From 82247241ed77772bffa2df88a20661670669142a Mon Sep 17 00:00:00 2001 From: jaseg Date: Tue, 20 Jan 2026 07:48:08 +0100 Subject: [PATCH] fix up intro and conclusion --- Makefile | 2 +- abstract-de.tex | 4 ++-- chapter-conclusion/chapter.tex | 39 +++++++++++++++++++------------- chapter-introduction/chapter.tex | 27 +++++++++++----------- common-defs.tex | 1 + 5 files changed, 40 insertions(+), 33 deletions(-) diff --git a/Makefile b/Makefile index 77d7c76..edab937 100644 --- a/Makefile +++ b/Makefile @@ -31,7 +31,7 @@ all: thesis.pdf echo "Undefined biblatex references:" grep -A2 'Package biblatex Warning: The following entry could not be found' thesis.log | sed -n '3~4{s/(biblatex) *//;p}' || echo "" -%-final.pdf: %.tex common-packages.tex common-defs.tex main.bib version.tex +%-final.pdf: %.tex common-packages.tex common-defs.tex main.bib version.tex abstract.tex abstract-de.tex pdflatex -jobname $*-final -shell-escape $< biber $*-final pdflatex -jobname $*-final -shell-escape $< diff --git a/abstract-de.tex b/abstract-de.tex index f328299..f527db5 100644 --- a/abstract-de.tex +++ b/abstract-de.tex @@ -16,8 +16,8 @@ Nischenanwendungen wie z.B.\ der Zertifikatsausstellung im Transport Layer Security (TLS)-System sowie der Zahlungsdatenverarbeitung eingesetzt. - In dieser Dissertation wird das Inertiale Hardware-Sicherheitsmodul (IHSM), eine neue Architektur für - Hardware-Sicherheitsmodule vorgestellt. IHSMs stellen einen hoch sicheren, aktiven Manipulationsschutz bereit. + In dieser Dissertation wird das Inertiale Hardware-Sicherheitsmodul (IHSM) vorgestellt, eine neue Architektur für + Hardware-Sicherheitsmodule. IHSMs stellen einen hoch sicheren, aktiven Manipulationsschutz bereit. Gleichzeitig können mithilfe der IHSM-Technologie kryptographische Rechnersysteme von wesentlich größeren Abmessungen, Gewicht und elektrischer Leistungsaufnahme geschützt werden, als es in konventionellen HSMs möglich ist. IHSMs ersetzen die kostenintensiven und in der Herstellung aufwendigen Meshes diff --git a/chapter-conclusion/chapter.tex b/chapter-conclusion/chapter.tex index 8871751..f11e0e8 100644 --- a/chapter-conclusion/chapter.tex +++ b/chapter-conclusion/chapter.tex @@ -3,22 +3,29 @@ political tool, and it confers on the field an intrinsically moral dimension.} \chapter{Conclusion} -In this thesis, we propose Inertial Hardware Security Modules (IHSMs), a new approach to physical security that combines -conventional tamper-sensing meshes with physical movement to bootstrap a highly secure system from low-security, -off-the-shelf parts, solving our first research question introduced in Chapter~\ref{chapter-intro}. To motivate our -research, we use the German national digital health record system as an example demonstrating the difficulties in -achieving useful hardware security in practice. Besides some minor cryptographic oddities, our analysis reveals at least -one essential specification mistake that negates the hardware security of the system by unnecessarily introducing a -poorly protected HSM. With this motivation in mind, we support the construction of concretely secure IHSMs by providing -deep analyses of two key engineering challenges in IHSM construction, mesh monitoring and power transfer. Solving our -second research question, we propose a low-cost TDR-based mesh monitoring system that exceeds the capabilities of -previous systems from academic or from patent literature. Our system is capable of monitoring large meshes while -simultaneously providing detailed results. Our TDR-based mesh monitoring system is of independent interest, since it can -also be integrated into traditional HSM designs. We additionally propose a new, generalized design for high-frequency -PCB inductors with low parasitic capacitance. Our design provides better bandwidth and lower parasitic capacitance -compared to the state of the art without increasing implementation cost. We conclude this thesis with two chapters -elaborating on two new use cases that are made possible by IHSM technology due to its ability to protect large payloads -that have high power consumption. Together, these results answer our third and final research question. +In this thesis, we provided an examination of the field of Hardware Security Modules both from an academic perspective +and with regards to their practical implementation. We answered our first research question introduced in +Chapter~\ref{chapter-intro} on the current state of the art in Chapters~\ref{chapter-epa} and \ref{chapter-survey}, +providing a comprehensive view of practical implementations. Chapter~\ref{chapter-epa} motivates our research using the +German national digital health record system as an example that demonstrates the difficulties in achieving practical +hardware security. Besides some minor cryptographic oddities, our analysis reveals at least one essential specification +mistake that negates the hardware security of the system by unnecessarily introducing a poorly protected HSM. In +Chapter~\ref{chapter-survey}, we answer our second research question in a detailed survey of a wide range of devices +that utilize tamper-sensing meshes, distilling a set of criteria for the design of secure tamper-sensing meshes. In +Chapter~\ref{chapter-ihsm}, we propose Inertial Hardware Security Modules (IHSMs), a new approach to physical security +that combines conventional tamper-sensing meshes with physical movement. IHSMs enable bootstrapping a highly secure +system from low-security, off-the-shelf parts, thereby solving our third research question on achieving physical +security without bespoke components. We support the construction of concretely secure IHSMs by providing deep analyses +of two key engineering challenges in IHSM construction, mesh monitoring and power transfer. Solving our fourth research +question on mesh monitoring fidelity, we propose a low-cost TDR-based mesh monitoring system that exceeds the +capabilities of previous systems from academic or from patent literature. Our system is capable of monitoring large +meshes while simultaneously providing detailed results. Our TDR-based mesh monitoring system is of independent interest, +since it can also be integrated into traditional HSM designs. Solving our fifth research question on ripple reduction +for rotating Wireless Power Transfer for IHSMs, we propose a new, generalized design for high-frequency PCB inductors +with low parasitic capacitance. Beyond our IHSM application, our design provides better bandwidth and lower parasitic +capacitance compared to the state of the art without increasing implementation cost. We conclude this thesis with two +chapters elaborating on two new use cases that are made possible by IHSM technology due to its ability to protect large +payloads that have high power consumption. Together, these results answer our sixth and final research question. The research presented in this thesis is aimed at advancing both academic research and applied engineering in hardware security. We believe that by publishing our research including its artifacts under open source licenses, we provide the diff --git a/chapter-introduction/chapter.tex b/chapter-introduction/chapter.tex index 44da0f1..e0adc22 100644 --- a/chapter-introduction/chapter.tex +++ b/chapter-introduction/chapter.tex @@ -35,8 +35,8 @@ and even general computation~\cite{ aumannSecurityCovertAdversaries2010, chorPrivateInformationRetrieval} in a decentralized way that avoids trusted authorities. -While politically, this blanket rejection of authority represents a fringe viewpoint, in cryptography it has a long -tradition originating with the Cypherpunk and Hacker movements~\cite{ +While politically, the anarchist blanket rejection of authority represents a fringe viewpoint, in cryptography it has a +long tradition originating with the Cypherpunk and Hacker movements~\cite{ andersonCypherpunkEthicsRadical2022, hughesCypherpunksManifesto, jarvisCryptoWarsFight2020, @@ -63,8 +63,8 @@ providing strict physical security guarantees, but these systems are expensive, and their physical security is often questionable~\cite{ obermaier2018, andersonSecurityEngineeringGuide2020}, -which we wi elaborate further in Chapter~\ref{chapter-survey}. \textcite{andersonSecurityEngineeringGuide2020} writes on -HSMs and their security standards: +which we will elaborate further in Chapter~\ref{chapter-survey}. \textcite{andersonSecurityEngineeringGuide2020} writes +on HSM security: \begin{quote} Security economics remains a big soft spot, with security chips being in many ways a market for lemons. A banker @@ -75,7 +75,6 @@ HSMs and their security standards: understand that level 3 can sometimes be defeated with a Swiss army knife. The buying incentive there is compliance, and where real security clashes with operations it’s not surprising to see weaker standards designed to make compliance easier. - \begin{flushright} \textit{\textcite{andersonSecurityEngineeringGuide2020} p. 629} \end{flushright} @@ -231,7 +230,7 @@ computing power by increasing feasible payload power dissipation by orders of ma \section{Research Questions and Contributions} -Based on the current state of the field of hardware security, we deduce three overarching research questions for this +Based on the current state of the field of hardware security, we deduce six overarching research questions for this thesis that progress from theory to practical deployment. \begin{enumerate} @@ -253,7 +252,7 @@ choices resulting from conflicting constraints and lack of awareness. In Chapter results of a survey across approximately 30 real world tamper sensing mesh implementations, analyzing common design features. -The latter half of our survey in Chapter~\ref{chapter-survey} answers our second research quesion. From our analysis of +The latter half of our survey in Chapter~\ref{chapter-survey} answers our second research question. From our analysis of this large corpus of devices, we deduce a list of design criteria that can be applied to increase the security of any tamper sensing mesh implementation. @@ -262,16 +261,16 @@ To answer our third research question, in Chapter~\ref{chapter-ihsm} we propose down to the hardware level, enabling secure computation in insecure places. IHSMs can be built from basic, off-the-shelf components and do not require bespoke manufacturing processes. -IHSMs come with unique power supply constraints since their rotating mesh must be continuously powered. A -straightforward solution utilizes Wireless Power Transfer using planar inductors, but existing WPT designs exhbit a -ripple voltage due to an asymmetry of conventional planar inductors. This leads to our fourth research question, which -we solve in Chapter~\ref{chapter-nice-coils} with the design and experimental evaluation of a new, generalized class of -\emph{twisted} planar inductors that reduces voltage ripple in rotating shaft setups. - -To answer our fifth research question, in Chapter~\ref{chapter_sampling_mesh_mon} we propose improvements to the state +To answer our fourth research question, in Chapter~\ref{chapter_sampling_mesh_mon} we propose improvements to the state of the art in HSM tamper sensors based on the use of low-cost, embeddable Time-Domain Reflectometry (TDR). Our improvements can be applied to both IHSMs and conventional HSMs. +IHSMs come with unique power supply constraints since their rotating mesh must be continuously powered. A +straightforward solution utilizes Wireless Power Transfer using planar inductors, but existing WPT designs exhbit a +ripple voltage due to an asymmetry of conventional planar inductors. This leads to our fifth research question, which +we solve in Chapter~\ref{chapter-nice-coils} with the design and experimental evaluation of a new, generalized class of +\emph{twisted} planar inductors that reduces voltage ripple in rotating shaft setups. + Finally, we answer our last research question by showing in two case studies how an end-to-end design of an IHSM-secured data processing system could look like. Both case studies concern scenarios that IHSMs unlock that were previously infeasible using conventional HSMs: In Chapter~\ref{chapter-qkd}, we explore how IHSMs enable long-range Quantum Key diff --git a/common-defs.tex b/common-defs.tex index fc3f952..3eb2ce3 100644 --- a/common-defs.tex +++ b/common-defs.tex @@ -213,6 +213,7 @@ \hyphenation{da-ta-cen-ter} \hyphenation{Si-cher-heits-mo-du-l} \hyphenation{Si-cher-heits-mo-du-le} +\babelhyphenation[ngerman]{Si-cher-heits-mo-dul} \setstretch{1.3}