Intro WIP
This commit is contained in:
jaseg
parent
1edd5317fe
commit
9745e88de4
1 changed files with 26 additions and 19 deletions
|
|
@ -102,41 +102,48 @@ As \textcite{andersonSecurityEngineeringGuide2020} writes on HSMs and their secu
|
|||
% FIXME page numbers
|
||||
|
||||
\begin{quote}
|
||||
Security economics remains a big soft spot, with security chips being in many ways a market for lemons. A banker
|
||||
buying HSMs probably won’t be aware of the huge gap between FIPS\footnote{Anderson here refers to the US national
|
||||
HSM security standard FIPS
|
||||
140~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2002,
|
||||
usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2019}} level 3 and level 4, and
|
||||
understand that level 3 can sometimes be defeated with a Swiss army knife. The buying incentive there is compliance,
|
||||
and where real security clashes with operations it’s not surprising to see weaker standards designed to make
|
||||
compliance easier.
|
||||
|
||||
\begin{flushright}
|
||||
Security economics remains a big soft spot, with security chips being in many ways a market for lemons. A banker
|
||||
buying HSMs probably won’t be aware of the huge gap between FIPS [US national HSM security standard] level 3 and
|
||||
level 4, and understand that level 3 can sometimes be defeated with a Swiss army knife. The buying incentive
|
||||
there is compliance, and where real security clashes with operations it’s not surprising to see weaker standards
|
||||
designed to make compliance easier.
|
||||
\textit{\textcite{andersonSecurityEngineeringGuide2020} p. 629}
|
||||
\end{flushright}
|
||||
\end{quote}
|
||||
|
||||
In this thesis, we aim to fill this gap in easily obtainable, secure hardware and extend the level of protection
|
||||
afforded by cryptographic protocol design down the technology stack to the hardware level.
|
||||
We propose a new HSM design that unlike existing designs can be manufactured at low cost and without access to
|
||||
specialized tools.
|
||||
afforded by cryptographic protocol design down the technology stack to the hardware level. We propose a new HSM design
|
||||
that unlike existing designs can be manufactured at low cost and without access to specialized tools.
|
||||
|
||||
% Go into drawbacks of existing HSMs, they violate kerckhoffs' principle
|
||||
We publish our design fully open source
|
||||
Kerckhoffs' principle, and the principle of least authority. Kerckhoffs' principle\footnote{
|
||||
% Go into drawbacks of existing HSMs
|
||||
|
||||
We publish our design fully open source, including all detials necessary for replication. A fundamental principle in
|
||||
cryptographic engineering is Kerckhoffs' principle\footnote{
|
||||
\textcite{petitcolasKerckhoffsPrinciplesCryptographie} contains a high-quality OCR'ed copy of the original source,
|
||||
as well as a translation of the cited part from French. The original source is
|
||||
\textcite{kerckhoffsCryptographieMilitaire1883}.
|
||||
}, named after Dutch military cryptographer Auguste Kerckhoffs, expresses that the security of a cryptographic system
|
||||
should only depend on the secrecy of its keys, not on the secrecy of its design. In this way, Kerckhoff's principle
|
||||
states the opposite of the widespread industry practice of \emph{Security by Obscurity}, which aims to achieve security
|
||||
by making it sufficiently costly to cryptoanalyze a system that the attempt becomes unattractive. The reliance of
|
||||
contemporary hardware security measures such as the majority of Physically Unclonable Functions (PUFs) on chip-scale
|
||||
integration as their main barrier against manipulation is an instance where Kerckhoffs' principle is violated.
|
||||
}, named after Dutch military cryptographer Auguste Kerckhoffs. Kerckhoffs' principle expresses that the security of a
|
||||
cryptographic system should only depend on the secrecy of its keys, not on the secrecy of its design. In this way,
|
||||
Kerckhoff's principle states the opposite of the widespread industry practice of \emph{Security by Obscurity}, which
|
||||
aims to achieve security by making it sufficiently costly to cryptoanalyze a system that the attempt becomes
|
||||
unattractive. All existing commercial HSM designs as well as some existing academic related work violate this principle
|
||||
by keeping details of their implementation such as the precise mesh dimensions and manufacturing methods secret. By
|
||||
publishing all details of our research into HSMs and their components, we provide the foundation for future independent
|
||||
research.
|
||||
|
||||
Complementary to Kerckhoff's principle is the principle of least authority, which describes that in a secure system each
|
||||
component should only have access to the smallest set of capabilities necessary to fulfill its purpose. Applying both to
|
||||
a cryptographic system means that the system's design should be transparent and not include any hidden components or
|
||||
opaque parts that cannot be inspected, and that the system's keys should be scoped to place the least amount of trust
|
||||
possible in each participating party. Existing HSMs are an example of a violation of the principle of least authority
|
||||
since they elevate the HSM manufacturer to a single point of failure. Since the tamper sensing mesh foils used in
|
||||
conventional HSMs are made in proprietary, bespoke processes, they cannot be manufactured independently.
|
||||
since they elevate the HSM manufacturer to a single point of failure. The tamper sensing mesh foils used in conventional
|
||||
HSMs are made in proprietary, bespoke processes, and cannot be manufactured independently. Our proposed design can be
|
||||
replicated from standard components and eliminates this issue.
|
||||
|
||||
\section{Research Questions and Contributions}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue