answer to a security question. In contrast with
|
||||
|
|
@ -487,9 +529,28 @@ achieve it by rotating their tamper sensing mesh. In a conventional HSM, increas
|
|||
mesh requires fine-tuning a bespoke manufacturing process. In contrast, increasing the security of an IHSMs simply
|
||||
requires making the rotor faster.
|
||||
|
||||
\subsection{Trust bootstrapping}
|
||||
|
||||
A key question in any trusted hardware deployment is how to bootstrap trust in a new device when faced with the
|
||||
possibility of supply-chain attacks. Conventional HSMs are only manufactured by a single manufacturer, and the common
|
||||
solution is to just trust that manufacturer. The HSM's manufacturer can factory-provision an identity key to the HSM
|
||||
that can be used to ascertain the HSM's integrity during shipping to the customer.
|
||||
|
||||
One of the key components of IHSM technology is that it does not require specialized components, or potting of the
|
||||
payload. While an IHSM could be manufactured and sold as a complete unit like a conventional HSM, their more modular
|
||||
nature makes it possible to place more control in the IHSM's customer. In particular, an IHSM could be sold without a
|
||||
payload installed, leaving the customer to install their own payload (such as a QKD node) inside the IHSM. Like a
|
||||
conventional HSM, the IHSM could be run during shipping to detect supply-chain attacks. Going further, since IHSMs are
|
||||
build from commodity components, the user could directly license the IHSM design and manufacturer it themselves, given
|
||||
them full control over the hardware supply chain. In a QKD deployment, the manufacturer of the QKD node could build both
|
||||
the QKD subsystem and the IHSM and integrate both, given that this would not require additional manufacturing
|
||||
capabilities due to the IHSM's simple construction.
|
||||
|
||||
\subsection{Network implementation}
|
||||
|
||||
|
||||
IHSM-secured QKD nodes could be used to build QKD networks. IHSM-secured QKD nodes augment QKD network techniques such
|
||||
as \textcite{caoHybridTrustedUntrusted2021}, who present a network structure that exploits MDI-QKD to replace some of
|
||||
the network's nodes by untrusted nodes that do not require physical security.
|
||||
|
||||
\subsection{Device Longevity}
|
||||
|
||||
|
|
@ -515,10 +576,16 @@ systems buffer secret key bits. The switchover time of an optical switch used fo
|
|||
as well as the link establishment time of the failover transceiver can be absorbed by simply sizing this buffer
|
||||
appropriately.
|
||||
|
||||
\subsection{Trust bootstrapping}
|
||||
|
||||
\section{Conclusion}
|
||||
|
||||
In this paper, we applied the Inertial Hardware Security Module (IHSM) concept to physically trusted relay nodes in a
|
||||
Quantum Key Distribution network. We note that the hardest challenge in the adoption of IHSMs in QKD relays is the
|
||||
fiber-optic passthrough between the outside world and the IHSMs QKD relay payload. We show three concepts along the
|
||||
spectrum trading off security and implementation complexity. All three concepts utilize a secondary rotating mesh on the
|
||||
inside of the primary mesh's shaft opening. We practically demonstrate one of our concepts, the offset labyrinth mesh,
|
||||
in a functional mechanical prototype. We experimentally measured the increase in loss of a standard telecommunications
|
||||
fiber when inserted through our mechanical prototype's fiber passthrough, resulting in an increase in loss compared to a
|
||||
straight fiber that was below our measurement threshold of approximately \qty{0.25}{\decibel}.
|
||||
|
||||
\begin{credits}
|
||||
This is version \texttt{\input{version.tex}\unskip} of this paper, generated on \today. The git repository with the
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue