From 83b48f11e6298b6c0d6c4a4557f8c16611733846 Mon Sep 17 00:00:00 2001 From: jaseg Date: Wed, 14 Jan 2026 18:23:59 +0100 Subject: [PATCH] Review WIP --- chapter-epa/chapter.tex | 4 +-- chapter-ihsm/chapter.tex | 9 ++++--- chapter-nice-coils/chapter.tex | 28 +++++++++++-------- chapter-qkd/chapter.tex | 33 ++++++++++++----------- chapter-sampling-mesh-monitor/chapter.tex | 4 +-- 5 files changed, 43 insertions(+), 35 deletions(-) diff --git a/chapter-epa/chapter.tex b/chapter-epa/chapter.tex index 7859ebc..d489303 100644 --- a/chapter-epa/chapter.tex +++ b/chapter-epa/chapter.tex @@ -10,8 +10,8 @@ \label{chapter-epa} \todo{FIXME: Proper citation here} -\sourceattrib{This part is based on a short paper written by me and presented by Jan Sebastian Götte at the HS3 workshop -at ESORICS 2025.} +\sourceattrib{This part is based on a short paper written by Jan Sebastian Götte and presented by Jan Sebastian Götte at +the HS3 workshop at ESORICS 2025.} Looking at the landscape of computer security solutions, we are presented with a wide variety of vendors and products that may give the impression that hardware security is a solved problem. Vendors sell various claims rangning from \emph{``You don't need hardware security, just do it in the cloud!''}~\cite{ diff --git a/chapter-ihsm/chapter.tex b/chapter-ihsm/chapter.tex index 409bed1..034e2d7 100644 --- a/chapter-ihsm/chapter.tex +++ b/chapter-ihsm/chapter.tex @@ -16,8 +16,8 @@ \section{Introduction} -\sourceattrib{This part is adapted from a paper written by me and presented by me at CHES -2022~\cite{gotteCantTouchThis2022}.} +\sourceattrib{This part is adapted from a paper written by Jan Sebastian Götte and Prof.\ Dr.\ Björn Scheuermann and +presented by Jan Sebastian Götte at CHES 2022~\cite{gotteCantTouchThis2022}.} While information security technology has matured a great deal in the last half-century, physical security did not keep up with the pace of the remainder of this industry. Given the right skills, physical access to a computer still often allows full compromise. The physical security of modern server hardware hinges on what lock you put on the room it is @@ -981,7 +981,7 @@ the fly, without stopping the rotor. \section{Conclusion} \label{sec_conclusion} -In this chapter, we introduced Inertial Hardware Security Modules (IHSMs), a novel concept for the construction of +In this chapter, we introduce Inertial Hardware Security Modules (IHSMs), a novel concept for the construction of advanced hardware security modules from simple components. We analyzed the concept for its security properties and highlighted its ability to significantly strengthen otherwise weak tamper detection barriers. We validated our design by creating a proof-of-concept hardware prototype. In this prototype, we have demonstrated practical solutions to the @@ -1006,5 +1006,6 @@ Chapter~\ref{chapter_sampling_mesh_mon}, we will introduce a low-cost tamper sen Time Domain Reflectometry. Using this approach, we can further strengthen the security of meshes created using simple manufacturing processes in an IHSM. In Chapter~\ref{chapter-nice-coils}, we approach the question of a rotation-invariant wireless inductive power supply for an IHSM and provide a planar inductor layout that minimizes -voltage ripple with IHSM rotation. +voltage ripple with IHSM rotation. In Chapters~\ref{chapter-qkd} and \ref{chapter-smpc}, we will analyze two use cases +benefitting from IHSMs and tailor the IHSM concept to their requirements. diff --git a/chapter-nice-coils/chapter.tex b/chapter-nice-coils/chapter.tex index 4c5ebac..33ebcdc 100644 --- a/chapter-nice-coils/chapter.tex +++ b/chapter-nice-coils/chapter.tex @@ -22,8 +22,9 @@ any misalignment or contamination by dust can increase wear and cause intermitta An IHSM's data link can easily be realized using optical communication. Although power transfer using light is also possible---and we have in fact demonstrated it in our first prototype IHSM---it comes at the disadvantage of a heavy rotating assembly since large solar cells are needed, and it has poor end-to-end efficiency. For the large-scale meshes -needed in a high-performance IHSM tailored to SMPC applications, we engineered a better solution: A rotation-invariant -inductive Wireless Power Transfer link. +needed in a high-performance IHSM such as one tailored to SMPC applications as we will propose later in +Chapter~\ref{chapter-smpc}, we engineered a better solution: A rotation-invariant inductive Wireless Power Transfer +link. While Wireless Power Transfer (WPT) is widely used and can be implemented in many different ways~\cite{ awuahNovelCoilDesign2023, @@ -120,15 +121,16 @@ rotation ripple at low turn counts. \subsection{Twisted inductors} -To solve these issues, we propose a layout for circular PCB inductors that uses a number of series-connected interleaved -spirals to achieve a topological equivalent to a torus knot from mathematical knot theory. Our layout twists the -inductor's windings around one another by connecting the interleaved spiral segments with a ring of vias each on the -inside and outside of the inductor's windings. Our approach provides better performance beyond our particular use case, -and improves over conventional contemporary planar inductors applying similar principles to those which inspired the -polygonal basket-woven air coils used in early radio sets. We show that we can layout a twisted inductor for any number -of layer inversions that is co-prime to the inductor's turn count. Our approach opens up a design space for inductor -layouts that interpolate between planar spiral inductors on one end, and planar toroidal inductors on the other end. Our -approach thus generalizes a super-set to a number of previous approaches to the design of planar inductors. +To solve these issues, in this chapter we propose a layout for circular PCB inductors that uses a number of +series-connected interleaved spirals to achieve a topological equivalent to a torus knot from mathematical knot theory. +Our layout twists the inductor's windings around one another by connecting the interleaved spiral segments with a ring +of vias each on the inside and outside of the inductor's windings. Our approach provides better performance beyond our +particular use case, and improves over conventional contemporary planar inductors applying similar principles to those +which inspired the polygonal basket-woven air coils used in early radio sets. We show that we can layout a twisted +inductor for any number of layer inversions that is co-prime to the inductor's turn count. Our approach opens up a +design space for inductor layouts that interpolate between planar spiral inductors on one end, and planar toroidal +inductors on the other end. Our approach thus generalizes a super-set to a number of previous approaches to the design +of planar inductors. We observe that in high-frequency applications, a moderate number of layer inversions increases the spacing between the beginning and end of the inductor's conductor, where the majority of the inductor's AC current flows. This decreases the @@ -154,6 +156,10 @@ Our contributions on this matter include: \section{Related Work} +In this section we will give an overview on related work from two primary angles. First, we will approach our question +from the application side, examining literature on Wireless Power Transfer. To conclude, we will then consider our +inductor design question from the fundamentals of inductor design. + \subsection{Inductive WPT in Practice} Inductive WPT has been proposed in a large number of diff --git a/chapter-qkd/chapter.tex b/chapter-qkd/chapter.tex index a04a423..d93ecca 100644 --- a/chapter-qkd/chapter.tex +++ b/chapter-qkd/chapter.tex @@ -57,7 +57,7 @@ requirements of a QKD system. \end{figure} In this chapter, we present several designs and a mechanical prototype adapting the Inertial Hardware Security Module -(IHSM) concept first proposed by \textcite{gotteCantTouchThis2022} to a QKD relay node. IHSMs replace the tamper sensing +(IHSM) concept that we developed in Chapter~\ref{chapter-ihsm} to a QKD relay node. IHSMs replace the tamper sensing security mesh foil that is wrapped around the payload in conventional HSMs by a tamper-sensing cage made from conventional circuit board material by spinning this cage at a high speed. On its own, circuit board material provides lower tamper security than the tamper sensing foils made using bespoke manufacturing processes that are used in @@ -242,14 +242,15 @@ common fibers is usually in the range of \subsection{Multi-fiber passthrough design} -To approach the security of the data and power connections passing through the IHSM's unprotected shaft, -\textcite{gotteCantTouchThis2022} list some shielding methods that use an independently rotating secondary tamper -sensing mesh on the inside of the primary mesh, located right next to the primary mesh's axis opening. This secondary -mesh makes accessing the payload using probes inserted through the shaft much more difficult. -\textcite{gotteCantTouchThis2022} only present conceptual drawings of these schemes, and focus on electrical signals. In -this chapter, building on these concepts, we present mechanical designs of three variations of a fiber passthrough for -IHSMs that are adapted to the limited bending radius of optical fiber: A simple disc cover, offset labyrinth meshes, and -interlocking gear meshes. We present a mechanical prototype of our offset labyrinth mesh design. +To approach the security of the data and power connections passing through the IHSM's unprotected shaft, in our +introduction of the IHSM concept in Chapter~\ref{chapter-ihsm} we listed some shielding methods that use an +independently rotating secondary tamper sensing mesh on the inside of the primary mesh, located right next to the +primary mesh's axis opening. This secondary mesh makes accessing the payload using probes inserted through the shaft +much more difficult. In our introduction in Chapter~\ref{chapter-ihsm}, we only presented conceptual drawings of these +schemes, and focused on electrical signals. In this chapter, building on these concepts, we present mechanical designs +of three variations of a fiber passthrough for IHSMs that are adapted to the limited bending radius of optical fiber: A +simple disc cover, offset labyrinth meshes, and interlocking gear meshes. We present a mechanical prototype of our +offset labyrinth mesh design. \subsection{Simple disc cover} @@ -482,13 +483,13 @@ countermeasures. \subsection{Attacks on the IHSM mesh} There are two ways an attacker could attack the mesh itself if an adequate speed of rotation such as \qty{1000}{\rpm} is -used~\cite{gotteCantTouchThis2022}: Either, an attacker would have to slow down the mesh so they can perform a manual -attack, or they would have to use a robot. The first class of attack would require the attacker to falsify the readings -of the centrifugal accelerometer. MEMS accelerometers are complex devices, and the simplest way to falsify its readings -would be to attach a circuit to the accelrometer's data bus that overrides the measurement result data. Creating such a -circuit is easy, the challenge the attacker would have to overcome would be to access this bus and attach this circuit -to the mesh in motion without stopping or disturbing it. At high speeds, this would necessarily require a custom attack -robot. +used (cf.\ Chapter~\ref{chapter-ihsm}): Either, an attacker would have to slow down the mesh so they can perform a +manual attack, or they would have to use a robot. The first class of attack would require the attacker to falsify the +readings of the centrifugal accelerometer. MEMS accelerometers are complex devices, and the simplest way to falsify its +readings would be to attach a circuit to the accelrometer's data bus that overrides the measurement result data. +Creating such a circuit is easy, the challenge the attacker would have to overcome would be to access this bus and +attach this circuit to the mesh in motion without stopping or disturbing it. At high speeds, this would necessarily +require a custom attack robot. \subsection{Contactless attacks on the payload} diff --git a/chapter-sampling-mesh-monitor/chapter.tex b/chapter-sampling-mesh-monitor/chapter.tex index bfa0cad..c3c7a02 100644 --- a/chapter-sampling-mesh-monitor/chapter.tex +++ b/chapter-sampling-mesh-monitor/chapter.tex @@ -6,8 +6,8 @@ it.} \section{Introduction} -\sourceattrib{This chapter is adapted from a paper written by me that will be presented by me at CHES -2026~\cite{gotteHighFidelitySecurity2026}.} +\sourceattrib{This part is adapted from a paper written by Jan Sebastian Götte and Prof.\ Dr.\ Björn Scheuermann that +will be presented by Jan Sebastian Götte at CHES 2026~\cite{gotteHighFidelitySecurity2026}.} Security meshes continue to be the state of the art for tamper sensing in applications where sophisticated physical attacks such as attempts at drilling or sawing through the device's enclosure to place probes must be prevented. Common applications for such meshes include Hardware Security Modules (HSMs) used to store and process cryptographic keys