jaseg/phd-thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Intro WIP

Browse source
This commit is contained in:
jaseg 2025-11-24 19:35:21 +01:00
parent 4b76c78814
commit fc759c3e73
1 changed files with 47 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

83
chapter-introduction/chapter.tex
View file

@ -28,17 +28,6 @@
% physical security is still lacking due to misaligned ecosystem incentices. As Anderson put it,
% todo cite: betrusted
%
% FIXME: quote from anderson: Security economics remains a big soft spot, with security chips being in many
% ways a market for lemons. A banker buying HSMs probably wont be aware of
% the huge gap between FIPS [US national HSM security standard] level 3 and level 4, and understand that level 3 can
% sometimes be defeated with a Swiss army knife. The buying incentive there is
% compliance, and where real security clashes with operations its not surprising
% to see weaker standards designed to make compliance easier. API security is
% too hard, and the difference between HSMs internal and external APIs makes
% it too confusing. The near-abdication of FIPS in favour of ISO 19790 and vari-
% ous protection profiles touted under the Common Criteria will confuse things
% further, as will the UKs move away from the Criteria. Confusion marketing
% and liability games appear set to continue.
%
% Meanwhile in academia,
% In this thesis, we aim to significantly advance the field of hardware security module construction. We publish all
@ -56,43 +45,65 @@
%
\emph{No Gods, No Masters} is an anarchist slogan originating in the 19\textsuperscript{th} century that expresses a
rejection of authorities~\cite{broussaisOriginesDeviseAnarchiste2022,guerinNoGodsNo2005,blomNoGodsNo2025}. While
politically, this blanket rejection today represents a fringe viewpoint with little mainstream acceptance, there exists
a parallel between this and modern cryptographic best practice. In modern cryptography, it is generally seen as best
practice to have the least amount of keys possible involved in any computation and cryptographers have time and time
again strongly rejected attempts by states and other authorities to insert backdoor access mechanisms into cryptographic
systems~\cite{
rejection of authorities~\cite{broussaisOriginesDeviseAnarchiste2022,guerinNoGodsNo2005,blomNoGodsNo2025}. In modern
cryptography, it is generally seen as best practice to have the least amount of parties possible involved in any
computation.
Most cryptographic problems are easily solved by involving a trusted third party (TTP).
% FIXME cite TTP examples
Yet, cryptographers have time and time again rejected attempts to involve third parties in cryptographic
protocols~\cite{
abelsonRisksKeyRecovery1997,
abelsonKeysDoormats2015,
andersonSecurityEngineeringGuide2020,
rogawayMoralCharacterCryptographic2015,
}.
While at a glance it might sound like a fringe position held by people from the Cypherpunk and Hacker movements~\cite{
The field has produced a versatile set of complex tools for tasks as diverse as secure communication,
% FIXME cite: signal, noise, something metadata resistant
private information retrieval,
% FIXME PIR = ORAM?
%FIXME cite ORAM papers, and oblivious transfer papers
and even general computation that decentralize authority and avoid any sort of centralized control.
% FIXME cite MPC papers
While politically, this blanket rejection of authority represents a fringe viewpoint, in cryptography it has a long
tradition originating with the Cypherpunk and Hacker movements~\cite{
andersonCypherpunkEthicsRadical2022,
hughesCypherpunksManifesto,
jarvisCryptoWarsFight2020,
marlinspikeWeShouldAll2013},
it enjoys support far beyond those circles and throughout mainstream academic cryptography. From cryptographic protocol
standards like TLS, to cryptographic applications like the Signal messenger, backdoor access is not only excluded from
the system design, its possibility is considered a vulnerability.
% Measures such as forward secrecy and post-compromise security are taken to mitigate its impact. In computing, this
% design aspect makes cryptographic protocols a unique holdout. In other parts of the stack, explicit or implicit
% backdoor access is commonplace, and attempts at preventing it are rare. For instance, network providers are generally
% required to comply with so-called \emph{Lawful Interception} orders on particular customers or traffic types, and
% datacenter operators commonly provide hardware access to state authorities. The design decisions in cryptographic
% protocols generally hold, and the gold standard for backdoor access to modern systems is either exploiting a
% \emph{zero-day} flaw that is not yet publicly known, or acquiring physical access to the target system.
and extending throughout mainstream academic cryptography.
In this thesis, we aim to extend the level of protection afforded by cryptographic protocol design down the technology
stack. While cryptographic protocols and modern software from the operating system up make it possible to secure the
software side of the stack to a high level, the hardware side remains poorly protected. There are a variety of hardware
security solutions used in practice, but the majority of them either do not target protection against local, physical
attacks -- such as Trusted Platform Modules (TPMs) -- or are not widely available due to market segmentation or cost --
such as conventional Hardware Security Modules (HSMs).
While the aforementioned cryptographic tools enable a large gamut of use cases in theory, in practice cryptographic
systems are still routinely compromised.
% FIXME cite cellphone attacks
The fundamental flaw of any practical cryptographic system is that secure algorithms have to run on hardware, and even
today, average computing hardware provides little physical security.
% FIXME cite TPM attacks
% FIXME cite Intel TXE etc. attacks
\emph{Hardware Security Modules} are a class of devices specifically designed to execute cryptographic algorithms while
providing strict physical security guarantees, but these systems are expensive,
% FIXME citation
and their physical security is often questionable.
% FIXME cite anderson, and immler et al in the early paper with the two HSMs taken apart
% FIXME reference chapter hsm survey?
As \textcite{andersonSecurityEngineeringGuide2020} writes on HSMs and their security standards:
% FIXME page numbers
While anarchists, Cypherpunks and Hackers often reject backdoor access out of political conviction alone,
Cryptographers' aversion to backdoor access derives from a combination of two fundamental computing principles:
\begin{quote}
\begin{flushright}
Security economics remains a big soft spot, with security chips being in many ways a market for lemons. A banker
buying HSMs probably wont be aware of the huge gap between FIPS [US national HSM security standard] level 3 and
level 4, and understand that level 3 can sometimes be defeated with a Swiss army knife. The buying incentive
there is compliance, and where real security clashes with operations its not surprising to see weaker standards
designed to make compliance easier.
\textit{\textcite{andersonSecurityEngineeringGuide2020} p. }
\end{flushright}
\end{quote}
In this thesis, we aim to fill this gap in available, secure hardware and extend the level of protection afforded by
cryptographic protocol design down the technology stack to the hardware level.
% Go into drawbacks of existing HSMs, they violate kerckhoffs' principle
Kerckhoffs' principle, and the principle of least authority. Kerckhoffs' principle\footnote{
\textcite{petitcolasKerckhoffsPrinciplesCryptographie} contains a high-quality OCR'ed copy of the original source,
as well as a translation of the cited part from French. The original source is