Include first of leo's notes

abstract.tex

@@ -8,6 +8,7 @@
 %as formal verification, it can be ensured that a software implementation is a flawless representation of its theoretical
 %model, and that the theoretical model is secure given universally accepted cryptographic assumptions. Despite 
 
+% FIXME leo's notes
 With cryptographic advancements and techniques like formal verification leading to increasingly secure software, the
 hardware level advances into the focus of contemporary applied computer security research. However, the state of the art
 in hardware security still often relies on the use of microelectronic integration to achieve security by obscurity over
@@ -20,16 +21,21 @@ of much larger size, weight and power dissipation compared to conventional HSMs.
 source tamper-sensing mesh of a conventional HSM is replaced by a mesh made from simple PCBs that is rotating at high
 speed around the payload. Since the mesh is rotating, it cannot be manipulated, and the security of conventional meshes
 created in bespoke manufacturing processes can be achieved using much simpler and less expensive construction
-techniques. The thesis presents solutions to key engineering challenges in IHSM construction including a highly
+techniques. We present the results of a survey of approximately 30 real world tamper sensing mesh implementations. We
-symmetric planar inductor design for rotating wireless power transfer and a high-fidelity monitoring system for low-cost
+deduce design criteria for secure meshes and contextualize our design. We further motivate the necessity of secure
-security meshes.
+hardware by presenting an analysis of problematic aspects in the hardware security design of Germany's new national
+electronic health record system.
 
-Applying IHSM technology, the thesis concludes with analyses of two use cases that are unlocked by the increased
+To pave the way for practical implementations of IHSM technology, we present solutions to key engineering challenges in
-size and power dissipation capability of IHSMs. In the first analysis, an IHSM-secured relay node for Quantum Key
+IHSM construction including a highly symmetric planar inductor design for rotating wireless power transfer and a
-Distribution (QKD) systems is proposed, enabling their practical implementation across arbitrary distances, which
+high-fidelity monitoring system for low-cost security meshes.
-requires trusted relay stations due to fundamental physical limitations. In the study, IHSMs are adapted for such
+
-high-security QKD relays by securing the IHSM mesh passthrough with a secondary tamper-sensing mesh. In this setup, a
+Applying IHSM technology, we analyse two use cases that are unlocked by the increased size and power dissipation
-bracket design is proposed that supports passing through optical fibers at low loss.
+capability of IHSMs. In the first analysis, an IHSM-secured relay node for Quantum Key Distribution (QKD) systems is
+proposed, enabling their practical implementation across arbitrary distances, which requires trusted relay stations due
+to fundamental physical limitations. In the study, IHSMs are adapted for such high-security QKD relays by securing the
+IHSM mesh passthrough with a secondary tamper-sensing mesh. In this setup, a bracket design is proposed that supports
+passing through optical fibers at low loss.
 
 The second proposed use case adapts an IHSM enclosure to the size, power and thermal dissipation requirements of a
 high-power server to support co-located secure Multiparty Computation (MPC) workloads. In practical MPC deployments,

ai-llm-use-disclosure.tex

@@ -6,25 +6,26 @@
 This thesis has been written during the years of 2020 - 2025. In this time, Artificial Intelligence (AI) technology
 including Large Language Models (LLMs) has entered widespread adoption. I have used such LLM systems in the preparation
 of this thesis. At the time this thesis was written, LLMs were a powerful and useful technology, but often produced
-wrong output. Thus, I used the following list of observations to guide my LLM use during the writing of this thesis.
+wrong output. Thus I used the following list of observations to guide my LLM use during the writing of this thesis.
 
 \begin{enumerate}
     \item Passing text through an LLM is an imprecise operation. Especially when large amounts of text are passed
         through an LLM, despite clear instructions such as ``only fix spelling errors,'' the LLM output might deviate
         from the source text. Therefore, the document text should never be passed through the LLM, and the LLM should be
         prompted to point out problems, or to produce a list of suggestions for improvements instead.
-    \item LLMs are really bad at summarizing text that contains novel concepts. LLM summaries of text often converge to
+    \item Contemporary LLMs are bad at summarizing text that contains novel concepts. LLM summaries of text often
-        a re-stating of the general consensus on the text's main topic. Where the source text deviates from conventional
+        converge to a re-stating of the general consensus on the text's main topic. Where the source text deviates from
-        wisdom or makes novel points, an LLM summary will likely mis-represent those conclusions. Additionally, LLMs are
+        conventional wisdom or makes novel points, an LLM summary will likely mis-represent those conclusions.
-        bad at capturing the point of a text. Unless extreme care is taken when prompting, it is easy to lead an LLM to
+        Additionally, LLMs are bad at capturing the point of a text. Unless extreme care is taken when prompting, it is
-        produce an inaccurate summary of a text that agrees with the prompt, but misses the gist of the text. Therefore,
+        easy to lead an LLM to produce an inaccurate summary of a text that agrees with the prompt, but misses the gist
-        extreme caution should be applied when using an LLM for summarization, and LLM output should be checked
+        of the text. Therefore, extreme caution should be applied when using an LLM for summarization, and LLM output
-        diligently in such instances.
+        should be checked diligently in such instances.
-    \item LLMs are bad at generating text from scratch. Especially on topics of academic interest that are novel and
+    \item Contemporary LLMs are bad at generating text from scratch. Especially on topics of academic interest that are
-        that do not have well-known answers that can be found in the training corpus for these models, in general they
+        novel and that do not have well-known answers that can be found in the training corpus for these models, in
-        will not produce useful text when prompted. Therefore, LLMs should never be used to generate novel text.
+        general they will not produce useful text when prompted. Therefore, LLMs should never be used to generate novel
-    \item LLMs are really bad at giving references. Prompts that ask for academic references on a topic are likely to
+        text.
-        produce non-existing ``hallucinated'' references. The existing references an LLM is most likely to dig up
+    \item Contemporary LLMs are bad at giving references. Prompts that ask for academic references on a topic are likely
+        to produce non-existing ``hallucinated'' references. The existing references an LLM is most likely to dig up
         usually occur on the first page of a web search on the topic, or are frequently cited in literature on the
         topic. Thus, LLMs should never be directly queried for references. When researching a new concept, a better use
         of an LLM is the generation of query strings for search engines like Google Scholar.

chapter-introduction/chapter.tex

@@ -34,15 +34,6 @@
 % designs, code and data as open source to create the groundwork for future research, and sow the seeds for a new
 % generation of secure hardware that will be able to resist a rising tide of fascist and authoritarian movements.
 %
-% 
-% 
-% Research questions:
-% 1. can hsm w/o proprietary mesh?
-% 2. how do meshes look like in practice?
-% 3. can we improve monitoring?
-% 4. can we solve power transfer issue 
-% 5. applications
-%
 
 \emph{No Gods, No Masters} is an anarchist slogan originating in the 19\textsuperscript{th} century that expresses a
 rejection of authorities~\cite{broussaisOriginesDeviseAnarchiste2022,guerinNoGodsNo2005,blomNoGodsNo2025}. In modern
@@ -86,7 +77,9 @@ systems are still routinely compromised~\cite{
     goldmanUnrestrainedChineseCyberattackers2025,
     scott-railtonWhoseAuthorityPegasus2024,
     quintinSomethingRememberUs2024,
-    marczakGraphiteCaughtFirst2025}.
+    marczakGraphiteCaughtFirst2025,
+    PredatorFilesTechnical2023,
+    PakistanMassSurveillance2025}.
 A fundamental flaw of any practical cryptographic system is that secure algorithms have to run on hardware, and even
 today, average computing hardware provides little physical security~\cite{
     gotzfriedCacheAttacksIntel2017,
@@ -128,30 +121,39 @@ cryptographic engineering is Kerckhoffs' principle\footnote{
     as well as a translation of the cited part from French. The original source is
     \textcite{kerckhoffsCryptographieMilitaire1883}.
 }, named after Dutch military cryptographer Auguste Kerckhoffs. Kerckhoffs' principle expresses that the security of a
-cryptographic system should only depend on the secrecy of its keys, not on the secrecy of its design. In this way,
+cryptographic system should only depend on the secrecy of its keys, not on the secrecy of its design. Existing
-Kerckhoff's principle states the opposite of the widespread industry practice of \emph{Security by Obscurity}, which
+commercial designs routinely contravene Kerckhoff's principle by applying the widespread industry practice of
-aims to achieve security by making it sufficiently costly to cryptoanalyze a system that the attempt becomes
+\emph{Security by Obscurity}. Even in academic related work, the principle is sometimes violated by omitting
-unattractive. All existing commercial HSM designs as well as some existing academic related work violate this principle
+implementation and methodological details in the interest of patents and commercial exploitation. By publishing all
-by keeping details of their implementation such as the precise mesh dimensions and manufacturing methods secret. By
+details of our research into HSMs and their components, we provide the foundation for future independent research.
-publishing all details of our research into HSMs and their components, we provide the foundation for future independent
-research.
 
-Complementary to Kerckhoff's principle is the principle of least authority, which describes that in a secure system each
+Beyond applying Kerckhoffs' principle, publishing our design also enables independent replication. Our design is
-component should only have access to the smallest set of capabilities necessary to fulfill its purpose. Applying both to
+based entirely on standard components and does not require bespoke manufacturing processes. Both commercial and academic
-a cryptographic system means that the system's design should be transparent and not include any hidden components or
+existing HSM tamper sensing designs require bespoke manufacturing methods or custom integrated circuits
-opaque parts that cannot be inspected, and that the system's keys should be scoped to place the least amount of trust
+(ICs)~\cite{
-possible in each participating party. Existing HSMs are an example of a violation of the principle of least authority
+    obermaierPUFfilmMethodProducing2023,
-since they elevate the HSM manufacturer to a single point of failure. The tamper sensing mesh foils used in conventional
+    immler2019,
-HSMs are made in proprietary, bespoke processes, and cannot be manufactured independently. Our proposed design can be
+    garbTamperSensitiveDesignPUFBased,
-replicated from standard components and eliminates this issue.
+    immlerBTREPIDBatterylessTamperresistant2018}.
+This creates a single point of failure in the manufacturer, and opens up an opportunity for a hardware supply-chain
+attack~\cite{harrisonSoKSecurityArchitects2025}. Such supply chain attacks can be mitigated by independently
+manufacturing our design.
 
 \section{Research Questions and Contributions}
 
 Based on the current state of the field of hardware security, we deduce three overarching research questions for this
 thesis that progress from theory to practical deployment.
 
+% Research questions:
+% 1. can hsm w/o proprietary mesh?
+% 2. how do meshes look like in practice?
+% 3. can we improve monitoring?
+% 4. can we solve power transfer issue 
+% 5. applications
+%
 \begin{enumerate}
-    \item Can we achieve physical security without relying on conventional tamper-sensing meshes?
+    \item Can we achieve physical security without relying on a conventional tamper-sensing meshes that requires a
+        bespoke manufacturing process?
     \item Can we monitor tamper-sensing meshes at a higher detail level than the state of the art of a single, scalar
         measurement?
     \item Can we create the support components necessary to integrate a system that provides a practical security

hsm-terminology-notes.tex

@@ -29,13 +29,13 @@ draw a distinction in its terminology between the two classes.
 
 \section{Use in government standards}
 
-Under US national standard FIPS 140 in in its 2002 version
+Under the still widely used US national standard FIPS 140 in in its 2002 version
 2~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2002}, a HSM would be called a
-\emph{Multiple-Chip Cryptographic Module} that conforms to the standard's \emph{Security Level 4}. Interesting to note
+\emph{Multiple-Chip Cryptographic Module} that conforms to the standard's \emph{Security Level} 4 out of 4. Interesting
-are that only security level 4 requires any active tamper detection and response, so its security levels 3 and below do
+to note are that only level 4 requires any active tamper detection and response, so devices compliant only up to levels
-not align with our HSM definition. Futher of note is that according to the standard, a single-chip solution does not
+3 and below do not align with our HSM definition. Futher of note is that according to the standard, a single-chip
-require any tamper detection and response either to meet the standard's security level 4, which is in misalignment with
+solution does not require any tamper detection and response either to meet the standard's security level 4, which is in
-our definition. The standard's 2019 updated version FIPS
+misalignment with our definition. The standard's 2019 updated version FIPS
 140-3~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2019} defers to the
 international standards ISO/IEC 19790 and 24759.
 
@@ -49,17 +49,17 @@ The Payment Card Industry Security Standards Council (PCI SSC) is an association
 defines standards for all layers of card payment processing, from card payment terminals in stores to the handling of
 payment data in online shop backend systems.
 
-PCI SSC terminology aligns with our use and with common everyday use of the term HSM. In PCI SSC terminology, a HSM is a
+PCI SSC terminology aligns with our definition and with common everyday use of the term HSM. In PCI SSC terminology, a
-crytographic device that has active tamper detecion and response circuitry. However, PCI SSC terminology differs from
+HSM is a crytographic device that has active tamper detecion and response circuitry. However, PCI SSC terminology
-our use of the term HSM in one nuance: In PCI SSC terminology, a HSM is specifically a datacenter device used for
+differs from our use of the term HSM in one nuance: In PCI SSC terminology, a HSM is specifically a datacenter device
-backend processing of payment data. The general class of ``hardware devices performing some security function with or
+used for backend processing of payment data. The general class of ``hardware devices performing some security function
-without particular physical security requirements'' that ISO/IEC 19790 and other standards call a \emph{Hardware
+with or without particular physical security requirements'' that ISO/IEC 19790 and other standards call a \emph{Hardware
 Cryptographic Module}, in PCI SSC terminology is termed \emph{Secure Cryptographic Device (SCD)} in more recent standard
 versions, which was updated from the previous term \emph{Tamper-Resistant Security Module (TRSM)}. Other than HSMs, PCI
 SSC includes smartcards and card payment terminals in this category. Card payment terminals, referred to as
 \emph{Pin-Entry Device (PED)} in PCI SSC standards, have to include a surprising amount of active tamper detection and
-response functionality including partial coverage of areas like they system's main cryptographic processor and smart
+response functionality including partial coverage of areas like their main cryptographic processor and smart card reader
-card reader by battery-backed tamper-sensing meshes.
+by battery-backed tamper-sensing meshes. Under our definition, these devices can be classified as a type of HSM. 
 
 \section*{Tamper-Sensing Meshes}
 \addcontentsline{toc}{subsection}{Tamper-Sensing Meshes}
@@ -71,4 +71,7 @@ less clear to people unfamiliar with the matter. It is also polysemous, and depe
 or stamped metal meshes used as fences or as screens in front of windows to prevent break-ins. As a result, it is harder
 to use in online searches, and when using Large Language Models (LLMs), it frequently leads to amusing hallucinations.
 
-
+% FIXME note leo: Das ganze wirkt wie ein guter baustein für eine Einleitung. Für einen Terminologie übersicht ist es
+% ansonsten auch eigentlich zu lang.
+% Splitte das vielleicht auf, ein paar mehr details in den Abstract um die HSM definition etwas zu präzisieren, den rest
+% in die Intro?

main.bib

@@ -2893,6 +2893,19 @@
   langid = {english}
 }
 
+@inproceedings{harrisonSoKSecurityArchitects2025,
+  title = {{{SoK}}: {{A Security Architect}}'s {{View}} of {{Printed Circuit Board Attacks}}},
+  shorttitle = {{{SoK}}},
+  author = {Harrison, Jacob and Jessurun, Nathan and Tehranipoor, Mark},
+  date = {2025},
+  pages = {1907--1924},
+  url = {https://www.usenix.org/conference/usenixsecurity25/presentation/harrison},
+  urldate = {2025-11-27},
+  eventtitle = {34th {{USENIX Security Symposium}} ({{USENIX Security}} 25)},
+  isbn = {978-1-939133-52-6},
+  langid = {english}
+}
+
 @inproceedings{hastingsSoKGeneralPurpose2019,
   title = {{{SoK}}: {{General Purpose Compilers}} for {{Secure Multi-Party Computation}}},
   shorttitle = {{{SoK}}},

thesis.tex

@@ -8,6 +8,7 @@
 \newcommand{\chaptertitle}[1]{
     \chapter{#1}
     \printchapterquote
+    %FIXME note leo: remove minitocs?
     \begin{spacing}{1.1}
         \minitoc
     \end{spacing}
@@ -34,8 +35,8 @@
 
 \clearpage
 \tableofcontents
-\listoffigures
+%\listoffigures
-\listoftables
+%\listoftables
 
 \mainmatter
 \dochapter{chapter-introduction} % Status: In pretty good shape