diff options
| -rw-r--r-- | index.html | 4 | ||||
| -rw-r--r-- | index.xml | 11 | ||||
| -rw-r--r-- | posts/hsm-basics/index.html | 27 | ||||
| -rw-r--r-- | posts/ihsm-worlds-first-diy-hsm/index.html | 123 | ||||
| -rw-r--r-- | posts/index.html | 5 | ||||
| -rw-r--r-- | posts/index.xml | 11 | ||||
| -rw-r--r-- | sitemap.xml | 9 |
7 files changed, 171 insertions, 19 deletions
@@ -1,7 +1,7 @@ <!DOCTYPE html> <html lang="en-us"> <head> - <meta name="generator" content="Hugo 0.87.0" /> + <meta name="generator" content="Hugo 0.88.1" /> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>jaseg.de | jaseg.de</title> @@ -42,7 +42,7 @@ <ul> <li> - <span class="date">2020/08/18</span> + <span class="date">2021/11/23</span> <a href="/posts/">Posts</a> </li> @@ -6,7 +6,16 @@ <description>Recent content on jaseg.de</description> <generator>Hugo -- gohugo.io</generator> <language>en-us</language> - <lastBuildDate>Tue, 18 Aug 2020 13:15:39 +0200</lastBuildDate><atom:link href="https://blog.jaseg.de/index.xml" rel="self" type="application/rss+xml" /> + <lastBuildDate>Tue, 23 Nov 2021 23:42:20 +0100</lastBuildDate><atom:link href="https://blog.jaseg.de/index.xml" rel="self" type="application/rss+xml" /> + <item> + <title>New Paper on Inertial Hardware Security Modules</title> + <link>https://blog.jaseg.de/posts/ihsm-worlds-first-diy-hsm/</link> + <pubDate>Tue, 23 Nov 2021 23:42:20 +0100</pubDate> + + <guid>https://blog.jaseg.de/posts/ihsm-worlds-first-diy-hsm/</guid> + <description>World's First DIY HSM Last week, Prof. Dr. Björn Scheuermann and I have published our first joint paper on Hardware Security Modules. In our paper, we introduce Inertial Hardware Security Modules (IHSMs), a new way of building high-security HSMs from basic components. I think the technology we demonstrate in our paper might allow some neat applications where some civil organization deploys a service that no one, not even they themselves, can snoop on.</description> + </item> + <item> <title>Kicad Mesh Plugin</title> <link>https://blog.jaseg.de/posts/kicad-mesh-plugin/</link> diff --git a/posts/hsm-basics/index.html b/posts/hsm-basics/index.html index dcbc430..3ff417d 100644 --- a/posts/hsm-basics/index.html +++ b/posts/hsm-basics/index.html @@ -151,20 +151,23 @@ is orders of magnitude less than the cost of current HSMs.</p> <p>The core component of an HSM blueprint would be a suite of tamper detection mechanisms. Following are a few ideas on how to improve on the current state of the art of membrane tamper switches plus temperature sensors plus PCB and printed security meshes plus potting.</p> -<div class="section" id="improvements-on-existing-techniques"> -<h3>Improvements on existing techniques</h3> -<div class="section" id="light-sensors"> -<h4>Light sensors</h4> -<p><strong>Advanced analog sensing</strong> -<strong>Self-test functionality</strong></p> -</div> -<div class="section" id="security-meshes"> -<h4>Security meshes</h4> -<p><strong>Analog sensing</strong></p> -</div> -</div> <div class="section" id="diy-or-small-lab-mesh-production"> <h3>DIY or small lab mesh production</h3> +<p><strong>Analog sensing</strong> meshes are a proven technology where instead of just monitoring for continuity and shorts, analog +parameters of the mesh traces such as inductance and mutual capacitance are monitored. In 2019, <a class="reference external" href="https://tches.iacr.org/index.php/TCHES/article/view/7334">Immler et al. published +a paper</a> where took this principle and turned it all the +way up. They directly derived a cryptographic secret from the analog properties of their HSM's security mesh in an +attempt to built a <a class="reference external" href="https://en.wikipedia.org/wiki/Physical_unclonable_function">Physically Unclonable Function, or PUF</a>. The idea with PUFs is that they reproduce some entropy +that comes from random tolerances of their production process. The same PUF will always yield (approximately) the same +key, but since you cannot control these random production variations, in practice the resulting PUF cannot be cloned. +Note however, that its secrets can of course be copied if you find a way to read them out.</p> +<p>As Immler et al. demonstrated in their paper, you don't need any secret sauce to create an analog mesh sensing circuit. +All you need are a bunch of (admittedly, expensive) off-the-shelf analog ICs. The interesting bit here is that by +applying more advanced analog sensing, weaknesses of an otherwise coarse mesh desing could maybe be alleviated. That is, +instead of monitoring a very fine mesh for continuity, you could instead closely monitor inductance and capacitance of a +more coarse mesh. This trade-off between sensing circuit complexity (resp. cost) and mesh production capabilities may +allow someone with a poorly equipped lab to still make a decent HSM. The question is, how do you produce a "decent" mesh +given only basic tools? Here are some ideas.</p> <p><strong>3D metal patterning techniques</strong> refers to any technique for producing thin, patterned metal structures on a three-dimensional plastic substrate. The basic process would consist of 3D-printing the polymer substrate, depositing a thin metal layer on top and then patterning this metal layer. A good starting point here would be the recent work of diff --git a/posts/ihsm-worlds-first-diy-hsm/index.html b/posts/ihsm-worlds-first-diy-hsm/index.html new file mode 100644 index 0000000..da53406 --- /dev/null +++ b/posts/ihsm-worlds-first-diy-hsm/index.html @@ -0,0 +1,123 @@ +<!DOCTYPE html> +<html lang="en-us"> + <head> + <meta charset="utf-8"> + <meta name="viewport" content="width=device-width, initial-scale=1"> + <title>New Paper on Inertial Hardware Security Modules | jaseg.de</title> + <link rel="stylesheet" href="/css/style.css" /> + <link rel="stylesheet" href="/css/fonts.css" /> + + <header> + + + <link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/atom-one-light.min.css"> + <script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js"></script> + <script>hljs.initHighlightingOnLoad();</script> + <nav> + <ul> + + + <li class="pull-left "> + <a href="https://blog.jaseg.de/">/home/jaseg.de</a> + </li> + + + + + </ul> + </nav> +</header> + + </head> + + <body> + <br/> + +<div class="article-meta"> +<h1><span class="title">New Paper on Inertial Hardware Security Modules</span></h1> + +<h2 class="date">2021/11/23</h2> +<p class="terms"> + + + + + +</p> +</div> + + + +<main> +<div class="document" id="world-s-first-diy-hsm"> +<h1 class="title">World's First DIY HSM</h1> + +<p>Last week, Prof. Dr. Björn Scheuermann and I have <a class="reference external" href="https://tches.iacr.org/index.php/TCHES/article/view/9290">published our first joint paper on Hardware Security Modules</a>. In our paper, we introduce Inertial Hardware Security +Modules (IHSMs), a new way of building high-security HSMs from basic components. I think the technology we demonstrate +in our paper might allow some neat applications where some civil organization deploys a service that no one, not even +they themselves, can snoop on. Anyone can built an IHSM without needing any fancy equipment, which makes me optimistic +that maybe the ideas of the <a class="reference external" href="https://www.activism.net/cypherpunk/manifesto.html">Cypherpunk movement</a> aren't obsolete +after all, despite even the word "crypto" having been co-opted by radical capitalist environmental destructionists.</p> +<p>An IHSM is basically an ultra-secure enclosure for something like a server or a raspberry pi that even someone with +unlimited resources would have a really hard time cracking without destroying all data stored in it. The principle of an +IHSM is the same as that of a <a class="reference external" href="https://blog.jaseg.de/posts/hsm-basics/">normal HSM</a>. You have a payload that contains really secret data. There's really no way +to prevent an attacker with physical access to the thing from opening it given enough time and abrasive discs for their +angle grinder. So what you do instead is that you make it self-destruct its secrets within microseconds of anyone +tampering with it. Usually, such HSMs are used for storing credit card pins and other financial data. They're expensive +as fuck, all the while being about the same processing speed as a smartphone. Traditional HSMs use printed or +lithographically patterned conductive foils for their security mesh. These foils are not an off-the-shelf component and +are made in a completely custom manufacturing process. To create your own, you would have to re-engineer that entire +process and probably spend some serious money on production machines.</p> +<p>Inertial HSMs take the concept of traditional HSMs, but replace the usual tamper detection mesh with a few security mesh +PCBs. These PCBs are coarser than traditional meshes by orders of magnitude, and would alone not even be close to enough +to keep out even a moderately motivated attacker. IHSMs fix this issue by spinning the entire tamper detection mesh at +very high speed. To tamper with the mesh, an attacker would have to stop it. This, in turn, can be easily detected by +the mesh's alarm circuitry using a simple accelerometer as a rotation sensor.</p> +<p>In our paper, we have shown a working prototype of the core concepts one needs to build such an IHSM. To build an IHSM +you only need a basic electronics lab. I built the prototype in our paper at home during one of Germany's COVID +lockdowns. You can have a look at our code and CAD on <a class="reference external" href="https://git.jaseg.de/ihsm.git">my git</a>. What is missing right +now is an integration of all of these fragments into something cohesive that an interested person with the right tools +could go out and build. We are planning to release this sort of documentation at some point, but right now we are +focusing our effort on the next iteration of the design instead. Stay tuned for updates ;)</p> +</div> +</main> + + <footer> + +<script> +(function() { + function center_el(tagName) { + var tags = document.getElementsByTagName(tagName), i, tag; + for (i = 0; i < tags.length; i++) { + tag = tags[i]; + var parent = tag.parentElement; + + if (parent.childNodes.length === 1) { + + if (parent.nodeName === 'A') { + parent = parent.parentElement; + if (parent.childNodes.length != 1) continue; + } + if (parent.nodeName === 'P') parent.style.textAlign = 'center'; + } + } + } + var tagNames = ['img', 'embed', 'object']; + for (var i = 0; i < tagNames.length; i++) { + center_el(tagNames[i]); + } +})(); +</script> + + + <div id="license-info"> + ©2020 by Jan Götte. This work is licensed under + <a href="https://creativecommons.org/licenses/by-nc-sa/4.0/">CC-BY-NC-SA 4.0</a>. + </div> + <div id="imprint-info"> + <a href="/imprint">Impressum und Haftungsausschluss und Datenschutzerklärung</a>. + </div> + </footer> + </body> +</html> + diff --git a/posts/index.html b/posts/index.html index 060d4a9..6d118f3 100644 --- a/posts/index.html +++ b/posts/index.html @@ -43,6 +43,11 @@ <ul> <li> + <span class="date">2021/11/23</span> + <a href="/posts/ihsm-worlds-first-diy-hsm/">New Paper on Inertial Hardware Security Modules</a> + </li> + + <li> <span class="date">2020/08/18</span> <a href="/posts/kicad-mesh-plugin/">Kicad Mesh Plugin</a> </li> diff --git a/posts/index.xml b/posts/index.xml index 0d3af2e..376bfaf 100644 --- a/posts/index.xml +++ b/posts/index.xml @@ -6,7 +6,16 @@ <description>Recent content in Posts on jaseg.de</description> <generator>Hugo -- gohugo.io</generator> <language>en-us</language> - <lastBuildDate>Tue, 18 Aug 2020 13:15:39 +0200</lastBuildDate><atom:link href="https://blog.jaseg.de/posts/index.xml" rel="self" type="application/rss+xml" /> + <lastBuildDate>Tue, 23 Nov 2021 23:42:20 +0100</lastBuildDate><atom:link href="https://blog.jaseg.de/posts/index.xml" rel="self" type="application/rss+xml" /> + <item> + <title>New Paper on Inertial Hardware Security Modules</title> + <link>https://blog.jaseg.de/posts/ihsm-worlds-first-diy-hsm/</link> + <pubDate>Tue, 23 Nov 2021 23:42:20 +0100</pubDate> + + <guid>https://blog.jaseg.de/posts/ihsm-worlds-first-diy-hsm/</guid> + <description>World's First DIY HSM Last week, Prof. Dr. Björn Scheuermann and I have published our first joint paper on Hardware Security Modules. In our paper, we introduce Inertial Hardware Security Modules (IHSMs), a new way of building high-security HSMs from basic components. I think the technology we demonstrate in our paper might allow some neat applications where some civil organization deploys a service that no one, not even they themselves, can snoop on.</description> + </item> + <item> <title>Kicad Mesh Plugin</title> <link>https://blog.jaseg.de/posts/kicad-mesh-plugin/</link> diff --git a/sitemap.xml b/sitemap.xml index 88c220f..b6860e1 100644 --- a/sitemap.xml +++ b/sitemap.xml @@ -3,12 +3,15 @@ xmlns:xhtml="http://www.w3.org/1999/xhtml"> <url> <loc>https://blog.jaseg.de/</loc> - <lastmod>2020-08-18T13:15:39+02:00</lastmod> + <lastmod>2021-11-23T23:42:20+01:00</lastmod> </url><url> - <loc>https://blog.jaseg.de/posts/kicad-mesh-plugin/</loc> - <lastmod>2020-08-18T13:15:39+02:00</lastmod> + <loc>https://blog.jaseg.de/posts/ihsm-worlds-first-diy-hsm/</loc> + <lastmod>2021-11-23T23:42:20+01:00</lastmod> </url><url> <loc>https://blog.jaseg.de/posts/</loc> + <lastmod>2021-11-23T23:42:20+01:00</lastmod> + </url><url> + <loc>https://blog.jaseg.de/posts/kicad-mesh-plugin/</loc> <lastmod>2020-08-18T13:15:39+02:00</lastmod> </url><url> <loc>https://blog.jaseg.de/posts/private-contact-discovery/</loc> |