Add proper title page

common-defs.tex

@@ -166,3 +166,4 @@
 \hyphenation{a-me-na-ble}
 \hyphenation{da-ta-cen-ter}
 
+\setstretch{1.3}

hsm-terminology-notes.tex

@@ -0,0 +1,73 @@
+\chapter*{A Note on Hardware Security Module Terminology}
+\addcontentsline{toc}{chapter}{A Note on Hardware Security Module Terminology}
+
+In this thesis, we use the term \emph{Hardware Security Module (HSM)} to refer to a security device that has the
+following three properties.
+
+\begin{enumerate}
+\item A HSM targets the prevention of any conceivable physical attack. In particular, this includes intrusion attempts
+        such as careful drilling or cutting into the device from any direction.
+\item A HSM includes tamper sensors that when triggered result in an active tamper response, usually deleting all
+        cryptographic secrets and rendering the device inoperable.
+\item A HSM's tamper sensing and response subsystem is continuously powered from a backup power supply, usually a
+        battery. Loss of power triggers the tamper response.
+\end{enumerate}
+
+This use of the term \emph{HSM} aligns with common usage of the term both in the academic literature and in everyday
+conversation. Particularly the requirement of active tamper detection and response is crucial to distinguish a HSM from
+simpler devices such as TPMs, smart cards or secure enclaves in SoCs. Note that our use of the term HSM is slightly
+different from its use in government standards, from its use in the PCI (card payment industry asscociation) standards,
+and from its industry use.
+
+In industry, the term HSM is often used for solutions that are only logically segregated and that do not include any
+particular defense against hardware attacks. Our conjecture is that this is a consequence of the standardization
+landscape, where for applications outside of card payment processing the US FIPS
+140-22~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2002} standard was central to
+the industry. Despite encompassing both devices that include active tamper detection and response, FIPS 140-2 did not
+draw a distinction in its terminology between the two classes.
+
+\section{Use in government standards}
+
+Under US national standard FIPS 140 in in its 2002 version
+2~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2002}, a HSM would be called a
+\emph{Multiple-Chip Cryptographic Module} that conforms to the standard's \emph{Security Level 4}. Interesting to note
+are that only security level 4 requires any active tamper detection and response, so its security levels 3 and below do
+not align with our HSM definition. Futher of note is that according to the standard, a single-chip solution does not
+require any tamper detection and response either to meet the standard's security level 4, which is in misalignment with
+our definition. The standard's 2019 updated version FIPS
+140-3~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2019} defers to the
+international standards ISO/IEC 19790 and 24759.
+
+ISO/IEC 19790~\cite{ISOIEC19790} and ISO/IEC 24759~\cite{ISOIEC24759} call what we call a HSM a \emph{Hardware
+Cryptographic Module} corresponding with the standards \emph{Security Level 4}. However, these standards only require
+active tamper detection and response when cryptographic secrets are transmitted in plaintext between chips.
+
+\section{Use in card payment processing (PCI SSC) standards}
+
+The Payment Card Industry Security Standards Council (PCI SSC) is an association of credit card network operators that
+defines standards for all layes of card payment processing from card payment terminals in stores through the handling of
+payment data in online shop backend systems.
+
+PCI SSC terminology aligns with our use and with common everyday use of the term HSM. In PCI SSC terminology, a HSM is a
+crytographic device that has active tamper detecion and response circuitry. However, PCI SSC terminology only differs
+from our use of the term HSM in one nuance: In PCI SSC terminology, a HSM is specifically a datacenter device used for
+backend processing of payment data. The general class of ``hardware devices performing some security function with or
+without particular physical security requirements'' that ISO/IEC 19790 and other standards call a \emph{Hardware
+Cryptographic Module}, in PCI SSC terminology is termed \emph{Secure Cryptographic Device (SCD)} in more recent standard
+versions, which was updated from the previous term \emph{Tamper-Resistant Security Module (TRSM)}. Other than HSMs, PCI
+SSC includes smartcards and card payment terminals in this category. Card payment terminals, referred to as
+\emph{Pin-Entry Device (PED)} in PCI SSC standards, have to include a surprising amount of active tamper detection and
+response functionality including partial coverage of areas like they system's main cryptographic processor and smart
+card reader by battery-backed tamper-sensing meshes.
+
+\section*{Tamper-Sensing Meshes}
+\addcontentsline{toc}{subsection}{Tamper-Sensing Meshes}
+
+In this thesis, we use the terms \emph{Tamper-Sensing Mesh} and \emph{Security Mesh} synonymous. We use both terms to
+refer to any electrical circuit whose path is laid out to cover a surface with the intent of detecting attempts at
+drilling, cutting or otherwise manipulating this surface. While the term \emph{Security Mesh} is more concise, it is
+less clear to people unfamiliar with the matter. It is also polysemous, and depending on context can also refer to woven
+or stamped metal meshes used as fences or as screens in front of windows to prevent break-ins. As a result, it is harder
+to use in online searches, and when using Large Language Models (LLMs), it frequently leads to amusing hallucinations.
+
+

thesis.tex

@@ -22,8 +22,7 @@
 \title{Bootstrapping Physical Security with Inertial Hardware Security Modules}
 \author{Jan Sebastian Götte}
 \begin{document}
-
-\maketitle
+\input{titlepage.tex}
 \ifdefined\thesispreviewmode
 {\Large \textbf{Draft build}, git revision \texttt{\input{version}}}
 \fi

titlepage.tex

@@ -0,0 +1,65 @@
+
+\thispagestyle{empty}
+\begin{center}
+    \vspace*{5cm}
+    \noindent
+    \begin{spacing}{2.0}
+        \textbf{\Huge Bootstrapping Physical Security with Inertial Hardware Security Modules}
+    \end{spacing}
+
+    \vspace*{5cm}
+    \begin{spacing}{1.3}
+        \noindent
+        Dissertation von Jan Sebastian Götte
+
+        \noindent
+        zur Erlangung des Grades Doktor-Ingenieur (Dr. Ing.)
+
+        \noindent
+        am Fachbereich Kommunikationsnetze
+
+        \noindent
+        der Technischen Universität Darmstadt
+
+        \noindent
+        Erstgutachter: Prof. Dr. Björn Scheuermann
+
+        \noindent
+        Zweitgutachter: TBD FIXME
+
+    \end{spacing}
+
+    \vfill
+    \noindent
+    Darmstadt 2026
+\end{center}
+
+\clearpage
+\thispagestyle{empty}
+
+\vspace*{\fill}
+\setlength{\fboxsep}{2.0mm}
+\fbox{\parbox{\linewidth}{
+    \noindent
+    \textbf{Bibliographische Angaben:}
+
+    \noindent
+    GÖTTE, Jan Sebastian:
+    \textbf{Bootstrapping Physical Security with Inertial Hardware Security Modules}
+
+    \noindent
+    Darmstadt, Technische Universität Darmstadt, 2025
+
+    \noindent
+    URN: TBD FIXME
+
+    \noindent
+    Tag der mündlichen Prüfung: TBD FIXME
+
+    \noindent
+    Veröffentlicht unter CC-BY-SA 4.0 International
+
+    \noindent
+    \url{https://creativecommons.org/licenses/}
+}}
+\clearpage