Include first of leo's notes
This commit is contained in:
jaseg
parent
6218217d49
commit
fa6c2e9f0d
6 changed files with 90 additions and 64 deletions
24
abstract.tex
24
abstract.tex
|
|
@ -8,6 +8,7 @@
|
|||
%as formal verification, it can be ensured that a software implementation is a flawless representation of its theoretical
|
||||
%model, and that the theoretical model is secure given universally accepted cryptographic assumptions. Despite
|
||||
|
||||
% FIXME leo's notes
|
||||
With cryptographic advancements and techniques like formal verification leading to increasingly secure software, the
|
||||
hardware level advances into the focus of contemporary applied computer security research. However, the state of the art
|
||||
in hardware security still often relies on the use of microelectronic integration to achieve security by obscurity over
|
||||
|
|
@ -20,16 +21,21 @@ of much larger size, weight and power dissipation compared to conventional HSMs.
|
|||
source tamper-sensing mesh of a conventional HSM is replaced by a mesh made from simple PCBs that is rotating at high
|
||||
speed around the payload. Since the mesh is rotating, it cannot be manipulated, and the security of conventional meshes
|
||||
created in bespoke manufacturing processes can be achieved using much simpler and less expensive construction
|
||||
techniques. The thesis presents solutions to key engineering challenges in IHSM construction including a highly
|
||||
symmetric planar inductor design for rotating wireless power transfer and a high-fidelity monitoring system for low-cost
|
||||
security meshes.
|
||||
techniques. We present the results of a survey of approximately 30 real world tamper sensing mesh implementations. We
|
||||
deduce design criteria for secure meshes and contextualize our design. We further motivate the necessity of secure
|
||||
hardware by presenting an analysis of problematic aspects in the hardware security design of Germany's new national
|
||||
electronic health record system.
|
||||
|
||||
Applying IHSM technology, the thesis concludes with analyses of two use cases that are unlocked by the increased
|
||||
size and power dissipation capability of IHSMs. In the first analysis, an IHSM-secured relay node for Quantum Key
|
||||
Distribution (QKD) systems is proposed, enabling their practical implementation across arbitrary distances, which
|
||||
requires trusted relay stations due to fundamental physical limitations. In the study, IHSMs are adapted for such
|
||||
high-security QKD relays by securing the IHSM mesh passthrough with a secondary tamper-sensing mesh. In this setup, a
|
||||
bracket design is proposed that supports passing through optical fibers at low loss.
|
||||
To pave the way for practical implementations of IHSM technology, we present solutions to key engineering challenges in
|
||||
IHSM construction including a highly symmetric planar inductor design for rotating wireless power transfer and a
|
||||
high-fidelity monitoring system for low-cost security meshes.
|
||||
|
||||
Applying IHSM technology, we analyse two use cases that are unlocked by the increased size and power dissipation
|
||||
capability of IHSMs. In the first analysis, an IHSM-secured relay node for Quantum Key Distribution (QKD) systems is
|
||||
proposed, enabling their practical implementation across arbitrary distances, which requires trusted relay stations due
|
||||
to fundamental physical limitations. In the study, IHSMs are adapted for such high-security QKD relays by securing the
|
||||
IHSM mesh passthrough with a secondary tamper-sensing mesh. In this setup, a bracket design is proposed that supports
|
||||
passing through optical fibers at low loss.
|
||||
|
||||
The second proposed use case adapts an IHSM enclosure to the size, power and thermal dissipation requirements of a
|
||||
high-power server to support co-located secure Multiparty Computation (MPC) workloads. In practical MPC deployments,
|
||||
|
|
|
|||
|
|
@ -6,25 +6,26 @@
|
|||
This thesis has been written during the years of 2020 - 2025. In this time, Artificial Intelligence (AI) technology
|
||||
including Large Language Models (LLMs) has entered widespread adoption. I have used such LLM systems in the preparation
|
||||
of this thesis. At the time this thesis was written, LLMs were a powerful and useful technology, but often produced
|
||||
wrong output. Thus, I used the following list of observations to guide my LLM use during the writing of this thesis.
|
||||
wrong output. Thus I used the following list of observations to guide my LLM use during the writing of this thesis.
|
||||
|
||||
\begin{enumerate}
|
||||
\item Passing text through an LLM is an imprecise operation. Especially when large amounts of text are passed
|
||||
through an LLM, despite clear instructions such as ``only fix spelling errors,'' the LLM output might deviate
|
||||
from the source text. Therefore, the document text should never be passed through the LLM, and the LLM should be
|
||||
prompted to point out problems, or to produce a list of suggestions for improvements instead.
|
||||
\item LLMs are really bad at summarizing text that contains novel concepts. LLM summaries of text often converge to
|
||||
a re-stating of the general consensus on the text's main topic. Where the source text deviates from conventional
|
||||
wisdom or makes novel points, an LLM summary will likely mis-represent those conclusions. Additionally, LLMs are
|
||||
bad at capturing the point of a text. Unless extreme care is taken when prompting, it is easy to lead an LLM to
|
||||
produce an inaccurate summary of a text that agrees with the prompt, but misses the gist of the text. Therefore,
|
||||
extreme caution should be applied when using an LLM for summarization, and LLM output should be checked
|
||||
diligently in such instances.
|
||||
\item LLMs are bad at generating text from scratch. Especially on topics of academic interest that are novel and
|
||||
that do not have well-known answers that can be found in the training corpus for these models, in general they
|
||||
will not produce useful text when prompted. Therefore, LLMs should never be used to generate novel text.
|
||||
\item LLMs are really bad at giving references. Prompts that ask for academic references on a topic are likely to
|
||||
produce non-existing ``hallucinated'' references. The existing references an LLM is most likely to dig up
|
||||
\item Contemporary LLMs are bad at summarizing text that contains novel concepts. LLM summaries of text often
|
||||
converge to a re-stating of the general consensus on the text's main topic. Where the source text deviates from
|
||||
conventional wisdom or makes novel points, an LLM summary will likely mis-represent those conclusions.
|
||||
Additionally, LLMs are bad at capturing the point of a text. Unless extreme care is taken when prompting, it is
|
||||
easy to lead an LLM to produce an inaccurate summary of a text that agrees with the prompt, but misses the gist
|
||||
of the text. Therefore, extreme caution should be applied when using an LLM for summarization, and LLM output
|
||||
should be checked diligently in such instances.
|
||||
\item Contemporary LLMs are bad at generating text from scratch. Especially on topics of academic interest that are
|
||||
novel and that do not have well-known answers that can be found in the training corpus for these models, in
|
||||
general they will not produce useful text when prompted. Therefore, LLMs should never be used to generate novel
|
||||
text.
|
||||
\item Contemporary LLMs are bad at giving references. Prompts that ask for academic references on a topic are likely
|
||||
to produce non-existing ``hallucinated'' references. The existing references an LLM is most likely to dig up
|
||||
usually occur on the first page of a web search on the topic, or are frequently cited in literature on the
|
||||
topic. Thus, LLMs should never be directly queried for references. When researching a new concept, a better use
|
||||
of an LLM is the generation of query strings for search engines like Google Scholar.
|
||||
|
|
|
|||
|
|
@ -34,15 +34,6 @@
|
|||
% designs, code and data as open source to create the groundwork for future research, and sow the seeds for a new
|
||||
% generation of secure hardware that will be able to resist a rising tide of fascist and authoritarian movements.
|
||||
%
|
||||
%
|
||||
%
|
||||
% Research questions:
|
||||
% 1. can hsm w/o proprietary mesh?
|
||||
% 2. how do meshes look like in practice?
|
||||
% 3. can we improve monitoring?
|
||||
% 4. can we solve power transfer issue
|
||||
% 5. applications
|
||||
%
|
||||
|
||||
\emph{No Gods, No Masters} is an anarchist slogan originating in the 19\textsuperscript{th} century that expresses a
|
||||
rejection of authorities~\cite{broussaisOriginesDeviseAnarchiste2022,guerinNoGodsNo2005,blomNoGodsNo2025}. In modern
|
||||
|
|
@ -86,7 +77,9 @@ systems are still routinely compromised~\cite{
|
|||
goldmanUnrestrainedChineseCyberattackers2025,
|
||||
scott-railtonWhoseAuthorityPegasus2024,
|
||||
quintinSomethingRememberUs2024,
|
||||
marczakGraphiteCaughtFirst2025}.
|
||||
marczakGraphiteCaughtFirst2025,
|
||||
PredatorFilesTechnical2023,
|
||||
PakistanMassSurveillance2025}.
|
||||
A fundamental flaw of any practical cryptographic system is that secure algorithms have to run on hardware, and even
|
||||
today, average computing hardware provides little physical security~\cite{
|
||||
gotzfriedCacheAttacksIntel2017,
|
||||
|
|
@ -128,30 +121,39 @@ cryptographic engineering is Kerckhoffs' principle\footnote{
|
|||
as well as a translation of the cited part from French. The original source is
|
||||
\textcite{kerckhoffsCryptographieMilitaire1883}.
|
||||
}, named after Dutch military cryptographer Auguste Kerckhoffs. Kerckhoffs' principle expresses that the security of a
|
||||
cryptographic system should only depend on the secrecy of its keys, not on the secrecy of its design. In this way,
|
||||
Kerckhoff's principle states the opposite of the widespread industry practice of \emph{Security by Obscurity}, which
|
||||
aims to achieve security by making it sufficiently costly to cryptoanalyze a system that the attempt becomes
|
||||
unattractive. All existing commercial HSM designs as well as some existing academic related work violate this principle
|
||||
by keeping details of their implementation such as the precise mesh dimensions and manufacturing methods secret. By
|
||||
publishing all details of our research into HSMs and their components, we provide the foundation for future independent
|
||||
research.
|
||||
cryptographic system should only depend on the secrecy of its keys, not on the secrecy of its design. Existing
|
||||
commercial designs routinely contravene Kerckhoff's principle by applying the widespread industry practice of
|
||||
\emph{Security by Obscurity}. Even in academic related work, the principle is sometimes violated by omitting
|
||||
implementation and methodological details in the interest of patents and commercial exploitation. By publishing all
|
||||
details of our research into HSMs and their components, we provide the foundation for future independent research.
|
||||
|
||||
Complementary to Kerckhoff's principle is the principle of least authority, which describes that in a secure system each
|
||||
component should only have access to the smallest set of capabilities necessary to fulfill its purpose. Applying both to
|
||||
a cryptographic system means that the system's design should be transparent and not include any hidden components or
|
||||
opaque parts that cannot be inspected, and that the system's keys should be scoped to place the least amount of trust
|
||||
possible in each participating party. Existing HSMs are an example of a violation of the principle of least authority
|
||||
since they elevate the HSM manufacturer to a single point of failure. The tamper sensing mesh foils used in conventional
|
||||
HSMs are made in proprietary, bespoke processes, and cannot be manufactured independently. Our proposed design can be
|
||||
replicated from standard components and eliminates this issue.
|
||||
Beyond applying Kerckhoffs' principle, publishing our design also enables independent replication. Our design is
|
||||
based entirely on standard components and does not require bespoke manufacturing processes. Both commercial and academic
|
||||
existing HSM tamper sensing designs require bespoke manufacturing methods or custom integrated circuits
|
||||
(ICs)~\cite{
|
||||
obermaierPUFfilmMethodProducing2023,
|
||||
immler2019,
|
||||
garbTamperSensitiveDesignPUFBased,
|
||||
immlerBTREPIDBatterylessTamperresistant2018}.
|
||||
This creates a single point of failure in the manufacturer, and opens up an opportunity for a hardware supply-chain
|
||||
attack~\cite{harrisonSoKSecurityArchitects2025}. Such supply chain attacks can be mitigated by independently
|
||||
manufacturing our design.
|
||||
|
||||
\section{Research Questions and Contributions}
|
||||
|
||||
Based on the current state of the field of hardware security, we deduce three overarching research questions for this
|
||||
thesis that progress from theory to practical deployment.
|
||||
|
||||
% Research questions:
|
||||
% 1. can hsm w/o proprietary mesh?
|
||||
% 2. how do meshes look like in practice?
|
||||
% 3. can we improve monitoring?
|
||||
% 4. can we solve power transfer issue
|
||||
% 5. applications
|
||||
%
|
||||
\begin{enumerate}
|
||||
\item Can we achieve physical security without relying on conventional tamper-sensing meshes?
|
||||
\item Can we achieve physical security without relying on a conventional tamper-sensing meshes that requires a
|
||||
bespoke manufacturing process?
|
||||
\item Can we monitor tamper-sensing meshes at a higher detail level than the state of the art of a single, scalar
|
||||
measurement?
|
||||
\item Can we create the support components necessary to integrate a system that provides a practical security
|
||||
|
|
|
|||
|
|
@ -29,13 +29,13 @@ draw a distinction in its terminology between the two classes.
|
|||
|
||||
\section{Use in government standards}
|
||||
|
||||
Under US national standard FIPS 140 in in its 2002 version
|
||||
Under the still widely used US national standard FIPS 140 in in its 2002 version
|
||||
2~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2002}, a HSM would be called a
|
||||
\emph{Multiple-Chip Cryptographic Module} that conforms to the standard's \emph{Security Level 4}. Interesting to note
|
||||
are that only security level 4 requires any active tamper detection and response, so its security levels 3 and below do
|
||||
not align with our HSM definition. Futher of note is that according to the standard, a single-chip solution does not
|
||||
require any tamper detection and response either to meet the standard's security level 4, which is in misalignment with
|
||||
our definition. The standard's 2019 updated version FIPS
|
||||
\emph{Multiple-Chip Cryptographic Module} that conforms to the standard's \emph{Security Level} 4 out of 4. Interesting
|
||||
to note are that only level 4 requires any active tamper detection and response, so devices compliant only up to levels
|
||||
3 and below do not align with our HSM definition. Futher of note is that according to the standard, a single-chip
|
||||
solution does not require any tamper detection and response either to meet the standard's security level 4, which is in
|
||||
misalignment with our definition. The standard's 2019 updated version FIPS
|
||||
140-3~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2019} defers to the
|
||||
international standards ISO/IEC 19790 and 24759.
|
||||
|
||||
|
|
@ -49,17 +49,17 @@ The Payment Card Industry Security Standards Council (PCI SSC) is an association
|
|||
defines standards for all layers of card payment processing, from card payment terminals in stores to the handling of
|
||||
payment data in online shop backend systems.
|
||||
|
||||
PCI SSC terminology aligns with our use and with common everyday use of the term HSM. In PCI SSC terminology, a HSM is a
|
||||
crytographic device that has active tamper detecion and response circuitry. However, PCI SSC terminology differs from
|
||||
our use of the term HSM in one nuance: In PCI SSC terminology, a HSM is specifically a datacenter device used for
|
||||
backend processing of payment data. The general class of ``hardware devices performing some security function with or
|
||||
without particular physical security requirements'' that ISO/IEC 19790 and other standards call a \emph{Hardware
|
||||
PCI SSC terminology aligns with our definition and with common everyday use of the term HSM. In PCI SSC terminology, a
|
||||
HSM is a crytographic device that has active tamper detecion and response circuitry. However, PCI SSC terminology
|
||||
differs from our use of the term HSM in one nuance: In PCI SSC terminology, a HSM is specifically a datacenter device
|
||||
used for backend processing of payment data. The general class of ``hardware devices performing some security function
|
||||
with or without particular physical security requirements'' that ISO/IEC 19790 and other standards call a \emph{Hardware
|
||||
Cryptographic Module}, in PCI SSC terminology is termed \emph{Secure Cryptographic Device (SCD)} in more recent standard
|
||||
versions, which was updated from the previous term \emph{Tamper-Resistant Security Module (TRSM)}. Other than HSMs, PCI
|
||||
SSC includes smartcards and card payment terminals in this category. Card payment terminals, referred to as
|
||||
\emph{Pin-Entry Device (PED)} in PCI SSC standards, have to include a surprising amount of active tamper detection and
|
||||
response functionality including partial coverage of areas like they system's main cryptographic processor and smart
|
||||
card reader by battery-backed tamper-sensing meshes.
