72 lines
6.3 KiB
TeX
72 lines
6.3 KiB
TeX
\chapterquote{Phillip Rogaway~\cite{rogawayMoralCharacterCryptographic2015}}{
|
|
Cryptography rearranges power: it configures who can do what, from what. This makes cryptography an inherently
|
|
political tool, and it confers on the field an intrinsically moral dimension.}
|
|
\chapter{Conclusion}
|
|
|
|
In this thesis, we provided an examination of the field of Hardware Security Modules both from an academic perspective
|
|
and with regards to their practical implementation. We answered our first research question introduced in
|
|
Chapter~\ref{chapter-intro} on the current state of the art in Chapters~\ref{chapter-epa} and \ref{chapter-survey},
|
|
providing a comprehensive view of practical implementations. Chapter~\ref{chapter-epa} motivates our research using the
|
|
German national digital health record system as an example that demonstrates the difficulties in achieving practical
|
|
hardware security. Besides some minor cryptographic oddities, our analysis reveals at least one essential specification
|
|
mistake that negates the hardware security of the system by unnecessarily introducing a poorly protected HSM. In
|
|
Chapter~\ref{chapter-survey}, we answer our second research question in a detailed survey of a wide range of devices
|
|
that utilize tamper-sensing meshes, distilling a set of criteria for the design of secure tamper-sensing meshes. In
|
|
Chapter~\ref{chapter-ihsm}, we propose Inertial Hardware Security Modules (IHSMs), a new approach to physical security
|
|
that combines conventional tamper-sensing meshes with physical movement. IHSMs enable bootstrapping a highly secure
|
|
system from low-security, off-the-shelf parts, thereby solving our third research question on achieving physical
|
|
security without bespoke components. We support the construction of concretely secure IHSMs by providing deep analyses
|
|
of two key engineering challenges in IHSM construction, mesh monitoring and power transfer. Solving our fourth research
|
|
question on mesh monitoring fidelity, we propose a low-cost TDR-based mesh monitoring system that exceeds the
|
|
capabilities of previous systems from academic or from patent literature. Our system is capable of monitoring large
|
|
meshes while simultaneously providing detailed results. Our TDR-based mesh monitoring system is of independent interest,
|
|
since it can also be integrated into traditional HSM designs. Solving our fifth research question on ripple reduction
|
|
for rotating Wireless Power Transfer for IHSMs, we propose a new, generalized design for high-frequency PCB inductors
|
|
with low parasitic capacitance. Beyond our IHSM application, our design provides better bandwidth and lower parasitic
|
|
capacitance compared to the state of the art without increasing implementation cost. We conclude this thesis with two
|
|
chapters elaborating on two new use cases that are made possible by IHSM technology due to its ability to protect large
|
|
payloads that have high power consumption. Together, these results answer our sixth and final research question.
|
|
|
|
The research presented in this thesis is aimed at advancing both academic research and applied engineering in hardware
|
|
security. We believe that by publishing our research including its artifacts under open source licenses, we provide the
|
|
basis for future research in tamper-sensing technology, a field that remains under-served in today's academic landscape.
|
|
|
|
Recent history has shown that state-level adversaries are a mounting threat to civil rights organizations, human rights
|
|
lawyers, members of minorities, and many others. While western democracies used to be considered safe havens of human
|
|
rights, today human rights are under attack both from within and from the outside in countries across the globe.
|
|
Publishing IHSM technology as open source, we hope to provide one building block for new computing systems accessible to
|
|
all that are resilient and secure in the face of growing adversity.
|
|
|
|
\section*{Outlook}
|
|
|
|
With the research contributions we presented in this thesis, we open up a new field of hardware security research
|
|
centered on Inertial HSMs and improvements to conventional tamper sensing meshes. Below, we will list some research
|
|
directions that we consider worthwhile for future investigation.
|
|
|
|
\begin{itemize}
|
|
\item Improving the resolution of the sampling mesh monitoring approach we presented in
|
|
Chapter~\ref{chapter_sampling_mesh_mon}. Possible improvements include increasing pulse risetime through a discrete
|
|
transistor amplifier circuit, as well as evaluating an FPGA as a replacement for the microcontroller to take
|
|
advantage of the improved delay primitives offered by many FPGA families.
|
|
\item Characterizing the PUF-like effects we observed in Chapter~\ref{chapter_sampling_mesh_mon} in mesh coupons using
|
|
our sampling mesh monitoring approach.
|
|
\item Integrating IHSM technology with a HSM firmware implementation into a small form factor to create a portable IHSM.
|
|
A small form factor introduces new challenges besides the mere integration of the necessary circuitry and placement
|
|
of the mesh. For instance, wireless power and data transfer would need to be integrated with the device without
|
|
disrupting mesh monitoring. An on-axis solution would likely require magnetic shielding materials and possible
|
|
non-magnetic ceramic bearings. Furthermore, integrating a sufficiently small motor and optimizing the design for
|
|
long bearing life is challenging at the high rotation speed necessary at a small overall diameter. Finally, at high
|
|
speeds, precisely balancing the whole assembly to avoid vibrations that could lead to early mechanical failure is
|
|
difficult.
|
|
\item Tackling motor control algorithms for IHSMs and developing tamper sensors based on counter-electromotive force as
|
|
a defense-in-depth measure.
|
|
\item Integrating the IHSM hardware concept with software research on secure enclave and cryptographic coprocessors.
|
|
\item Exploring IHSM applications beyond what we outlined in this thesis. For instance, one application of recent
|
|
interests would be physically securing GPUs used for AI training. The background for such work could be either
|
|
export control motivations, or a concern for security and privacy of user input, training data, or even trained
|
|
weights.
|
|
\end{itemize}
|
|
|
|
We will proceed with future research into IHSM applications. We have published our results up to this point as open
|
|
source hardware and software, and we intend to build on these publications.
|
|
|