Layout adjustments, export one-sided option
This commit is contained in:
jaseg
parent
fa6c2e9f0d
commit
2584232b70
7 changed files with 180 additions and 146 deletions
|
|
@ -88,11 +88,11 @@ today, average computing hardware provides little physical security~\cite{
|
|||
moghimiTPMFAILTPMMeets2020}.
|
||||
\emph{Hardware Security Modules} are a class of devices specifically designed to execute cryptographic algorithms while
|
||||
providing strict physical security guarantees, but these systems are expensive,
|
||||
and their physical security is often questionable (cf.~Chapter~\ref{chapter-survey})~\cite{
|
||||
and their physical security is often questionable~\cite{
|
||||
obermaier2018,
|
||||
andersonSecurityEngineeringGuide2020}.
|
||||
As \textcite{andersonSecurityEngineeringGuide2020} writes on HSMs and their security standards:
|
||||
% FIXME page numbers
|
||||
andersonSecurityEngineeringGuide2020},
|
||||
which we wi elaborate further in Chapter~\ref{chapter-survey}. \textcite{andersonSecurityEngineeringGuide2020} writes on
|
||||
HSMs and their security standards:
|
||||
|
||||
\begin{quote}
|
||||
Security economics remains a big soft spot, with security chips being in many ways a market for lemons. A banker
|
||||
|
|
@ -139,65 +139,82 @@ This creates a single point of failure in the manufacturer, and opens up an oppo
|
|||
attack~\cite{harrisonSoKSecurityArchitects2025}. Such supply chain attacks can be mitigated by independently
|
||||
manufacturing our design.
|
||||
|
||||
\section{Research Questions and Contributions}
|
||||
%%%
|
||||
\section{A Note on Hardware Security Module Terminology}
|
||||
|
||||
Based on the current state of the field of hardware security, we deduce three overarching research questions for this
|
||||
thesis that progress from theory to practical deployment.
|
||||
In this thesis, we use the term \emph{Hardware Security Module (HSM)} to refer to a security device that has the
|
||||
following three properties.
|
||||
|
||||
% Research questions:
|
||||
% 1. can hsm w/o proprietary mesh?
|
||||
% 2. how do meshes look like in practice?
|
||||
% 3. can we improve monitoring?
|
||||
% 4. can we solve power transfer issue
|
||||
% 5. applications
|
||||
%
|
||||
\begin{enumerate}
|
||||
\item Can we achieve physical security without relying on a conventional tamper-sensing meshes that requires a
|
||||
bespoke manufacturing process?
|
||||
\item Can we monitor tamper-sensing meshes at a higher detail level than the state of the art of a single, scalar
|
||||
measurement?
|
||||
\item Can we create the support components necessary to integrate a system that provides a practical security
|
||||
guarantee?
|
||||
\item A HSM targets the prevention of any conceivable physical attack. In particular, this includes intrusion attempts
|
||||
such as careful drilling or cutting into the device from any direction.
|
||||
\item A HSM includes tamper sensors that when triggered result in an active tamper response, usually deleting all
|
||||
cryptographic secrets and rendering the device inoperable.
|
||||
\item A HSM's tamper sensing and response subsystem is continuously powered from a backup power supply, usually a
|
||||
battery. Loss of power triggers the tamper response.
|
||||
\end{enumerate}
|
||||
|
||||
To answer our first research question, we propose the Inertial Hardware Security Module (IHSM), a new type of HSM that
|
||||
extends the high level of protection offered by the modern cryptographic software stack down to the hardware level,
|
||||
enabling secure computation in insecure places.
|
||||
This use of the term \emph{HSM} aligns with common usage of the term both in the academic literature and in everyday
|
||||
conversation. Particularly the requirement of active tamper detection and response is crucial to distinguish a HSM from
|
||||
simpler devices such as TPMs, smart cards or secure enclaves in SoCs. Note that our use of the term HSM is slightly
|
||||
different from its use in government standards, from its use in the PCI SSC (Payment Card Industry Security Standards
|
||||
Council) standards, and from its industry use.
|
||||
|
||||
To answer our second question, we propose improvements to the state of the art in HSM tamper sensors such as the use of
|
||||
low-cost, embeddable Time-Domain Reflectometry (TDR) that not only improve the security of IHSMs, but that can even be
|
||||
applied to conventional HSMs.
|
||||
In industry, the term HSM is often used for solutions that are only logically segregated and that do not include any
|
||||
particular defense against hardware attacks. Our conjecture is that this is a consequence of the standardization
|
||||
landscape, where for applications outside of card payment processing the US FIPS
|
||||
140-22~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2002} standard was central to
|
||||
the industry. Despite encompassing both devices that include active tamper detection and response, FIPS 140-2 did not
|
||||
draw a distinction in its terminology between the two classes.
|
||||
|
||||
Finally, we answer our last research question by showing in two case studies how an end-to-end design of an IHSM-secured
|
||||
data processing system could look like. Both case studies concern scenarios that IHSMs unlock that were previously
|
||||
infeasible using conventional HSMs: Datacenter-scale Secure Multiparty Computation (SMPC) and long-range Quantum Key
|
||||
Distribution (QKD) networks. As part of this effort we provide a solution adapting and improving upon the state of the
|
||||
art in wireless power transfer to supply a rotating inertial HSM with a clean, stable power supply.
|
||||
\subsection{Use in government standards}
|
||||
|
||||
We chose to publish all of our research as open source and unencumbered by patents to enable widespread adoption. IHSMs
|
||||
can be custom built with only basic manufacturing capabilities at small scale and enable the deployment of secure
|
||||
computation in insecure places even to small organizations such as university research departments, NGOs and small
|
||||
businesses.
|
||||
Under the still widely used US national standard FIPS 140 in in its 2002 version
|
||||
2~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2002}, a HSM would be called a
|
||||
\emph{Multiple-Chip Cryptographic Module} that conforms to the standard's \emph{Security Level} 4 out of 4. Interesting
|
||||
to note are that only level 4 requires any active tamper detection and response, so devices compliant only up to levels
|
||||
3 and below do not align with our HSM definition. Futher of note is that according to the standard, a single-chip
|
||||
solution does not require any tamper detection and response either to meet the standard's security level 4, which is in
|
||||
misalignment with our definition. The standard's 2019 updated version FIPS
|
||||
140-3~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2019} defers to the
|
||||
international standards ISO/IEC 19790 and 24759.
|
||||
|
||||
%\section{Cryptographic Principles and Physical Reality}
|
||||
ISO/IEC 19790~\cite{ISOIEC19790} and ISO/IEC 24759~\cite{ISOIEC24759} call what we call a HSM a \emph{Hardware
|
||||
Cryptographic Module} corresponding with the standards \emph{Security Level 4}. However, these standards only require
|
||||
active tamper detection and response when cryptographic secrets are transmitted in plaintext between chips.
|
||||
|
||||
%Let's take a basic videoconferencing system as an example. In our example system's deployment, users log on to a central
|
||||
%conference server, which receives and distributes the users' video streams. Allowing backdoor access to the video
|
||||
%streams to some third party like a datacenter operator or a state would violate Kerckhoffs' principle since it would
|
||||
%have to be hidden from the systems' participants, who would therefore not have a complete view of the systems' deployed
|
||||
%architecture. The principle of least authority would also be violated since in almost all cases, such a backdoor access
|
||||
%system would not see legitimate use. As a result, it would possess capabilities that almost never would be essential to
|
||||
%the proper function of the videoconference system.
