jaseg/ihsm-qkd-paper
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Include the rest of Leonhard's notes

Browse source
This commit is contained in:
jaseg 2025-06-04 17:41:45 +02:00
parent dd2a30146e
commit 453fe8a467
3 changed files with 828 additions and 788 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
figures/shaft_countermeasures_b.pdf
View file

Binary file not shown.

1384
figures/shaft_countermeasures_b.svg
View file

File diff suppressed because it is too large Load diff
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 63 KiB

After

Width:  |  Height:  |  Size: 64 KiB

Before After
Before After

232
paper.tex
View file

@ -277,16 +277,16 @@ usually in the order of \qtyrange{500}{800}{\milli\meter} side length that canno
In contrast to conventional HSMs using mesh foils, IHSMs approach envelope tamper sensing by encasing the payload in a
mesh cage made from low-cost PCBs, then rotating this cage at high speed to simultaneously cover all angles, and prevent
manipulation of the mesh. To prevent an attacker from slowing down the rotating mesh cage, an accelerometer is placed on
the rotating mesh that monitors rotation by measuring centrifugal acceleration.
manipulation of the mesh\cite{gotteCantTouchThis2022}. To prevent an attacker from slowing down the rotating mesh cage,
an accelerometer is placed on the rotating mesh that monitors rotation by measuring centrifugal acceleration.
The main issue in IHSM construction is the construction of the pass-through providing electrical connections between the
payload and the outside world. In conventional HSMs that use tamper sensing mesh foils, this passthrough is realized by
folding the mesh foil and a Flexible Flat Cable (FFC) in several layers such that there is no straight path that
a probe could be inserted through. In IHSMs, electrical connections are passed through a hollow shaft on one end of the
mesh cage. Similar to the serpentine folds between mesh foil and FFC in conventional HSMs, in IHSMs complex geometry can
be realized by placing a secondary rotating mesh on the inside of the primary mesh, covering the point where the shaft
goes through the primary mesh.
folding the mesh foil and an FFC in several layers such that there is no straight path that a probe could be inserted
through. In IHSMs, electrical connections are passed through a hollow shaft on one end of the mesh cage. Similar to the
serpentine folds between mesh foil and FFC in conventional HSMs, in IHSMs complex geometry can be realized by placing a
secondary rotating mesh on the inside of the primary mesh, covering the point where the shaft goes through the primary
mesh.
Where in conventional HSMs covering larger areas with a patchwork of smaller mesh foils creates the difficulty of
creating secure seams between the foils, in IHSMs, multiple PCB meshes can easily be joint into a larger mesh by simply
@ -314,38 +314,48 @@ To approach the security of the data and power connections passing through the I
sensing mesh on the inside of the primary mesh, located right next to the primary mesh's axis opening. This secondary
mesh makes accessing the payload using probes inserted through the shaft much more difficult.
\textcite{gotteCantTouchThis2022} only present conceptual drawings of these schemes, and focus on electrical signals. In
this paper, building on these concepts, we present mechanical designs of three variations of a fiber passthrough for
IHSMs that are adapted to the limited bending radius of optical fiber: A simple disc cover, offset labyrinth meshes, and
interlocking gear meshes. We present a mechanical prototype of our offset labyrinth mesh design.
this paper, building on these concepts, we present a mechanical design of two variations of a fiber passthrough for IHSMs
that are adapted to the limited bending radius of optical fiber: Offset labyrinth meshes, and interlocking gear meshes.
We present a mechanical prototype of our offset labyrinth mesh design.
\subsection{Simple disc cover}
\begin{figure}[h!]
