From 59acf51690361d8bcb56b5ccded102432d61250b Mon Sep 17 00:00:00 2001 From: jaseg Date: Tue, 19 Aug 2025 16:20:35 +0200 Subject: [PATCH] Intro WIP mostly done --- chapter-introduction/chapter.tex | 38 ++++++++++++++++++++++---------- 1 file changed, 26 insertions(+), 12 deletions(-) diff --git a/chapter-introduction/chapter.tex b/chapter-introduction/chapter.tex index 1b33c32..ff269ba 100644 --- a/chapter-introduction/chapter.tex +++ b/chapter-introduction/chapter.tex @@ -38,24 +38,29 @@ conventional Hardware Security Modules (HSMs). To extend this protection, we propose the Inertial Hardware Security Module (IHSM), a new type of HSM that extends the high level of protection offered by the modern cryptographic software stack down to the hardware level, enabling secure -computation in insecure places. IHSMs can be custom built with only basic manufacturing capabilities at small scale and -enable the deployment of secure computation in insecure places even to small organizations such as university research -departments, NGOs and small businesses. +computation in insecure places. We chose to publish all our IHSM as open source and unencumbered by patents to enable +widespread adoption. IHSMs can be custom built with only basic manufacturing capabilities at small scale and enable the +deployment of secure computation in insecure places even to small organizations such as university research departments, +NGOs and small businesses. + +Recent history has shown that state-level adversaries are a mounting threat to civil rights organizations, human rights +lawyers, members of minorities, and many others. While western democracies used to be considered safe havens of human +rights, today human rights are under attack both from within and from the outside in countries across the globe. +Publishing IHSM technology as open source, we hope to provide one building block for new computing systems accessible to +all that are resilient and secure in the face of growing adversity. Complementing our IHSM concept and prototype, we provide solutions to engineering issues such as wireless power transfer adapting them to our use case. Further, we propose improvements to the state of the art in HSM tamper sensors such as the use of low-cost, embeddable Time-Domain Reflectometry (TDR) that not only improve the security of IHSMs, but that -can even be applied to conventional HSMs. - -We conclude this thesis with an overview of two concrete use cases IHSMs unlock that were previously infeasible using -conventional HSMs: Datacenter-scale Secure Multiparty Computation (SMPC) and long-range Quantum Key Distribution (QKD) -networks. +can even be applied to conventional HSMs. We conclude this thesis with an overview of two concrete use cases IHSMs +unlock that were previously infeasible using conventional HSMs: Datacenter-scale Secure Multiparty Computation (SMPC) +and long-range Quantum Key Distribution (QKD) networks. \section{Building Inertial HSMs} In a system with a secure software stack, the role of a HSM is to secure the hardware part of the stack. The basic approach of a HSM is to combine a secure software stack with a fast self-destruct mechanism and tamper sensors. The -self-destruct mechanism can be hardware or software that quickly, securely wipes all cryptographic secrets, rendering +self-destruct mechanism can be hardware or software that quickly, securely destroys all cryptographic secrets, rendering the device worthless to an attacker. The tamper sensors are tasked with detecting any physical attack an attacker could mount on the device. Common classes of such sensors include \emph{tamper-sensing meshes}, i.e.\ flexible foils attached to the HSM's enclosure that detect attempts at penetrating the shell of the device with probes, and environmental @@ -103,11 +108,20 @@ communication systems can be compromised if one of the encrypted channel's endpo Corresponding \emph{digital forensics} capabilities are commonplace among state actors, and are available as a turnkey solution on the market. -A consequence of the difficulty of defending against physical attacks along with the wide availability of attack tools -and services is that - \section{Inertial HSM Applications} +Inertial HSMs are the first fully open source HSM with advanced tamper sensing features. Across application domains, +Inertial HSMs can be applied to gain resistance to physical attacks in scenarios where conventional HSMs were not used +because of cost, computing power or implementation effort. Where conventional HSMs come as fully integrated devices that +only expose limited APIs to their users, Inertial HSMs at their core are just an enclosure that the user can put +whatever hardware they need into. Since the simpler tamper-sensing mesh construction of IHSMs scales to larger payload +volumes, entire servers can be protected---something that is impossible with conventional HSMs. Since the mesh in an +IHSM is constantly moving, unlike a mesh in a convetional HSM, it does not have to entirely cover the payload. Instead, +it can have gaps that allow for air flow between outside and inside, enabling active cooling of the IHSM's payload. This +cooling capability sharply increases computing power by increasing feasible payload power dissipation by +two orders of magnitude. + + %In the early days of mass-market computing, the expectations towards this new tool were high. Even before people %realized the potential of computers and the internet for commercial gain, there was widespread optimism about the