|
||||
\subsection{Use in card payment processing (PCI SSC) standards}
|
||||
|
||||
%In their design, almost all modern software -- especially open source -- cleanly applies these principles. However, the
|
||||
%practical reality after deployment almost always deviates from them. While backdoors are vanishingly rare in modern
|
||||
%open-source software, practical deployments usually are vulnerable to physical attacks. Computer hardware generally is
|
||||
%not designed with a local attacker with advanced physical attack capabilities in mind since no mitigation can fully
|
||||
%prevent them---such attacks usually can only be detected, or at best slowed down. As a result, commonplace attacks
|
||||
%against modern software often involve taking over the hardware at some point in the chain. Even End-to-End-Encrypted
|
||||
%(E2EE) communication systems can be compromised if one of the encrypted channel's endpoints can be physically
|
||||
%compromised. Corresponding \emph{digital forensics} capabilities are commonplace among state actors, and are available
|
||||
%as a turnkey solution on the market.
|
||||
The Payment Card Industry Security Standards Council (PCI SSC) is an association of credit card network operators that
|
||||
defines standards for all layers of card payment processing, from card payment terminals in stores to the handling of
|
||||
payment data in online shop backend systems.
|
||||
|
||||
PCI SSC terminology aligns with our definition and with common everyday use of the term HSM. In PCI SSC terminology, a
|
||||
HSM is a crytographic device that has active tamper detecion and response circuitry. However, PCI SSC terminology
|
||||
differs from our use of the term HSM in one nuance: In PCI SSC terminology, a HSM is specifically a datacenter device
|
||||
used for backend processing of payment data. The general class of ``hardware devices performing some security function
|
||||
with or without particular physical security requirements'' that ISO/IEC 19790 and other standards call a \emph{Hardware
|
||||
Cryptographic Module}, in PCI SSC terminology is termed \emph{Secure Cryptographic Device (SCD)} in more recent standard
|
||||
versions, which was updated from the previous term \emph{Tamper-Resistant Security Module (TRSM)}. Other than HSMs, PCI
|
||||
SSC includes smartcards and card payment terminals in this category. Card payment terminals, referred to as
|
||||
\emph{Pin-Entry Device (PED)} in PCI SSC standards, have to include a surprising amount of active tamper detection and
|
||||
response functionality including partial coverage of areas like their main cryptographic processor and smart card reader
|
||||
by battery-backed tamper-sensing meshes. Under our definition, these devices can be classified as a type of HSM.
|
||||
|
||||
\subsection{Tamper-Sensing Meshes}
|
||||
|
||||
In this thesis, we use the terms \emph{Tamper-Sensing Mesh} and \emph{Security Mesh} synonymous. We use both terms to
|
||||
refer to any electrical circuit whose path is laid out to cover a surface with the intent of detecting attempts at
|
||||
drilling, cutting or otherwise manipulating this surface. While the term \emph{Security Mesh} is more concise, it is
|
||||
less clear to people unfamiliar with the matter. It is also polysemous, and depending on context can also refer to woven
|
||||
or stamped metal meshes used as fences or as screens in front of windows to prevent break-ins. As a result, it is harder
|
||||
to use in online searches, and when using Large Language Models (LLMs), it frequently leads to amusing hallucinations.
|
||||
|
||||
% FIXME note leo: Das ganze wirkt wie ein guter baustein für eine Einleitung. Für einen Terminologie übersicht ist es
|
||||
% ansonsten auch eigentlich zu lang.
|
||||
% Splitte das vielleicht auf, ein paar mehr details in den Abstract um die HSM definition etwas zu präzisieren, den rest
|
||||
% in die Intro?
|
||||
%%%
|
||||
|
||||
\section{Inertial Hardware Security Modules}
|
||||
|
||||
|
|
@ -239,6 +256,68 @@ cover the payload. Instead, it can have gaps that allow for air flow between out
|
|||
of the IHSM's payload. This cooling capability sharply increases computing power by increasing feasible payload power
|
||||
dissipation by two orders of magnitude.
|
||||
|
||||
\section{Research Questions and Contributions}
|
||||
|
||||
Based on the current state of the field of hardware security, we deduce three overarching research questions for this
|
||||
thesis that progress from theory to practical deployment.
|
||||
|
||||
% Research questions:
|
||||
% 1. can hsm w/o proprietary mesh?
|
||||
% 2. how do meshes look like in practice?
|
||||
% 3. can we improve monitoring?
|
||||
% 4. can we solve power transfer issue
|
||||
% 5. applications
|
||||
%
|
||||
\begin{enumerate}
|
||||
\item What is the state of the art in commercial tamper sensing mesh implementations?
|
||||
\item What are criteria and approaches for the design of secure tamper sensing meshes?
|
||||
\item Can we achieve physical security without relying on a conventional tamper-sensing meshes that requires a
|
||||
bespoke manufacturing process?
|
||||
\item Can we monitor tamper-sensing meshes at a higher detail level than the state of the art of a single, scalar
|
||||
measurement?
|
||||
\item Can we improve the ripple voltage performance of Wireless Power Transfer (WPT) through rotating joints to
|
||||
adapt it to IHSM applications?
|
||||
\item What applications does our IHSM technology open up through its increase in power dissipation and size
|
||||
capabilities?
|
||||
\end{enumerate}
|
||||
|
||||
We answer our first research question in two parts. In Chapter~\ref{chapter-epa}, we analyze the hardware security
|
||||
design of Germany's new national electronic health record system. Our analysis unveils a combination of problematic
|
||||
choices resulting from conflicting constraints and lack of awareness. In Chapter~\ref{chapter-survey}, we present the
|
||||
results of a survey across approximately 30 real world tamper sensing mesh implementations, analyzing common design
|
||||
features.
|
||||
|
||||
The latter half of our survey in Chapter~\ref{chapter-survey} answers our second research quesion. From our analysis of
|
||||
this large corpus of devices, we deduce a list of design criteria that can be applied to increase the security of any
|
||||
tamper sensing mesh implementation.
|
||||
|
||||
To answer our third research question, in Chapter~\ref{chapter-ihsm} we propose the Inertial Hardware Security Module
|
||||
(IHSM), a new type of HSM that extends the high level of protection offered by the modern cryptographic software stack
|
||||
down to the hardware level, enabling secure computation in insecure places. IHSMs can be built from basic, off-the-shelf
|
||||
components and do not require bespoke manufacturing processes.
|
||||
|
||||
IHSMs come with unique power supply constraints since their rotating mesh must be continuously powered. A
|
||||
straightforward solution utilizes Wireless Power Transfer using planar inductors, but existing WPT designs exhbit a
|
||||
ripple voltage due to an asymmetry of conventional planar inductors. This leads to our fourth research question, which
|
||||
we solve in Chapter~\ref{chapter-nice-coils} with the design and experimental evaluation of a new, generalized class of
|
||||
\emph{twisted} planar inductors that reduces voltage ripple in rotating shaft setups.
|
||||
|
||||
To answer our fifth research question, in Chapter~\ref{chapter_sampling_mesh_mon} we propose improvements to the state
|
||||
of the art in HSM tamper sensors based on the use of low-cost, embeddable Time-Domain Reflectometry (TDR). Our
|
||||
improvements can be applied to both IHSMs and conventional HSMs.
|
||||
|
||||
Finally, we answer our last research question by showing in two case studies how an end-to-end design of an IHSM-secured
|
||||
data processing system could look like. Both case studies concern scenarios that IHSMs unlock that were previously
|
||||
infeasible using conventional HSMs: In Chapter~\ref{chapter-qkd}, we explore how IHSMs enable long-range Quantum Key
|
||||
Distribution (QKD) networks using trustable physically secured relay nodes and in Chapter~\ref{chapter-smpc} we
|
||||
elaborate how datacenter-scale Secure Multiparty Computation (SMPC) clusters can be created using IHSM enclosures with
|
||||
commercial server hardware.
|
||||
|
||||
We chose to publish all of our research as open source and unencumbered by patents to enable widespread adoption. IHSMs
|
||||
can be custom built with only basic manufacturing capabilities at small scale and enable the deployment of secure
|
||||
computation in insecure places even to small organizations such as university research departments, NGOs and small
|
||||
businesses.
|
||||
|
||||
\section{Conclusion}
|
||||
|
||||
Looking at the practice of applied hardware security, we observe that despite ample availability of commercial solutions
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue