From e6167085d387bba6dac0dcc093d9b98fa5f6c836 Mon Sep 17 00:00:00 2001 From: jaseg Date: Mon, 18 Aug 2025 16:39:39 +0200 Subject: [PATCH] Intro WIP --- chapter-introduction/chapter.tex | 60 ++++++++++++++++++++++++++++---- 1 file changed, 54 insertions(+), 6 deletions(-) diff --git a/chapter-introduction/chapter.tex b/chapter-introduction/chapter.tex index fc14ed7..1b33c32 100644 --- a/chapter-introduction/chapter.tex +++ b/chapter-introduction/chapter.tex @@ -51,12 +51,62 @@ We conclude this thesis with an overview of two concrete use cases IHSMs unlock conventional HSMs: Datacenter-scale Secure Multiparty Computation (SMPC) and long-range Quantum Key Distribution (QKD) networks. +\section{Building Inertial HSMs} +In a system with a secure software stack, the role of a HSM is to secure the hardware part of the stack. The basic +approach of a HSM is to combine a secure software stack with a fast self-destruct mechanism and tamper sensors. The +self-destruct mechanism can be hardware or software that quickly, securely wipes all cryptographic secrets, rendering +the device worthless to an attacker. The tamper sensors are tasked with detecting any physical attack an attacker could +mount on the device. Common classes of such sensors include \emph{tamper-sensing meshes}, i.e.\ flexible foils attached +to the HSM's enclosure that detect attempts at penetrating the shell of the device with probes, and environmental +sensors such as temperature or radiation sensors that detect attempts at causing controllable faults in the HSM by +heating, cooling or irradiating it. Out of these sensors, the tamper-sensing meshes are the core line of defense against +most physical attacks. Such meshes are very effective at mitigating almost all physical attacks, but they are difficult +to construct securely as they usually require bespoke manufacturing processes. As a result, they are currently only used +in niche applications, and even there not every realization is equally secure. -%In cryptography, Kerckhoffs' principle, named after Dutch military cryptographer Auguste Kerckhoffs, expresses that the -%security of a cryptographic system should only depend on the secrecy of its keys, not on the secrecy of its design. In -%this way, Kerckhoff's principle states the opposite of the common industry practice of \emph{Security by Obscurity}, -%which aims to achieve security by making it sufficiently annoying to cryptoanalyze a system that nobody bothers. +Inertial HSMs solve the issue of creating an impenetrable tamper-sensing envelope by replacing the bespoke +tamper-sensing mesh foil with a set of simple, rigid meshes made from commodity Printed Circuit Boards (PCBs) that are +rotating at high speed. In motion, these simple PCB tamper-sensing meshes are as secure as the much more sophisticated +bespoke foils used in conventional HSMs, yet they are simpler and less expensive to manufacture. To verify that the mesh +is rotating correctly, an accelerometer is placed on the rotating mesh, and its centrifugal force reading is used to +validate its path of motion. + +\section{Cryptographic Principles and Physical Reality} + +Cryptographers' aversion to backdoor access derives from a combination of two fundamental computing principles: +Kerckhoffs' principle, and the principle of least authority. In cryptography, Kerckhoffs' principle, named after Dutch +military cryptographer Auguste Kerckhoffs, expresses that the security of a cryptographic system should only depend on +the secrecy of its keys, not on the secrecy of its design. In this way, Kerckhoff's principle states the opposite of the +common industry practice of \emph{Security by Obscurity}, which aims to achieve security by making it sufficiently +annoying to cryptoanalyze a system that nobody bothers. Complementary to Kerckhoff's is the principle of least +authority, which describes that in a secure system each component should only have access to the smallest set of +capabilities necessary to fulfill its purpose. Applying both to a cryptographic system means that the system's design +should be transparent and not include any hiddent components or opaque parts that cannot be inspected, and that the +system's keys should be scoped to place the least amount of trust possible in each participating party. + +Let's take a basic videoconferencing system as an example. In our example system's deployment, users logen to a central +conference server, which receives and distributes the users' video streams. Allowing backdoor access to the video +streams to some third party like a datacenter operator or a state would violate Kerckhoffs' principle since it would +have to be hidden from the systems' participants, who would therefore not have a complete view of the systems' deployed +architecture. The principle of least authority would also be violated since in almost all cases, such a backdoor access +system would not see legitimate use. As a result, it would possess capabilities that almost never would be essential to +the proper function of the videoconference system. + +In their design, almost all modern software -- especially open source -- cleanly applies these principles. However, the +practical reality after deployment almost always deviates from them. While backdoors are vanishingly rare in modern +open-source software, practical depoloyments usually are vulnerable to physical attacks. Modern hardware generally is +not designed with a local attacker with advanced physical attack capabilities in mind since no mitigation can fully +prevent them, they can only be detected, or at best slowed down. As a result, commonplace attacks against modern +software often involve taking over the hardware at some point in the chain. Even End-to-End-Encrypted (E2EE) +communication systems can be compromised if one of the encrypted channel's endpoints can be physically compromised. +Corresponding \emph{digital forensics} capabilities are commonplace among state actors, and are available as a turnkey +solution on the market. + +A consequence of the difficulty of defending against physical attacks along with the wide availability of attack tools +and services is that + +\section{Inertial HSM Applications} %In the early days of mass-market computing, the expectations towards this new tool were high. Even before people @@ -90,8 +140,6 @@ networks. % Cypherpunks - -\section{Centralized Authority} % ACAB is a anti-authoritarian sentiment % In anarchist discourse, "cops" are not just policemen and -women, but also other means of centralized control. % Anarchism rejects centralized authority in favor of the freedom of individuals because it recognizes the dangers