diff options
Diffstat (limited to 'quick-tech-report')
-rw-r--r-- | quick-tech-report/rotohsm.bib | 75 | ||||
-rw-r--r-- | quick-tech-report/rotohsm_tech_report.tex | 123 |
2 files changed, 191 insertions, 7 deletions
diff --git a/quick-tech-report/rotohsm.bib b/quick-tech-report/rotohsm.bib new file mode 100644 index 0000000..3270c13 --- /dev/null +++ b/quick-tech-report/rotohsm.bib @@ -0,0 +1,75 @@ +% Encoding: UTF-8
+
+@Book{anderson2020,
+ author = {Ross Anderson},
+ date = {2020-09-16},
+ title = {Security Engineering},
+}
+
+@TechReport{smith1998,
+ author = {Sean Smith and Steve Weingart},
+ date = {1998-02-19},
+ institution = {IBM T.J. Watson Research Center},
+ title = {Building a High-Performance, ProgrammableSecure Coprocessor},
+ url = {ftp://www6.software.ibm.com/software/cryptocards/rc21102.pdf},
+ urldate = {2020-09-16},
+}
+
+@Article{immler2019,
+ author = {Vincent Immler and Johannes Obermaier and Kuan Kuan Ng and Fei Xiang Ke and Jin Yu Lee and Yak Peng Lim and Wei Koon Oh and Keng Hoong Wee and Georg Sigl},
+ date = {2019},
+ journaltitle = {IACR Transactions on Cryptographic Hardware and Embedded Systems},
+ title = {Secure Physical Enclosures from Coverswith Tamper-Resistance},
+ doi = {https://doi.org/10.13154/tches.v2019.i1.51-96},
+ issn = {2569-2925},
+ url = {https://tches.iacr.org/index.php/TCHES/article/view/7334/6506},
+ urldate = {2020-09-16},
+}
+
+@Article{obermaier2018,
+ author = {Johannes Obermaier and Vincent Immler},
+ date = {2018},
+ journaltitle = {Journal of Hardware and Systems Security},
+ title = {The Past, Present, and Future of Physical Security Enclosures: From Battery-Backed Monitoring to PUF-Based Inherent Security and Beyond},
+ doi = {10.1007/s41635-018-0045-2},
+ issn = {2509-3428},
+ pages = {289-296},
+ volume = {2},
+ year = {2018},
+}
+
+@Article{tobisch2020,
+ author = {Johannes Tobisch and Christian Zenger and Christof Paar},
+ date = {2020-03-13},
+ journaltitle = {TRUDEVICE 2020: 9th Workshop on Trustworthy Manufacturing and Utilization of Secure Devices},
+ title = {Electromagnetic Enclosure PUF for TamperProofing Commodity Hardware and otherApplications},
+ url = {https://www.emsec.ruhr-uni-bochum.de/media/crypto/veroeffentlichungen/2020/05/13/trudevice_submission_enclosure_puf.pdf},
+ urldate = {2020-09-17},
+}
+
+@Article{kreft2012,
+ author = {Heinz Kreft and Wael Adi},
+ date = {2012},
+ journaltitle = {2012 NASA/ESA Conference on Adaptive Hardware and Systems (AHS)},
+ title = {Cocoon-PUF, a novel mechatronic secure element technology},
+ doi = {10.1109/ahs.2012.6268655},
+ year = {2012},
+}
+
+@Patent{rahman1988,
+ author = {Mujib Rahman},
+ date = {1988-03-10},
+ number = {US4859024A},
+ title = {Optical fiber cable with tampering detecting means},
+}
+
+@WWW{haines2006,
+ author = {Lester Haines},
+ editor = {The Register},
+ date = {2006-09-25},
+ title = {US outfit patents 'invisible' UAV: Stealth through persistence of vision},
+ url = {https://www.theregister.com/2006/09/25/phantom_sentinel/},
+ urldate = {2020-09-17},
+}
+
+@Comment{jabref-meta: databaseType:biblatex;}
diff --git a/quick-tech-report/rotohsm_tech_report.tex b/quick-tech-report/rotohsm_tech_report.tex index d2b50ad..41938f7 100644 --- a/quick-tech-report/rotohsm_tech_report.tex +++ b/quick-tech-report/rotohsm_tech_report.tex @@ -311,28 +311,138 @@ needs to pass between payload and rotor are the occassional status report and a acts as the alarm trigger, a simple optocoupler close to the axis of rotation is a good solution. \section{Future work} +With this paper, we intend to spread the word on our idea. Thus, below we include a selection of the open questions we +are currently working on. If you wish to tackle some of these, please feel free to contact the authors. + \subsection{Other modes of movement} +Though we decided to use rotation as an easy-to-implement yet secure option, other modes of movement bear promise as +well. Particularly for less high-security applications without strict space constraints, a variant based on a pendulum +motion may be worth investigating as it would simplify the mechanical construction. Power and data transfer to the +moving part could simply be done with very flexible cables. + \subsection{Multiple axes of rotation} +One option to alleviate the weak spot a rotating mesh has at its axis of rotation, a system with two or more axes of +rotation could be used. A single mesh would still suffice in this case, but when evaluating accelerometer readings, the +braking detection algorithm would have to superimpose both. + \subsection{Means of power transmission} +Power transmission from payload to rotor is another point worth investigating. It may be possible to use some statically +mounted permanent magnets with a coil integrated into the rotor's PCB as a low-power generator. While likely +inefficient, this setup would be low-cost and would still suffice for the meager power requirements of the rotor's +monitoring circuitry. + +\subsection{Payload cooling} +An issue with existing HSM concepts is that the mesh has to fully envelope