jaseg/phd-thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Intro WIP

Browse source
This commit is contained in:
jaseg 2025-08-18 16:39:39 +02:00
parent 1decfb0c70
commit e6167085d3
1 changed files with 54 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

60
chapter-introduction/chapter.tex
View file

@ -51,12 +51,62 @@ We conclude this thesis with an overview of two concrete use cases IHSMs unlock
conventional HSMs: Datacenter-scale Secure Multiparty Computation (SMPC) and long-range Quantum Key Distribution (QKD)
networks.
\section{Building Inertial HSMs}
In a system with a secure software stack, the role of a HSM is to secure the hardware part of the stack. The basic
approach of a HSM is to combine a secure software stack with a fast self-destruct mechanism and tamper sensors. The
self-destruct mechanism can be hardware or software that quickly, securely wipes all cryptographic secrets, rendering
the device worthless to an attacker. The tamper sensors are tasked with detecting any physical attack an attacker could
mount on the device. Common classes of such sensors include \emph{tamper-sensing meshes}, i.e.\ flexible foils attached
to the HSM's enclosure that detect attempts at penetrating the shell of the device with probes, and environmental
sensors such as temperature or radiation sensors that detect attempts at causing controllable faults in the HSM by
heating, cooling or irradiating it. Out of these sensors, the tamper-sensing meshes are the core line of defense against
most physical attacks. Such meshes are very effective at mitigating almost all physical attacks, but they are difficult
to construct securely as they usually require bespoke manufacturing processes. As a result, they are currently only used
in niche applications, and even there not every realization is equally secure.
%In cryptography, Kerckhoffs' principle, named after Dutch military cryptographer Auguste Kerckhoffs, expresses that the
%security of a cryptographic system should only depend on the secrecy of its keys, not on the secrecy of its design. In
%this way, Kerckhoff's principle states the opposite of the common industry practice of \emph{Security by Obscurity},
%which aims to achieve security by making it sufficiently annoying to cryptoanalyze a system that nobody bothers.
Inertial HSMs solve the issue of creating an impenetrable tamper-sensing envelope by replacing the bespoke
tamper-sensing mesh foil with a set of simple, rigid meshes made from commodity Printed Circuit Boards (PCBs) that are
rotating at high speed. In motion, these simple PCB tamper-sensing meshes are as secure as the much more sophisticated
bespoke foils used in conventional HSMs, yet they are simpler and less expensive to manufacture. To verify that the mesh
is rotating correctly, an accelerometer is placed on the rotating mesh, and its centrifugal force reading is used to
validate its path of motion.
\section{Cryptographic Principles and Physical Reality}
Cryptographers' aversion to backdoor access derives from a combination of two fundamental computing principles:
Kerckhoffs' principle, and the principle of least authority. In cryptography, Kerckhoffs' principle, named after Dutch
military cryptographer Auguste Kerckhoffs, expresses that the security of a cryptographic system should only depend on
the secrecy of its keys, not on the secrecy of its design. In this way, Kerckhoff's principle states the opposite of the
common industry practice of \emph{Security by Obscurity}, which aims to achieve security by making it sufficiently
annoying to cryptoanalyze a system that nobody bothers. Complementary to Kerckhoff's is the principle of least
authority, which describes that in a secure system each component should only have access to the smallest set of
capabilities necessary to fulfill its purpose. Applying both to a cryptographic system means that the system's design
should be transparent and not include any hiddent components or opaque parts that cannot be inspected, and that the
system's keys should be scoped to place the least amount of trust possible in each participating party.
Let's take a basic videoconferencing system as an example. In our example system's deployment, users logen to a central
conference server, which receives and distributes the users' video streams. Allowing backdoor access to the video
streams to some third party like a datacenter operator or a state would violate Kerckhoffs' principle since it would
have to be hidden from the systems' participants, who would therefore not have a complete view of the systems' deployed
architecture. The principle of least authority would also be violated since in almost all cases, such a backdoor access
system would not see legitimate use. As a result, it would possess capabilities that almost never would be essential to
the proper function of the videoconference system.
In their design, almost all modern software -- especially open source -- cleanly applies these principles. However, the
practical reality after deployment almost always deviates from them. While backdoors are vanishingly rare in modern
open-source software, practical depoloyments usually are vulnerable to physical attacks. Modern hardware generally is
not designed with a local attacker with advanced physical attack capabilities in mind since no mitigation can fully
prevent them, they can only be detected, or at best slowed down. As a result, commonplace attacks against modern
software often involve taking over the hardware at some point in the chain. Even End-to-End-Encrypted (E2EE)
communication systems can be compromised if one of the encrypted channel's endpoints can be physically compromised.
Corresponding \emph{digital forensics} capabilities are commonplace among state actors, and are available as a turnkey
solution on the market.
A consequence of the difficulty of defending against physical attacks along with the wide availability of attack tools
and services is that
\section{Inertial HSM Applications}
%In the early days of mass-market computing, the expectations towards this new tool were high. Even before people
@ -90,8 +140,6 @@ networks.
% Cypherpunks
\section{Centralized Authority}
% ACAB is a anti-authoritarian sentiment
% In anarchist discourse, "cops" are not just policemen and -women, but also other means of centralized control.
% Anarchism rejects centralized authority in favor of the freedom of individuals because it recognizes the dangers