From 16d5cd27c94d163cd38881888784c89123fe6c80 Mon Sep 17 00:00:00 2001 From: jaseg Date: Tue, 27 Oct 2020 16:19:05 +0100 Subject: Update tech report --- doc/quick-tech-report/concept_vis_one_axis.pdf | Bin 0 -> 6623 bytes doc/quick-tech-report/concept_vis_one_axis.svg | 344 +++++++++++++++++++++++++ doc/quick-tech-report/rotohsm_tech_report.tex | 95 +++++-- 3 files changed, 414 insertions(+), 25 deletions(-) create mode 100644 doc/quick-tech-report/concept_vis_one_axis.pdf create mode 100644 doc/quick-tech-report/concept_vis_one_axis.svg diff --git a/doc/quick-tech-report/concept_vis_one_axis.pdf b/doc/quick-tech-report/concept_vis_one_axis.pdf new file mode 100644 index 0000000..ea37280 Binary files /dev/null and b/doc/quick-tech-report/concept_vis_one_axis.pdf differ diff --git a/doc/quick-tech-report/concept_vis_one_axis.svg b/doc/quick-tech-report/concept_vis_one_axis.svg new file mode 100644 index 0000000..f3e909b --- /dev/null +++ b/doc/quick-tech-report/concept_vis_one_axis.svg @@ -0,0 +1,344 @@ + + + + + + + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 5 1 + 3 + 2 + + + + + + + + + + + + 4 + diff --git a/doc/quick-tech-report/rotohsm_tech_report.tex b/doc/quick-tech-report/rotohsm_tech_report.tex index de73cbb..0f8e8d4 100644 --- a/doc/quick-tech-report/rotohsm_tech_report.tex +++ b/doc/quick-tech-report/rotohsm_tech_report.tex @@ -165,9 +165,9 @@ This work contains the following contributions: \begin{enumerate} \item We present the \emph{Inertial HSM} concept. Inertial HSMs enable cost-effective small-scale production of highly secure HSMs. - \item We discuss possible boundary sensing modes for intertial HSMs. + \item We discuss possible boundary sensing modes for inertial HSMs. \item We explore the design space our inertial HSM concept. - % FIXME \item Presentation of a prototype inertial HSM. + \item We present a prototype of an inertial HSM. % FIXME \item Measurement of the prototype HSM's susceptibility to various types of attack. \end{enumerate} @@ -215,11 +215,10 @@ very high-performance one. The closes to a mechanical HSM that we were able to f patent \cite{rahman1988} that describes an mechanism to detect tampering along a communication cable by enclosing the cable inside a conduit filled with pressurized gas. -\section{Intertial HSM construction and operation} +\section{Inertial HSM construction and operation} \subsection{Using motion for tamper detection} Mechanical motion has been proposed as a means of making things harder to see with the human eye\cite{haines2006} but we -seem to be the first to use it in tamper detection. Let us think about how one would go about increasing the security of -a primitive tamper detection sensor. +seem to be the first to use it in tamper detection. Let us think about the constraints of our approach. \begin{enumerate} \item We need the sensor's motion to be fairly fast. If any point of the sensor moves slow enough for a human to @@ -249,6 +248,14 @@ From this, we can make a few observations. power supply of the payload. \end{enumerate} +\begin{figure} + \center + \includegraphics{concept_vis_one_axis.pdf} + \caption{Concept of a simple rotating inertial HSM. 1 - Axis of rotation. 2 - Security mesh. 3 - Payload. 4 - + Accelerometer. 5 - Shaft penetrating security mesh.} + \label{fig_schema_one_axis} +\end{figure} + In a rotating reference frame, at any point the centrifugal force is proportional to the square of the angular frequency and linearly proportional to the distance from the axis of rotation. We can exploit this fact to create a sensor that detects any disturbance of the rotation by simply placing a linear accelerometer at some distance to the axis of @@ -259,11 +266,15 @@ challenge of preventing the whole thing from flying apart, but also creates an o manipulate the sensor. \subsection{Payload mounting mechanisms} -The simplest way to mount a stationary payload in a rotating security mesh is to drive the rotor through a -hollow axis. This allows the payload to be mounted on a fixed rod threaded through the hollow axis, along with wires for -power and data. + +The simplest way to mount a stationary payload in a rotating security mesh is to drive the rotor using a hollow shaft. +This allows the payload to be mounted on a fixed rod threaded through this hollow shaft along with wires for power and +data. The stationary rod and cables on the axis of rotation inside the hollow shaft are a weak spot of the system, but +this weak spot can be alleviated through either careful construction or a second layer of rotating meshes with a +differnt axis of rotation. \subsection{Rotating mesh power supply} + There are several options to transfer power to the rotor from its stationary frame. \begin{enumerate} @@ -272,28 +283,40 @@ There are several options to transfer power to the rotor from its stationary fra \item Inductive power transfer as used in inductive charging systems can be used without modification. \item A second brushless motor on the axis of rotation can be used as a generator, with its axis connected to the fixed frame and its stator mounted and connected to the rotor. - \item A bright LED along with some small solar cells may be a practical approach for small amounts of energy. + \item A bright LED along with some small solar cells may be a practical approach for small amounts of + energy\footnote{See Appendix \ref{sec_energy_calculations} for a back-of-the-envelope calculation}. \item For a very low-power security mesh, a battery specified to last for the lifetime of the device may be - practical. + practical\footnote{See Appendix \ref{sec_energy_calculations}}. \end{enumerate} +\subsection{Payload cooling} + +In boundary-sensing HSMs, cooling of the processor inside is a serious issue since any air +duct or heat pipe would have to penetrate the HSM's sensitive boundary. This problem can be solve by complex and costly +siphon-style constructions, but in commercial systems heat conduction is used exclusively. This severely limiting the +maximum power dissipation of the payload and thus its processing power. In our rotating HSM concept, the rotating mesh +can have longitudindal gaps in the mesh without impeding its function. This allows air to pass through the mesh during +rotation, and one could even integrate a fan into the rotor. This greatly increases the maximum possible power +dissipation of the payload and unlocks much more powerful processing capabilities. + \subsection{Rotating mesh data communication} + As we discussed above, while slip rings are the obvious choice to couple electrical signals through a rotating joint, they are likely to be too expensive and have too short a life span for our application. Since the only information that needs to pass between payload and rotor are the occassional status report and a high-frequency heartbeat signal that acts as the alarm trigger, a simple optocoupler close to the axis of rotation is a good solution. -\section{Future work} -With this paper, we intend to spread the word on our idea. Thus, below we include a selection of the open questions we -are currently working on. If you wish to tackle some of these, please feel free to contact the authors. +\section{Design space exploration} \subsection{Other modes of movement} + Though we decided to use rotation as an easy-to-implement yet secure option, other modes of movement bear promise as well. Particularly for less high-security applications without strict space constraints, a variant based on a pendulum motion may be worth investigating as it would simplify the mechanical construction. Power and data transfer to the moving part could simply be done with very flexible cables. \subsection{Multiple axes of rotation} + One option to alleviate the weak spot a rotating mesh has at its axis of rotation, a system with two or more axes of rotation could be used. A single mesh would still suffice in this case, but when evaluating accelerometer readings, the braking detection algorithm would have to superimpose both. @@ -304,14 +327,6 @@ mounted permanent magnets with a coil integrated into the rotor's PCB as a low-p inefficient, this setup would be low-cost and would still suffice for the meager power requirements of the rotor's monitoring circuitry. -\subsection{Payload cooling} -An issue with existing HSM concepts is that the mesh has to fully envelope the payload, and thus traditional air cooling -or heat pipes cannot be used. Existing systems rely on heat conduction through the mesh alone for cooling, severly -limiting the maximum power dissipation of the payload. In our rotating HSM concept, the rotating mesh can have -longitudindal gaps in the mesh without impeding its function. This allows air to pass through the mesh during rotation, -and a future evolution of the concept could even integrate a fan into the rotating component. This greatly increases the -maximum possible power dissipation of the payload, allowing for much more powerful processing. - \subsection{Other sensing modes} Since