\centering
\includegraphics[width=\textwidth,page=1]{shaft_countermeasures_b.pdf}
\caption[Coaxial disc mesh schema]{Coaxial disc mesh schema, cross-section and top-down views. The outer mesh is
shown in red, and the inner mesh in blue. The dashed line indicates the two meshes' shared axis of rotation. The
gray areas indicate the shape of the volume that remains undisturbed by the mesh, and that is available for
structural support and cable routing.}
\caption[Coaxial disc mesh schema]{Coaxial disc mesh schema, cross-section view. The outer mesh is shown in red, and
the inner mesh in blue. The dashed line indicates the two meshes' shared axis of rotation. The gray areas indicate
the shape of the volume that remains undisturbed by the mesh, and that is available for structural support and cable
routing.}
\label{qkd_fig_disc_mesh}
\end{figure}
While IHSMs excel at protecting large payload volumes, even a zero-payload IHSM that has been shrunk to a single,
disc-shaped PCB is still useful because we can delegate key management functionality to the mesh monitoring circuit's
microcontroller---or a separate processor sitting next to it---on the rotating mesh PCB, yielding a solution close in
both its cryptographic capabilities and its security level to commercial traditional HSMs, and exceeding those of a
smartcard. In the following paragraphs, we will show how we can deploy the same single-board IHSM (SB-IHSM) as a
mitigation for through-axis attacks, exploiting its mechanical shape and its simple, low-cost implementation.
Before going into detail on our proposed designs, we will first consider adapting the simple disc cover originally
presented by \textcite{gotteCantTouchThis2022}. While IHSMs excel at protecting large payload volumes, even a
zero-payload IHSM that has been shrunk to a single, disc-shaped PCB is still useful because we can delegate key
management functionality to the mesh monitoring circuit's microcontroller---or a separate processor sitting next to
it---on the rotating mesh PCB, yielding a solution close in both its cryptographic capabilities and its security level
to commercial traditional HSMs, and exceeding those of a smartcard. In the following paragraphs, we will show how we can
deploy the same Single-Board IHSM (SB-IHSM) as a mitigation for through-axis attacks, exploiting its mechanical shape
and its simple, low-cost implementation.
By placing an adapted single-board IHSM close to the primary mesh's axis opening as shown in Figure\
\ref{qkd_fig_disc_mesh}, an attacker is forced to either first circumvent or at least dislodge the single-board IHSM
through the primary mesh's axis opening without disturbing either mesh to gain direct access to the payload behind it,
or to conduct their attack through the keyhole-sized opening in the primary mesh while bending their tool by
approximately \qty{90}{\degree} at least twice, once to avoid the SB-IHSM mesh, and once more to re-orient the tool
towards the payload. The distance between the inside of the primary mesh and the SB-IHSM is limited by the tolerance in
towards the payload. Both the primary and the secondary IHSM meshes are spinning and constantly check their speed using
on-board accelerometers. To avoid triggering a tamper alarm, the attacker would have to not only fit an attack tool
through the space between the meshes, but also avoid even touching either mesh too hard since touching could slow down
the mesh.
The distance between the inside of the primary mesh and the SB-IHSM is limited by the tolerance in
mechanical alignment between the two axes of rotation, by the space necessary for a sufficiently stable mount of the
payload cage to the hollow shaft, and by the minimum bend radius of the power and data wiring that needs to pass through
the shaft. Power and electrical data signals can be supplied through flexible flat cables that can be bent in sharp
the shaft. Increasing the IHSM's shaft diameter should be avoided because it gives an attacker more space. Instead, the
space between the meshes should be adjusted.
Power and electrical data signals can be supplied through flexible flat cables that can be bent in sharp
corners without issue. In QKD applications, the fibers' minimum bend radius is the largest contributing factor. The
optical loss of a fiber rises sharply with decreasing bend radius\footnote.{Note that the issue here is not that the
glass core of the fiber would degrade or break, as one might intuitively assume. Being only a few dozen micrometers in
@ -353,14 +363,17 @@ diameter, an optical fiber's core is remarkably flexible. Instead, the issue is
single-mode fibers are optical waveguides. Bending them distorts the electromagnetic field inside the waveguide, and
allows some small portion of it to escape from the fiber's core, leading to loss in the form of both attenuation and
dispersion~\cite{schermerImprovedBendLoss2007}.} With QKD being especially sensitive to even small amounts of loss, care
has to be taken to maximize the bend radius of the fiber optic connections. A common specification of minimum bend
radius in telecom single-mode fibers taking into account not just optical loss but also the mechanical stability of the
fiber's polymer coating is $10\times$ the coated fiber's
has to be taken to maximize the bend radius of the fiber optic connections.
