diff options
Diffstat (limited to 'quick-tech-report')
-rw-r--r-- | quick-tech-report/rotohsm_tech_report.tex | 128 |
1 files changed, 121 insertions, 7 deletions
diff --git a/quick-tech-report/rotohsm_tech_report.tex b/quick-tech-report/rotohsm_tech_report.tex index 2de3c29..d2b50ad 100644 --- a/quick-tech-report/rotohsm_tech_report.tex +++ b/quick-tech-report/rotohsm_tech_report.tex @@ -152,7 +152,7 @@ every point in space (or at least inside a boundary region) is covered. While th might still be true this would be based on the fact that the same problem presents itself to an attacker trying to circumvent these measures--degrading their security to simple obscurity again. -\subsection{A new approach to physical security} +\subsection{Inertial HSMs: A new approach to physical security} We are certain that there is still much work to be done and many insights to be gained from further explorations of the two concepts described above. Trivially, consider a box with mirrored walls that, suspended on thin wires, contains a smaller box that has cameras looking outward in all directions at the mirrored walls. Given that the defender @@ -197,10 +197,119 @@ This work contains the following contributions: \section{Related work} % summaries of research papers on HSMs. % I have not found any actual prior art on anything involving mechanical motion beyond ultrasound. +In chapter 18 of the forthcoming 3rd edition of his seminal book on "Security Engineering"\cite{anderson2020}, Ross +Anderson gives a background on physical security in general and on HSMs in particular. As an example he cites the IBM +4758 HSM whose details are laid out in depth in \cite{smith1998}. This HSM is an example of an industry-standard +construction. Though it is now a bit dated, the construction techniques of the physical security mechanisms have not +changed much in the last two decades. Apart from some auxiliary temperature and radiation sensors to guard against +attacks on the built-in SRAM memory the module's main security barrier uses the traditional construction of a flexible +mesh wrapped around the module's core. In \cite{smith1998}, the authors claim the module monitors this mesh for +short circuits, open circuits and conductivity. The fundamental approach to tamper detection and construction is similar +to other commercial offerings\cite{obermaier2018}. + +In \cite{immler2019}, Immler et al. describe a HSM based on precise capacitance measurements of a mesh. In contrast to +traditional meshes, the mesh they use consists of a large number of individual traces (more than 32 in their example). +Their concept promises a very high degree of protection. The main disadvantages of their concept are a limitation in +both covered area and component height, as well as the high cost of the advanced analog circuitry required for +monitoring. A core component of their design is that they propose its use as a PUF to allow for protection even when +powered off, similar to a smart card--but the design is not limited to this use. + +In \cite{tobisch2020}, Tobisch et al.\ describe a construction technique for a hardware security module that is based +around commodity Wifi hardware inside a conductive enclosure. In their design, an RF transmitter transmits a reference +signal into the RF cavity formed by the conductive enclosure. One or more receivers listen for the signal's reflections +and use them to characterize the RF cavity w.r.t.\ phase and frequency response. Their fundamental assumption is that +the RF behavior of the cavity is inscrutable from the outside, and that even a small disturbance anywhere within the +volume of the cavity will cause a significant change in its RF response. The core idea in \cite{tobisch2020} is to use +commodity Wifi hardware to reduce the cost of the HSM's sensing circuitry. The resulting system is likely both much +cheaper and capable of protecting a much larger security envelope than e.g. the design from \cite{immler2019}, at the +cost of worse and less predictable security guarantees. + +While \cite{tobisch2020} approach the sensing frontend cost as their only optimization target, the prior work of Kreft +and Adi\cite{kreft2012} considers sensing quality. Their target is an HSM that envelopes a volume barely larger than a +single chip. They theorize how an array of distributed RF transceivers can measure the physical properties of a potting +compound that has been loaded with RF-reflective grains. In their concept, the RF response characterized by these +transceivers is shaped by the precise three-dimensional distribution of RF-reflective grains within the potting +compound. + +\subsection{Comparison to prior research} + +Our concept is truly novel in that neither academic literature, nor patent databases contain any mention of mechanical +motion being used as part of a hardware security module. Most academic research concentrates on the issue of creating +new, more sensitive security barriers for HSMs while commercial vendors concentrate on means to cheaply manufacture +these security barriers. Our concept instead focuses on the issue of taking any existing, cheap low-performance security +barrier and transforming it into a marginally more expensive but very high-performance one. The closes to a mechanical +HSM that we were able to find during our research is an 1988 patent\cite{rahman1988} that describes an mechanism to +detect tampering along a communication cable by enclosing the cable inside a conduit filled with pressurized gas. + +\section{Intertial HSM construction and operation} +\subsection{Using motion for tamper detection} +Mechanical motion has been proposed as a means of making things harder to see with the human