jaseg/phd-thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

QKD mesh passthrough implementation WIP

Browse source
This commit is contained in:
jaseg 2024-08-27 19:30:32 +02:00
parent 2d243a5b42
commit a8d123f571
1 changed files with 61 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

61
chapter-qkd/chapter.tex
View file

@ -107,6 +107,7 @@
\addtolength{\headwidth}{-1cm}
\newcommand{\todo}[1]{
\ifdefined\thesispreviewmode
\marginpar{
\setlength{\fboxsep}{2mm}
\shadowbox{
@ -120,8 +121,11 @@
}
}
}
\fi
}
\newcommand{\todoplaceholder}[1]{\textbf{TODO}\todo{#1}}
% https://tex.stackexchange.com/questions/30720/footnote-without-a-marker
\newcommand\blfootnote[1]{%
\begingroup
@ -607,6 +611,63 @@ provides a combined power and multi-fiber passthrough that is sufficient for QKD
\subsection{Multi-fiber passthrough with active secondary mesh}
The primary weak spot of a simple IHSM is its axis of rotation. While the stationary axis allows for wired data and
power connections to penetrate the mesh, it also provides an easy target for an attacker who wants to insert some sort
of physical probe into the IHSM's security envelope. While to a certain extent this attack vector can be made more
difficult though simple construction techniques such as making the shaft as thin as possible, and getting the mesh as
close to it as possible, as well as using a solid steel shaft on the motor end of the mesh, the level of security that
these mitigations provide is much below that of the rest of the mesh. Thus, a better solution is needed.
Previously, in Chapter \todoplaceholder{provide link to mesh protection overview from OG IHSM paper} we have alluded to
several \emph{shielding} methods that use a second, independently rotating mesh on the inside of the primary mesh,
located right next to the primary mesh's axis opening. In this section, we will go into some more detail on three
variations of this solution. In order of increasing complexity, these variations are a simple disc cover, offset
labyrinth meshes, and interlocking gear meshes. We will demonstrate a functional prototype of the simple disc cover,
present a design and mechanical prototypes of the offset labyrinth meshes, and provide details on the design of a
interlocking gear mesh.
\subsection{Simple disc cover}
In Chapter \todoplaceholder{Provide link to single-board IHSM chapter here}, we have shown how an IHSM that has been
shrunk to a single, disc-shaped PCB is still useful because we can delegate key management functionality to the mesh
monitoring circuit's microcontroller or a separate processor sitting next to it on the rotating mesh PCB, yielding a
solution close in both its cryptographic capabilities and its security level to commercial traditional HSMs, and
exceeding those of a smartcard. In the following paragraphs, we will show how we can deploy the same single-board IHSM
(SB-IHSM) as a mitigation for through-axis attacks, exploiting its mechanical shape and its simple, low-cost
implementation.
By placing an adapted single-board IHSM close to the primary mesh's axis opening, an attacker is forced to either first
circumvent the single-board IHSM through the primary mesh's axis opening, then remove enough of it to gain direct access
ot the payload behind it, or to conduct their attack while bending their tool by approximately \qty{90}{\degree} at
least twice, once to avoid the SB-IHSM mesh, and once more to re-orient the tool towards the payload. The distance
between the inside of the primary mesh and the SB-IHSM is limited by the tolerance in mechanical alignment between the
two axes of rotation, by the space necessary for a sufficiently stable mount of the payload cage to the hollow shaft,
and by the minimum bend radius of the power and data wiring that needs to pass through the shaft. In QKD applications,
the fibers' minimum bend radius is the largest contributor with a minimum distance of \qty{10}{\milli\meter}, equal to
the minimum bend radius specification that is common in telecom fiber optics.\todo{cite bend radius spec}
\todoplaceholder{Finish this part.}
\subsection{Offset labyrinth meshes}
In QKD applications, the simple disc cover design shown above has two main limitations. First, the distance between the
primary and secondary meshes must be large enough to allow for the fibers' minimum bend radius, resulting in more than
\qty{10}{\milli\meter} of space available to an attacker. Second, the attacker only has to bend their tool twice to
reach the payload. In this section, we will show a design and a mechanical prototype of an offset labyrinth mesh design
that improves both of these quantities by a large margin.
Our offset labyrinth mesh design combines an offset of the secondary mesh's axis of rotation with a three-dimensional
surface structure on both the inside of the primary mesh, and the facing side of the secondary mesh to create a series
of narrow, \qty{180}{\degree} turns that an attacker would have to overcome with their tool to reach the payload.
Structural support is provided using a CNC machined or 3D printed part, which also serves as a conduit for electrical
connections from the shaft to the payload using Flexible Flat Cable (FFC). While the FFC can easily conform to the
offset labyrinth's sharp corners, an optical fiber can not. Thus, instead of passing it straight through the labyrinth,
the payload's fiber optic connections are passed through the labyrinth in a three-dimensional spiral shape, avoiding the
meshes while simultaneously keeping the fibers' bend radii large.
\subsection{Interlocking gear meshes}
\begin{figure}
\centering
\subcaptionbox[Offset labyrinth mesh assembly render]{\figureattrib{render_side_1.png}}{\includegraphics[width=\textwidth]{\scaledgraphics{render_side_1.png}}}