diff options
Diffstat (limited to 'posts/ihsm-worlds-first-diy-hsm/index.html')
| -rw-r--r-- | posts/ihsm-worlds-first-diy-hsm/index.html | 119 |
1 files changed, 0 insertions, 119 deletions
diff --git a/posts/ihsm-worlds-first-diy-hsm/index.html b/posts/ihsm-worlds-first-diy-hsm/index.html deleted file mode 100644 index 875f10e..0000000 --- a/posts/ihsm-worlds-first-diy-hsm/index.html +++ /dev/null @@ -1,119 +0,0 @@ -<!DOCTYPE html> -<html lang="en-us"> - <head> - <meta charset="utf-8"> - <meta name="viewport" content="width=device-width, initial-scale=1"> - <title>New Paper on Inertial Hardware Security Modules | blog.jaseg.de</title> - <link rel="stylesheet" href="/css/style.css" /> - <link rel="stylesheet" href="/css/fonts.css" /> - - <header> - <nav> - <ul> - - - <li class="pull-left "> - <a href="https://blog.jaseg.de/">/home/blog.jaseg.de</a> - </li> - - - - - </ul> - </nav> -</header> - - </head> - - <body> - <br/> - -<div class="article-meta"> -<h1><span class="title">New Paper on Inertial Hardware Security Modules</span></h1> - -<h2 class="date">2021/11/23</h2> -<p class="terms"> - - - - - -</p> -</div> - - - -<main> -<div class="document" id="world-s-first-diy-hsm"> -<h1 class="title">World's First DIY HSM</h1> - -<p>Last week, Prof. Dr. Björn Scheuermann and I have <a class="reference external" href="https://tches.iacr.org/index.php/TCHES/article/view/9290">published our first joint paper on Hardware Security Modules</a>. In our paper, we introduce Inertial Hardware Security -Modules (IHSMs), a new way of building high-security HSMs from basic components. I think the technology we demonstrate -in our paper might allow some neat applications where some civil organization deploys a service that no one, not even -they themselves, can snoop on. Anyone can built an IHSM without needing any fancy equipment, which makes me optimistic -that maybe the ideas of the <a class="reference external" href="https://www.activism.net/cypherpunk/manifesto.html">Cypherpunk movement</a> aren't obsolete -after all, despite even the word "crypto" having been co-opted by radical capitalist environmental destructionists.</p> -<p>An IHSM is basically an ultra-secure enclosure for something like a server or a raspberry pi that even someone with -unlimited resources would have a really hard time cracking without destroying all data stored in it. The principle of an -IHSM is the same as that of a <a class="reference external" href="https://blog.jaseg.de/posts/hsm-basics/">normal HSM</a>. You have a payload that contains really secret data. There's really no way -to prevent an attacker with physical access to the thing from opening it given enough time and abrasive discs for their -angle grinder. So what you do instead is that you make it self-destruct its secrets within microseconds of anyone -tampering with it. Usually, such HSMs are used for storing credit card pins and other financial data. They're expensive -as fuck, all the while being about the same processing speed as a smartphone. Traditional HSMs use printed or -lithographically patterned conductive foils for their security mesh. These foils are not an off-the-shelf component and -are made in a completely custom manufacturing process. To create your own, you would have to re-engineer that entire -process and probably spend some serious money on production machines.</p> -<p>Inertial HSMs take the concept of traditional HSMs, but replace the usual tamper detection mesh with a few security mesh -PCBs. These PCBs are coarser than traditional meshes by orders of magnitude, and would alone not even be close to enough -to keep out even a moderately motivated attacker. IHSMs fix this issue by spinning the entire tamper detection mesh at -very high speed. To tamper with the mesh, an attacker would have to stop it. This, in turn, can be easily detected by -the mesh's alarm circuitry using a simple accelerometer as a rotation sensor.</p> -<p>In our paper, we have shown a working prototype of the core concepts one needs to build such an IHSM. To build an IHSM -you only need a basic electronics lab. I built the prototype in our paper at home during one of Germany's COVID -lockdowns. You can have a look at our code and CAD on <a class="reference external" href="https://git.jaseg.de/ihsm.git">my git</a>. What is missing right -now is an integration of all of these fragments into something cohesive that an interested person with the right tools -could go out and build. We are planning to release this sort of documentation at some point, but right now we are -focusing our effort on the next iteration of the design instead. Stay tuned for updates ;)</p> -</div> -</main> - - <footer> - -<script> -(function() { - function center_el(tagName) { - var tags = document.getElementsByTagName(tagName), i, tag; - for (i = 0; i < tags.length; i++) { - tag = tags[i]; - var parent = tag.parentElement; - - if (parent.childNodes.length === 1) { - - if (parent.nodeName === 'A') { - parent = parent.parentElement; - if (parent.childNodes.length != 1) continue; - } - if (parent.nodeName === 'P') parent.style.textAlign = 'center'; - } - } - } - var tagNames = ['img', 'embed', 'object']; - for (var i = 0; i < tagNames.length; i++) { - center_el(tagNames[i]); - } -})(); -</script> - - - <div id="license-info"> - ©2020 by Jan Götte. This work is licensed under - <a href="https://creativecommons.org/licenses/by-nc-sa/4.0/">CC-BY-NC-SA 4.0</a>. - </div> - <div id="imprint-info"> - <a href="/imprint">Impressum und Haftungsausschluss und Datenschutzerklärung</a>.<br/> - <a href="/about">About this blog</a>. - </div> - </footer> - </body> -</html> - |