Repo re-org: rename paper dir

1 files changed, 0 insertions, 300 deletions

diff --git a/doc/quick-tech-report/rotohsm_tech_report.tex b/doc/quick-tech-report/rotohsm_tech_report.tex
deleted file mode 100644
index e9d571f..0000000
--- a/doc/quick-tech-report/rotohsm_tech_report.tex
+++ /dev/null
@@ -1,300 +0,0 @@
-\documentclass[10pt,journal,a4paper]{IEEEtran}
-\usepackage[english]{babel}
-\usepackage[utf8]{inputenc}
-\usepackage[T1]{fontenc}
-\usepackage[
-    backend=biber,
-    style=numeric,
-    natbib=true,
-    url=false, 
-    doi=true,
-    eprint=false
-    ]{biblatex}
-\addbibresource{rotohsm.bib}
-\usepackage{amssymb,amsmath}
-\usepackage{listings}
-\usepackage{eurosym}
-\usepackage{wasysym}
-\usepackage{amsthm}
-\usepackage{tabularx}
-\usepackage{multirow}
-\usepackage{multicol}
-\usepackage{tikz}
-\usepackage{mathtools}
-\DeclarePairedDelimiter{\ceil}{\lceil}{\rceil}
-\DeclarePairedDelimiter{\paren}{(}{)}
-
-\usetikzlibrary{arrows}
-\usetikzlibrary{chains}
-\usetikzlibrary{backgrounds}
-\usetikzlibrary{calc}
-\usetikzlibrary{decorations.markings}
-\usetikzlibrary{decorations.pathreplacing}
-\usetikzlibrary{fit}
-\usetikzlibrary{patterns}  
-\usetikzlibrary{positioning}
-\usetikzlibrary{shapes}
-
-\usepackage[binary-units]{siunitx}
-\DeclareSIUnit{\baud}{Bd}
-\DeclareSIUnit{\year}{a}
-\usepackage{hyperref}
-\usepackage{tabularx}
-\usepackage{commath}
-\usepackage{graphicx,color}
-\usepackage{ccicons}
-\usepackage{subcaption}
-\usepackage{float}
-\usepackage{footmisc}
-\usepackage{array}
-\usepackage[underline=false]{pgf-umlsd}
-\usetikzlibrary{calc}
-%\usepackage[pdftex]{graphicx,color}
-\usepackage{epstopdf}
-\usepackage{pdfpages}
-\usepackage{minted} % pygmentized source code
-
-\renewcommand{\floatpagefraction}{.8}
-\newcommand{\degree}{\ensuremath{^\circ}}
-\newcolumntype{P}[1]{>{\centering\arraybackslash}p{#1}}
-
-\usepackage{fancyhdr}
-\fancyhf{}
-\fancyfoot[C]{\thepage}
-\newcommand{\includenotebook}[2]{
-    \fancyhead[C]{Included Jupyter notebook: #1}
-    \includepdf[pages=1,
-        pagecommand={\thispagestyle{fancy}\section{#1}\label{#2_notebook}}
-        ]{resources/#2.pdf}
-    \includepdf[pages=2-,
-        pagecommand={\thispagestyle{fancy}}
-        ]{resources/#2.pdf}
-}
-
-\begin{document}
-
-\title{Tech Report: Inerial HSMs Thwart Advanced Physical Attacks}
-\author{\IEEEauthorblockN{
-    Jan Sebastian Götte\IEEEauthorrefmark{1}\IEEEauthorrefmark{2} \and
-    Björn Scheuermann\IEEEauthorrefmark{1}\IEEEauthorrefmark{2}
-    }\\
-    \IEEEauthorblockA{
-        \IEEEauthorrefmark{1}Alexander von Humboldt Institut für Internet und Gesellschaft (HIIG)\\
-        \IEEEauthorrefmark{2}Humboldt-Universität zu Berlin\\
-        \texttt{\textbf{\small goette@jaseg.de}}, \texttt{\textbf{\small scheuermann@informatik.hu-berlin.de}}
-    }
-}
-\date{2021-01-05}
-\maketitle
-
-\section*{Abstract}
-
-In this tech report, we introduce a novel countermeasure against physical attacks: Inertial hardware security modules
-(iHSMs).  Conventional systems have in common that they try to detect attacks by crafting sensors responding to
-increasingly minute manipulations of the monitored security boundary or volume. Our approach is novel in that we reduce
-the sensitivity requirement of security meshes and other sensors and increase the complexity of any manipulations by
-rotating the security mesh or sensor at high speed---thereby presenting a moving target to an attacker. Attempts to stop
-the rotation are easily monitored with commercial MEMS accelerometers and gyroscopes.  Our approach leads to a HSM that
-can easily be built from off-the-shelf parts by any university electronics lab, yet offers a level of security that is
-comparable to commercial HSMs.
-
-This tech report is the abridged version of our forthcoming paper.
-
-\section{Introduction}
-
-While information security technology has matured a great deal in the last half century, physical security has barely
-changed. Given the right skills, physical access to a computer still often means full compromise. The physical
-security of modern server hardware hinges on what lock you put on the room it is in.
-
-Currently, servers and other computers are rarely physically secured as a whole. Servers sometimes have a simple lid
-switch and are put in locked ``cages'' inside guarded facilities. This usually provides a good compromise between
-physical security and ease of maintenance. To handle highly sensitive data in applications such as banking or public key
-infrastructure, general-purpose and low-security servers are augmented with dedicated, physically secure cryptographic
-co-processors such as trusted platform modules (TPMs) or hardware security modules (HSMs). Using a limited amount of
-trust in components such as the CPU, the larger system's security can then be reduced to that of its physically secured
-TPM~\cite{newman2020,frazelle2019,johnson2018}.
-
-Like smartcards, TPMs rely on a modern IC being hard to tamper with.  Shrinking things to the nanoscopic level to secure
-them against tampering is a good engineering solution for some years to come.  However, in essence this is a type of
-security by obscurity: Obscurity here referring to the rarity of the equipment necessary to attack modern
-ICs~\cite{albartus2020,anderson2020}.
-
-HSMs rely on a fragile foil with much larger-scale conductive traces being hard to remove intact.  While we are certain
-that there still are many insights to be gained in both technologies, we wish to introduce a novel approach to sidestep
-the manufacturing issues of both and provide radically better security against physical attacks.  Our core observation
-is that any cheap but coarse HSM technology can be made much more difficult to attack by moving it very quickly.
-
-For example, consider an HSM as it is used in online credit card payment processing. Its physical security level is set
-by the structure size of its security mesh. An attack on its mesh might involve fine drill bits, needles, wires, glue,
-solder and lasers~\cite{drimer2008}.  Now consider the same HSM mounted on a large flywheel. In addition to its usual
-defenses the HSM is now equipped with an accelerometer that it uses to verify that it is spinning at high speed. How
-would an attacker approach this HSM? They would have to either slow down the rotation---which triggers the
-accelerometer---or they would have to attack the HSM in motion. The HSM literally becomes a moving target. At slow
-speeds, rotating the entire attack workbench might be possible but rotating frames of reference quickly become
-inhospitable to human life. Since non-contact electromagnetic or optical attacks are more limited in the first place and
-can be shielded, we have effectively forced the attacker to use an attack robot.
-
-In Section~\ref{sec_related_work}, we will give an overview of the state of the art in the physical security of HSMs. On
-this basis, in Section~\ref{sec_ihsm_construction} we will elaborate the principles of our inertial HSM approach.  We
-conclude this paper with a general evaluation of our concept in Section~\ref{sec_conclusion}.
-
-\section{Related work} 
-\label{sec_related_work}
-% summaries of research papers on HSMs.  I have not found any actual prior art on anything involving mechanical motion
-% beyond ultrasound.
-
-In this section, we will briefly explore the history of HSMs and the state of academic research on active tamper
-detection.
-
-HSMs are an old technology tracing back decades in their electronic realization. Today's common approach of monitoring
-meandering electrical traces on a fragile foil that is wrapped around the HSM essentially transforms the security
-problem into the challenge to manufacture very fine electrical traces on a flexible foil~\cite{isaacs2013, immler2019,
-anderson2020}.  There has been some research on monitoring the HSM's inside using e.g.\ electromagnetic
-radiation~\cite{tobisch2020, kreft2012} or ultrasound~\cite{vrijaldenhoven2004} but none of this research
-has found widespread adoption yet.
-
-In~\cite{anderson2020}, Anderson gives a comprehensive overview on physical security. An example they cite is the IBM
-4758 HSM whose details are laid out in depth in~\cite{smith1998}. This HSM is an example of an industry-standard
-construction. Although its turn of the century design is now a bit dated, the construction techniques of the physical
-security mechanisms have not evolved much in the last two decades. Besides auxiliary temperature and radiation sensors
-to guard against attacks on the built-in SRAM memory, the module's main security barrier uses the traditional
-construction of a flexible mesh wrapped around the module's core. In~\cite{smith1998}, the authors state the module
-monitors this mesh for short circuits, open circuits and conductivity. The fundamental approach to tamper detection and
-construction is similar to other commercial offerings~\cite{obermaier2018,drimer2008,anderson2020,isaacs2013}.