|
||||
response functionality including partial coverage of areas like their main cryptographic processor and smart card reader
|
||||
by battery-backed tamper-sensing meshes. Under our definition, these devices can be classified as a type of HSM.
|
||||
|
||||
\section*{Tamper-Sensing Meshes}
|
||||
\addcontentsline{toc}{subsection}{Tamper-Sensing Meshes}
|
||||
|
|
@ -71,4 +71,7 @@ less clear to people unfamiliar with the matter. It is also polysemous, and depe
|
|||
or stamped metal meshes used as fences or as screens in front of windows to prevent break-ins. As a result, it is harder
|
||||
to use in online searches, and when using Large Language Models (LLMs), it frequently leads to amusing hallucinations.
|
||||
|
||||
|
||||
% FIXME note leo: Das ganze wirkt wie ein guter baustein für eine Einleitung. Für einen Terminologie übersicht ist es
|
||||
% ansonsten auch eigentlich zu lang.
|
||||
% Splitte das vielleicht auf, ein paar mehr details in den Abstract um die HSM definition etwas zu präzisieren, den rest
|
||||
% in die Intro?
|
||||
|
|
|
|||
13
main.bib
13
main.bib
|
|
@ -2893,6 +2893,19 @@
|
|||
langid = {english}
|
||||
}
|
||||
|
||||
@inproceedings{harrisonSoKSecurityArchitects2025,
|
||||
title = {{{SoK}}: {{A Security Architect}}'s {{View}} of {{Printed Circuit Board Attacks}}},
|
||||
shorttitle = {{{SoK}}},
|
||||
author = {Harrison, Jacob and Jessurun, Nathan and Tehranipoor, Mark},
|
||||
date = {2025},
|
||||
pages = {1907--1924},
|
||||
url = {https://www.usenix.org/conference/usenixsecurity25/presentation/harrison},
|
||||
urldate = {2025-11-27},
|
||||
eventtitle = {34th {{USENIX Security Symposium}} ({{USENIX Security}} 25)},
|
||||
isbn = {978-1-939133-52-6},
|
||||
langid = {english}
|
||||
}
|
||||
|
||||
@inproceedings{hastingsSoKGeneralPurpose2019,
|
||||
title = {{{SoK}}: {{General Purpose Compilers}} for {{Secure Multi-Party Computation}}},
|
||||
shorttitle = {{{SoK}}},
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
\newcommand{\chaptertitle}[1]{
|
||||
\chapter{#1}
|
||||
\printchapterquote
|
||||
%FIXME note leo: remove minitocs?
|
||||
\begin{spacing}{1.1}
|
||||
\minitoc
|
||||
\end{spacing}
|
||||
|
|
@ -34,8 +35,8 @@
|
|||
|
||||
\clearpage
|
||||
\tableofcontents
|
||||
\listoffigures
|
||||
\listoftables
|
||||
%\listoffigures
|
||||
%\listoftables
|
||||
|
||||
\mainmatter
|
||||
\dochapter{chapter-introduction} % Status: In pretty good shape
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue