From 869a304aad504f54c64a8c52acd7e095deea0dfa Mon Sep 17 00:00:00 2001 From: jaseg Date: Fri, 18 Sep 2020 12:59:08 +0200 Subject: Finish first rough draft --- quick-tech-report/rotohsm_tech_report.tex | 123 ++++++++++++++++++++++++++++-- 1 file changed, 116 insertions(+), 7 deletions(-) (limited to 'quick-tech-report/rotohsm_tech_report.tex') diff --git a/quick-tech-report/rotohsm_tech_report.tex b/quick-tech-report/rotohsm_tech_report.tex index d2b50ad..41938f7 100644 --- a/quick-tech-report/rotohsm_tech_report.tex +++ b/quick-tech-report/rotohsm_tech_report.tex @@ -311,28 +311,138 @@ needs to pass between payload and rotor are the occassional status report and a acts as the alarm trigger, a simple optocoupler close to the axis of rotation is a good solution. \section{Future work} +With this paper, we intend to spread the word on our idea. Thus, below we include a selection of the open questions we +are currently working on. If you wish to tackle some of these, please feel free to contact the authors. + \subsection{Other modes of movement} +Though we decided to use rotation as an easy-to-implement yet secure option, other modes of movement bear promise as +well. Particularly for less high-security applications without strict space constraints, a variant based on a pendulum +motion may be worth investigating as it would simplify the mechanical construction. Power and data transfer to the +moving part could simply be done with very flexible cables. + \subsection{Multiple axes of rotation} +One option to alleviate the weak spot a rotating mesh has at its axis of rotation, a system with two or more axes of +rotation could be used. A single mesh would still suffice in this case, but when evaluating accelerometer readings, the +braking detection algorithm would have to superimpose both. + \subsection{Means of power transmission} +Power transmission from payload to rotor is another point worth investigating. It may be possible to use some statically +mounted permanent magnets with a coil integrated into the rotor's PCB as a low-power generator. While likely +inefficient, this setup would be low-cost and would still suffice for the meager power requirements of the rotor's +monitoring circuitry. + +\subsection{Payload cooling} +An issue with existing HSM concepts is that the mesh has to fully envelope the payload, and thus traditional air cooling +or heat pipes cannot be used. Existing systems rely on heat conduction through the mesh alone for cooling, severly +limiting the maximum power dissipation of the payload. In our rotating HSM concept, the rotating mesh can have radial +gaps in the mesh without impeding its function. This allows air to pass through the mesh during rotation, and a future +evolution of the concept could even integrate a fan into the rotating component. This greatly increases the maximum +possible power dissipation of the payload, allowing for much more powerful processing. + \subsection{Other sensing modes} -\subsection{Longeivity} +Since the security requirement the primary tamper-detection barrier needs to measure up to are much more lenient in the +rotating HSM concept than in traditional HSMs, other coarse sensing modes besides low-tech meshes may be attractive. One +possibility that would also eliminate the need of any active circuitry on the rotor would be to print the inside of the +rotor with a pattern, then have a linear array of reflective optical sensors located close to the rotor along a +longitudinal line. These sensors would observe the printed pattern passing by at high speed, and could compare their +measurements against a model of the rotor. Tampering by drilling holes or slots would show up as adding an offset to +part or all of the pattern. Likewise, the speed of rotation can be deducted directly from a sequence of measurements. + +\subsection{Longevity} +A core issue with a mechanical HSM is component longevity. Save for dust and debris clogging up the system's mechanics +the primary failure point are the bearings. A good partner for further development or even commercialization might be a +manufacturer of industrial ducted fans as they are used e.g.\ in servers for cooling. Small industrial fans usually use +BLDC motors and bearings specially optimized for longevity. + +\subsection{Transportation of an active device} +A rotating mass responds to torque not co-linear with its axis of rotation with a gyroscopic precession force. In +practice, this means that moving a device containing a spun-up rotating HSM on its inside might induce significant +forces on both the HSM (posing the danger of false alarms) and on the carrier of the device (potentially making handling +challenging). This effect would have to be taken into account in a real-world deployment, especially if the finished +device is to be shipped by post or courier services after spin-up. + +\subsection{Hardware prototype} +We are currently working on a hardware prototype that demonstrates the fundamental components of our concept. The +prototype will be based on a security mesh made with a commercial printed circuit board manufacturing process. In our +prototype we intend to use two commercially available hollow-shaft brushless DC (BLDC) motors originally intended for +quadcopter-mounted camera gimbals, one for driving and one for power transfer. The prototype will have a usable internal +volume sufficient to house a small form factor PC ($\approx\SI{2}{\liter}$). \section{Attacks} -\subsection{Attacks on the rotation sensor} \subsection{Attacks on the mesh} +There are two locations where one can attack a tamper-detection mesh. Either, the mesh itself can be tampered with. This +includes bridging its traces to allow for a hole to be cut. The other option is to tamper with the monitoring circuit +itself, to prevent a damaged mesh from triggering an alarm and causing the HSM to erase its contents. Attacks in both +locations are electronic attacks, i.e. they require electrical contact to parts of the circuit. Traditionally, this +contact is made by soldering, or by placing a probe such as a thin needle. Any kind of electrical contact that does not +involve an electron or ion beam or a liquid requires mechanical contact. We consider none of these forms feasible to be +performed on an object rotating at high speed without a complex setup that rotates along with the object. Thus, we +consider them to be practically infeasible outside of a well-funded, special-purpose laboratory. + \subsection{Attacks on the alarm circuitry} +An electronic attack could also target the alarm circuitry inside the stationary payload, or the communication link +between rotor and payload. The link can easily be proofed by using a cryptographically secured protocol along with a +high-frequency heartbeat message. The alarm circuitry has to be designed such that it is entirely contained within the +HSM's security envelope and has to tolerate environmental attacks such as through temperature, ionizing radiation, +lasers, supply voltage variations, ultrasound or other vibration and gases or liquids. The easiest way to proof an alarm +system against these is to employ adequate filtering of the incoming power supply and use sensors for the others, +triggering an alarm in case extraordinary environmental variations are detected. + \subsection{Fast and violent attacks} +A variation of the above attacks on the alarm circuitry would be an attack that attempts to simply destroy this +circuitry before the alarm can be acted upon. This type of attack might involve things such as a large hammer, or a gun. +Mitigations for this type of attack include putting the entire payload and monitoring circuit in a mechanically robust +enclosure and potting them, and linking all components of the alarm chain in such a way cryptographically and on a +protocol level that the destruction of any of its parts leads to the secrets being destroyed before an attack would be +able to probe them. An implication of this is that the electrical realization of the alarm signal up to its eventual +destination cannot be a simple active-high or active-low line, since neither can be considered fail-safe in this +scenario. -\section{Hardware prototype} -% FIXME +\subsection{Attacks on the rotation sensor} +An attacker trying to stop the rotor to tamper with the mesh may first try to deceive the rotation monitoring circuit +such that it misses the rotor being stopped. In a realization based on a commercial MEMS accelerometer, this attack +could take two forms: An electronic attack on the MEMS sensor, the monitoring microcontroller or the link in between, +and a physical attack on the MEMS sensor itself. The former would be no easier than an electronic attack that attempts +to bridge the mesh traces at the monitoring microcontroller. Thus, we consider it not to be practically feasible outside +of a laboratory built especially for this purpose. + +There are several options for the latter attack. A recent paper %FIXME +has shown that accelerometers respond to certain ultrasonic stimuli with bogus measurements. Since this primitive does +not, however, yield accurate control over these bogus measurements, we deem it to be impractical for our scenario. +Another possible attack scenario would be to somehow stop the rotating motion while subjecting the HSM to an external +linear motion. Given the low error margins in the measurements of commercial accelerometers we consider this attack +infeasible. A last type of attack might be to try to physically tamper with the accelerometer's sensing mechanism. MEMS +accelerometers usually use a simple cantilever design, where a proof mass moves a cantilever whose precise position can +be measured electronically. A possible way to attack such a device might be to first decapsulate it using laser ablation +synchronized with the device's rotation. Then, a fast-setting glue such as a cyanoacrylate could be deposited on the +moving MEMS parts in either liquid or gaseous form, locking them in place after hardening. This attack would require +direct access to the accelerometer from the outside and can be prevented by mounting the accelerometer inside the +security envelope. This attack only works if the rate of rotation is constant and is trivially detectable if the rate of +rotation is set to change on a schedule. \section{Conclusion} +In this paper, we have presented inertial hardware security modules, a novel concept for the construction of highly +secure hardware security modules from inexpensive, commonly available parts. We have elaborated the engineering +considerations underlying a practical implementation of this concept. We have analyzed the concept for its security +properties and highlighted its ability to significantly strengthen otherwise weak tamper detection barriers. We have +laid out some ideas for future research on the concept, and we will continue our own research on the topic. \printbibliography[heading=bibintoc] \appendix -\section{License} +\section{Patents and licensing} +During devlopment, we performed several hours of research on prior art for the inertial HSM concept. Yet, we could not +find any mentions of similar concepts either in academic literature or in patents. Thus, we deem ourselves to be the +inventors of this idea and we are fairly sure it is not covered by any patents or other restrictions at this point in +time. + +Since the concept is primarily attractive for small-scale production and since cheaper mass-production alternatives are +already commercially available, we have decided against applying for a patent and we wish to make it available to the +general public without any restrictions on its use. This paper itself is licensed CC-BY-SA (see below). As for the +inertial HSM concept, we invite you to use it as you wish and to base your own work on our publications without any fees +or commercial restrictions. Where possible, we ask you to cite this paper and attribute the inertial HSM concept to its +authors. + \center{ -\begin{minipage}[t][10cm][b]{\textwidth} \center{\ccbysa} \center{This work is licensed under a Creative-Commons ``Attribution-ShareAlike 4.0 International'' license. The @@ -345,6 +455,5 @@ acts as the alarm trigger, a simple optocoupler close to the axis of rotation is \center{This is version \texttt{\input{version.tex}\unskip} generated on \today. The git repository can be found at:} \center{\url{https://git.jaseg.de/rotohsm.git}} -\end{minipage} } \end{document} -- cgit