Initial commit

4 files changed, 268 insertions, 0 deletions

diff --git a/quick-tech-report/.gitignore b/quick-tech-report/.gitignore
new file mode 100644
index 0000000..c49262e
--- /dev/null
+++ b/quick-tech-report/.gitignore
@@ -0,0 +1,10 @@
+*.out
+*.bbl
+*.aux
+*.toc
+*.blg
+*.bcf
+*.log
+*.run.xml
+
+version.tex
diff --git a/quick-tech-report/Makefile b/quick-tech-report/Makefile
new file mode 100644
index 0000000..259f303
--- /dev/null
+++ b/quick-tech-report/Makefile
@@ -0,0 +1,36 @@
+
+LAB_PATH ?= ../lab-windows
+
+SHELL := bash
+.ONESHELL:
+.SHELLFLAGS := -eu -o pipefail -c
+.DELETE_ON_ERROR:
+MAKEFLAGS += --warn-undefined-variables
+MAKEFLAGS += --no-builtin-rules
+
+main_tex ?= rotohsm_tech_report
+
+VERSION_STRING := $(shell git describe --tags --long --dirty)
+
+all: ${main_tex}.pdf
+
+%.pdf: %.tex %.bib version.tex
+	pdflatex -shell-escape $<
+	biber $* 
+	pdflatex -shell-escape $<
+
+.PHONY: preview
+preview:
+	pdflatex -shell-escape ${main_tex}.tex
+
+version.tex: ${main_tex}.tex ${main_tex}.bib
+	echo "${VERSION_STRING}" > $@
+
+resources/%.pdf: $(LAB_PATH)/%.ipynb
+	jupyter-nbconvert --to=pdf --output-dir=resources --output=$* --LatexExporter.template_file=resources/nbexport.tplx $^
+
+.PHONY: clean
+clean:
+	rm -f ${main_tex}.aux ${main_tex}.bbl ${main_tex}.bcf ${main_tex}.log ${main_tex}.blg
+	rm -f ${main_tex}.out ${main_tex}.run.xml texput.log 
+
diff --git a/quick-tech-report/rotohsm_tech_report.bib b/quick-tech-report/rotohsm_tech_report.bib
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/quick-tech-report/rotohsm_tech_report.bib
diff --git a/quick-tech-report/rotohsm_tech_report.tex b/quick-tech-report/rotohsm_tech_report.tex
new file mode 100644
index 0000000..f37b572
--- /dev/null
+++ b/quick-tech-report/rotohsm_tech_report.tex
@@ -0,0 +1,222 @@
+\documentclass[12pt,a4paper]{article}
+\usepackage[english]{babel}
+\usepackage[utf8]{inputenc}
+\usepackage[T1]{fontenc}
+\usepackage[
+    backend=biber,
+    style=numeric,
+    natbib=true,
+    url=false, 
+    doi=true,
+    eprint=false
+    ]{biblatex}
+\addbibresource{rotohsm.bib}
+\usepackage{amssymb,amsmath}
+\usepackage{listings}
+\usepackage{eurosym}
+\usepackage{wasysym}
+\usepackage{amsthm}
+\usepackage{tabularx}
+\usepackage{multirow}
+\usepackage{multicol}
+\usepackage{tikz}
+\usepackage{mathtools}
+\DeclarePairedDelimiter{\ceil}{\lceil}{\rceil}
+\DeclarePairedDelimiter{\paren}{(}{)}
+
+\usetikzlibrary{arrows}
+\usetikzlibrary{chains}
+\usetikzlibrary{backgrounds}
+\usetikzlibrary{calc}
+\usetikzlibrary{decorations.markings}
+\usetikzlibrary{decorations.pathreplacing}
+\usetikzlibrary{fit}
+\usetikzlibrary{patterns}  
+\usetikzlibrary{positioning}
+\usetikzlibrary{shapes}
+
+\usepackage[binary-units]{siunitx}
+\DeclareSIUnit{\baud}{Bd}
+\usepackage{hyperref}
+\usepackage{tabularx}
+\usepackage{commath}
+\usepackage{graphicx,color}
+\usepackage{ccicons}
+\usepackage{subcaption}
+\usepackage{float}
+\usepackage{footmisc}
+\usepackage{array}
+\usepackage[underline=false]{pgf-umlsd}
+\usetikzlibrary{calc}
+%\usepackage[pdftex]{graphicx,color}
+\usepackage{epstopdf}
+\usepackage{pdfpages}
+\usepackage{minted} % pygmentized source code
+
+\renewcommand{\floatpagefraction}{.8}
+\newcommand{\degree}{\ensuremath{^\circ}}
+\newcolumntype{P}[1]{>{\centering\arraybackslash}p{#1}}
+
+\usepackage{fancyhdr}
+\fancyhf{}
+\fancyfoot[C]{\thepage}
+\newcommand{\includenotebook}[2]{
+    \fancyhead[C]{Included Jupyter notebook: #1}
+    \includepdf[pages=1,
+        pagecommand={\thispagestyle{fancy}\section{#1}\label{#2_notebook}}
+        ]{resources/#2.pdf}
+    \includepdf[pages=2-,
+        pagecommand={\thispagestyle{fancy}}
+        ]{resources/#2.pdf}
+}
+
+\begin{document}
+
+\title{A High-Security Physical Security Primitive Based On Mechanical Movement}
+\author{Jan Götte}
+\date{2020-09-15}
+\maketitle
+
+\section{Abstract}
+In this paper, we introduce a novel, highly effective countermeasure against physical attacks: Inertial hardware
+security modules. Whereas conventional technology can be categorized into systems monitoring a thin boundary (such as
+security meshes) and systems monitoring the interior volume (such as the "enclosure PUF" of Tobisch et al.). What all of
+these systems have in common is that they try to detect attacks by crafting sensors responding to increasingly minute
+manipulations of the monitored medium. Our approach is novel in that we alleviate the sensitivity requirement of a
+security mesh by increasing the complexity of any manipulation at all by orders of magnitude by fastly rotating the
+security mesh--presenting a moving target to an attacker. Attempts to modify the rotation itself are easily monitored
+with commercial MEMS accelerometers and gyroscopes.
+
+Our approach leads to a HSM that can easily be built from off-the-shelf parts by any university electronics lab, yet is
+as secure or more secure than even the best commercial offerings.
+
+\section{Introduction}
+Since the early days of computers, physical security has often been a core component of any computer system's security
+architecture. Physical security in fact predates our modern concept of computer security by decades. Long before
+passwords, access control lists, role-based authentication and other modern concepts of information security were
+developed, information was secured by physically locking away the computers that held it.
+
+Nowadays, concerns of physical security are mostly limited to certain applications. Credit card processing and medical
+data processing are two instances where a combination of smartcards and hardware security modules is used to provide a
+higher level of security than what ordinary computers can provide. Meanwhile, in most commercial data processing
+applications, the physical security provided by an average datacenter is considered to be appropriate.
+
+In modern systems, phyiscal security always is tightly interwoven with the system's overall security architecture.
+Beyond the level provided by locks and guards, it is generally considered infeasible to physically secure all parts of a
+computer. High-level physical security is usually limited to either a single chip or part of a chip such as a secure
+element, enclave or smartcards--or it is limited to a small module acting within a very limited scope, as is the case in
+commercial HSMs that largely act as cryptographic co-processors with built-in key management functions.
+
+\subsection{Technical approaches to physical security}
+The use of chips as secure elements has recently become popular beyond the smartcards of yesteryear. Apple has carried
+over a secure enclave IC from their line of phones into their line of laptops in 2016. Likewise, Google has developed
+its own security IC for use in phones and laptops. An issue to consider with all such IC-based security solutions is
+that they do not provide any cryptographic security. The real-world security of these solutions solely rests on the
+assumption that due to their fine structure, ICs are hard to reverse engineer and manipulate. As of now, this property
+holds and in the authors' opinion it will likely be a reasonable assumptions for some years to come. However, in its
+essence this is a type of security by obscurity: Obscurity here mostly applying to the rarity of tools that are
+necessary for practical attacks such as focused ion beam workstations and accompanying sample preparation equipment. An
+important observation in this regard is that already, several people are slowly chipping away at this obscurity: A group
+at Ruhr University Bochum is working on advanced tooling for netlist reverse engineering, and there are several
+companies offering commercial IC reverse engineering services.
+
+\subsection{Hardware Security Modules}
+At larger physical dimensions, hardware security modules (HSMs) provide an effective solution to the problem: In
+conformity with Kerckhoff's principle, their creators do not try to hide the structure of the system within. Instead,
+the HSM monitors it for any manipulation and wipes all key material when one is detected. The most common commercial
+realization of this is what we call a "boundary-monitoring" HSM. This is a device uses a microcontroller monitoring the
+conductivity of usually two electrical traces that are folded many times to cover the entire area of a plastic enclosure
+part or a plastic foil wrapped around the module. The security problem thus gets transformed into a manufacturing
+challenge: How fine can these traces be made--so they are disturbed by even the tiniest of holes for say, a fine needle;
+and how sensitive can they be made to perturbations--so they break from even gentle attempts at mechanical, chemical or
+other physical manipulation.
+
+The other type of HSM that so far has garnered mostly academic interest are what we call "volumetric" HSMs. Where a
+boundary-monitoring HSM senses disturbations to a thin boundary between its inside and the outside world, a volumetric
+HSM monitors its entire interior volume. Approaches that have been proposed so far include monitoring using
+electromagnetic radiation % FIXME: citation (paper1 (this chip thing w/ distributed PAs/LNAs), paper2 (RUB)
+and ultrasonic sensing. % FIXME: citation
+Common to both approaches is that for technical reasons the wavelength of the employed radiation is in the range of
+millimeters or larger. This implies that practical attacks acting on a smaller scale of physical size require sensitive
+monitoring circuity to be reliably caught. % FIXME maybe talk to a physicist here.
+Since they require advanced transceivers and signal processing, these HSMs incur a high implementation cost compared to
+one based on a traditional security mesh, while they in turn promise to be easier and less expensive to scale in
+physical size. A severe problem with any previous volumetric designs is that their security analysis is very hard. While
+multiple designs have been proposed academically, none of these proposals include an analysis of their physical security
+properties that goes beyond guesswork. %FIXME verify this.
+The obvious reason for this is that to evaluate the volume inside the HSM that is covered by a given transceiver
+combination and a given test signal pattern necessarily requires numerically solving the volumetric electromagnetic
+field equations inside the HSM, applying a model of transmitter and receiver to the results that takes into account
+receiver sensitivity and ADC resolution, transmitter power and receiver saturation effects and then validating that
+every point in space (or at least inside a boundary region) is covered. While the guess that attacks are impractical
+might still be true this would be based on the fact that the same problem presents itself to an attacker trying to
+circumvent these measures--degrading their security to simple obscurity again.
+
+\subsection{A new approach to physical security}
+We are certain that there is still much work to be done and many insights to be gained from further explorations
+of the two concepts described above. Trivially, consider a box with mirrored walls that, suspended on thin wires,
+contains a smaller box that has cameras looking outward in all directions at the mirrored walls. Given that the defender
+can control lighting conditions inside this kaleidoscopic box in this application modern cameras can be considered
+equivalent to or better than the human eye. Thus, a successful physical attack on this system would likely an
+"invisibility cloaks"--and the system would remain secure as long as no such thing exists. This example is a useful
+point of reference. To be viable, a HSM technology must be either smaller or more sensitive than such a setup.
+
+The candidate we wish to introduce in this paper uses a novel approach to side-step the issues of both the concepts
+introduced in the previous section and provides radically better security against physical attacks--both in theory and
+in practice.
+
+Our core observation is that given any less expensive but more coarse HSM technology, we can make it radically more
+difficult to attack by introducing fast mechanical motion. As a trivial example, consider a HSM as it is used in
+ecommerce applications for credit card payments. Focusing on its main defense for simplicity, its physical security is
+limited by the structure size of the mesh that is likely used in its shell. If an attacker can tap the mesh's electrical
+traces and bridge across the mesh in a way the HSM cannot detect (e.g. by making sure the bridge has the same electrical
+impedance as the mesh traces have e.g. by comparing against another device of the same type), they have circumvented the
+device's protections. Any such attack would likely involve some fine drill bits, needles, wires, glue, perhaps solder or
+even lasers.
+
+Now consider the same HSM, but this time mounted on a large flywheel. In this scenario the HSM uses the same
+protections as before, but is now additionally equipped with an accelerometer that it uses to verify that it is in fact
+rotating at a very high speed. How would an attacker approach this HSM? They would have to either slow down the rotation
+(which would quickly be sensed by the accelerometer) or they would have to attack the moving HSM--the HSM literally
+becomes a moving target. While rotating the entire attack workbench might be possible for slow speeds, rotating frames
+of reference quickly become inhospitable to human life and at some point the technical means to rotate a CNC attack
+robot probably weighing several kilograms become inconvenient as well. Contact-less EM or optical attacks are more
+limited in the first place, and can effectively be shielded.
+
+\section{Related work} 
+% summaries of research papers on HSMs.
+% I have not found any actual prior art on anything involving mechanical motion beyond ultrasound.
+
+\section{The physics of hardware security}
+% approaching the issue from measurable quantities
+\section{Intertial HSMs}
+\section{Hardware prototype}
+\section{Future work}
+\subsection{Other modes of movement}
+\subsection{Multiple axes of rotation}
+\subsection{Means of power transmission}
+\subsection{Other sensing modes}
+\subsection{Longeivity}
+\section{Conclusion}
+
+\printbibliography[heading=bibintoc]
+\appendix
+\section{License}
+{\center{
+\begin{minipage}[t][10cm][b]{\textwidth}
+    \center{\ccbysa}
+
+    \center{This work is licensed under a Creative-Commons ``Attribution-ShareAlike 4.0 International'' license. The
+    full text of the license can be found at:}
+
+    \center{\url{https://creativecommons.org/licenses/by-sa/4.0/}}
+
+    \center{For alternative licensing options, source files, questions or comments please contact the authors.}
+
+    \center{This is version \texttt{\input{version.tex}\unskip} generated on \today. The git repository can be found at:}
+
+    \center{\url{https://git.jaseg.de/rotohsm.git}}
+\end{minipage}
+}}
+
+\end{document}