diff options
Diffstat (limited to 'posts/hsm-basics')
| -rw-r--r-- | posts/hsm-basics/index.html | 27 |
1 files changed, 15 insertions, 12 deletions
diff --git a/posts/hsm-basics/index.html b/posts/hsm-basics/index.html index dcbc430..3ff417d 100644 --- a/posts/hsm-basics/index.html +++ b/posts/hsm-basics/index.html @@ -151,20 +151,23 @@ is orders of magnitude less than the cost of current HSMs.</p> <p>The core component of an HSM blueprint would be a suite of tamper detection mechanisms. Following are a few ideas on how to improve on the current state of the art of membrane tamper switches plus temperature sensors plus PCB and printed security meshes plus potting.</p> -<div class="section" id="improvements-on-existing-techniques"> -<h3>Improvements on existing techniques</h3> -<div class="section" id="light-sensors"> -<h4>Light sensors</h4> -<p><strong>Advanced analog sensing</strong> -<strong>Self-test functionality</strong></p> -</div> -<div class="section" id="security-meshes"> -<h4>Security meshes</h4> -<p><strong>Analog sensing</strong></p> -</div> -</div> <div class="section" id="diy-or-small-lab-mesh-production"> <h3>DIY or small lab mesh production</h3> +<p><strong>Analog sensing</strong> meshes are a proven technology where instead of just monitoring for continuity and shorts, analog +parameters of the mesh traces such as inductance and mutual capacitance are monitored. In 2019, <a class="reference external" href="https://tches.iacr.org/index.php/TCHES/article/view/7334">Immler et al. published +a paper</a> where took this principle and turned it all the +way up. They directly derived a cryptographic secret from the analog properties of their HSM's security mesh in an +attempt to built a <a class="reference external" href="https://en.wikipedia.org/wiki/Physical_unclonable_function">Physically Unclonable Function, or PUF</a>. The idea with PUFs is that they reproduce some entropy +that comes from random tolerances of their production process. The same PUF will always yield (approximately) the same +key, but since you cannot control these random production variations, in practice the resulting PUF cannot be cloned. +Note however, that its secrets can of course be copied if you find a way to read them out.</p> +<p>As Immler et al. demonstrated in their paper, you don't need any secret sauce to create an analog mesh sensing circuit. +All you need are a bunch of (admittedly, expensive) off-the-shelf analog ICs. The interesting bit here is that by +applying more advanced analog sensing, weaknesses of an otherwise coarse mesh desing could maybe be alleviated. That is, +instead of monitoring a very fine mesh for continuity, you could instead closely monitor inductance and capacitance of a +more coarse mesh. This trade-off between sensing circuit complexity (resp. cost) and mesh production capabilities may +allow someone with a poorly equipped lab to still make a decent HSM. The question is, how do you produce a "decent" mesh +given only basic tools? Here are some ideas.</p> <p><strong>3D metal patterning techniques</strong> refers to any technique for producing thin, patterned metal structures on a three-dimensional plastic substrate. The basic process would consist of 3D-printing the polymer substrate, depositing a thin metal layer on top and then patterning this metal layer. A good starting point here would be the recent work of |