-
-To the best of our knowledge, we are the the first to propose a mechanically moving HSM security barrier as part of a
-hardware security module. Most academic research concentrates on the issue of creating new, more sensitive security
-barriers for HSMs~\cite{immler2019} while commercial vendors concentrate on means to certify and cheaply manufacture 
-these security barriers~\cite{drimer2008}. Our concept instead focuses on the issue of taking any existing, cheap
-low-performance security barrier and transforming it into a marginally more expensive but high-performance one. The
-closest to a mechanical HSM that we were able to find during our research is an 1988 patent~\cite{rahman1988} that
-describes a mechanism to detect tampering along a communication cable by enclosing the cable inside a conduit filled
-with pressurized gas.
-
-\section{Inertial HSM construction and operation}
-\label{sec_ihsm_construction}
-
-Mechanical motion has been proposed as a means of making things harder to see with the human eye~\cite{haines2006} and is
-routinely used in military applications to make things harder to hit~\cite{terdiman2013} but we seem to be the first to
-use it in tamper detection. If we consider different ways of moving an HSM to make it harder to tamper with, we find
-that making it spin has several advantages.
-
-First, the HSM has to move fairly fast. If any point of the HSM's tamper sensing mesh moves slow enough for a human to
-follow, it becomes a weak spot. E.g.\ in a linear pendulum motion, the pendulum becomes stationary at its apex.  Second,
-a spinning HSM is compact compared to alternatives like an HSM on wheels.  Finally, rotation leads to easily predictable
-accelerometer measurements.  A beneficial side-effect of spinning the HSM is that if the axis of rotation is within the
-HSM itself, an attacker trying to follow the motion would have to rotate around the same axis. Their tangential linear
-velocity would rise linearly with the radius from the axis of rotation, which allows us to limit the approximate maximum
-size and mass of an attacker using an assumption on tolerable centrifugal force.  In this consideration the axis of
-rotation is a weak spot, but that can be mitigated using multiple nested layers of protection.
-
-\begin{figure}
-    \center
-    \includegraphics{concept_vis_one_axis.pdf}
-    \caption{Concept of a simple spinning inertial HSM. 1 - Shaft. 2 - Security mesh. 3 - Payload. 4 -
-    Accelerometer. 5 - Shaft penetrating security mesh.}
-    \label{fig_schema_one_axis}
-\end{figure}
-
-In a rotating reference frame, centrifugal force is proportional to the square of angular velocity and proportional to
-distance from the axis of rotation. We can exploit this fact to create a sensor that detects any disturbance of the
-rotation by placing a linear accelerometer at some distance from the axis of rotation. During constant rotation, after
-subtracting gravity both acceleration tangential to the rotation and along the axis of rotation will be zero.
-Centrifugal acceleration will be constant.
-
-Large centrifugal acceleration at high speeds poses the engineering challenge of preventing the whole thing from flying
-apart, but it also creates an obstacle to any attacker trying to manipulate the sensor.  We do not need to move the
-entire contents of the HSM. It suffices if we move the tamper detection barrier around a stationary payload. This
-reduces the moment of inertia of the moving part and it means we can use cables for payload power and data.  Even at
-moderate speeds above $\SI{500}{rpm}$, an attack would have to be carried out using a robot.
-
-\subsection{Mechanical layout}
-
-Thinking about the concrete construction of our mechanical HSM, the first challenge is mounting both mesh and payload on
-a single shaft.  The simplest way we found to mount a stationary payload inside of a spinning security mesh is a hollow
-shaft.  The payload can be mounted on a fixed rod threaded through this hollow shaft along with wires for power and
-data. The shaft is a weak spot of the system, but this weak spot can be alleviated through either careful construction
-or a second layer of rotating meshes with a different axis of rotation.  Configurations that do not use a hollow-shaft
-motor are possible, but may require additional bearings to keep the stator from vibrating.
-
-The next design choice we have to make is the physical structure of the security mesh.  The spinning mesh must be
-designed to cover the entire surface of the payload, but compared to a traditional HSM it suffices if it sweeps over
-every part of the payload once per rotation. This means we can design longitudinal gaps into the mesh that allow outside
-air to flow through to the payload.  In traditional boundary-sensing HSMs, cooling of the payload processor is a serious
-issue since any air duct or heat pipe would have to penetrate the HSM's security boundary. This problem can only be
-solved with complex and costly siphon-style constructions, so in commercial systems heat conduction is used
-exclusively~\cite{isaacs2013}. This limits the maximum power dissipation of the payload and thus its processing power.
-Our setup allows direct air cooling of regular heatsinks. This greatly increases the maximum possible power dissipation
-of the payload and unlocks much more powerful processing capabilities.  In an evolution of our design, the spinning mesh
-could even be designed to \emph{be} a cooling fan.
-
-\subsection{Spinning mesh power and data transmission}
-
-On the electrical side, the idea of a security mesh spinning at more than $\SI{500}{rpm}$ leaves us with a few
-implementation challenges. Since the spinning mesh must be monitored for breaks or short circuits continuously, we need
-both a power supply for the spinning monitoring circuit and a data link to the stator.
-
-We think that a bright lamp shining at a rotating solar panel is a good starting point.  In contrast to e.g.\ slip
-rings, this setup is mechanically durable at high speeds and it also provides reasonable output power. A battery may not
-provide a useful lifetime without power-optimization. Likewise, an energy harvesting setup may not provide enough
-current to supply peak demand.
-
-Since the monitoring circuit uses little current, power transfer efficiency is not important. On the other hand, cost
-may be a concern in a production device. Here it may prove worthwhile to replace the solar cell setup with an extra
-winding on the rotor of the BLDC motor driving the spinning mesh. This motor is likely to be a custom part, so adding
-an extra winding is unlikely to increase cost significantly. More traditional inductive power transfer may also be an
-option if it can be integrated into the mechanical design.
-
-\begin{figure}
-    \center
-    \includegraphics{ir_tx_schema.pdf}
-    \caption{Example of a bidirectional IR communication link between rotor and stator, view along axis of rotation. 1
-    - Rotor base plate. 2 - Stator base plate. 3 - Motor. 4 - receiver PIN photodiode. 5 - transmitter IR LED.}
-    \label{ir_tx_schema}
-\end{figure}
-
-Besides power, the data link between spinning mesh and payload is critical to the HSM's design.  This link is used to
-transmit the occassional status report along with a low-latency alarm trigger (``heartbeat'') signal from mesh to payload.
-A simple infrared optical link as shown in Figure~\ref{ir_tx_schema} may be a good solution for this purpose.
-
-\section{Conclusion}
-
-\label{sec_conclusion} To conclude, in this tech report we introduced inertial hardware security modules (iHSMs), a
-novel concept for the construction of highly secure hardware security modules from inexpensive, commonly available
-parts. We elaborated the engineering considerations underlying a practical implementation of this concept.
-
-Inertial HSMs offer a high level of security beyond what traditional techniques can offer. They allow the construction
-of devices secure against a wide range of practical attacks at prototype quantities and without specialized tools. We
-hope that this simple construction will stimulate academic research into secure hardware.
-
-\printbibliography[heading=bibintoc]
-\appendix
-
-\subsection{Patents and licensing}
-During development, we performed several hours of research on prior art for the inertial HSM concept. Yet, we could not
-find any mentions of similar concepts either in academic literature or in patents. Thus, we are likely the inventors of
-this idea and we are fairly sure it is not covered by any patents or other restrictions at this point in time.
-
-Since the concept is primarily attractive for small-scale production and since cheaper mass-production alternatives are
-already commercially available, we have decided against applying for a patent and we wish to make it available to the
-general public without any restrictions on its use. This paper itself is licensed CC-BY-SA (see below). As for the
-inertial HSM concept, we invite you to use it as you wish and to base your own work on our publications without any fees
-or commercial restrictions. Where possible, we ask you to cite this paper and attribute the inertial HSM concept to its
-authors.
-
-\center{
-    \center{\ccbysa}
-
-    \center{This work is licensed under a Creative-Commons ``Attribution-ShareAlike 4.0 International'' license. The
-    full text of the license can be found at:}
-
-    \center{\url{https://creativecommons.org/licenses/by-sa/4.0/}}
-
-    \center{For alternative licensing options, source files, questions or comments please contact the authors.}
-
-    \center{This is version \texttt{\input{version.tex}\unskip} generated on \today. Once the full paper has been
-    published, this project's git repository will be available at:}
-
-    \center{\url{https://git.jaseg.de/rotohsm.git}}
-}
-\end{document}