intro draft looking better
This commit is contained in:
jaseg
parent
682e01ba34
commit
1decfb0c70
2 changed files with 48 additions and 6 deletions
|
|
@ -9,12 +9,54 @@
|
|||
|
||||
All Cops Are Bastards, or ACAB is a slogan popular in far left and anarchist circles since the mid-twentieth century
|
||||
that expresses a rejection of state authority~\cite{constantinouAppliedResearchPolicing2021}. While politically, this
|
||||
blanket rejection is a fringe viewpoint with no mainstream acceptance, there exists a strange parallel between this and
|
||||
modern cryptographic best practice. In modern cryptography, it is generally seen as best practice to have the least
|
||||
blanket rejection is a fringe viewpoint with no mainstream acceptance, there exists an interesting parallel between this
|
||||
and modern cryptographic best practice. In modern cryptography, it is generally seen as best practice to have the least
|
||||
amount of keys possible involved in any computation, and cryptographers have time and time again strongly rejected
|
||||
attempts by states and other authorities to insert backdoor access mechanisms into cryptographic systems.
|
||||
attempts by states and other authorities to insert backdoor access mechanisms into cryptographic systems~\cite{
|
||||
abelsonRisksKeyRecovery1997,
|
||||
abelsonKeysDoormats2015,
|
||||
andersonSecurityEngineeringGuide2020,
|
||||
}.
|
||||
|
||||
%In cryptography, Kerckhoffs' principle, named after Dutch military cryptographer Auguste Kerckhoffs, expresses that
|
||||
The aversion of cryptographers against backdoor access shows up everywhere---from cryptographic protocol standards like
|
||||
TLS, to cryptographic applications like the Singal messenger, not only is backdoor access excluded from the system
|
||||
design, its possibility is considered a potential vulnerability and measures such as forward secrecy and post-compromise
|
||||
security are taken to mitigate its impact when it is achieved through other means. In computing, this design aspect
|
||||
makes cryptographic protocols a unique holdout. In other parts of the stack, explicit or implicit backdoor access is
|
||||
commonplace, and attempts at preventing it are rare. For instance, network providers are generally required to comply
|
||||
with so-called \emph{Lawful Interception} orders on particular customers or traffic types, and datacenter operators
|
||||
commonly provide hardware access to state authorities. The design decisions in cryptographic protocols generally hold,
|
||||
and the gold standard for backdoor access to modern systems is either exploiting a \emph{zero-day} flaw that is not yet
|
||||
publically known, or acquiring physical access to the target system.
|
||||
|
||||
In this thesis, we wish to extend the level of protection afforded by cryptographic protocol design down the technology
|
||||
stack. While cryptographic protocols and modern software from the operating system up make it possible to secure the
|
||||
software side of the stack to a high level, the hardware side remains poorly protected. There are a variety of hardware
|
||||
security solutions in the wild, but the majority of them either do not target protection against local, physical attacks
|
||||
-- such as Trusted Platform Modules (TPMs) -- or are not widely available due to market segmentation or cost -- such as
|
||||
conventional Hardware Security Modules (HSMs).
|
||||
|
||||
To extend this protection, we propose the Inertial Hardware Security Module (IHSM), a new type of HSM that extends the
|
||||
high level of protection offered by the modern cryptographic software stack down to the hardware level, enabling secure
|
||||
computation in insecure places. IHSMs can be custom built with only basic manufacturing capabilities at small scale and
|
||||
enable the deployment of secure computation in insecure places even to small organizations such as university research
|
||||
departments, NGOs and small businesses.
|
||||
|
||||
Complementing our IHSM concept and prototype, we provide solutions to engineering issues such as wireless power transfer
|
||||
adapting them to our use case. Further, we propose improvements to the state of the art in HSM tamper sensors such as
|
||||
the use of low-cost, embeddable Time-Domain Reflectometry (TDR) that not only improve the security of IHSMs, but that
|
||||
can even be applied to conventional HSMs.
|
||||
|
||||
We conclude this thesis with an overview of two concrete use cases IHSMs unlock that were previously infeasible using
|
||||
conventional HSMs: Datacenter-scale Secure Multiparty Computation (SMPC) and long-range Quantum Key Distribution (QKD)
|
||||
networks.
|
||||
|
||||
|
||||
|
||||
%In cryptography, Kerckhoffs' principle, named after Dutch military cryptographer Auguste Kerckhoffs, expresses that the
|
||||
%security of a cryptographic system should only depend on the secrecy of its keys, not on the secrecy of its design. In
|
||||
%this way, Kerckhoff's principle states the opposite of the common industry practice of \emph{Security by Obscurity},
|
||||
%which aims to achieve security by making it sufficiently annoying to cryptoanalyze a system that nobody bothers.
|
||||
|
||||
|
||||
%In the early days of mass-market computing, the expectations towards this new tool were high. Even before people
|
||||
|
|
|
|||
|
|
@ -266,9 +266,9 @@ stored for a large amount of time. Particularly SRAM memory is susceptible to th
|
|||
|
||||
\subsection{Fast Zeroization of Non-Customizable Memories}
|
||||
|
||||
\subsection{A Joint Cooling and IHSM Envelope Powertrain}
|
||||
|
||||
% Thermite experiements and paper
|
||||
|
||||
\subsection{A Joint Cooling and IHSM Envelope Powertrain}
|
||||
|
||||
\section{Outlook}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue