Add some todos based on Benny's feedback
This commit is contained in:
jaseg
parent
535a9fb049
commit
132a6cc5ee
2 changed files with 48 additions and 19 deletions
|
|
@ -8,6 +8,53 @@
|
|||
\chaptertitle{Introduction}
|
||||
\label{chapter-intro}
|
||||
|
||||
% New draft:
|
||||
%
|
||||
% Passionate statement about democracy and academic freedom
|
||||
%
|
||||
% We live in times of rising fascist and authoritarian sentiment worldwide. While computer science and cryptography are
|
||||
% often portrayed as politically neutral technologies, their practice is a political act and can have grave real-world
|
||||
% consequences.
|
||||
% maybe: Within mathematics and computer science, the field of cryptography is unique in that it smainstream views
|
||||
% link to cypherpunks, hackers
|
||||
% Hardware Security Modules (HSMs) are an example of such a political technology. The core function of HSMs is to
|
||||
% protect cryptographic secrets against \emph{any} physical attack. Even though they are widely used in finance and
|
||||
% business applications, in their design, they curiously embody the radical idiology of the cypherpunk and hacker
|
||||
% movements.
|
||||
%
|
||||
% We believe physically secure devices like HSMs can be a keystone technology in the creation of secure systems for
|
||||
% communication and computation in a free, democratic society. However, while current state-of-the art commercial
|
||||
% devices can be expected to resist a fascist police force or even some authoritarian states' secret services, their
|
||||
% physical security is still lacking due to misaligned ecosystem incentices. As Anderson put it,
|
||||
% todo cite: betrusted
|
||||
%
|
||||
% FIXME: quote from anderson: Security economics remains a big soft spot, with security chips being in many
|
||||
% ways a market for lemons. A banker buying HSMs probably won’t be aware of
|
||||
% the huge gap between FIPS [US national HSM security standard] level 3 and level 4, and understand that level 3 can
|
||||
% sometimes be defeated with a Swiss army knife. The buying incentive there is
|
||||
% compliance, and where real security clashes with operations it’s not surprising
|
||||
% to see weaker standards designed to make compliance easier. API security is
|
||||
% too hard, and the difference between HSMs’ internal and external APIs makes
|
||||
% it too confusing. The near-abdication of FIPS in favour of ISO 19790 and vari-
|
||||
% ous protection profiles touted under the Common Criteria will confuse things
|
||||
% further, as will the UK’s move away from the Criteria. Confusion marketing
|
||||
% and liability games appear set to continue.
|
||||
%
|
||||
% Meanwhile in academia,
|
||||
% In this thesis, we aim to significantly advance the field of hardware security module construction. We publish all
|
||||
% designs, code and data as open source to create the groundwork for future research, and sow the seeds for a new
|
||||
% generation of secure hardware that will be able to resist a rising tide of fascist and authoritarian movements.
|
||||
%
|
||||
%
|
||||
%
|
||||
% Research questions:
|
||||
% 1. can hsm w/o proprietary mesh?
|
||||
% 2. how do meshes look like in practice?
|
||||
% 3. can we improve monitoring?
|
||||
% 4. can we solve power transfer issue
|
||||
% 5. applications
|
||||
%
|
||||
|
||||
All Cops Are Bastards, or ACAB is a slogan popular in far left and anarchist circles since the mid-twentieth century
|
||||
that expresses a rejection of state authority~\cite{constantinouAppliedResearchPolicing2021}. While politically, this
|
||||
blanket rejection is a fringe viewpoint with no mainstream acceptance, there exists a parallel between this and modern
|
||||
|
|
@ -77,25 +124,6 @@ thesis that progress from theory to practical deployment.
|
|||
guarantee?
|
||||
\end{enumerate}
|
||||
|
||||
% FIXME: quote from anderson: Security economics remains a big soft spot, with security chips being in many
|
||||
% ways a market for lemons. A banker buying HSMs probably won’t be aware of
|
||||
% the huge gap between FIPS level 3 and level 4, and understand that level 3 can
|
||||
% sometimes be defeated with a Swiss army knife. The buying incentive there is
|
||||
% compliance, and where real security clashes with operations it’s not surprising
|
||||
% to see weaker standards designed to make compliance easier. API security is
|
||||
% too hard, and the difference between HSMs’ internal and external APIs makes
|
||||
% it too confusing. The near-abdication of FIPS in favour of ISO 19790 and vari-
|
||||
% ous protection profiles touted under the Common Criteria will confuse things
|
||||
% further, as will the UK’s move away from the Criteria. Confusion marketing
|
||||
% and liability games appear set to continue. But does this matter?
|
||||
% First, most of the HSM business is moving to the cloud, with Azure and AWS
|
||||
% each having of the order of 2,000 HSMs, and Google playing catchup. Instead of
|
||||
% having a few thousand banks each running a few, or a few dozen, HSMs we’ll
|
||||
% have three companies running a few thousand. As the prices are driven down,
|
||||
% the HSM vendor engineers’ expertise will be lost; and as the cloud service
|
||||
% providers guard their datacentres, HSMs are likely to be replaced by crypto
|
||||
% chips.
|
||||
|
||||
To answer our first research question, we propose the Inertial Hardware Security Module (IHSM), a new type of HSM that
|
||||
extends the high level of protection offered by the modern cryptographic software stack down to the hardware level,
|
||||
enabling secure computation in insecure places.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue