diff options
author | jaseg <git@jaseg.de> | 2023-10-14 17:43:54 +0200 |
---|---|---|
committer | jaseg <git@jaseg.de> | 2023-10-14 17:43:54 +0200 |
commit | ab0eb2b834856c19a195c98435c4525fba08376a (patch) | |
tree | b962891099a5393219116703c729d7fc7c5b2d11 /blog/ihsm-worlds-first-diy-hsm/index.html | |
parent | 29f6e652de5fffa990d5786131b6760a56785442 (diff) | |
parent | 3a636e545bc258ba3ecec3ede8b31ac113309313 (diff) | |
download | blog-ab0eb2b834856c19a195c98435c4525fba08376a.tar.gz blog-ab0eb2b834856c19a195c98435c4525fba08376a.tar.bz2 blog-ab0eb2b834856c19a195c98435c4525fba08376a.zip |
deploy.py auto-commit
Diffstat (limited to 'blog/ihsm-worlds-first-diy-hsm/index.html')
-rw-r--r-- | blog/ihsm-worlds-first-diy-hsm/index.html | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/blog/ihsm-worlds-first-diy-hsm/index.html b/blog/ihsm-worlds-first-diy-hsm/index.html new file mode 100644 index 0000000..67a3732 --- /dev/null +++ b/blog/ihsm-worlds-first-diy-hsm/index.html @@ -0,0 +1,81 @@ +<!DOCTYPE html> +<html><head> + <meta charset="utf-8"> + <title>New Paper on Inertial Hardware Security Modules | Home</title> + <meta name="description" content=""> + <meta name="viewport" content="width=device-width, initial-scale=1"> + <meta name="mobile-web-app-capable" content="yes"> + <meta name="color-scheme" content="dark light"> + <link rel="stylesheet" href="/style.css"> +</head> +<body><nav> + <div class="internal"> + + <a href="/" title="Home">Home</a> + <a href="/blog/" title="Blog">Blog</a> + <a href="/projects/" title="Projects">Projects</a> + <a href="/about/" title="About">About</a> + </div> + <div class="external"> + <a href="https://git.jaseg.de/" title="cgit">cgit</a> + <a href="https://github.com/jaseg" title="Github">Github</a> + <a href="https://gitlab.com/neinseg" title="Gitlab">Gitlab</a> + <a href="https://chaos.social/@jaseg" title="Mastodon">Mastodon</a> + </span> +</nav> + + <header> + <h1>New Paper on Inertial Hardware Security Modules</h1> +<ul class="breadcrumbs"> + <li><a href="/">jaseg.de</a></li> + <li><a href="/blog/">Blog</a></li><li><a href="/blog/ihsm-worlds-first-diy-hsm/">New Paper on Inertial Hardware Security Modules</a></li> +</ul> + <strong>2021-11-23</strong> + </header> + <main> + <div class="document" id="world-s-first-diy-hsm"> +<h1 class="title">World's First DIY HSM</h1> + +<p>Last week, Prof. Dr. Björn Scheuermann and I have <a class="reference external" href="https://tches.iacr.org/index.php/TCHES/article/view/9290">published our first joint paper on Hardware Security Modules</a>. In our paper, we introduce Inertial Hardware Security +Modules (IHSMs), a new way of building high-security HSMs from basic components. I think the technology we demonstrate +in our paper might allow some neat applications where some civil organization deploys a service that no one, not even +they themselves, can snoop on. Anyone can built an IHSM without needing any fancy equipment, which makes me optimistic +that maybe the ideas of the <a class="reference external" href="https://www.activism.net/cypherpunk/manifesto.html">Cypherpunk movement</a> aren't obsolete +after all, despite even the word "crypto" having been co-opted by radical capitalist environmental destructionists.</p> +<p>An IHSM is basically an ultra-secure enclosure for something like a server or a raspberry pi that even someone with +unlimited resources would have a really hard time cracking without destroying all data stored in it. The principle of an +IHSM is the same as that of a <a class="reference external" href="http://jaseg.de/blog/hsm-basics/">normal HSM</a>. You have a payload that contains really secret data. There's really no way +to prevent an attacker with physical access to the thing from opening it given enough time and abrasive discs for their +angle grinder. So what you do instead is that you make it self-destruct its secrets within microseconds of anyone +tampering with it. Usually, such HSMs are used for storing credit card pins and other financial data. They're expensive +as fuck, all the while being about the same processing speed as a smartphone. Traditional HSMs use printed or +lithographically patterned conductive foils for their security mesh. These foils are not an off-the-shelf component and +are made in a completely custom manufacturing process. To create your own, you would have to re-engineer that entire +process and probably spend some serious money on production machines.</p> +<p>Inertial HSMs take the concept of traditional HSMs, but replace the usual tamper detection mesh with a few security mesh +PCBs. These PCBs are coarser than traditional meshes by orders of magnitude, and would alone not even be close to enough +to keep out even a moderately motivated attacker. IHSMs fix this issue by spinning the entire tamper detection mesh at +very high speed. To tamper with the mesh, an attacker would have to stop it. This, in turn, can be easily detected by +the mesh's alarm circuitry using a simple accelerometer as a rotation sensor.</p> +<p>In our paper, we have shown a working prototype of the core concepts one needs to build such an IHSM. To build an IHSM +you only need a basic electronics lab. I built the prototype in our paper at home during one of Germany's COVID +lockdowns. You can have a look at our code and CAD on <a class="reference external" href="https://git.jaseg.de/ihsm.git">my git</a>. What is missing right +now is an integration of all of these fragments into something cohesive that an interested person with the right tools +could go out and build. We are planning to release this sort of documentation at some point, but right now we are +focusing our effort on the next iteration of the design instead. Stay tuned for updates ;)</p> +</div> + </main><footer> + Copyright © 2023 Jan Sebastian Götte + / <a href="/about/">About</a> + / <a href="/imprint/">Imprint</a> +</footer> +<script> + if(navigator.getEnvironmentIntegrity!==undefined)document.querySelector('body').innerHTML=`<h1>Your browser + contains Google DRM</h1>"Web Environment Integrity" is a Google euphemism for a DRM that is designed to + prevent ad-blocking, and which Google has forced into their browsers against widespread public opposition. + In support of an open web, this website does not function with this DRM. Please install a browser such + as <a href="https://www.mozilla.org/en-US/firefox/new/">Firefox</a> that respects your freedom and supports + ad blockers.`; + </script> + </body> +</html> |