50 lines
4 KiB
TeX
50 lines
4 KiB
TeX
|
|
\chapter*{Abstract}
|
|
\adjustmtc
|
|
\addcontentsline{toc}{chapter}{Abstract}
|
|
|
|
%Through advancements in cryptography, nowadays it is feasible to construct networked computer systems that for all
|
|
%intents and purposes cannot be hacked over the network. Correctly applying cryptographic protocols and techniques such
|
|
%as formal verification, it can be ensured that a software implementation is a flawless representation of its theoretical
|
|
%model, and that the theoretical model is secure given universally accepted cryptographic assumptions. Despite
|
|
|
|
% FIXME leo's notes
|
|
With cryptographic advancements and techniques like formal verification leading to increasingly secure software, the
|
|
hardware level advances into the focus of contemporary applied computer security research. However, the state of the art
|
|
in hardware security still often relies on the use of microelectronic integration to achieve security by obscurity over
|
|
more fundamental security guarantees. System-level tamper protection is sometimes used, but remains relegated to niche
|
|
applications due to the high cost and low performance of devices like Hardware Security Modules (HSMs).
|
|
|
|
In this thesis, Jan Sebastian Götte introduces the Inertial Hardware Security Module (IHSM), a new architecture for
|
|
low-cost hardware security modules that provide high-level active tamper protection, while supporting computing payloads
|
|
of much larger size, weight and power dissipation compared to conventional HSMs. In an IHSM, the costly and difficult to
|
|
source tamper-sensing mesh of a conventional HSM is replaced by a mesh made from simple PCBs that is rotating at high
|
|
speed around the payload. Since the mesh is rotating, it cannot be manipulated, and the security of conventional meshes
|
|
created in bespoke manufacturing processes can be achieved using much simpler and less expensive construction
|
|
techniques. We present the results of a survey of approximately 30 real world tamper sensing mesh implementations. We
|
|
deduce design criteria for secure meshes and contextualize our design. We further motivate the necessity of secure
|
|
hardware by presenting an analysis of problematic aspects in the hardware security design of Germany's new national
|
|
electronic health record system.
|
|
|
|
To pave the way for practical implementations of IHSM technology, we present solutions to key engineering challenges in
|
|
IHSM construction. We present a design and analysis of highly symmetric planar inductors for rotating wireless power
|
|
transfer.
|
|
% FIXME improvement in numbers
|
|
We present a high-fidelity, low-cost monitoring system for security meshes that is based on the principles of
|
|
Time-Domain Reflectometry (TDR). We validate our system and find that it is able to reliably detect several classes of
|
|
advanced physical attacks. We find that our system is sensitive enough to detect differences between identical copies of
|
|
the same mesh, suggesting PUF-like properties.
|
|
|
|
Applying IHSM technology, we analyse two use cases that are unlocked by the increased size and power dissipation
|
|
capability of IHSMs. In the first analysis, an IHSM-secured relay node for Quantum Key Distribution (QKD) systems is
|
|
proposed, enabling their practical implementation across arbitrary distances, which requires trusted relay stations due
|
|
to fundamental physical limitations. In the study, IHSMs are adapted for such high-security QKD relays by securing the
|
|
IHSM mesh passthrough with a secondary tamper-sensing mesh. In this setup, a bracket design is proposed that supports
|
|
passing through optical fibers at low loss.
|
|
|
|
The second proposed use case adapts an IHSM enclosure to the size, power and thermal dissipation requirements of a
|
|
high-power server to support co-located secure Multiparty Computation (MPC) workloads. In practical MPC deployments,
|
|
nodes are distributed across data centers to avoid a single point of failure for physical attacks. As a result,
|
|
practical MPC deployments are limited by network bandwidth and latency constraints. Using IHSMs, physically secured MPC
|
|
nodes can be deployed within the same data center, increasing bandwidth, reducing latency and unlocking a new
|
|
performance spectrum.
|