jaseg/phd-thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Shuffle layout a bit

Browse source
This commit is contained in:
jaseg 2025-10-24 13:11:01 +02:00
parent 364d3be2e1
commit 2f24773c5d
5 changed files with 944 additions and 573 deletions
Download patch file Download diff file Expand all files Collapse all files

13
ai-llm-use-disclosure.tex
View file

@ -1,5 +1,6 @@
\chapter*{Use of Artificial Intelligence in This Thesis}
\addcontentsline{toc}{chapter}{Use of Artificial Intelligence in This Thesis}
This thesis has been written during the years of 2020 - 2025. In this time, Artificial Intelligence (AI) technology
including Large Language Models (LLMs) has entered widespread adoption. I have used such LLM systems in the preparation
@ -29,8 +30,8 @@ wrong output. Thus, I used the following list of observations to guide my LLM us
\end{enumerate}
Applying these observations, I never copied text from the LLM into this thesis. Where I edited the text of this thesis
using suggestions from LLM output, I critically evaluated the LLM output and carefully considered each edit. Instances
of use of LLMs in the writing of this thesis fall into the following categories.
using suggestions from LLM output, I critically evaluated the LLM output and carefully considered each edit. Following
are some examples of how I used LLMs in the writing of this thesis.
\paragraph{For checking spelling and grammar,} the LLM was prompted with an instruction to review the text and output a
list of errors. The list was then reviewed and the errors were fixed in the source document by hand. An example prompt
@ -51,6 +52,8 @@ thesis on `...' . Critically assess the structure and organization of the chapte
improvement.''
In accordance with the recommendations of the University and State Library Darmstadt regarding the labelling and
documentation of AI-generated materials dated September 22 2025, instances where I used an LLM to edit parts of the text
of this thesis as described above have not been explicitly labelled in the text. The LLM in this use assumes a similar
role a human editor might assume reviewing the text.
documentation of AI-generated materials dated September 22, 2025\cite{RecommendationsUniversityState2025}, instances
where I used an LLM to edit parts of the text of this thesis as described above have not been explicitly labelled in the
text. The LLM in this use assumes a similar role a human editor might assume reviewing the text.
\chapterbibliography