eye\cite{haines2006} but we +seem to be the first to use it in tamper detection. Let us think about how one would go about increasing the security of +a primitive tamper detection sensor. + +\begin{enumerate} + \item We need the sensor's motion to be fairly fast. If any point of the sensor moves slow enough for a human to + follow, it becomes a weak spot. + \item We need the sensor's motion to be periodic to keep it within a reasonable space. Otherwise we could just load + our HSM on an airplane and assume that airplanes are hard to stop non-destructively mid-flight. + \item We need the sensor's motion to be very predictable so that we can detect an attacker trying to stop it. +\end{enumerate} + +From this, we can make a few observations. + +\begin{enumerate} + \item Linear motion is likely to be a poor choice since it requires a large amount of space, and it is comparatively + easy to follow something moving linearly. + \item Oscillatory motion such as linear vibration or a pendulum motion might be a good candidate, but for the + instant at its apex when the vibration reverses direction the object is stationary, which is a weak spot. + \item Rotation is a very good choice. Not only does it not require much space to execute, but also if the axis of + rotation is within the HSM itself, an attacker trying to follow the motion would have to rotate around the same + axis. Since their tangential linear velocity would rise linearly with the radius from the axis of rotation, an + assumption on tolerable centrifugal force allows one to limit the approximate maximum size and mass of an + attacker. For an HSM measuring at most a few tens of centimeters across, it is easy to build something that + rotates too fast for a human to be able to follow it. The axis of rotation is a weak spot, but this can be + alleviated by placing additional internal sensors around it and locating all sensitive parts of the sensing + circuit radially away from it. +\end{enumerate} + +Another important observation is that we do not have to move the entire contents of the HSM. It suffices if we can +somehow move the tamper detection barrier around these contents while keeping the contents stationary. This reduces the +inertial mass of the moving part and eases data communication and power supply of the payload. + +In a rotating reference frame, at any point the centrifugal force is proportional to the square of the angular frequency +and linearly proportional to the distance from the axis of rotation. We can exploit this fact to create a sensor that +detects any disturbance of the rotation by simply placing a linear accelerometer at some distance to the axis of +rotation. During constant rotation, the linear acceleration tangential to the rotation will be zero. The centrifugal +force is orthogonal to this, and will be constant as long as the angular velocity remains constant (assuming a fixed +axis of rotation). At high angular velocities, considerable forces can be created this way. This poses the engineering +challenge of preventing the whole thing from flying apart, but also creates an obstacle to any attacker trying to +manipulate the sensor. + +\subsection{Payload mounting mechanisms} +The simplest way to mount a stationary payload in a rotating security mesh is to drive the rotor through a +hollow axis. This allows the payload to be mounted on a fixed rod threaded through the hollow axis, along with wires for +power and data. + +\subsection{Rotating mesh power supply} +There are several options to transfer power to the rotor from its stationary frame. + +\begin{enumerate} + \item Slip ring contacts are a poor candidate as they are limited in their maximum speed and lifetime, and as + precision mechanical components are expensive. + \item Inductive power transfer as used in inductive charging systems can be used without modification. + \item A second brushless motor on the axis of rotation can be used as a generator, with its axis connected to the + fixed frame and its stator mounted and connected to the rotor. + \item A bright LED along with some small solar cells may be a practical approach for small amounts of energy. + \item For a very low-power security mesh, a battery specified to last for the lifetime of the device may be + practical. +\end{enumerate} + +\subsection{Rotating mesh data communication} +As we discussed above, while slip rings are the obvious choice to couple electrical signals through a rotating joint, +they are likely to be too expensive and have too short a life span for our application. Since the only information that +needs to pass between payload and rotor are the occassional status report and a high-frequency heartbeat signal that +acts as the alarm trigger, a simple optocoupler close to the axis of rotation is a good solution. -\section{The physics of hardware security} -% approaching the issue from measurable quantities -\section{Intertial HSMs} \section{Future work} \subsection{Other modes of movement} \subsection{Multiple axes of rotation} @@ -208,6 +317,12 @@ This work contains the following contributions: \subsection{Other sensing modes} \subsection{Longeivity} +\section{Attacks} +\subsection{Attacks on the rotation sensor} +\subsection{Attacks on the mesh} +\subsection{Attacks on the alarm circuitry} +\subsection{Fast and violent attacks} + \section{Hardware prototype} % FIXME @@ -216,7 +331,7 @@ This work contains the following contributions: \printbibliography[heading=bibintoc] \appendix \section{License} -{\center{ +\center{ \begin{minipage}[t][10cm][b]{\textwidth} \center{\ccbysa} @@ -231,6 +346,5 @@ This work contains the following contributions: \center{\url{https://git.jaseg.de/rotohsm.git}} \end{minipage} -}} - +} \end{document} |