Improv intro chapter

chapter-introduction/chapter.tex

@@ -19,7 +19,7 @@ attempts by states and other authorities to insert backdoor access mechanisms in
 }.
 
 The aversion of cryptographers against backdoor access shows up everywhere---from cryptographic protocol standards like
-TLS, to cryptographic applications like the Singal messenger, not only is backdoor access excluded from the system
+TLS, to cryptographic applications like the Signal messenger, not only is backdoor access excluded from the system
 design, its possibility is considered a potential vulnerability and measures such as forward secrecy and post-compromise
 security are taken to mitigate its impact when it is achieved through other means. In computing, this design aspect
 makes cryptographic protocols a unique holdout. In other parts of the stack, explicit or implicit backdoor access is
@@ -56,27 +56,6 @@ can even be applied to conventional HSMs. We conclude this thesis with an overvi
 unlock that were previously infeasible using conventional HSMs: Datacenter-scale Secure Multiparty Computation (SMPC)
 and long-range Quantum Key Distribution (QKD) networks.
 
-\section{Building Inertial HSMs}
-
-In a system with a secure software stack, the role of a HSM is to secure the hardware part of the stack. The basic
-approach of a HSM is to combine a secure software stack with a fast self-destruct mechanism and tamper sensors. The
-self-destruct mechanism can be hardware or software that quickly, securely destroys all cryptographic secrets, rendering
-the device worthless to an attacker. The tamper sensors are tasked with detecting any physical attack an attacker could
-mount on the device. Common classes of such sensors include \emph{tamper-sensing meshes}, i.e.\ flexible foils attached
-to the HSM's enclosure that detect attempts at penetrating the shell of the device with probes, and environmental
-sensors such as temperature or radiation sensors that detect attempts at causing controllable faults in the HSM by
-heating, cooling or irradiating it. Out of these sensors, the tamper-sensing meshes are the core line of defense against
-most physical attacks. Such meshes are very effective at mitigating almost all physical attacks, but they are difficult
-to construct securely as they usually require bespoke manufacturing processes. As a result, they are currently only used
-in niche applications, and even there not every realization is equally secure.
-
-Inertial HSMs solve the issue of creating an impenetrable tamper-sensing envelope by replacing the bespoke
-tamper-sensing mesh foil with a set of simple, rigid meshes made from commodity Printed Circuit Boards (PCBs) that are
-rotating at high speed. In motion, these simple PCB tamper-sensing meshes are as secure as the much more sophisticated
-bespoke foils used in conventional HSMs, yet they are simpler and less expensive to manufacture. To verify that the mesh
-is rotating correctly, an accelerometer is placed on the rotating mesh, and its centrifugal force reading is used to
-validate its path of motion.
-
 \section{Cryptographic Principles and Physical Reality}
 
 Cryptographers' aversion to backdoor access derives from a combination of two fundamental computing principles:
@@ -100,13 +79,42 @@ the proper function of the videoconference system.
 
