From 1decfb0c70788946e8ee17c60e92652254084811 Mon Sep 17 00:00:00 2001 From: jaseg Date: Mon, 18 Aug 2025 13:09:36 +0200 Subject: [PATCH] intro draft looking better --- chapter-introduction/chapter.tex | 50 +++++++++++++++++++++++++++++--- chapter-smpc/chapter.tex | 4 +-- 2 files changed, 48 insertions(+), 6 deletions(-) diff --git a/chapter-introduction/chapter.tex b/chapter-introduction/chapter.tex index aa9a73b..fc14ed7 100644 --- a/chapter-introduction/chapter.tex +++ b/chapter-introduction/chapter.tex @@ -9,12 +9,54 @@ All Cops Are Bastards, or ACAB is a slogan popular in far left and anarchist circles since the mid-twentieth century that expresses a rejection of state authority~\cite{constantinouAppliedResearchPolicing2021}. While politically, this -blanket rejection is a fringe viewpoint with no mainstream acceptance, there exists a strange parallel between this and -modern cryptographic best practice. In modern cryptography, it is generally seen as best practice to have the least +blanket rejection is a fringe viewpoint with no mainstream acceptance, there exists an interesting parallel between this +and modern cryptographic best practice. In modern cryptography, it is generally seen as best practice to have the least amount of keys possible involved in any computation, and cryptographers have time and time again strongly rejected -attempts by states and other authorities to insert backdoor access mechanisms into cryptographic systems. +attempts by states and other authorities to insert backdoor access mechanisms into cryptographic systems~\cite{ + abelsonRisksKeyRecovery1997, + abelsonKeysDoormats2015, + andersonSecurityEngineeringGuide2020, +}. -%In cryptography, Kerckhoffs' principle, named after Dutch military cryptographer Auguste Kerckhoffs, expresses that +The aversion of cryptographers against backdoor access shows up everywhere---from cryptographic protocol standards like +TLS, to cryptographic applications like the Singal messenger, not only is backdoor access excluded from the system +design, its possibility is considered a potential vulnerability and measures such as forward secrecy and post-compromise +security are taken to mitigate its impact when it is achieved through other means. In computing, this design aspect +makes cryptographic protocols a unique holdout. In other parts of the stack, explicit or implicit backdoor access is +commonplace, and attempts at preventing it are rare. For instance, network providers are generally required to comply +with so-called \emph{Lawful Interception} orders on particular customers or traffic types, and datacenter operators +commonly provide hardware access to state authorities. The design decisions in cryptographic protocols generally hold, +and the gold standard for backdoor access to modern systems is either exploiting a \emph{zero-day} flaw that is not yet +publically known, or acquiring physical access to the target system. + +In this thesis, we wish to extend the level of protection afforded by cryptographic protocol design down the technology +stack. While cryptographic protocols and modern software from the operating system up make it possible to secure the +software side of the stack to a high level, the hardware side remains poorly protected. There are a variety of hardware +security solutions in the wild, but the majority of them either do not target protection against local, physical attacks +-- such as Trusted Platform Modules (TPMs) -- or are not widely available due to market segmentation or cost -- such as +conventional Hardware Security Modules (HSMs). + +To extend this protection, we propose the Inertial Hardware Security Module (IHSM), a new type of HSM that extends the +high level of protection offered by the modern cryptographic software stack down to the hardware level, enabling secure +computation in insecure places. IHSMs can be custom built with only basic manufacturing capabilities at small scale and +enable the deployment of secure computation in insecure places even to small organizations such as university research +departments, NGOs and small businesses. + +Complementing our IHSM concept and prototype, we provide solutions to engineering issues such as wireless power transfer +adapting them to our use case. Further, we propose improvements to the state of the art in HSM tamper sensors such as +the use of low-cost, embeddable Time-Domain Reflectometry (TDR) that not only improve the security of IHSMs, but that +can even be applied to conventional HSMs. + +We conclude this thesis with an overview of two concrete use cases IHSMs unlock that were previously infeasible using +conventional HSMs: Datacenter-scale Secure Multiparty Computation (SMPC) and long-range Quantum Key Distribution (QKD) +networks. + + + +%In cryptography, Kerckhoffs' principle, named after Dutch military cryptographer Auguste Kerckhoffs, expresses that the +%security of a cryptographic system should only depend on the secrecy of its keys, not on the secrecy of its design. In +%this way, Kerckhoff's principle states the opposite of the common industry practice of \emph{Security by Obscurity}, +%which aims to achieve security by making it sufficiently annoying to cryptoanalyze a system that nobody bothers. %In the early days of mass-market computing, the expectations towards this new tool were high. Even before people diff --git a/chapter-smpc/chapter.tex b/chapter-smpc/chapter.tex index 2040e27..f33e57a 100644 --- a/chapter-smpc/chapter.tex +++ b/chapter-smpc/chapter.tex @@ -266,9 +266,9 @@ stored for a large amount of time. Particularly SRAM memory is susceptible to th \subsection{Fast Zeroization of Non-Customizable Memories} -\subsection{A Joint Cooling and IHSM Envelope Powertrain} - % Thermite experiements and paper +\subsection{A Joint Cooling and IHSM Envelope Powertrain} + \section{Outlook}