A common specification of minimum bend radius in telecom single-mode fibers taking into account not just optical loss
but also the mechanical stability of the fiber's polymer coating is $10\times$ the coated fiber's
diameter~\cite{fs1M12FSC,ProductPageFiber,CorningSMF28Ultra2024}, which equates to \qty{9}{\milli\meter} for common
\qty{0.9}{\milli\meter} fiber pigtails, corresponding to approximately \qty{1}{\decibel} of loss in the
\qty{1550}{\nano\meter} band~\cite{schermerImprovedBendLoss2007}. Based on these specifications and on a conservative
estimate of \qty{2.5}{\milli\meter} for the vertical mesh clearance, we arrive at a minimum inter-mesh spacing of
approximately \qty{11}{\milli\meter} when using minimal overlap between tab heights.
\qty{1550}{\nano\meter} band~\cite{schermerImprovedBendLoss2007}. A technique that allows us to reduce the vertical
space necessary for the fiber's transition from the shaft to a plane parallel to the mesh is helically coiling the fiber
as shown in Figure~\ref{qkd_fig_fiber_helix}, which results in a height of less than \qty{6}{\milli\meter} for the
fiber's transition to horizontal. Adding a clearance of \qty{2.5}{\milli\meter} above and below the fiber passthrough to
account for tolerances in the two meshes' movements, we arrive at a minimum inter-mesh spacing of \qty{11}{\milli\meter}.
\begin{figure}
\centering
@ -371,7 +384,7 @@ approximately \qty{11}{\milli\meter} when using minimal overlap between tab heig
inter-mesh space at an angle equal to the helix lead angle. Shown here is a \qty{6}{\milli\meter} outer diameter
tube with a \qty{0.5}{\milli\meter} wall thickness and 6 fibers with \qty{0.9}{\milli\meter} outer diameter
coiled to a constant bend radius of \qty{9}{\milli\meter}. The lead angle of the helix is \qty{61.5}{\degree}.
The resulting inter-mesh spacing is \qty{5.16}{\milli\meter}.
The resulting height below the exit is \qty{5.16}{\milli\meter}.
}
\label{qkd_fig_fiber_helix}
\end{figure}
@ -381,32 +394,34 @@ approximately \qty{11}{\milli\meter} when using minimal overlap between tab heig
\begin{figure}[h!]
\centering
\includegraphics[width=\textwidth,page=4]{shaft_countermeasures_b.pdf}
\caption[Coaxial labyrinth mesh schema]{Coaxial labyrinth mesh schema, cross-section and top-down views.}
\caption[Coaxial labyrinth mesh schema]{Coaxial labyrinth mesh schema, cross-section and top-down views. The numbers
indicate the order a fiber traverses the inter-mesh space. With appropriate spacing, the fiber---or an attacker with
their tool---can traverse the space in a zig-zag line in the cross-section plane.}
\end{figure}
In QKD applications, the simple disc cover design shown above has two main limitations. First, the distance between the
primary and secondary meshes' tab rings must be large enough to allow for the fibers' minimum bend radius, resulting in
more than \qty{10}{\milli\meter} of space available to an attacker. Second, the attacker only has to bend their tool in
a plane to reach the payload.
primary and secondary meshes must be large enough to allow for the fibers' minimum bend radius, resulting in more than
\qty{10}{\milli\meter} of space available to an attacker. Second, the attacker only has to bend their tool in a plane to
reach the payload.
To increase the difficulty of inserting a long and flexible tool through the axis shield, the shape of the interface
layer between the two meshes can be made more complex. Introducing small mesh \emph{tabs} that stick out into the
inter-mesh space from both meshes creates a labyrinth-like structure between the axis opening and the IHSM's inside.
