From 9745e88de406c9926f0b711ca45748c8e35292de Mon Sep 17 00:00:00 2001 From: jaseg Date: Wed, 26 Nov 2025 19:52:30 +0100 Subject: [PATCH] Intro WIP --- chapter-introduction/chapter.tex | 45 ++++++++++++++++++-------------- 1 file changed, 26 insertions(+), 19 deletions(-) diff --git a/chapter-introduction/chapter.tex b/chapter-introduction/chapter.tex index 333e533..544f9df 100644 --- a/chapter-introduction/chapter.tex +++ b/chapter-introduction/chapter.tex @@ -102,41 +102,48 @@ As \textcite{andersonSecurityEngineeringGuide2020} writes on HSMs and their secu % FIXME page numbers \begin{quote} + Security economics remains a big soft spot, with security chips being in many ways a market for lemons. A banker + buying HSMs probably won’t be aware of the huge gap between FIPS\footnote{Anderson here refers to the US national + HSM security standard FIPS + 140~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2002, + usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2019}} level 3 and level 4, and + understand that level 3 can sometimes be defeated with a Swiss army knife. The buying incentive there is compliance, + and where real security clashes with operations it’s not surprising to see weaker standards designed to make + compliance easier. + \begin{flushright} - Security economics remains a big soft spot, with security chips being in many ways a market for lemons. A banker - buying HSMs probably won’t be aware of the huge gap between FIPS [US national HSM security standard] level 3 and - level 4, and understand that level 3 can sometimes be defeated with a Swiss army knife. The buying incentive - there is compliance, and where real security clashes with operations it’s not surprising to see weaker standards - designed to make compliance easier. \textit{\textcite{andersonSecurityEngineeringGuide2020} p. 629} \end{flushright} \end{quote} In this thesis, we aim to fill this gap in easily obtainable, secure hardware and extend the level of protection -afforded by cryptographic protocol design down the technology stack to the hardware level. -We propose a new HSM design that unlike existing designs can be manufactured at low cost and without access to -specialized tools. +afforded by cryptographic protocol design down the technology stack to the hardware level. We propose a new HSM design +that unlike existing designs can be manufactured at low cost and without access to specialized tools. -% Go into drawbacks of existing HSMs, they violate kerckhoffs' principle -We publish our design fully open source -Kerckhoffs' principle, and the principle of least authority. Kerckhoffs' principle\footnote{ +% Go into drawbacks of existing HSMs + +We publish our design fully open source, including all detials necessary for replication. A fundamental principle in +cryptographic engineering is Kerckhoffs' principle\footnote{ \textcite{petitcolasKerckhoffsPrinciplesCryptographie} contains a high-quality OCR'ed copy of the original source, as well as a translation of the cited part from French. The original source is \textcite{kerckhoffsCryptographieMilitaire1883}. -}, named after Dutch military cryptographer Auguste Kerckhoffs, expresses that the security of a cryptographic system -should only depend on the secrecy of its keys, not on the secrecy of its design. In this way, Kerckhoff's principle -states the opposite of the widespread industry practice of \emph{Security by Obscurity}, which aims to achieve security -by making it sufficiently costly to cryptoanalyze a system that the attempt becomes unattractive. The reliance of -contemporary hardware security measures such as the majority of Physically Unclonable Functions (PUFs) on chip-scale -integration as their main barrier against manipulation is an instance where Kerckhoffs' principle is violated. +}, named after Dutch military cryptographer Auguste Kerckhoffs. Kerckhoffs' principle expresses that the security of a +cryptographic system should only depend on the secrecy of its keys, not on the secrecy of its design. In this way, +Kerckhoff's principle states the opposite of the widespread industry practice of \emph{Security by Obscurity}, which +aims to achieve security by making it sufficiently costly to cryptoanalyze a system that the attempt becomes +unattractive. All existing commercial HSM designs as well as some existing academic related work violate this principle +by keeping details of their implementation such as the precise mesh dimensions and manufacturing methods secret. By +publishing all details of our research into HSMs and their components, we provide the foundation for future independent +research. Complementary to Kerckhoff's principle is the principle of least authority, which describes that in a secure system each component should only have access to the smallest set of capabilities necessary to fulfill its purpose. Applying both to a cryptographic system means that the system's design should be transparent and not include any hidden components or opaque parts that cannot be inspected, and that the system's keys should be scoped to place the least amount of trust possible in each participating party. Existing HSMs are an example of a violation of the principle of least authority -since they elevate the HSM manufacturer to a single point of failure. Since the tamper sensing mesh foils used in -conventional HSMs are made in proprietary, bespoke processes, they cannot be manufactured independently. +since they elevate the HSM manufacturer to a single point of failure. The tamper sensing mesh foils used in conventional +HSMs are made in proprietary, bespoke processes, and cannot be manufactured independently. Our proposed design can be +replicated from standard components and eliminates this issue. \section{Research Questions and Contributions}