Intro WIP mostly done
This commit is contained in:
jaseg
parent
e6167085d3
commit
59acf51690
1 changed files with 26 additions and 12 deletions
|
|
@ -38,24 +38,29 @@ conventional Hardware Security Modules (HSMs).
|
|||
|
||||
To extend this protection, we propose the Inertial Hardware Security Module (IHSM), a new type of HSM that extends the
|
||||
high level of protection offered by the modern cryptographic software stack down to the hardware level, enabling secure
|
||||
computation in insecure places. IHSMs can be custom built with only basic manufacturing capabilities at small scale and
|
||||
enable the deployment of secure computation in insecure places even to small organizations such as university research
|
||||
departments, NGOs and small businesses.
|
||||
computation in insecure places. We chose to publish all our IHSM as open source and unencumbered by patents to enable
|
||||
widespread adoption. IHSMs can be custom built with only basic manufacturing capabilities at small scale and enable the
|
||||
deployment of secure computation in insecure places even to small organizations such as university research departments,
|
||||
NGOs and small businesses.
|
||||
|
||||
Recent history has shown that state-level adversaries are a mounting threat to civil rights organizations, human rights
|
||||
lawyers, members of minorities, and many others. While western democracies used to be considered safe havens of human
|
||||
rights, today human rights are under attack both from within and from the outside in countries across the globe.
|
||||
Publishing IHSM technology as open source, we hope to provide one building block for new computing systems accessible to
|
||||
all that are resilient and secure in the face of growing adversity.
|
||||
|
||||
Complementing our IHSM concept and prototype, we provide solutions to engineering issues such as wireless power transfer
|
||||
adapting them to our use case. Further, we propose improvements to the state of the art in HSM tamper sensors such as
|
||||
the use of low-cost, embeddable Time-Domain Reflectometry (TDR) that not only improve the security of IHSMs, but that
|
||||
can even be applied to conventional HSMs.
|
||||
|
||||
We conclude this thesis with an overview of two concrete use cases IHSMs unlock that were previously infeasible using
|
||||
conventional HSMs: Datacenter-scale Secure Multiparty Computation (SMPC) and long-range Quantum Key Distribution (QKD)
|
||||
networks.
|
||||
can even be applied to conventional HSMs. We conclude this thesis with an overview of two concrete use cases IHSMs
|
||||
unlock that were previously infeasible using conventional HSMs: Datacenter-scale Secure Multiparty Computation (SMPC)
|
||||
and long-range Quantum Key Distribution (QKD) networks.
|
||||
|
||||
\section{Building Inertial HSMs}
|
||||
|
||||
In a system with a secure software stack, the role of a HSM is to secure the hardware part of the stack. The basic
|
||||
approach of a HSM is to combine a secure software stack with a fast self-destruct mechanism and tamper sensors. The
|
||||
self-destruct mechanism can be hardware or software that quickly, securely wipes all cryptographic secrets, rendering
|
||||
self-destruct mechanism can be hardware or software that quickly, securely destroys all cryptographic secrets, rendering
|
||||
the device worthless to an attacker. The tamper sensors are tasked with detecting any physical attack an attacker could
|
||||
mount on the device. Common classes of such sensors include \emph{tamper-sensing meshes}, i.e.\ flexible foils attached
|
||||
to the HSM's enclosure that detect attempts at penetrating the shell of the device with probes, and environmental
|
||||
|
|
@ -103,11 +108,20 @@ communication systems can be compromised if one of the encrypted channel's endpo
|
|||
Corresponding \emph{digital forensics} capabilities are commonplace among state actors, and are available as a turnkey
|
||||
solution on the market.
|
||||
|
||||
A consequence of the difficulty of defending against physical attacks along with the wide availability of attack tools
|
||||
and services is that
|
||||
|
||||
\section{Inertial HSM Applications}
|
||||
|
||||
Inertial HSMs are the first fully open source HSM with advanced tamper sensing features. Across application domains,
|
||||
Inertial HSMs can be applied to gain resistance to physical attacks in scenarios where conventional HSMs were not used
|
||||
because of cost, computing power or implementation effort. Where conventional HSMs come as fully integrated devices that
|
||||
only expose limited APIs to their users, Inertial HSMs at their core are just an enclosure that the user can put
|
||||
whatever hardware they need into. Since the simpler tamper-sensing mesh construction of IHSMs scales to larger payload
|
||||
volumes, entire servers can be protected---something that is impossible with conventional HSMs. Since the mesh in an
|
||||
IHSM is constantly moving, unlike a mesh in a convetional HSM, it does not have to entirely cover the payload. Instead,
|
||||
it can have gaps that allow for air flow between outside and inside, enabling active cooling of the IHSM's payload. This
|
||||
cooling capability sharply increases computing power by increasing feasible payload power dissipation by
|
||||
two orders of magnitude.
|
||||
|
||||
|
||||
|
||||
%In the early days of mass-market computing, the expectations towards this new tool were high. Even before people
|
||||
%realized the potential of computers and the internet for commercial gain, there was widespread optimism about the
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue