Finish first rough draft

1 files changed, 116 insertions, 7 deletions

diff --git a/quick-tech-report/rotohsm_tech_report.tex b/quick-tech-report/rotohsm_tech_report.tex
index d2b50ad..41938f7 100644
--- a/quick-tech-report/rotohsm_tech_report.tex
+++ b/quick-tech-report/rotohsm_tech_report.tex
@@ -311,28 +311,138 @@ needs to pass between payload and rotor are the occassional status report and a
 acts as the alarm trigger, a simple optocoupler close to the axis of rotation is a good solution.
 
 \section{Future work}
+With this paper, we intend to spread the word on our idea. Thus, below we include a selection of the open questions we
+are currently working on. If you wish to tackle some of these, please feel free to contact the authors.
+
 \subsection{Other modes of movement}
+Though we decided to use rotation as an easy-to-implement yet secure option, other modes of movement bear promise as
+well. Particularly for less high-security applications without strict space constraints, a variant based on a pendulum
+motion may be worth investigating as it would simplify the mechanical construction. Power and data transfer to the
+moving part could simply be done with very flexible cables.
+
 \subsection{Multiple axes of rotation}
+One option to alleviate the weak spot a rotating mesh has at its axis of rotation, a system with two or more axes of
+rotation could be used. A single mesh would still suffice in this case, but when evaluating accelerometer readings, the
+braking detection algorithm would have to superimpose both.
+
 \subsection{Means of power transmission}
+Power transmission from payload to rotor is another point worth investigating. It may be possible to use some statically
+mounted permanent magnets with a coil integrated into the rotor's PCB as a low-power generator. While likely
+inefficient, this setup would be low-cost and would still suffice for the meager power requirements of the rotor's
+monitoring circuitry.
+
+\subsection{Payload cooling}
+An issue with existing HSM concepts is that the mesh has to fully envelope the payload, and thus traditional air cooling
+or heat pipes cannot be used. Existing systems rely on heat conduction through the mesh alone for cooling, severly
+limiting the maximum power dissipation of the payload. In our rotating HSM concept, the rotating mesh can have radial
+gaps in the mesh without impeding its function. This allows air to pass through the mesh during rotation, and a future
+evolution of the concept could even integrate a fan into the rotating component. This greatly increases the maximum
+possible power dissipation of the payload, allowing for much more powerful processing.
+
 \subsection{Other sensing modes}
-\subsection{Longeivity}
+Since the security requirement the primary tamper-detection barrier needs to measure up to are much more lenient in the
+rotating HSM concept than in traditional HSMs, other coarse sensing modes besides low-tech meshes may be attractive. One
+possibility that would also eliminate the need of any active circuitry on the rotor would be to print the inside of the
+rotor with a pattern, then have a linear array of reflective optical sensors located close to the rotor along a
+longitudinal line. These sensors would observe the printed pattern passing by at high speed, and could compare their
+measurements against a model of the rotor. Tampering by drilling holes or slots would show up as adding an offset to
+part or all of the pattern. Likewise, the speed of rotation can be deducted directly from a sequence of measurements.
+
+\subsection{Longevity}
+A core issue with a mechanical HSM is component longevity. Save for dust and debris clogging up the system's mechanics
+the primary failure point are the bearings. A good partner for further development or even commercialization might be a
+manufacturer of industrial ducted fans as they are used e.g.\ in servers for cooling. Small industrial fans usually use
+BLDC motors and bearings specially optimized for longevity.
+
+\subsection{Transportation of an active device}
+A rotating mass responds to torque not co-linear with its axis of rotation with a gyroscopic precession force. In
+practice, this means that moving a device containing a spun-up rotating HSM on its inside might induce significant
+forces on both the HSM (posing the danger of false alarms) and on the carrier of the device (potentially making handling
+challenging). This effect would have to be taken into account in a real-world deployment, especially if the finished
+device is to be shipped by post or courier services after spin-up.
+
+\subsection{Hardware prototype}
+We are currently working on a hardware prototype that demonstrates the fundamental components of our concept. The
+prototype will be based on a security mesh made with a commercial printed circuit board manufacturing process. In our
+prototype we intend to use two commercially available hollow-shaft brushless DC (BLDC) motors originally intended for
+quadcopter-mounted camera gimbals, one for driving and one for power transfer. The prototype will have a usable internal
+volume sufficient to house a small form factor PC ($\approx\SI{2}{\liter}$).
 
 \section{Attacks}
-\subsection{Attacks on the rotation sensor}
 \subsection{Attacks on the mesh}
+There are two locations where one can attack a tamper-detection mesh. Either, the mesh itself can be tampered with. This
+includes bridging its traces to allow for a hole to be cut. The other option is to tamper with the monitoring circuit
+itself, to prevent a damaged mesh from triggering an alarm and causing the HSM to erase its contents. Attacks in both
+locations are electronic attacks, i.e. they require electrical contact to parts of the circuit. Traditionally, this
+contact is made by soldering, or by placing a probe such as a thin needle. Any kind of electrical contact that does not
+involve an electron or ion beam or a liquid requires mechanical contact. We consider none of these forms feasible to be
+performed on an object rotating at high speed without a complex setup that rotates along with the object. Thus, we
+consider them to be practically infeasible outside of a well-funded, special-purpose laboratory.
+
 \subsection{Attacks on the alarm circuitry}
+An electronic attack could also target the alarm circuitry inside the stationary payload, or the communication link
+between rotor and payload. The link can easily be proofed by using a cryptographically secured protocol along with a
+high-frequency heartbeat message. The alarm circuitry has to be designed such that it is entirely contained within the
+HSM's security envelope and has to tolerate environmental attacks such as through temperature, ionizing radiation,
+lasers, supply voltage variations, ultrasound or other vibration and gases or liquids. The easiest way to proof an alarm
+system against these is to employ adequate filtering of the incoming power supply and use sensors for the others,
+triggering an alarm in case extraordinary environmental variations are detected.
+
 \subsection{Fast and violent attacks}
+A variation of the above attacks on the alarm circuitry would be an attack that attempts to simply destroy this
+circuitry before the alarm can be acted upon. This type of attack might involve things such as a large hammer, or a gun.
+Mitigations for this type of attack include putting the entire payload and monitoring circuit in a mechanically robust
+enclosure and potting them, and linking all components of the alarm chain in such a way cryptographically and on a
+protocol level that the destruction of any of its parts leads to the secrets being destroyed before an attack would be
+able to probe them. An implication of this is that the electrical realization of the alarm signal up to its eventual
+destination cannot be a simple active-high or active-low line, since neither can be considered fail-safe in this
+scenario.
 
-\section{Hardware prototype}
-% FIXME
+\subsection{Attacks on the rotation sensor}
+An attacker trying to stop the rotor to tamper with the mesh may first try to deceive the rotation monitoring circuit
+such that it misses the rotor being stopped. In a realization based on a commercial MEMS accelerometer, this attack
+could take two forms: An electronic attack on the MEMS sensor, the monitoring microcontroller or the link in between,
+and a physical attack on the MEMS sensor itself. The former would be no easier than an electronic attack that attempts
+to bridge the mesh traces at the monitoring microcontroller. Thus, we consider it not to be practically feasible outside
+of a laboratory built especially for this purpose.
+
+There are several options for the latter attack. A recent paper %FIXME
+has shown that accelerometers respond to certain ultrasonic stimuli with bogus measurements. Since this primitive does
+not, however, yield accurate control over these bogus measurements, we deem it to be impractical for our scenario.
+Another possible attack scenario would be to somehow stop the rotating motion while subjecting the HSM to an external
+linear motion. Given the low error margins in the measurements of commercial accelerometers we consider this attack
+infeasible. A last type of attack might be to try to physically tamper with the accelerometer's sensing mechanism. MEMS
+accelerometers usually use a simple cantilever design, where a proof mass moves a cantilever whose precise position can
+be measured electronically. A possible way to attack such a device might be to first decapsulate it using laser ablation
+synchronized with the device's rotation. Then, a fast-setting glue such as a cyanoacrylate could be deposited on the
+moving MEMS parts in either liquid or gaseous form, locking them in place after hardening. This attack would require
+direct access to the accelerometer from the outside and can be prevented by mounting the accelerometer inside the
+security envelope. This attack only works if the rate of rotation is constant and is trivially detectable if the rate of
+rotation is set to change on a schedule.
 
 \section{Conclusion}
+In this paper, we have presented inertial hardware security modules, a novel concept for the construction of highly
+secure hardware security modules from inexpensive, commonly available parts. We have elaborated the engineering
+considerations underlying a practical implementation of this concept. We have analyzed the concept for its security
+properties and highlighted its ability to significantly strengthen otherwise weak tamper detection barriers. We have
+laid out some ideas for future research on the concept, and we will continue our own research on the topic.
 
 \printbibliography[heading=bibintoc]
 \appendix
-\section{License}
+\section{Patents and licensing}
+During devlopment, we performed several hours of research on prior art for the inertial HSM concept. Yet, we could not
+find any mentions of similar concepts either in academic literature or in patents. Thus, we deem ourselves to be the
+inventors of this idea and we are fairly sure it is not covered by any patents or other restrictions at this point in
+time.
+
+Since the concept is primarily attractive for small-scale production and since cheaper mass-production alternatives are
+already commercially available, we have decided against applying for a patent and we wish to make it available to the
+general public without any restrictions on its use. This paper itself is licensed CC-BY-SA (see below). As for the
+inertial HSM concept, we invite you to use it as you wish and to base your own work on our publications without any fees
+or commercial restrictions. Where possible, we ask you to cite this paper and attribute the inertial HSM concept to its
+authors.
+
 \center{
-\begin{minipage}[t][10cm][b]{\textwidth}
     \center{\ccbysa}
 
     \center{This work is licensed under a Creative-Commons ``Attribution-ShareAlike 4.0 International'' license. The
@@ -345,6 +455,5 @@ acts as the alarm trigger, a simple optocoupler close to the axis of rotation is
     \center{This is version \texttt{\input{version.tex}\unskip} generated on \today. The git repository can be found at:}
 
     \center{\url{https://git.jaseg.de/rotohsm.git}}
-\end{minipage}
 }
 \end{document}