jaseg/ihsm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

paper: major review WIP

Browse source
This commit is contained in:
jaseg 2021-07-08 15:08:38 +02:00
parent 9370bb7339
commit 8a65ead110
2 changed files with 86 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

40
paper/ihsm.bib
View file

@ -360,4 +360,44 @@
urldate = {2021-07-07}
}
@WWW{mgchemicals2017,
author = {{{MG Chemicals}}},
title = {MG Chemicals Specialty Adhesives Catalog},
date = {2019},
url = {https://www.mgchemicals.com/downloads/catalogs/Specialty%20Adhesives%20Catalogue%20Web.pdf},
urldate = {2021-07-08},
}
@book{shabany2009,
title = {Heat Transfer: Thermal Management of Electronics},
author = {Younes Shabany},
date = {2009},
publisher = {CRC Press},
isbn = {9781439814680},
}
@book{kordyban1998,
author = {Kordyban, Tony},
isbn = {978-0791800744},
publisher = {ASME},
title = {Hot Air Rises and Heat Sinks: Everything You Know about Cooling Electronics is Wrong},
year = {1998}
}
@WWW{obermaier2019,
author = {Johannes Obermaier},
title = {Physical Unclonable Functions: The Future Technology for Physical Security Enclosures?},
doi = {https://doi.org/10.5446/43265},
publisher = {Chaos Computer Club e.V.},
date = {2019-08-24},
}
@WWW{anandtech2015,
author = {Emmanouil D. Fylladitakis},
title = {Top Tier CPU Air Coolers Q3 2015: 9-Way Roundup Review},
publisher = {AnandTech},
url = {https://www.anandtech.com/show/9415/top-tier-cpu-air-coolers-9way-roundup-review/12},
urldate = {2021-07-08},
}
@Comment{jabref-meta: databaseType:biblatex;}

52
paper/ihsm_paper.tex
View file

@ -352,6 +352,24 @@ Using longitudinal gaps in the mesh, our setup allows direct air cooling of regu
powerful processing capabilities that greatly increase the maximum possible power dissipation of the payload. In an
evolution of our design, the spinning mesh could even be designed to \emph{be} a cooling fan.
Conventional HSMs are limited by the construction of their security meshes which rely on plastics as their main
structural material. The security mesh has to fit the highest components inside the HSM. Since creating a security mesh
with a non-flat surface is difficult, this means there is an inevitable gap of a few millimeters between the surface of
the payload CPU and the inside surface of the mesh. This distance is added to several millimeters of epoxy resin that
the mesh is embedded inside so as to be hard to remove intact. Overall, this leads to a structure approximately a
centimeter thick that includes several millimeters of poorly thermally conductive epoxy resin~\cite{obermaier2019}.
Even if ``thermally conductive'' resins would be used, thermal conductivity is limited to a fraction of what can be
achieved with a heatsink directly attached to the CPU. A modern high-end CPU heatsink with its fan running has a thermal
resistance from CPU junction to air of around $\SI{0.1}{\kelvin\per\watt}$. If one were to make an HSM's security mesh
out of an average thermally conductive epoxy with thermal conductivity
$k=\SI{1}{\watt\per\meter\kelvin}$~\cite{kordyban1998,shabany2009,mgchemicals2017}, the resulting thermal resistance for
a 5-by-5 centimeter, $\SI{5}{\milli\meter}$ thermal interface alone would $\SI{2}{\kelvin\per\watt}$, a more than
10-fold increase. For an acceptable temperature delta from junction to air of $\SI{60}{\kelvin}$ this yields a maximum
power dissipation of only $\SI{30}{\watt}$ compared to a theoretical $\SI{600}{\watt}$ for a conventional CPU cooler.
Given that for modern high core-count CPUs, power dissipation is mostly linear in core count and for multithreaded
applications performance is mostly linear in core count this severely limits the achievable performance in a
traditional, hermetically sealed HSM.
\subsection{Long-term Operation}
Like with other HSMs, practical use may require an IHSM to continuously run for a decade or even longer. As with other
@ -458,15 +476,37 @@ traditional HSM. However, they will either need to perform these attack steps w
rotation at high speed or they will first need to defeat the braking sensor. Attacking the IHSM in motion may require
specialized mechanical tools, CNC actuators or even a contactless attack using a laser, plasma jet or water jet.
\subsection{Attacks that don't work}
In the sections below, we will go into detail on such attacks on IHSMs. To put these attack approaches into perspective,
we will start with a brief overview on attacks on conventional HSMs that the IHSM is defended against.
%FIXME \paragraph{...}
\subsection{Contactless probing of the payload}
Irrespective of the HSM's technology (conventional or IHSM), there are some types of attack bypassing the HSM's security
mesh that in principle cannot be prevented. One such type are contactless attacks such as electromagnetic (EM)
sidechannel attacks, but attacks through the HSM's application interface such as Ethernet also follow this theme. While
IHSMs allow for the use of off-the-shelf server hardware as their payload, the combination of payload hardware and the
software running on top of this hardware still has to be evaluated for fitness in this particular application. EM
sidechannel attacks can be mitigated by shielding and by designing the IHSM's payload such that critical components such
as CPUs are physically distant to the security mesh, preventing EM probes from being brought close. Conducted EMI
sidechannels that could be used for power analysis can be mitigated by placing filters on the inside of the security
mesh at the point where the power and network connections penetrate the mesh. Attacks through the network interface must
be prevented as in any other networked system by only exposing the minimum necessary amount of API surface to the
outside world, and by carefully vetting this remaining attack surface.
\subsection{The Swivel Chair Attack}
\label{sec_swivel_chair_attack}
First we will consider the most basic of all attacks: a human attacker holding a soldering iron trying to rotate
herself along with the mesh using a very fast swivel chair. Let us pessimistically assume that this co-rotating
attacker has their center of mass on the axis of rotation. The attacker's body is likely on the order of
$\SI{200}{\milli\meter}$ wide along its shortest axis, resulting in a minimum radius from axis of rotation to surface of
about $\SI{100}{\milli\meter}$. Wikipedia lists horizontal g forces in the order of $\SI{20}{g}$ as the upper end of the
range tolerable by humans for a duration of seconds or above. We thus set our target acceleration to
If we assume whoever integrates the payload into an IHSM has done adequate work and prevented all contactless attacks,
we are left with attacks that aim at mechanically bypassing the IHSM's security mesh. The first type of attack we will
consider is the most basic of all attacks: a human attacker holding a soldering iron trying to rotate herself along with
the mesh using a very fast swivel chair. Let us pessimistically assume that this co-rotating attacker has their center
of mass on the axis of rotation. The attacker's body is likely on the order of $\SI{200}{\milli\meter}$ wide along its
shortest axis, resulting in a minimum radius from axis of rotation to surface of about $\SI{100}{\milli\meter}$.
Wikipedia lists horizontal g forces in the order of $\SI{20}{g}$ as the upper end of the range tolerable by humans for a
duration of seconds or above. We thus set our target acceleration to
$\SI{100}{g}\;\approx\;\SI{1000}{\meter\per\second^2}$, a safety factor of $5$ past that range. Centrifugal
acceleration is $a=\omega^2 r$. In our example this results in a minimum angular velocity of $f_\text{min} =
\frac{1}{2\pi}\sqrt{\frac{a}{r}} = \frac{1}{2\pi}\sqrt{\frac{\SI{1000}{\meter\per\second^2}}{\SI{100}{\milli\meter}}}