73
chapter-introduction/chapter.tex
View file

@ -148,76 +148,3 @@ Computers (SBCs) to servers, they are compatible with non-computing applications
their design approaches can even be integrated into existing HSM designs to provide better security at little additional
cost.
\section*{A Note on Hardware Security Module Terminology}
\addcontentsline{toc}{section}{A Note on Hardware Security Module Terminology}
In this thesis, we use the term \emph{Hardware Security Module (HSM)} to refer to a security device that has the
following three properties.
\begin{enumerate}
\item A HSM targets the prevention of any conceivable physical attack. In particular, this includes intrusion attempts
such as careful drilling or cutting into the device from any direction.
\item A HSM includes tamper sensors that when triggered result in an active tamper response, usually deleting all
cryptographic secrets and rendering the device inoperable.
\item A HSM's tamper sensing and response subsystem is continuously powered from a backup power supply, usually a
battery. Loss of power triggers the tamper response.
\end{enumerate}
This use of the term \emph{HSM} aligns with common usage of the term both in the academic literature and in everyday
conversation. Particularly the requirement of active tamper detection and response is crucial to distinguish a HSM from
simpler devices such as TPMs, smart cards or secure enclaves in SoCs. Note that our use of the term HSM is slightly
different from its use in government standards, from its use in the PCI (card payment industry asscociation) standards,
and from its industry use.
In industry, the term HSM is often used for solutions that are only logically segregated and that do not include any
particular defense against hardware attacks. Our conjecture is that this is a consequence of the standardization
landscape, where for applications outside of card payment processing the US FIPS
140-22~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2002} standard was central to
the industry. Despite encompassing both devices that include active tamper detection and response, FIPS 140-2 did not
draw a distinction in its terminology between the two classes.
\paragraph{Use in government standards}
Under US national standard FIPS 140 in in its 2002 version
2~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2002}, a HSM would be called a
\emph{Multiple-Chip Cryptographic Module} that conforms to the standard's \emph{Security Level 4}. Interesting to note
are that only security level 4 requires any active tamper detection and response, so its security levels 3 and below do
not align with our HSM definition. Futher of note is that according to the standard, a single-chip solution does not
require any tamper detection and response either to meet the standard's security level 4, which is in misalignment with
our definition. The standard's 2019 updated version FIPS
140-3~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2019} defers to the
international standards ISO/IEC 19790 and 24759.
ISO/IEC 19790~\cite{ISOIEC19790} and ISO/IEC 24759~\cite{ISOIEC24759} call what we call a HSM a \emph{Hardware
Cryptographic Module} corresponding with the standards \emph{Security Level 4}. However, these standards only require
active tamper detection and response when cryptographic secrets are transmitted in plaintext between chips.
\paragraph{Use in card payment processing (PCI SSC) standards}
The Payment Card Industry Security Standards Council (PCI SSC) is an association of credit card network operators that
defines standards for all layes of card payment processing from card payment terminals in stores through the handling of
payment data in online shop backend systems.
PCI SSC terminology aligns with our use and with common everyday use of the term HSM. In PCI SSC terminology, a HSM is a
crytographic device that has active tamper detecion and response circuitry. However, PCI SSC terminology only differs
from our use of the term HSM in one nuance: In PCI SSC terminology, a HSM is specifically a datacenter device used for
backend processing of payment data. The general class of ``hardware devices performing some security function with or
without particular physical security requirements'' that ISO/IEC 19790 and other standards call a \emph{Hardware
Cryptographic Module}, in PCI SSC terminology is termed \emph{Secure Cryptographic Device (SCD)} in more recent standard
versions, which was updated from the previous term \emph{Tamper-Resistant Security Module (TRSM)}. Other than HSMs, PCI
SSC includes smartcards and card payment terminals in this category. Card payment terminals, referred to as
\emph{Pin-Entry Device (PED)} in PCI SSC standards, have to include a surprising amount of active tamper detection and
response functionality including partial coverage of areas like they system's main cryptographic processor and smart
card reader by battery-backed tamper-sensing meshes.
\subsection*{Tamper-Sensing Meshes}
\addcontentsline{toc}{subsection}{Tamper-Sensing Meshes}
In this thesis, we use the terms \emph{Tamper-Sensing Mesh} and \emph{Security Mesh} synonymous. We use both terms to
refer to any electrical circuit whose path is laid out to cover a surface with the intent of detecting attempts at
drilling, cutting or otherwise manipulating this surface. While the term \emph{Security Mesh} is more concise, it is
less clear to people unfamiliar with the matter. It is also polysemous, and depending on context can also refer to woven
or stamped metal meshes used as fences or as screens in front of windows to prevent break-ins. As a result, it is harder
to use in online searches, and when using Large Language Models (LLMs), it frequently leads to amusing hallucinations.

6
common-packages.tex
View file

@ -35,9 +35,13 @@
\usepackage{catchfile}
\usepackage{colortbl}
\usepackage{rotating}
\usepackage{minitoc}
\usepackage{placeins}
\usepackage{minted} % pygmentized source code
%\usepackage[pdftex]{graphicx,color}
%\usepackage{showframe} % Useful for page layout debugging
\usepackage{csquotes}
\usepackage[tight]{minitoc}
% Left unattended, minitoc will print the chapter contents tables weirdly: The dotted filler between entry title and
% page number will inherit the styling of the entry title, bolding the dots for section-level headings. tocloft fixes
% this.
\usepackage{tocloft}

1416
main.bib
View file

File diff suppressed because it is too large Load diff

9
thesis.tex
View file

@ -1,4 +1,4 @@
\documentclass[11pt,a4paper,notitlepage,twoside]{report}
\documentclass[11pt,a4paper,notitlepage,twoside]{book}
\usepackage[a4paper, top=3cm, bottom=3.5cm, inner=3.5cm, outer=5cm, marginpar=3.8cm]{geometry}
\input{common-packages}
@ -8,10 +8,8 @@
\newcommand{\chaptertitle}[1]{
\chapter{#1}
\printchapterquote
\setstretch{1}
\minitoc
\newpage
\setstretch{1.3}
}
\newcommand{\dochapter}[1]{
@ -30,11 +28,14 @@
{\Large \textbf{Draft build}, git revision \texttt{\input{version}}}
\fi
\frontmatter
\tableofcontents
\listoffigures
\listoftables
\input{ai-llm-use-disclosure.tex}
\input{hsm-terminology-notes.tex}
\mainmatter
\dochapter{chapter-introduction} % Status: In pretty good shape
\dochapter{chapter-epa} % Status: In pretty good shape
\dochapter{chapter-ihsm} % Status: Copy-paste done, build works, integration TODO