diff options
Diffstat (limited to 'content/posts')
-rw-r--r-- | content/posts/hsm-basics/index.rst | 31 |
1 files changed, 18 insertions, 13 deletions
diff --git a/content/posts/hsm-basics/index.rst b/content/posts/hsm-basics/index.rst index 99aedba..306edcd 100644 --- a/content/posts/hsm-basics/index.rst +++ b/content/posts/hsm-basics/index.rst @@ -113,21 +113,26 @@ The core component of an HSM blueprint would be a suite of tamper detection mech to improve on the current state of the art of membrane tamper switches plus temperature sensors plus PCB and printed security meshes plus potting. -Improvements on existing techniques ------------------------------------ - -Light sensors -~~~~~~~~~~~~~ -**Advanced analog sensing** -**Self-test functionality** - -Security meshes -~~~~~~~~~~~~~~~ -**Analog sensing** - - DIY or small lab mesh production -------------------------------- +**Analog sensing** meshes are a proven technology where instead of just monitoring for continuity and shorts, analog +parameters of the mesh traces such as inductance and mutual capacitance are monitored. In 2019, `Immler et al. published +a paper <https://tches.iacr.org/index.php/TCHES/article/view/7334>`__ where took this principle and turned it all the +way up. They directly derived a cryptographic secret from the analog properties of their HSM's security mesh in an +attempt to built a `Physically Unclonable Function, or PUF +<https://en.wikipedia.org/wiki/Physical_unclonable_function>`__. The idea with PUFs is that they reproduce some entropy +that comes from random tolerances of their production process. The same PUF will always yield (approximately) the same +key, but since you cannot control these random production variations, in practice the resulting PUF cannot be cloned. +Note however, that its secrets can of course be copied if you find a way to read them out. + +As Immler et al. demonstrated in their paper, you don't need any secret sauce to create an analog mesh sensing circuit. +All you need are a bunch of (admittedly, expensive) off-the-shelf analog ICs. The interesting bit here is that by +applying more advanced analog sensing, weaknesses of an otherwise coarse mesh desing could maybe be alleviated. That is, +instead of monitoring a very fine mesh for continuity, you could instead closely monitor inductance and capacitance of a +more coarse mesh. This trade-off between sensing circuit complexity (resp. cost) and mesh production capabilities may +allow someone with a poorly equipped lab to still make a decent HSM. The question is, how do you produce a "decent" mesh +given only basic tools? Here are some ideas. + **3D metal patterning techniques** refers to any technique for producing thin, patterned metal structures on a three-dimensional plastic substrate. The basic process would consist of 3D-printing the polymer substrate, depositing a thin metal layer on top and then patterning this metal layer. A good starting point here would be the recent work of |