From 0aa60323af320e726a87ffb2f91e559f0b4100bb Mon Sep 17 00:00:00 2001 From: jaseg Date: Fri, 24 Oct 2025 13:42:11 +0200 Subject: [PATCH] Add proper title page --- common-defs.tex | 1 + hsm-terminology-notes.tex | 73 +++++++++++++++++++++++++++++++++++++++ thesis.tex | 3 +- titlepage.tex | 65 ++++++++++++++++++++++++++++++++++ 4 files changed, 140 insertions(+), 2 deletions(-) create mode 100644 hsm-terminology-notes.tex create mode 100644 titlepage.tex diff --git a/common-defs.tex b/common-defs.tex index c0ce60b..3ef391c 100644 --- a/common-defs.tex +++ b/common-defs.tex @@ -166,3 +166,4 @@ \hyphenation{a-me-na-ble} \hyphenation{da-ta-cen-ter} +\setstretch{1.3} diff --git a/hsm-terminology-notes.tex b/hsm-terminology-notes.tex new file mode 100644 index 0000000..073d503 --- /dev/null +++ b/hsm-terminology-notes.tex @@ -0,0 +1,73 @@ +\chapter*{A Note on Hardware Security Module Terminology} +\addcontentsline{toc}{chapter}{A Note on Hardware Security Module Terminology} + +In this thesis, we use the term \emph{Hardware Security Module (HSM)} to refer to a security device that has the +following three properties. + +\begin{enumerate} +\item A HSM targets the prevention of any conceivable physical attack. In particular, this includes intrusion attempts + such as careful drilling or cutting into the device from any direction. +\item A HSM includes tamper sensors that when triggered result in an active tamper response, usually deleting all + cryptographic secrets and rendering the device inoperable. +\item A HSM's tamper sensing and response subsystem is continuously powered from a backup power supply, usually a + battery. Loss of power triggers the tamper response. +\end{enumerate} + +This use of the term \emph{HSM} aligns with common usage of the term both in the academic literature and in everyday +conversation. Particularly the requirement of active tamper detection and response is crucial to distinguish a HSM from +simpler devices such as TPMs, smart cards or secure enclaves in SoCs. Note that our use of the term HSM is slightly +different from its use in government standards, from its use in the PCI (card payment industry asscociation) standards, +and from its industry use. + +In industry, the term HSM is often used for solutions that are only logically segregated and that do not include any +particular defense against hardware attacks. Our conjecture is that this is a consequence of the standardization +landscape, where for applications outside of card payment processing the US FIPS +140-22~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2002} standard was central to +the industry. Despite encompassing both devices that include active tamper detection and response, FIPS 140-2 did not +draw a distinction in its terminology between the two classes. + +\section{Use in government standards} + +Under US national standard FIPS 140 in in its 2002 version +2~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2002}, a HSM would be called a +\emph{Multiple-Chip Cryptographic Module} that conforms to the standard's \emph{Security Level 4}. Interesting to note +are that only security level 4 requires any active tamper detection and response, so its security levels 3 and below do +not align with our HSM definition. Futher of note is that according to the standard, a single-chip solution does not +require any tamper detection and response either to meet the standard's security level 4, which is in misalignment with +our definition. The standard's 2019 updated version FIPS +140-3~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2019} defers to the +international standards ISO/IEC 19790 and 24759. + +ISO/IEC 19790~\cite{ISOIEC19790} and ISO/IEC 24759~\cite{ISOIEC24759} call what we call a HSM a \emph{Hardware +Cryptographic Module} corresponding with the standards \emph{Security Level 4}. However, these standards only require +active tamper detection and response when cryptographic secrets are transmitted in plaintext between chips. + +\section{Use in card payment processing (PCI SSC) standards} + +The Payment Card Industry Security Standards Council (PCI SSC) is an association of credit card network operators that +defines standards for all layes of card payment processing from card payment terminals in stores through the handling of +payment data in online shop backend systems. + +PCI SSC terminology aligns with our use and with common everyday use of the term HSM. In PCI SSC terminology, a HSM is a +crytographic device that has active tamper detecion and response circuitry. However, PCI SSC terminology only differs +from our use of the term HSM in one nuance: In PCI SSC terminology, a HSM is specifically a datacenter device used for +backend processing of payment data. The general class of ``hardware devices performing some security function with or +without particular physical security requirements'' that ISO/IEC 19790 and other standards call a \emph{Hardware +Cryptographic Module}, in PCI SSC terminology is termed \emph{Secure Cryptographic Device (SCD)} in more recent standard +versions, which was updated from the previous term \emph{Tamper-Resistant Security Module (TRSM)}. Other than HSMs, PCI +SSC includes smartcards and card payment terminals in this category. Card payment terminals, referred to as +\emph{Pin-Entry Device (PED)} in PCI SSC standards, have to include a surprising amount of active tamper detection and +response functionality including partial coverage of areas like they system's main cryptographic processor and smart +card reader by battery-backed tamper-sensing meshes. + +\section*{Tamper-Sensing Meshes} +\addcontentsline{toc}{subsection}{Tamper-Sensing Meshes} + +In this thesis, we use the terms \emph{Tamper-Sensing Mesh} and \emph{Security Mesh} synonymous. We use both terms to +refer to any electrical circuit whose path is laid out to cover a surface with the intent of detecting attempts at +drilling, cutting or otherwise manipulating this surface. While the term \emph{Security Mesh} is more concise, it is +less clear to people unfamiliar with the matter. It is also polysemous, and depending on context can also refer to woven +or stamped metal meshes used as fences or as screens in front of windows to prevent break-ins. As a result, it is harder +to use in online searches, and when using Large Language Models (LLMs), it frequently leads to amusing hallucinations. + + diff --git a/thesis.tex b/thesis.tex index d287a46..a97d728 100644 --- a/thesis.tex +++ b/thesis.tex @@ -22,8 +22,7 @@ \title{Bootstrapping Physical Security with Inertial Hardware Security Modules} \author{Jan Sebastian Götte} \begin{document} - -\maketitle +\input{titlepage.tex} \ifdefined\thesispreviewmode {\Large \textbf{Draft build}, git revision \texttt{\input{version}}} \fi diff --git a/titlepage.tex b/titlepage.tex new file mode 100644 index 0000000..e9fec86 --- /dev/null +++ b/titlepage.tex @@ -0,0 +1,65 @@ + +\thispagestyle{empty} +\begin{center} + \vspace*{5cm} + \noindent + \begin{spacing}{2.0} + \textbf{\Huge Bootstrapping Physical Security with Inertial Hardware Security Modules} + \end{spacing} + + \vspace*{5cm} + \begin{spacing}{1.3} + \noindent + Dissertation von Jan Sebastian Götte + + \noindent + zur Erlangung des Grades Doktor-Ingenieur (Dr. Ing.) + + \noindent + am Fachbereich Kommunikationsnetze + + \noindent + der Technischen Universität Darmstadt + + \noindent + Erstgutachter: Prof. Dr. Björn Scheuermann + + \noindent + Zweitgutachter: TBD FIXME + + \end{spacing} + + \vfill + \noindent + Darmstadt 2026 +\end{center} + +\clearpage +\thispagestyle{empty} + +\vspace*{\fill} +\setlength{\fboxsep}{2.0mm} +\fbox{\parbox{\linewidth}{ + \noindent + \textbf{Bibliographische Angaben:} + + \noindent + GÖTTE, Jan Sebastian: + \textbf{Bootstrapping Physical Security with Inertial Hardware Security Modules} + + \noindent + Darmstadt, Technische Universität Darmstadt, 2025 + + \noindent + URN: TBD FIXME + + \noindent + Tag der mündlichen Prüfung: TBD FIXME + + \noindent + Veröffentlicht unter CC-BY-SA 4.0 International + + \noindent + \url{https://creativecommons.org/licenses/} +}} +\clearpage