the security requirement the primary tamper-detection barrier needs to measure up to are much more lenient in the rotating HSM concept than in traditional HSMs, other coarse sensing modes besides low-tech meshes may be attractive. One @@ -393,6 +408,11 @@ direct access to the accelerometer from the outside and can be prevented by moun security envelope. This attack only works if the rate of rotation is constant and is trivially detectable if the rate of rotation is set to change on a schedule. +\section{Prototype implementation} + +%FIXME +FIXME + \section{Conclusion} In this paper, we have presented inertial hardware security modules, a novel concept for the construction of highly secure hardware security modules from inexpensive, commonly available parts. We have elaborated the engineering @@ -402,7 +422,8 @@ laid out some ideas for future research on the concept, and we will continue our \printbibliography[heading=bibintoc] \appendix -\section{Rotating mesh energy calculations} +\subsection{Rotating mesh energy calculations} +\label{sec_energy_calculations} Assume that the rotating mesh sensor should send its tamper status to the static monitoring circuit at least once every $T_\text{tx} = \SI{10}{\milli\second}$. At $\SI{100}{\kilo\baud}$ a transmission of a single byte in standard UART framing would take $\SI{100}{\micro\second}$ and yield an $\SI{1}{\percent}$ duty cycle. If we assume an optical or RF @@ -410,12 +431,14 @@ transmitter that requires $\SI{10}{\milli\ampere}$ of active current, this yield $\SI{100}{\micro\ampere}$. Reserving another $\SI{100}{\micro\ampere}$ for the monitoring circuit itself we arrive at an energy consumption of $\SI{1.7}{\ampere\hour\per\year}$. -\subsection{Battery power} +\subsubsection{Battery power} +\label{sec_energy_calculations_battery} The annual energy consumption we calculated above is about equivalent to the capacity of a single CR123A lithium primary cell. Using several such cells or optimizing power consumption would thus easily yield several years of battery life. -\subsection{LED and solar cell} +\subsubsection{LED and solar cell} +\label{sec_energy_calculations_led} Let us assume an LED with a light output of $\SI{1}{W}$ illuminating a small solar cell. Let us pessimistically assume a $\SI{5}{\percent}$ conversion efficiency in the solar cell. Let us assume that when the rotor is at its optimal rotational angle, $\SI{20}{\percent}$ of the LED's light output couple into the solar cell. Let us assume that we loose @@ -424,7 +447,29 @@ an energy output from the solar cell of $\SI{1}{\milli\watt}$. Assuming a $\SI{3 $\SI{300}{\micro\ampere}$ for our monitoring circuit. This is enough even with some conversion losses in the step-up converter boosing the solar cell's $\SI{0.6}{\volt}$ working voltage to the monitoring circuit's supply voltage. -\section{Patents and licensing} +\subsection{Minimum angular velocity} + +Let us determine a good target value for our rotating HSM's angular velocity. For simplicity, let us consider two types +of attacker. + +\subsubsection{Rotating human attacker} + +An attacker might try to rotate along with the HSM to attack the security mesh without triggering the accelerometer. Let +us pessimistically assume that the attacker has the axis of rotation running through their center of mass. The +attacker's body is probably at least $\SI{200}{\milli\meter}$ wide along its shortest back-to-chest axis, resulting in a +minimum radius from axis of rotation to surface of about $\SI{100}{\milli\meter}$. We choose +$\SI{250}{\meter\per\second^2}$ as an arbitrary acceleration well past the range tolerable by humans according to +Wikipedia. Centrifugal acceleration is $a=\omega^2 r$. In our example this results in a minimum angular velocity of +$\omega_\text{min} = \sqrt{\frac{a}{r}} = \sqrt{\frac{\SI{250}{\meter\per\second^2}}{\SI{100}{\milli\meter}}} \approx +16\frac{\pi}{\si{\second}} \approx 500 \text{rpm}$. + +\subsubsection{Rotating robot attacker} + +An attacker might try to use a robot to attack the rotating mesh. + +\subsubsection{Fooling the accelerometer} + +\subsection{Patents and licensing} During devlopment, we performed several hours of research on prior art for the inertial HSM concept. Yet, we could not find any mentions of similar concepts either in academic literature or in patents. Thus, we deem ourselves to be the inventors of this idea and we are fairly sure it is not covered by any patents or other restrictions at this point in -- cgit