jaseg/ihsm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add comparison commercial conventional HSM / laptop, resources appendix

Browse source
This commit is contained in:
jaseg 2021-07-08 17:14:16 +02:00
parent 8a65ead110
commit 83e8ccd65d
2 changed files with 23 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

9
paper/ihsm.bib
View file

@ -400,4 +400,13 @@
urldate = {2021-07-08}, urldate = {2021-07-08},
} }
@WWW{thales2021,
author = {Thales Group},
publisher = {Thales Group},
title = {Thales Luna HSM Product Family Overview Page},
url = {https://cpl.thalesgroup.com/encryption/hardware-security-modules/network-hsms},
urldate = {2021-07-08},
date = {2021},
}
@Comment{jabref-meta: databaseType:biblatex;} @Comment{jabref-meta: databaseType:biblatex;}

16
paper/ihsm_paper.tex
View file

@ -370,6 +370,12 @@ Given that for modern high core-count CPUs, power dissipation is mostly linear i
applications performance is mostly linear in core count this severely limits the achievable performance in a applications performance is mostly linear in core count this severely limits the achievable performance in a
traditional, hermetically sealed HSM. traditional, hermetically sealed HSM.
This estimated performance discrepancy matches up with our observation. Vendor of conventional HSMs Thales reports
$\SI{20}{\kilo Ops\per\second}$ ECC signature operations on NIST Curve P-256 per device of their top-of-range ``Luna HSM
790''~\cite{thales2021}, which compares to be slightly more than half of the $\SI{36}{\kilo Ops\per\second}$ signing
operations that \texttt{openssl speed} in single-thread mode is able to do on an AMD Ryzen 7 PRO 4750U laptop CPU at a
power consumption of $\SI{2.0}{\watt}$ on the active core.
\subsection{Long-term Operation} \subsection{Long-term Operation}
Like with other HSMs, practical use may require an IHSM to continuously run for a decade or even longer. As with other Like with other HSMs, practical use may require an IHSM to continuously run for a decade or even longer. As with other
@ -437,7 +443,7 @@ accelerations large enough to cause a false alarm.
To put the above relations into perspective, consider that at an angular frequency of $\SI{1000}{rpm}$, we can expect an To put the above relations into perspective, consider that at an angular frequency of $\SI{1000}{rpm}$, we can expect an
IHSM's tamper sensor to measure an acceleration of about $\SI{100}{g}$. Even the strongest earthquakes rarely reach a IHSM's tamper sensor to measure an acceleration of about $\SI{100}{g}$. Even the strongest earthquakes rarely reach a
Peak Ground Acceleration (PGA) of $\SI{0.1}{g}$~\cite{yoshimitsu1990}. The highest measured PGA of the 2011 Tohoku Peak Ground Acceleration (PGA) of $\SI{0.1}{g}$~\cite{yoshimitsu1990}. The highest PGA measured during the 2011 Tohoku
earthquake was approximately $\SI{0.3}{g}$. Since earthquake vibrations are low-frequency and happen across a large earthquake was approximately $\SI{0.3}{g}$. Since earthquake vibrations are low-frequency and happen across a large
geographic area, they nontheless dissipate a tremendous amound of mechanical power through an absolute acceleration that geographic area, they nontheless dissipate a tremendous amound of mechanical power through an absolute acceleration that
may seem low at first glance, but we can largely ignore them for the purposes of our tamper detection system. As may seem low at first glance, but we can largely ignore them for the purposes of our tamper detection system. As
@ -862,8 +868,13 @@ secure hardware.
\printbibliography[heading=bibintoc] \printbibliography[heading=bibintoc]
\appendix
\section{Source code and Design artifacts}
%%% FIXME remove appendix and work into text. During our research on this paper, we have created a number of digital design artifacts including a 3D mechanical CAD
model of our prototype IHSM, schematics and PCB layouts for all of its PCBs including the prototype security mesh
monitor PCB as well as firmware and data analysis scripts for the experiments we ran on the prototype IHSM. All of these
digital artifacts as well as the sources to this paper are included in the git repository linked below.
\center{ \center{
\center{This is version \texttt{\input{version.tex}\unskip} of this paper, generated on \today. The git repository \center{This is version \texttt{\input{version.tex}\unskip} of this paper, generated on \today. The git repository
@ -871,4 +882,5 @@ secure hardware.
\center{\censorIfSubmission{\url{https://git.jaseg.de/rotohsm.git}}} \center{\censorIfSubmission{\url{https://git.jaseg.de/rotohsm.git}}}
} }
\end{document} \end{document}