Structural support and cables can easily pass this structure in a series of \qty{90}{\degree} bends, while inserting a
probe avoiding both meshes would not be feasible as the probe would have to perform a series of sharp bends. The type of
manipulator that would be necessary for the placement of a probe in this system is conceptually similar to snake-like
robots used in minimally invasive surgery, but state-of-the-art systems from this area are both too thick and don't have
enough joints to fit even simple labyrinth layouts~\cite{
suhDesignDiscreteBending2017,
layer between the two meshes can be made more complex. \textcite{gotteCantTouchThis2022} proposed adding small, vertical
mesh \emph{tabs} to each of the two meshes that stick out into the inter-mesh space. This creates a labyrinth-like
structure between the axis opening and the IHSM's inside. Structural support and cables can easily pass this structure
in a series of \qty{90}{\degree} bends, while inserting a probe avoiding both meshes would not be feasible as the probe
would have to perform a series of sharp bends. The type of manipulator that would be necessary for the placement of a
probe in this system is conceptually similar to snake-like robots used in minimally invasive surgery, but
state-of-the-art systems from this area are too thick, too short, lack joints, or have insufficient maximum bending
angle to fit even simple labyrinth layouts. Common parameters for such parameters are \qty{4}{\milli\meter} diameter,
between two and four joints, up to \qty{50}{\milli\meter} length and \qty{60}{\degree} maximum bend angle for each
joint~\cite{ suhDesignDiscreteBending2017,
schmitzRollingTipFlexibleInstrument2019,
kimAdvancementFlexibleRobot2022,
hongDesignCompensationControl2020}.
For instance, if we assume \qty{3}{\milli\meter} material thickness on the radial bracket connecting the shaft with the
secondary mesh's mounting frame along with \qty{10}{\milli\meter} of mesh tab overlap, \qty{1.5}{\milli\meter} of
clearance between radial bracket and each of the two meshes, and an inter-mesh spacing from one tab ring to the next
equal to the radial brackets' material thickness of \qty{4}{\milli\meter} plus the clearance from bracket to mesh, we
arrive at a meander \qty{6}{\milli\meter} in width completing four \qty{180}{\degree} turns within less than
\qty{40}{\milli\meter} of radial distance.
A particular limitation for an attack to a labyrinth mesh is the tradeoff between flexibility and length. The number of
joints is limited by space available for tendon cables, and the available joints must be distributed along the length of
the instrument. To insert the instrument through a labyrinth mesh, a tight spacing is necessary, which conflicts with
the length required to reach the payload on the inside of the IHSM.
While long and narrow tabs are desirable for mesh security as they limit the size and mobility of an attacker's probe,
in QKD application, the need for fiber optic passthrough is the limiting factor. The obvious solution of passing through
@ -418,32 +433,28 @@ the bend radius, the minimum tab spacing is only limited by the fiber's diameter
When the discs are placed closer, and a larger pitch is necssary, the resulting pitch of the helix determines the
minimum tab spacing.
Designing a labyrinth mesh for intrusion prevention is similar to the design of the shape of the jamb of a safe door or
of a high end apartment door. In these, the objective is to prevent would-be burglars from inserting opening tools
through the space between the closed door and its jamb and attacking the door's interior handle or locking mechanism,
not unlike an IHSM's defense against electrical or electromagnetic probes. The one difference between these doors and
what we can do in IHSMs is that these doors are limited to outwards-facing steps because they must be opened and closed.
In IHSM labyrinth meshes, we can use both outwards-facing and inwards-facing steps.
Designing a labyrinth mesh for intrusion prevention is similar to the design of the shape of the jamb of the door of a
safe. In these, the objective is to prevent would-be burglars from inserting opening tools through the space between the
closed door and its jamb and attacking the door's interior handle or locking mechanism, not unlike an IHSM's defense
against electrical or electromagnetic probes. The one difference between these doors and what we can do in IHSMs is that
these doors are limited to outwards-facing steps because they must be opened and closed. In IHSM labyrinth meshes, we
can use both outwards-facing and inwards-facing steps.
Concentric labyrinth meshes allow for a range configurations. The pitch from one mesh tab to the next is the sum of the
required width of the inter-mesh space and the safety margin needed betwween any cables or the inter-mesh bracket and
the tabs. When the mesh is constructed using rigid PCB tabs that are inserted as-is, without bending them, and when all
tabs have the same width and thickness, the radial width of the swept area decreases from tab to tab going outwards. A
consequence of this is that when the design target are constant width inter-mesh spaces, the tabs' pitch decreases going
required width of the inter-mesh space and the safety margin needed between any cables or the inter-mesh bracket and the
tabs. When the mesh is constructed using rigid PCB tabs that are inserted as-is, without bending them, and when all tabs
have the same width and thickness, the radial width of the swept area decreases from tab to tab going outwards. A
consequence of this is that when the design target are constant-width inter-mesh spaces, the tabs' pitch decreases going
outwards.
The safety margin required to avoid collisions between the meshes and the stator can be kept low for the primary mesh
because this mesh has high-quality bearings on both ends, leading to good axis alignment. In contrast, for the secondary
mesh, margins have to be included if the mesh is driven by a cooling fan motor, as the bearings in such fans
are not very precise, resulting in misalignment increasing with radius.
\subsection{Offset labyrinth meshes}
\begin{figure}[h!]
\centering
\includegraphics[width=0.5\textwidth,page=2]{shaft_countermeasures_b.pdf}
\includegraphics[width=\textwidth,page=2]{shaft_countermeasures_b.pdf}
\caption[Offset labyrinth mesh schema]{Offset labyrinth mesh schema, cross-section and top-down views. The two
dashed lines indicate the two meshes' offset axes of rotation, shifted in $x$ direction in both views.}
dashed lines indicate the two meshes' offset axes of rotation, shifted in $x$ direction in both views. The numbers
indicate the order a fiber traverses the inter-mesh space.}
\label{qkd_fig_offset_lab_schema}
\end{figure}
@ -476,11 +487,9 @@ feedthrough that improves on the simple helical feedthrough we introduced above.
Our offset labyrinth mesh design combines an offset of the secondary mesh's axis of rotation with the labyrinth mesh
approach from the previous section, creating wide and narrow inter-mesh spaces on alternating sides of the offset
direction as shown in in Figure\ \ref{qkd_fig_offset_lab_schema}. Structural support is provided using a CNC machined or
3D printed part, which also serves as a conduit for electrical connections from the shaft to the payload using Flexible
Flat Cable (FFC). While the FFC can easily conform to the offset labyrinth's sharp corners, an optical fiber can not.
Thus, instead of passing it straight through the labyrinth, the payload's fiber optic connections are passed through the
labyrinth in a three-dimensional spiral shape, avoiding the meshes while simultaneously maximizing the fibers' bend
radii.
3D printed part, which also serves as a conduit for electrical connections from the shaft to the payload using an FFC.
The fiber is passed through the labyrinth in a three-dimensional spiral shape, avoiding the meshes while simultaneously
maximizing the fibers' bend radius.
\subsection{Experimental Validation}
@ -501,12 +510,13 @@ resulted in a difference below the measurement floor of approximately \qty{0.25}
\hspace*{5mm}
\includegraphics[width=0.45\textwidth]{fiber_passthrough_mech_model__8292_small_censored.jpg}
\end{center}
\caption{An disassembled view of our optical passthrough mechanical prototype. The fiber is passed through from the
\caption{A disassembled view of our optical passthrough mechanical prototype. The fiber is passed through from the
shaft going through the IHSM's primary tamper sensing mesh cage to the outside into the interior of the IHSM through
the green bracket. A secondary tamper sensing mesh is located on the inside of the shaft interface and driven
separately. In this prototype, the secondary mesh is driven by a cooling fan. Both independently rotating meshes
have tabs that extend into the bracket such that they do not interfere, but reduce the space available to an
attacker. The HSM's primary mesh cage is partially shown in white.
a channel in the green bracket. In a field application, the channel would be potted after fiber installation. A
secondary tamper sensing mesh is located on the inside of the shaft interface and driven separately. In this
prototype, the secondary mesh is driven by a cooling fan. Both independently rotating meshes have tabs that extend
into the bracket such that they do not interfere, but reduce the space available to an attacker. The HSM's primary
mesh cage is partially shown in white.
\\\textbf{Note: Institutional logo removed from picture for peer review}
}
\label{fig_pic_proto_detail}
@ -516,7 +526,7 @@ resulted in a difference below the measurement floor of approximately \qty{0.25}
\begin{figure}[h!]
\centering
\includegraphics[width=0.5\textwidth,page=3]{shaft_countermeasures_b.pdf}
\includegraphics[width=\textwidth,page=3]{shaft_countermeasures_b.pdf}
\caption[Offset gear labyrinth mesh schema]{Offset gear labyrinth mesh schema, cross-section and top-down views. In
this example, the axis is shifted by about twice the offset from the previous offset labyrinth mesh schema in
Figure\ \ref{qkd_fig_offset_lab_schema}.}
@ -529,13 +539,10 @@ the amount of inter-mesh space necessary for power and data feedthroughs as well
meshes, on the other hand, this pitch increases by the offset distance. Even for a small offset this quickly adds up to
an unwieldy total mesh size.
In this section, we conceptually introduce a solution to this problem that allows for larger offsets using a design
where the two meshes interlock like gears. This does mean that the two meshes' rotation must be synchronized, but it
increases the design space of offset labyrinth meshes. For instance, in a gear setup, the wide sides of the inter-mesh
zones can be aligned to lie on the same side, so fiber passthrough can be realized more easily even without the need to
spiral the fiber around the axes of rotation.
\subsection{Mesh synchronization}
A solution to this problem that allows for larger offsets is to make the two meshes' tabs interlock like gears. This
does mean that the two meshes' rotation must be synchronized, but it increases the design space of offset labyrinth
meshes. For instance, in a gear setup, the wide sides of the inter-mesh zones can be aligned to lie on the same side, so
fiber passthrough can be realized more easily even without the need to spiral the fiber around the axes of rotation.
For geared meshes to work, both speed and phase of the rotation of the two meshes must be synchronized to a small error.
In this setup, the mesh tabs act like gear teeth. Depending on the ratio between both meshes' tap counts, the two
@ -552,11 +559,11 @@ countermeasures.
There are two ways an attacker could attack the mesh itself if an adequate speed of rotation such as \qty{1000}{\rpm} is
used~\cite{gotteCantTouchThis2022}: Either, an attacker would have to slow down the mesh so they can perform a manual
attack, or they would have to use a robot. The first class of attack would require the attacker to falsify the readings
of the centrifugal accelerometer. MEMS accelerometers are complex devices, and the simplest way to falsify its readings
would be to attach a circuit to the accelrometer's data bus that overrides the measurement result data. Creating such a
circuit is easy, the challenge the attacker would have to overcome would be to access this bus and attach this circuit
to the mesh in motion without stopping or disturbing it. At high speeds, this would necessarily require a custom attack
robot.
of the centrifugal accelerometer. Such Micro-Electro-Mechanical Systems (MEMS) accelerometers are complex devices, and
the simplest way to falsify its readings would be to attach a circuit to the accelerometer's data bus that overrides the
measurement result data. Creating such a circuit is easy, the challenge the attacker would have to overcome would be to
access this bus and attach this circuit to the mesh in motion without stopping or disturbing it. At high speeds, this
would necessarily require a custom attack robot.
\subsection{Contactless attacks on the payload}
@ -569,13 +576,14 @@ place the payload into an opaque enclosure inside the mesh.
An additional variant of optical attacks would be using a laser to cut or drill into the payload. Such attacks can be
impeded through several defense-in-depth measures. First, the payload QKD relay should be designed such that destroying
any part of it such as connecting wires or fibers causes it to fail secure. Irrespective of attacks, this is a
reasonable design objective anyway given that components could fail, and a component failure should never put the device
in an insecure state. Further, similar to other optical attacks, a shield can be used to prevent laser cutting or
drilling attacks as well with the only difference being the kind of shield. To prevent laser cutting or drilling, a
thick metal shield can be used. The large thermal mass, high thermal conductivity and reflective surface of such a
shield makes it difficult to cut. There are lasers such as pulsed Nd:YAG lasers that can cut even thick steel, but these
this cutting produces a large amount of metal plasma and debris, which would likely destroy the payload in the process.
any part of it such as connecting wires or fibers causes it to fail resulting in a secure state. Irrespective of
attacks, this is a reasonable design objective anyway given that components could fail, and a component failure should
never put the device in an insecure state. Further, similar to other optical attacks, a shield can be used to prevent
laser cutting or drilling attacks as well with the only difference being the kind of shield. To prevent laser cutting or
drilling, a thick metal shield can be used. The large thermal mass, high thermal conductivity and reflective surface of
such a shield makes it difficult to cut. There are lasers such as pulsed Nd:YAG lasers that can cut even thick steel,
but these this cutting produces a large amount of metal plasma and debris, which would likely destroy the payload in the
process.
To make sure any active laser attack is quickly detected, as a final line of defense, both mesh and payload should
include wideband optical sensors in their array of environmental tamper sensors. For instace, high-power pulsed lasers
@ -617,13 +625,13 @@ that can be used to ascertain the HSM's integrity during shipping to the custome
One of the key components of IHSM technology is that it does not require specialized components, or potting of the
payload. While an IHSM could be manufactured and sold as a complete unit like a conventional HSM, their more modular
nature makes it possible to place more control in the IHSM's customer. In particular, an IHSM could be sold without a
payload installed, leaving the customer to install their own payload (such as a QKD node) inside the IHSM. Like a
conventional HSM, the IHSM could be run during shipping to detect supply-chain attacks. Going further, since IHSMs are
build from commodity components, the user could directly license the IHSM design and manufacturer it themselves, given
them full control over the hardware supply chain. In a QKD deployment, the manufacturer of the QKD node could build both
the QKD subsystem and the IHSM and integrate both, given that this would not require additional manufacturing
capabilities due to the IHSM's simple construction.
nature makes it possible to place more control in the IHSM's customer's hands. In particular, an IHSM could be sold
without a payload installed, allowing the customer to install their own payload (such as a QKD node) inside the IHSM.
Like a conventional HSM, the IHSM could be run during shipping to detect supply-chain attacks. Going further, since
IHSMs are build from commodity components, the user could directly license the IHSM design and manufacturer it
themselves, given them full control over the hardware supply chain. In a QKD deployment, the manufacturer of the QKD
node could build both the QKD subsystem and the IHSM and integrate both, given that this would not require additional
manufacturing capabilities due to the IHSM's simple construction.
\subsection{Network implementation}
@ -648,12 +656,12 @@ sufficient entropy.
In an application where the overhead of multiple QKD links each requiring their own dark fiber would be too expensive,
multiple IHSM-protected QKD transceivers could be connected to a single optical fiber through an optical switch.
Mirco-Electromechanical Systems (MEMS)-based optical switchs are a well-established technology and can switch optical
fibers within milliseconds at an insertion loss of no more than a decibel or two. In a QKD application, this insertion
loss would be tolerable. Since QKD secret key rates stem from a stochastic process and as such are not constant, QKD
systems buffer secret key bits. The switchover time of an optical switch used for failover between two QKD transceivers
as well as the link establishment time of the failover transceiver can be absorbed by simply sizing this buffer
appropriately.
MEMS-based optical switchs are a well-established technology and can switch optical fibers within milliseconds at an
insertion loss of no more than a decibel or two. In a QKD application, this insertion loss would be tolerable since it
is a constant loss once at each end of the connection, and does not compound with distance. Since QKD secret key rates
stem from a stochastic process and as such are not constant, QKD systems buffer secret key bits. The switchover time of
an optical switch used for failover between two QKD transceivers as well as the link establishment time of the failover
transceiver can be absorbed by simply sizing this buffer appropriately.
\section{Conclusion}
\label{sec_conclusion}
@ -667,13 +675,13 @@ in a functional mechanical prototype. We experimentally measured the increase in
fiber when inserted through our mechanical prototype's fiber passthrough, resulting in an increase in loss compared to a
straight fiber that was below our measurement threshold of approximately \qty{0.25}{\decibel}.
\begin{credits}
This is version \texttt{\input{version.tex}\unskip} of this paper, generated on \today. The git repository with the
\LaTeX source for this paper, all hardware design files, and firmware and analysis source code can be found at:
%\begin{credits}
%This is version \texttt{\input{version.tex}\unskip} of this paper, generated on \today. The git repository with the
%\LaTeX source for this paper, all hardware design files, and firmware and analysis source code can be found at:
\center{Note: URL elided for peer review}
%\center{Note: URL elided for peer review}
% \center{\url{https://git.jaseg.de/ihsm-sampling-mesh-monitor-hw.git}}
\end{credits}
%\end{credits}
\printbibliography[heading=bibintoc]