 In their design, almost all modern software -- especially open source -- cleanly applies these principles. However, the
 practical reality after deployment almost always deviates from them. While backdoors are vanishingly rare in modern
-open-source software, practical depoloyments usually are vulnerable to physical attacks. Modern hardware generally is
+open-source software, practical depoloyments usually are vulnerable to physical attacks. Computer hardware generally is
 not designed with a local attacker with advanced physical attack capabilities in mind since no mitigation can fully
-prevent them, they can only be detected, or at best slowed down. As a result, commonplace attacks against modern
-software often involve taking over the hardware at some point in the chain. Even End-to-End-Encrypted (E2EE)
-communication systems can be compromised if one of the encrypted channel's endpoints can be physically compromised.
-Corresponding \emph{digital forensics} capabilities are commonplace among state actors, and are available as a turnkey
-solution on the market.
+prevent them---such attacks usually can only be detected, or at best slowed down. As a result, commonplace attacks
+against modern software often involve taking over the hardware at some point in the chain. Even End-to-End-Encrypted
+(E2EE) communication systems can be compromised if one of the encrypted channel's endpoints can be physically
+compromised. Corresponding \emph{digital forensics} capabilities are commonplace among state actors, and are available
+as a turnkey solution on the market.
+
+\section{Building Inertial HSMs}
+
+Inertial HSMs fill this gap in the protection of systems that are not critical enough to warrant the expensive existing
+solutions such as conventional HSMs, while still handling highly sensitive data. In a system with a secure software
+stack, the role of a HSM is to secure the hardware part of the stack. The basic approach of a HSM is to combine a secure
+software stack with a fast self-destruct mechanism and tamper sensors. The self-destruct mechanism can be hardware or
+software that quickly, securely destroys all cryptographic secrets, rendering the device worthless to an attacker. The
+tamper sensors are tasked with detecting any physical attack an attacker could mount on the device. Common classes of
+such sensors include environmental sensors such as temperature or radiation sensors that detect attempts at causing
+controllable faults in the HSM by heating, cooling or irradiating it. Building on the basic protection offered by such
+sensors, \emph{tamper-sensing meshes} are often employed. These \emph{meshes} are flexible foils containing circuit
+traces that are attached to the HSM's enclosure to detect attempts at penetrating the shell of the device with probes.
+Tamper-sensing meshes usually are the primary line of defense against most physical attacks. They are very effective at
+mitigating a large variety of physical attacks, but they are difficult to construct securely as they usually require
+bespoke manufacturing processes. As a result, they are currently only used in niche applications, and even there not
+every realization is equally secure.
+
+Inertial HSMs are a new design approach that utilizes mechanical motion to create secure tamper-sensing meshes from
+simple components. IHSMs solve the issue of creating an impenetrable tamper-sensing envelope by replacing the bespoke
+tamper-sensing mesh foil with a set of simple, rigid meshes made from commodity Printed Circuit Boards (PCBs) that are
+rotating at high speed. In motion, these simple PCB tamper-sensing meshes are as secure as the much more sophisticated
+bespoke foils used in conventional HSMs, yet they are simpler and less expensive to manufacture. To verify that the mesh
+is rotating correctly, an accelerometer is placed on the rotating mesh, and its centrifugal force reading is used to
+validate itk path of motion.
+
+IHSMs enable the protection of much larger payloads compared to conventional mesh designs, and they can support larger
+power dissipation. This and their low cost enables the implementation of high-level hardware security in applications
+that previously would not have been possible to secure.
 
 \section{Inertial HSM Applications}
 
@@ -121,9 +129,7 @@ it can have gaps that allow for air flow between outside and inside, enabling ac
 cooling capability sharply increases computing power by increasing feasible payload power dissipation by
 two orders of magnitude.
 
-\section{A note on terminology}
-
-\section{Hardware Security Modules}
+\section{A Note on Hardware Security Module Terminology}
 
 In this thesis, we use the term \emph{Hardware Security Module (HSM)} to refer to a security device that has the
 following three properties.
@@ -507,14 +513,12 @@ attractive and soft target to nation-state adversaries. The system's shortcoming
 the system disproportionally affects the lives of people with low income.
 
 %FIXME work in rogawayMoralCharacterCryptographic?
-% FIXME "draw an arc" does that work as an idiom here?
-Drawing a wider arc, we observe that despite ample availability of commercial solutions promising easy hardware
-security, clearly there is still a lack of solutions that provide the adaptability necessary for some real use cases at
-low enough cost. By publishing the tamper-sensing technology we developed during the making of this thesis as open
-source hardware designs, we wish to provide this missing building block to provide high-level hardware security in
-real-world applications. Our hardware designs can be adapted to a devices ranging from Single-Board Computers (SBCs) to
-servers, they are compatible with non-computing applications like Quantum Key Distribution (QKD) and their design
-approaches can even be integrated into existing HSM designs to provide better security at little additional cost.
-
-% FIXME FIXME FIXME chapter overview
+Looking at the practice of applied hardware security, we observe that despite ample availability of commercial solutions
+promising easy hardware security, clearly there is still a lack of solutions that provide the adaptability necessary for
+some real use cases at low enough cost. By publishing the tamper-sensing technology we developed during the making of
+this thesis as open source hardware designs, we wish to provide this missing building block to provide high-level
+hardware security in real-world applications. Our hardware designs can be adapted to a devices ranging from Single-Board
+Computers (SBCs) to servers, they are compatible with non-computing applications like Quantum Key Distribution (QKD) and
+their design approaches can even be integrated into existing HSM designs to provide better security at little additional
+cost.
 

thesis.tex

@@ -7,8 +7,8 @@
 \newcommand{\figurepath}{}
 \newcommand{\chaptertitle}[1]{
     \chapter{#1}
+    \printchapterquote
     \setstretch{1}
-    \chapterquote
     \minitoc
     \newpage
     \setstretch{1.3}