the payload, and thus traditional air cooling +or heat pipes cannot be used. Existing systems rely on heat conduction through the mesh alone for cooling, severly +limiting the maximum power dissipation of the payload. In our rotating HSM concept, the rotating mesh can have radial +gaps in the mesh without impeding its function. This allows air to pass through the mesh during rotation, and a future +evolution of the concept could even integrate a fan into the rotating component. This greatly increases the maximum +possible power dissipation of the payload, allowing for much more powerful processing. + \subsection{Other sensing modes} -\subsection{Longeivity} +Since the security requirement the primary tamper-detection barrier needs to measure up to are much more lenient in the +rotating HSM concept than in traditional HSMs, other coarse sensing modes besides low-tech meshes may be attractive. One +possibility that would also eliminate the need of any active circuitry on the rotor would be to print the inside of the +rotor with a pattern, then have a linear array of reflective optical sensors located close to the rotor along a +longitudinal line. These sensors would observe the printed pattern passing by at high speed, and could compare their +measurements against a model of the rotor. Tampering by drilling holes or slots would show up as adding an offset to +part or all of the pattern. Likewise, the speed of rotation can be deducted directly from a sequence of measurements. + +\subsection{Longevity} +A core issue with a mechanical HSM is component longevity. Save for dust and debris clogging up the system's mechanics +the primary failure point are the bearings. A good partner for further development or even commercialization might be a +manufacturer of industrial ducted fans as they are used e.g.\ in servers for cooling. Small industrial fans usually use +BLDC motors and bearings specially optimized for longevity. + +\subsection{Transportation of an active device} +A rotating mass responds to torque not co-linear with its axis of rotation with a gyroscopic precession force. In +practice, this means that moving a device containing a spun-up rotating HSM on its inside might induce significant +forces on both the HSM (posing the danger of false alarms) and on the carrier of the device (potentially making handling +challenging). This effect would have to be taken into account in a real-world deployment, especially if the finished +device is to be shipped by post or courier services after spin-up. + +\subsection{Hardware prototype} +We are currently working on a hardware prototype that demonstrates the fundamental components of our concept. The +prototype will be based on a security mesh made with a commercial printed circuit board manufacturing process. In our +prototype we intend to use two commercially available hollow-shaft brushless DC (BLDC) motors originally intended for +quadcopter-mounted camera gimbals, one for driving and one for power transfer. The prototype will have a usable internal +volume sufficient to house a small form factor PC ($\approx\SI{2}{\liter}$). \section{Attacks} -\subsection{Attacks on the rotation sensor} \subsection{Attacks on the mesh} +There are two locations where one can attack a tamper-detection mesh. Either, the mesh itself can be tampered with. This +includes bridging its traces to allow for a hole to be cut. The other option is to tamper with the monitoring circuit +itself, to prevent a damaged mesh from triggering an alarm and causing the HSM to erase its contents. Attacks in both +locations are electronic attacks, i.e. they require electrical contact to parts of the circuit. Traditionally, this +contact is made by soldering, or by placing a probe such as a thin needle. Any kind of electrical contact that does not +involve an electron or ion beam or a liquid requires mechanical contact. We consider none of these forms feasible to be +performed on an object rotating at high speed without a complex setup that rotates along with the object. Thus, we +consider them to be practically infeasible outside of a well-funded, special-purpose laboratory. + \subsection{Attacks on the alarm circuitry} +An electronic attack could also target the alarm circuitry inside the stationary payload, or the communication link +between rotor and payload. The link can easily be proofed by using a cryptographically secured protocol along with a +high-frequency heartbeat message. The alarm circuitry has to be designed such that it is entirely contained within the +HSM's security envelope and has to tolerate environmental attacks such as through temperature, ionizing radiation, +lasers, supply voltage variations, ultrasound or other vibration and gases or liquids. The easiest way to proof an alarm +system against these is to employ adequate filtering of the incoming power supply and use sensors for the others, +triggering an alarm in case extraordinary environmental variations are detected. + \subsection{Fast and violent attacks} +A variation of the above attacks on the alarm circuitry would be an attack that attempts to simply destroy this +circuitry before the alarm can be acted upon. This type of attack might involve things such as a large hammer, or a gun. +Mitigations for this type of attack include putting the entire payload and monitoring circuit in a mechanically robust +enclosure and potting them, and linking all components of the alarm chain in such a way cryptographically and on a +protocol level that the destruction of any of its parts leads to the secrets being destroyed before an attack would be +able to probe them. An implication of this is that the electrical realization of the alarm signal up to its eventual +destination cannot be a simple active-high or active-low line, since neither can be considered fail-safe in this +scenario. -\section{Hardware prototype} -% FIXME +\subsection{Attacks on the rotation sensor} +An attacker trying to stop the rotor to tamper with the mesh may first try to deceive the rotation monitoring circuit +such that it misses the rotor being stopped. In a realization based on a commercial MEMS accelerometer, this attack +could take two forms: An electronic attack on the MEMS sensor, the monitoring microcontroller or the link in between, +and a physical attack on the MEMS sensor itself. The former would be no easier than an electronic attack that attempts +to bridge the mesh traces at the monitoring microcontroller. Thus, we consider it not to be practically feasible outside +of a laboratory built especially for this purpose. + +There are several options for the latter attack. A recent paper %FIXME +has shown that accelerometers respond to certain ultrasonic stimuli with bogus measurements. Since this primitive does +not, however, yield accurate control over these bogus measurements, we deem it to be impractical for our scenario. +Another possible attack scenario would be to somehow stop the rotating motion while subjecting the HSM to an external +linear motion. Given the low error margins in the measurements of commercial accelerometers we consider this attack +infeasible. A last type of attack might be to try to physically tamper with the accelerometer's sensing mechanism. MEMS +accelerometers usually use a simple cantilever design, where a proof mass moves a cantilever whose precise position can +be measured electronically. A possible way to attack such a device might be to first decapsulate it using laser ablation +synchronized with the device's rotation. Then, a fast-setting glue such as a cyanoacrylate could be deposited on the +moving MEMS parts in either liquid or gaseous form, locking them in place after hardening. This attack would require +direct access to the accelerometer from the outside and can be prevented by mounting the accelerometer inside the +security envelope. This attack only works if the rate of rotation is constant and is trivially detectable if the rate of +rotation is set to change on a schedule. \section{Conclusion} +In this paper, we have presented inertial hardware security modules, a novel concept for the construction of highly +secure hardware security modules from inexpensive, commonly available parts. We have elaborated the engineering +considerations underlying a practical implementation of this concept. We have analyzed the concept for its security +properties and highlighted its ability to significantly strengthen otherwise weak tamper detection barriers. We have +laid out some ideas for future research on the concept, and we will continue our own research on the topic. \printbibliography[heading=bibintoc] \appendix -\section{License} +\section{Patents and licensing} +During devlopment, we performed several hours of research on prior art for the inertial HSM concept. Yet, we could not +find any mentions of similar concepts either in academic literature or in patents. Thus, we deem ourselves to be the +inventors of this idea and we are fairly sure it is not covered by any patents or other restrictions at this point in +time. + +Since the concept is primarily attractive for small-scale production and since cheaper mass-production alternatives are +already commercially available, we have decided against applying for a patent and we wish to make it available to the +general public without any restrictions on its use. This paper itself is licensed CC-BY-SA (see below). As for the +inertial HSM concept, we invite you to use it as you wish and to base your own work on our publications without any fees +or commercial restrictions. Where possible, we ask you to cite this paper and attribute the inertial HSM concept to its +authors. + \center{ -\begin{minipage}[t][10cm][b]{\textwidth} \center{\ccbysa} \center{This work is licensed under a Creative-Commons ``Attribution-ShareAlike 4.0 International'' license. The @@ -345,6 +455,5 @@ acts as the alarm trigger, a simple optocoupler close to the axis of rotation is \center{This is version \texttt{\input{version.tex}\unskip} generated on \today. The git repository can be found at:} \center{\url{https://git.jaseg.de/rotohsm.git}} -\end{minipage} } \end{document} |