More citations and include Konrad's first batch of fixes
This commit is contained in:
jaseg
parent
ebf05f2548
commit
34c0657e66
4 changed files with 54 additions and 47 deletions
|
|
@ -20,17 +20,22 @@ attempts by states and other authorities to insert backdoor access mechanisms in
|
|||
rogawayMoralCharacterCryptographic2015,
|
||||
}.
|
||||
|
||||
The aversion of cryptographers against backdoor access shows up everywhere. From cryptographic protocol standards like
|
||||
TLS, to cryptographic applications like the Signal messenger, backdoor access is not only excluded from the system
|
||||
design, its possibility is considered a potential vulnerability. Measures such as forward secrecy and post-compromise
|
||||
security are taken to mitigate its impact. In computing, this design aspect makes cryptographic protocols a unique
|
||||
holdout. In other parts of the stack, explicit or implicit backdoor access is commonplace, and attempts at preventing it
|
||||
are rare. For instance, network providers are generally required to comply with so-called \emph{Lawful Interception}
|
||||
orders on particular customers or traffic types, and datacenter operators commonly provide hardware access to state
|
||||
authorities. The design decisions in cryptographic protocols generally hold, and the gold standard for backdoor access
|
||||
to modern systems is either exploiting a \emph{zero-day} flaw that is not yet publically known, or acquiring physical
|
||||
access to the target system.
|
||||
\todo{Make sure all figures have nice short titles for list of figures}
|
||||
While at a glance it might sound like a fringe position held by people from the Cypherpunk and Hacker movements~\cite{
|
||||
andersonCypherpunkEthicsRadical2022,
|
||||
hughesCypherpunksManifesto,
|
||||
jarvisCryptoWarsFight2020,
|
||||
marlinspikeWeShouldAll2013},
|
||||
it enjoys support far beyond those circles and throughout mainstream academic cryptography. The aversion of
|
||||
cryptographers against backdoor access shows up everywhere. From cryptographic protocol standards like TLS, to
|
||||
cryptographic applications like the Signal messenger, backdoor access is not only excluded from the system design, its
|
||||
possibility is considered a potential vulnerability. Measures such as forward secrecy and post-compromise security are
|
||||
taken to mitigate its impact. In computing, this design aspect makes cryptographic protocols a unique holdout. In other
|
||||
parts of the stack, explicit or implicit backdoor access is commonplace, and attempts at preventing it are rare. For
|
||||
instance, network providers are generally required to comply with so-called \emph{Lawful Interception} orders on
|
||||
particular customers or traffic types, and datacenter operators commonly provide hardware access to state authorities.
|
||||
The design decisions in cryptographic protocols generally hold, and the gold standard for backdoor access to modern
|
||||
systems is either exploiting a \emph{zero-day} flaw that is not yet publically known, or acquiring physical access to
|
||||
the target system. \todo{Make sure all figures have nice short titles for list of figures}
|
||||
|
||||
\section{Research Questions}
|
||||
|
||||
|
|
@ -71,16 +76,11 @@ businesses.
|
|||
|
||||
\section{Cryptographic Principles and Physical Reality}
|
||||
|
||||
% cypherpunks: andersonCypherpunkEthicsRadical2022
|
||||
% cypherpunks: hughesCypherpunksManifesto
|
||||
% cypherpunks: CryptoWarsFight
|
||||
% moxie / "we should all have something to hide": marlinspikeWeShouldAll2013
|
||||
\todo{Cite cypherpunk and hacker movements}
|
||||
While anarchists, Cypherpunks and Hackers often reject backdoor access out of political conviction alone,
|
||||
Cryptographers' aversion to backdoor access derives from a combination of two fundamental computing principles:
|
||||
Kerckhoffs' principle, and the principle of least authority. Kerckhoffs'
|
||||
principle\footnote{
|
||||
\textcite{petitcolasKerckhoffsPrinciplesCryptographie} contains a high-quality OCR'ed copy of the original source, as
|
||||
well as a translation of the cited part from French. The original source is
|
||||
Kerckhoffs' principle, and the principle of least authority. Kerckhoffs' principle\footnote{
|
||||
\textcite{petitcolasKerckhoffsPrinciplesCryptographie} contains a high-quality OCR'ed copy of the original source,
|
||||
as well as a translation of the cited part from French. The original source is
|
||||
\textcite{kerckhoffsCryptographieMilitaire1883}.
|
||||
}, named after Dutch military cryptographer Auguste Kerckhoffs, expresses that the security of a cryptographic system
|
||||
should only depend on the secrecy of its keys, not on the secrecy of its design. In this way, Kerckhoff's principle
|
||||
|
|
@ -143,19 +143,19 @@ Inertial HSMs are the first fully open source HSM with advanced tamper sensing f
|
|||
Inertial HSMs can be applied to gain resistance to physical attacks in scenarios where conventional HSMs were not used
|
||||
because of cost, computing power or implementation effort. Where conventional HSMs come as fully integrated devices that
|
||||
only expose limited APIs to their users, Inertial HSMs at their core are just an enclosure that the user can put
|
||||
whatever hardware they need into. Since the simpler tamper-sensing mesh construction of IHSMs scales to larger payload
|
||||
volumes, entire servers can be protected---something that is impossible with conventional HSMs. Since the mesh in an
|
||||
IHSM is constantly moving, unlike a mesh in a conventional HSM, it does not have to entirely cover the payload. Instead,
|
||||
it can have gaps that allow for air flow between outside and inside, enabling active cooling of the IHSM's payload. This
|
||||
cooling capability sharply increases computing power by increasing feasible payload power dissipation by
|
||||
two orders of magnitude.
|
||||
whatever hardware they need into, adapting the tamper response to their application's needs. Since the simpler
|
||||
tamper-sensing mesh construction of IHSMs scales to larger payload volumes, entire servers can be protected---something
|
||||
that is impossible with conventional HSMs. Since the mesh in an IHSM is constantly moving, unlike a mesh in a
|
||||
conventional HSM, it does not have to entirely cover the payload. Instead, it can have gaps that allow for air flow
|
||||
between outside and inside, enabling active cooling of the IHSM's payload. This cooling capability sharply increases
|
||||
computing power by increasing feasible payload power dissipation by two orders of magnitude.
|
||||
|
||||
\section{Conclusion}
|
||||
|
||||
Looking at the practice of applied hardware security, we observe that despite ample availability of commercial solutions
|
||||
promising easy hardware security, clearly there is still a lack of solutions that provide the adaptability necessary for
|
||||
some real use cases at low enough cost. By publishing the tamper-sensing technology we developed during the making of
|
||||
this thesis as open source hardware designs, we wish to provide this missing building block to provide high-level
|
||||
this thesis as open source hardware designs, we aim to provide this missing building block to provide high-level
|
||||
hardware security in real-world applications. Our hardware designs can be adapted to a devices ranging from Single-Board
|
||||
Computers (SBCs) to servers, they are compatible with non-computing applications like Quantum Key Distribution (QKD) and
|
||||
their design approaches can even be integrated into existing HSM designs to provide better security at little additional
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue