74 lines
5.5 KiB
TeX
74 lines
5.5 KiB
TeX
\chapter*{A Note on Hardware Security Module Terminology}
|
|
\adjustmtc
|
|
\addcontentsline{toc}{chapter}{A Note on Hardware Security Module Terminology}
|
|
|
|
In this thesis, we use the term \emph{Hardware Security Module (HSM)} to refer to a security device that has the
|
|
following three properties.
|
|
|
|
\begin{enumerate}
|
|
\item A HSM targets the prevention of any conceivable physical attack. In particular, this includes intrusion attempts
|
|
such as careful drilling or cutting into the device from any direction.
|
|
\item A HSM includes tamper sensors that when triggered result in an active tamper response, usually deleting all
|
|
cryptographic secrets and rendering the device inoperable.
|
|
\item A HSM's tamper sensing and response subsystem is continuously powered from a backup power supply, usually a
|
|
battery. Loss of power triggers the tamper response.
|
|
\end{enumerate}
|
|
|
|
This use of the term \emph{HSM} aligns with common usage of the term both in the academic literature and in everyday
|
|
conversation. Particularly the requirement of active tamper detection and response is crucial to distinguish a HSM from
|
|
simpler devices such as TPMs, smart cards or secure enclaves in SoCs. Note that our use of the term HSM is slightly
|
|
different from its use in government standards, from its use in the PCI SSC (Payment Card Industry Security Standards
|
|
Council) standards, and from its industry use.
|
|
|
|
In industry, the term HSM is often used for solutions that are only logically segregated and that do not include any
|
|
particular defense against hardware attacks. Our conjecture is that this is a consequence of the standardization
|
|
landscape, where for applications outside of card payment processing the US FIPS
|
|
140-22~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2002} standard was central to
|
|
the industry. Despite encompassing both devices that include active tamper detection and response, FIPS 140-2 did not
|
|
draw a distinction in its terminology between the two classes.
|
|
|
|
\section{Use in government standards}
|
|
|
|
Under US national standard FIPS 140 in in its 2002 version
|
|
2~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2002}, a HSM would be called a
|
|
\emph{Multiple-Chip Cryptographic Module} that conforms to the standard's \emph{Security Level 4}. Interesting to note
|
|
are that only security level 4 requires any active tamper detection and response, so its security levels 3 and below do
|
|
not align with our HSM definition. Futher of note is that according to the standard, a single-chip solution does not
|
|
require any tamper detection and response either to meet the standard's security level 4, which is in misalignment with
|
|
our definition. The standard's 2019 updated version FIPS
|
|
140-3~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2019} defers to the
|
|
international standards ISO/IEC 19790 and 24759.
|
|
|
|
ISO/IEC 19790~\cite{ISOIEC19790} and ISO/IEC 24759~\cite{ISOIEC24759} call what we call a HSM a \emph{Hardware
|
|
Cryptographic Module} corresponding with the standards \emph{Security Level 4}. However, these standards only require
|
|
active tamper detection and response when cryptographic secrets are transmitted in plaintext between chips.
|
|
|
|
\section{Use in card payment processing (PCI SSC) standards}
|
|
|
|
The Payment Card Industry Security Standards Council (PCI SSC) is an association of credit card network operators that
|
|
defines standards for all layers of card payment processing, from card payment terminals in stores to the handling of
|
|
payment data in online shop backend systems.
|
|
|
|
PCI SSC terminology aligns with our use and with common everyday use of the term HSM. In PCI SSC terminology, a HSM is a
|
|
crytographic device that has active tamper detecion and response circuitry. However, PCI SSC terminology differs from
|
|
our use of the term HSM in one nuance: In PCI SSC terminology, a HSM is specifically a datacenter device used for
|
|
backend processing of payment data. The general class of ``hardware devices performing some security function with or
|
|
without particular physical security requirements'' that ISO/IEC 19790 and other standards call a \emph{Hardware
|
|
Cryptographic Module}, in PCI SSC terminology is termed \emph{Secure Cryptographic Device (SCD)} in more recent standard
|
|
versions, which was updated from the previous term \emph{Tamper-Resistant Security Module (TRSM)}. Other than HSMs, PCI
|
|
SSC includes smartcards and card payment terminals in this category. Card payment terminals, referred to as
|
|
\emph{Pin-Entry Device (PED)} in PCI SSC standards, have to include a surprising amount of active tamper detection and
|
|
response functionality including partial coverage of areas like they system's main cryptographic processor and smart
|
|
card reader by battery-backed tamper-sensing meshes.
|
|
|
|
\section*{Tamper-Sensing Meshes}
|
|
\addcontentsline{toc}{subsection}{Tamper-Sensing Meshes}
|
|
|
|
In this thesis, we use the terms \emph{Tamper-Sensing Mesh} and \emph{Security Mesh} synonymous. We use both terms to
|
|
refer to any electrical circuit whose path is laid out to cover a surface with the intent of detecting attempts at
|
|
drilling, cutting or otherwise manipulating this surface. While the term \emph{Security Mesh} is more concise, it is
|
|
less clear to people unfamiliar with the matter. It is also polysemous, and depending on context can also refer to woven
|
|
or stamped metal meshes used as fences or as screens in front of windows to prevent break-ins. As a result, it is harder
|
|
to use in online searches, and when using Large Language Models (LLMs), it frequently leads to amusing hallucinations.
|
|
|
|
|