diff options
author | jaseg <git@jaseg.de> | 2021-07-08 15:08:38 +0200 |
---|---|---|
committer | jaseg <git@jaseg.de> | 2021-07-08 15:08:38 +0200 |
commit | 8a65ead1103fb3ac685cda97a333ec4c46110db5 (patch) | |
tree | 2068d4c2d075212ce01f0c95408664e1cfb90b91 /paper | |
parent | 9370bb733959854ef5e3b30e7056b4f77d24c83c (diff) | |
download | ihsm-8a65ead1103fb3ac685cda97a333ec4c46110db5.tar.gz ihsm-8a65ead1103fb3ac685cda97a333ec4c46110db5.tar.bz2 ihsm-8a65ead1103fb3ac685cda97a333ec4c46110db5.zip |
paper: major review WIP
Diffstat (limited to 'paper')
-rw-r--r-- | paper/ihsm.bib | 40 | ||||
-rw-r--r-- | paper/ihsm_paper.tex | 52 |
2 files changed, 86 insertions, 6 deletions
diff --git a/paper/ihsm.bib b/paper/ihsm.bib index 680c282..ce2a911 100644 --- a/paper/ihsm.bib +++ b/paper/ihsm.bib @@ -360,4 +360,44 @@ urldate = {2021-07-07} } +@WWW{mgchemicals2017, + author = {{{MG Chemicals}}}, + title = {MG Chemicals Specialty Adhesives Catalog}, + date = {2019}, + url = {https://www.mgchemicals.com/downloads/catalogs/Specialty%20Adhesives%20Catalogue%20Web.pdf}, + urldate = {2021-07-08}, +} + +@book{shabany2009, + title = {Heat Transfer: Thermal Management of Electronics}, + author = {Younes Shabany}, + date = {2009}, + publisher = {CRC Press}, + isbn = {9781439814680}, +} + +@book{kordyban1998, + author = {Kordyban, Tony}, + isbn = {978-0791800744}, + publisher = {ASME}, + title = {Hot Air Rises and Heat Sinks: Everything You Know about Cooling Electronics is Wrong}, + year = {1998} +} + +@WWW{obermaier2019, + author = {Johannes Obermaier}, + title = {Physical Unclonable Functions: The Future Technology for Physical Security Enclosures?}, + doi = {https://doi.org/10.5446/43265}, + publisher = {Chaos Computer Club e.V.}, + date = {2019-08-24}, +} + +@WWW{anandtech2015, + author = {Emmanouil D. Fylladitakis}, + title = {Top Tier CPU Air Coolers Q3 2015: 9-Way Roundup Review}, + publisher = {AnandTech}, + url = {https://www.anandtech.com/show/9415/top-tier-cpu-air-coolers-9way-roundup-review/12}, + urldate = {2021-07-08}, +} + @Comment{jabref-meta: databaseType:biblatex;} diff --git a/paper/ihsm_paper.tex b/paper/ihsm_paper.tex index 6beb9a2..2932bd6 100644 --- a/paper/ihsm_paper.tex +++ b/paper/ihsm_paper.tex @@ -352,6 +352,24 @@ Using longitudinal gaps in the mesh, our setup allows direct air cooling of regu powerful processing capabilities that greatly increase the maximum possible power dissipation of the payload. In an evolution of our design, the spinning mesh could even be designed to \emph{be} a cooling fan. +Conventional HSMs are limited by the construction of their security meshes which rely on plastics as their main +structural material. The security mesh has to fit the highest components inside the HSM. Since creating a security mesh +with a non-flat surface is difficult, this means there is an inevitable gap of a few millimeters between the surface of +the payload CPU and the inside surface of the mesh. This distance is added to several millimeters of epoxy resin that +the mesh is embedded inside so as to be hard to remove intact. Overall, this leads to a structure approximately a +centimeter thick that includes several millimeters of poorly thermally conductive epoxy resin~\cite{obermaier2019}. +Even if ``thermally conductive'' resins would be used, thermal conductivity is limited to a fraction of what can be +achieved with a heatsink directly attached to the CPU. A modern high-end CPU heatsink with its fan running has a thermal +resistance from CPU junction to air of around $\SI{0.1}{\kelvin\per\watt}$. If one were to make an HSM's security mesh +out of an average thermally conductive epoxy with thermal conductivity +$k=\SI{1}{\watt\per\meter\kelvin}$~\cite{kordyban1998,shabany2009,mgchemicals2017}, the resulting thermal resistance for +a 5-by-5 centimeter, $\SI{5}{\milli\meter}$ thermal interface alone would $\SI{2}{\kelvin\per\watt}$, a more than +10-fold increase. For an acceptable temperature delta from junction to air of $\SI{60}{\kelvin}$ this yields a maximum +power dissipation of only $\SI{30}{\watt}$ compared to a theoretical $\SI{600}{\watt}$ for a conventional CPU cooler. +Given that for modern high core-count CPUs, power dissipation is mostly linear in core count and for multithreaded +applications performance is mostly linear in core count this severely limits the achievable performance in a +traditional, hermetically sealed HSM. + \subsection{Long-term Operation} Like with other HSMs, practical use may require an IHSM to continuously run for a decade or even longer. As with other @@ -458,15 +476,37 @@ traditional HSM. However, they will either need to perform these attack steps w rotation at high speed or they will first need to defeat the braking sensor. Attacking the IHSM in motion may require specialized mechanical tools, CNC actuators or even a contactless attack using a laser, plasma jet or water jet. +\subsection{Attacks that don't work} + +In the sections below, we will go into detail on such attacks on IHSMs. To put these attack approaches into perspective, +we will start with a brief overview on attacks on conventional HSMs that the IHSM is defended against. +%FIXME \paragraph{...} + +\subsection{Contactless probing of the payload} + +Irrespective of the HSM's technology (conventional or IHSM), there are some types of attack bypassing the HSM's security +mesh that in principle cannot be prevented. One such type are contactless attacks such as electromagnetic (EM) +sidechannel attacks, but attacks through the HSM's application interface such as Ethernet also follow this theme. While +IHSMs allow for the use of off-the-shelf server hardware as their payload, the combination of payload hardware and the +software running on top of this hardware still has to be evaluated for fitness in this particular application. EM +sidechannel attacks can be mitigated by shielding and by designing the IHSM's payload such that critical components such +as CPUs are physically distant to the security mesh, preventing EM probes from being brought close. Conducted EMI +sidechannels that could be used for power analysis can be mitigated by placing filters on the inside of the security +mesh at the point where the power and network connections penetrate the mesh. Attacks through the network interface must +be prevented as in any other networked system by only exposing the minimum necessary amount of API surface to the +outside world, and by carefully vetting this remaining attack surface. + \subsection{The Swivel Chair Attack} \label{sec_swivel_chair_attack} -First we will consider the most basic of all attacks: a human attacker holding a soldering iron trying to rotate -herself along with the mesh using a very fast swivel chair. Let us pessimistically assume that this co-rotating -attacker has their center of mass on the axis of rotation. The attacker's body is likely on the order of -$\SI{200}{\milli\meter}$ wide along its shortest axis, resulting in a minimum radius from axis of rotation to surface of -about $\SI{100}{\milli\meter}$. Wikipedia lists horizontal g forces in the order of $\SI{20}{g}$ as the upper end of the -range tolerable by humans for a duration of seconds or above. We thus set our target acceleration to +If we assume whoever integrates the payload into an IHSM has done adequate work and prevented all contactless attacks, +we are left with attacks that aim at mechanically bypassing the IHSM's security mesh. The first type of attack we will +consider is the most basic of all attacks: a human attacker holding a soldering iron trying to rotate herself along with +the mesh using a very fast swivel chair. Let us pessimistically assume that this co-rotating attacker has their center +of mass on the axis of rotation. The attacker's body is likely on the order of $\SI{200}{\milli\meter}$ wide along its +shortest axis, resulting in a minimum radius from axis of rotation to surface of about $\SI{100}{\milli\meter}$. +Wikipedia lists horizontal g forces in the order of $\SI{20}{g}$ as the upper end of the range tolerable by humans for a +duration of seconds or above. We thus set our target acceleration to $\SI{100}{g}\;\approx\;\SI{1000}{\meter\per\second^2}$, a safety factor of $5$ past that range. Centrifugal acceleration is $a=\omega^2 r$. In our example this results in a minimum angular velocity of $f_\text{min} = \frac{1}{2\pi}\sqrt{\frac{a}{r}} = \frac{1}{2\pi}\sqrt{\frac{\SI{1000}{\meter\per\second^2}}{\SI{100}{\milli\meter}}} |