summaryrefslogtreecommitdiff
path: root/blog/ihsm-worlds-first-diy-hsm
diff options
context:
space:
mode:
authorjaseg <git@jaseg.de>2023-03-19 18:58:10 +0100
committerjaseg <git@jaseg.de>2023-03-19 18:58:10 +0100
commit1cf2411d4e021c010a3ddbb01764776db254c92a (patch)
tree747e304c7f55a3f328def721d0941e9b0f380bdb /blog/ihsm-worlds-first-diy-hsm
parent3c6957467fc401648369905efae98c0a228af752 (diff)
parent520b18c751b20e96059d4bda84df011d81f76eb7 (diff)
downloadblog-1cf2411d4e021c010a3ddbb01764776db254c92a.tar.gz
blog-1cf2411d4e021c010a3ddbb01764776db254c92a.tar.bz2
blog-1cf2411d4e021c010a3ddbb01764776db254c92a.zip
deploy.py auto-commit
Diffstat (limited to 'blog/ihsm-worlds-first-diy-hsm')
-rw-r--r--blog/ihsm-worlds-first-diy-hsm/index.html70
1 files changed, 70 insertions, 0 deletions
diff --git a/blog/ihsm-worlds-first-diy-hsm/index.html b/blog/ihsm-worlds-first-diy-hsm/index.html
new file mode 100644
index 0000000..db95329
--- /dev/null
+++ b/blog/ihsm-worlds-first-diy-hsm/index.html
@@ -0,0 +1,70 @@
+<!DOCTYPE html>
+<html><head>
+ <meta charset="utf-8">
+ <title>New Paper on Inertial Hardware Security Modules | Home</title>
+ <meta name="description" content="">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+ <meta name="mobile-web-app-capable" content="yes">
+ <meta name="color-scheme" content="dark light">
+ <link rel="stylesheet" href="/style.css">
+</head>
+<body><nav>
+
+ <a href="/" title="Home">Home</a>
+ <a href="/blog/" title="Blog">Blog</a>
+ <a href="/projects/" title="Projects">Projects</a>
+ <a href="/about/" title="About">About</a>
+ <span class="spacer"></span>
+ <a href="https://git.jaseg.de/" title="cgit">cgit</a>
+ <a href="https://github.com/jaseg" title="Github">Github</a>
+ <a href="https://gitlab.com/neinseg" title="Gitlab">Gitlab</a>
+ <a href="https://chaos.social/jaseg" title="Mastodon">Mastodon</a>
+</nav>
+
+ <header>
+ <h1>New Paper on Inertial Hardware Security Modules</h1>
+<ul class="breadcrumbs">
+ <li><a href="/">jaseg.de</a></li>
+ <li><a href="/blog/">Blog</a></li><li><a href="/blog/ihsm-worlds-first-diy-hsm/">New Paper on Inertial Hardware Security Modules</a></li>
+</ul>
+ <strong>2021-11-23</strong>
+ </header>
+ <main>
+ <div class="document" id="world-s-first-diy-hsm">
+<h1 class="title">World's First DIY HSM</h1>
+
+<p>Last week, Prof. Dr. Björn Scheuermann and I have <a class="reference external" href="https://tches.iacr.org/index.php/TCHES/article/view/9290">published our first joint paper on Hardware Security Modules</a>. In our paper, we introduce Inertial Hardware Security
+Modules (IHSMs), a new way of building high-security HSMs from basic components. I think the technology we demonstrate
+in our paper might allow some neat applications where some civil organization deploys a service that no one, not even
+they themselves, can snoop on. Anyone can built an IHSM without needing any fancy equipment, which makes me optimistic
+that maybe the ideas of the <a class="reference external" href="https://www.activism.net/cypherpunk/manifesto.html">Cypherpunk movement</a> aren't obsolete
+after all, despite even the word &quot;crypto&quot; having been co-opted by radical capitalist environmental destructionists.</p>
+<p>An IHSM is basically an ultra-secure enclosure for something like a server or a raspberry pi that even someone with
+unlimited resources would have a really hard time cracking without destroying all data stored in it. The principle of an
+IHSM is the same as that of a <a class="reference external" href="http://jaseg.de/blog/hsm-basics/">normal HSM</a>. You have a payload that contains really secret data. There's really no way
+to prevent an attacker with physical access to the thing from opening it given enough time and abrasive discs for their
+angle grinder. So what you do instead is that you make it self-destruct its secrets within microseconds of anyone
+tampering with it. Usually, such HSMs are used for storing credit card pins and other financial data. They're expensive
+as fuck, all the while being about the same processing speed as a smartphone. Traditional HSMs use printed or
+lithographically patterned conductive foils for their security mesh. These foils are not an off-the-shelf component and
+are made in a completely custom manufacturing process. To create your own, you would have to re-engineer that entire
+process and probably spend some serious money on production machines.</p>
+<p>Inertial HSMs take the concept of traditional HSMs, but replace the usual tamper detection mesh with a few security mesh
+PCBs. These PCBs are coarser than traditional meshes by orders of magnitude, and would alone not even be close to enough
+to keep out even a moderately motivated attacker. IHSMs fix this issue by spinning the entire tamper detection mesh at
+very high speed. To tamper with the mesh, an attacker would have to stop it. This, in turn, can be easily detected by
+the mesh's alarm circuitry using a simple accelerometer as a rotation sensor.</p>
+<p>In our paper, we have shown a working prototype of the core concepts one needs to build such an IHSM. To build an IHSM
+you only need a basic electronics lab. I built the prototype in our paper at home during one of Germany's COVID
+lockdowns. You can have a look at our code and CAD on <a class="reference external" href="https://git.jaseg.de/ihsm.git">my git</a>. What is missing right
+now is an integration of all of these fragments into something cohesive that an interested person with the right tools
+could go out and build. We are planning to release this sort of documentation at some point, but right now we are
+focusing our effort on the next iteration of the design instead. Stay tuned for updates ;)</p>
+</div>
+ </main><footer>
+ Copyright © 2023 Jan Sebastian Götte
+ / <a href="/about/">About</a>
+ / <a href="/imprint/">Imprint</a>
+</footer>
+</body>
+</html>