summaryrefslogtreecommitdiff
path: root/content
diff options
context:
space:
mode:
authorjaseg <git@jaseg.de>2021-11-23 18:40:11 +0100
committerjaseg <git@jaseg.de>2021-11-23 18:40:11 +0100
commitc4af22d85261daef45b8540eb19bccf3c9a200bb (patch)
treee82897f1b1c2f7813711fbda4ff97212863f7213 /content
parent3dfca328ee4747f6258ef2d1e3b9efb69fcddfab (diff)
downloadblog-c4af22d85261daef45b8540eb19bccf3c9a200bb.tar.gz
blog-c4af22d85261daef45b8540eb19bccf3c9a200bb.tar.bz2
blog-c4af22d85261daef45b8540eb19bccf3c9a200bb.zip
Finish HSM basics post
Diffstat (limited to 'content')
-rw-r--r--content/posts/hsm-basics/index.rst31
1 files changed, 18 insertions, 13 deletions
diff --git a/content/posts/hsm-basics/index.rst b/content/posts/hsm-basics/index.rst
index 99aedba..306edcd 100644
--- a/content/posts/hsm-basics/index.rst
+++ b/content/posts/hsm-basics/index.rst
@@ -113,21 +113,26 @@ The core component of an HSM blueprint would be a suite of tamper detection mech
to improve on the current state of the art of membrane tamper switches plus temperature sensors plus PCB and printed
security meshes plus potting.
-Improvements on existing techniques
------------------------------------
-
-Light sensors
-~~~~~~~~~~~~~
-**Advanced analog sensing**
-**Self-test functionality**
-
-Security meshes
-~~~~~~~~~~~~~~~
-**Analog sensing**
-
-
DIY or small lab mesh production
--------------------------------
+**Analog sensing** meshes are a proven technology where instead of just monitoring for continuity and shorts, analog
+parameters of the mesh traces such as inductance and mutual capacitance are monitored. In 2019, `Immler et al. published
+a paper <https://tches.iacr.org/index.php/TCHES/article/view/7334>`__ where took this principle and turned it all the
+way up. They directly derived a cryptographic secret from the analog properties of their HSM's security mesh in an
+attempt to built a `Physically Unclonable Function, or PUF
+<https://en.wikipedia.org/wiki/Physical_unclonable_function>`__. The idea with PUFs is that they reproduce some entropy
+that comes from random tolerances of their production process. The same PUF will always yield (approximately) the same
+key, but since you cannot control these random production variations, in practice the resulting PUF cannot be cloned.
+Note however, that its secrets can of course be copied if you find a way to read them out.
+
+As Immler et al. demonstrated in their paper, you don't need any secret sauce to create an analog mesh sensing circuit.
+All you need are a bunch of (admittedly, expensive) off-the-shelf analog ICs. The interesting bit here is that by
+applying more advanced analog sensing, weaknesses of an otherwise coarse mesh desing could maybe be alleviated. That is,
+instead of monitoring a very fine mesh for continuity, you could instead closely monitor inductance and capacitance of a
+more coarse mesh. This trade-off between sensing circuit complexity (resp. cost) and mesh production capabilities may
+allow someone with a poorly equipped lab to still make a decent HSM. The question is, how do you produce a "decent" mesh
+given only basic tools? Here are some ideas.
+
**3D metal patterning techniques** refers to any technique for producing thin, patterned metal structures on a
three-dimensional plastic substrate. The basic process would consist of 3D-printing the polymer substrate, depositing a
thin metal layer on top and then patterning this metal layer. A good starting point here would be the recent work of