Add more text, add specimen table

paper.tex

@@ -97,12 +97,11 @@ explosion that the weapon is capable of. This goal is achievable in practice sin
 sensitive to the timing of their primary explosive charges, as the nuclear payload only produces a full-scale detonation
 when triggered in just the right way.
 
-While it is difficult to date, the \todo{FIXME} book by \todo{FIXME} mentions a tamper-sensing membrane being used in US
-PALs. Given the nature of the matter, it is safe to assume that this technology will have been in use for some years at
-the point it was being discussed in an unclassified, civilian book on nuclear armament control.
-
-\paragraph{Use in Nuclear Disarmament Control}
+While it is difficult to date, \textcite{carterManagingNuclearOperations1987} specifically mention a tamper-sensing
+membrane being used in US PALs. Given the nature of the matter, it is safe to assume that this technology will have been
+in use for some years at the point it was being discussed in an unclassified, civilian book on nuclear armament control.
 
+\paragraph{Use in Nuclear Safeguards}
 Besides being used in nuclear weapons, tamper-sensing systems have another, more peaceful application in the nuclear
 field. In 1957, the International Atomic Energy Agency (IAEA) was founded to coordinate and verify that civilian nuclear
 energy installations are not used for military purposes. A core part of the IAEA's tasks is observing the operations at
@@ -114,19 +113,49 @@ its sensors to abuse nuclear material without being noticed. Historically, the I
 extensive use of tamper-indicating enclosures and of seals. In both systems, the approach taken is that the enclosure or
 seal is treated similarly to what these days, in computing we call a Physically Uncloneable Function. The enclosure or
 seal is manufactured in a process that leaves an unpredictable and uncontrollable pattern of manufacturing variations
-such as surface imperfections. Before it is deployed in the field, it is precisely measured from all sides. Later on,
-after field deployment, its integrity can then be checked by comparing its current state to these initial measurements.
-The underlying assumption is that drilling or cutting into something like a steel enclosure will leave detectable
-traces, and that perfectly replicating an object including features such as minute surface imperfections is infeasible
-even to a nation state\cite{iaea2011}.
+such as surface imperfections. A process used in the IAEA is to package devices in aluminium enclosures passivated in a
+brigh color, which leaves a random, microscopic pattern of pits in the surface from the etching step. Before such a
+device is deployed in the field, it is precisely measured from all sides. Later on, after field deployment, its
+integrity can then be checked by comparing its current state to these initial measurements. The underlying assumption is
+that drilling or cutting into something like a steel enclosure will leave detectable traces, and that perfectly
+replicating an object including features such as minute surface imperfections is infeasible even to a nation
+state~\cite{iaea2011}.
 
-With smarter electronics becoming more affordable in both monetary and in power budget, over the decades, active tamper
-sensors have received attention as well. Reportedtly, the IAEA's Electro-Optic Sealing System (EOSS) uses a flexible
-tamper sensing membrane in the same way it is used in hardware security modules to detect attempts at drilling or
-cutting into the system.
-% cite Tolk et al, safeguards past present future
+In IAEA terminology, both tamper detection and tamper evidence are combined into the term ``tamper indication''. The
+IAEA distinguishes between active tamper indication, which we conventionally call tamper detection, and passive tamper
+indication, which we conventionally call tamper evidence. Tamper indicating devices include seals, but also the
+aforementioned uniquely characterizable enclosures, which IAEA terminology calls intrinsically tamper-indicating. An
+example for an active tamper indicating device would be a seismic sensor at the bottom of a borehole that has been
+back-filled with concrete such that any attempt to reach the sensor would be well-visible in the sensor's own
+readings~\cite{simmonsHowInsureThat1988}
+
+With smarter electronics becoming more affordable in both monetary and in power budget, over the decades, other active
+tamper sensors have received attention as well. The IAEA reports on attempts at burying sensors such as piezoelectric
+transducers or optical fibers inside an enclosure's walls to detect tampering, but states that these efforts have not
+yielded practical results primarily due to cost concerns. In contrast to these sensors, the IAEA's Electro-Optic Sealing
+System (EOSS) uses a flexible tamper sensing mesh that contains some sort of conductive traces in the same way it is
+used in contemporary hardware security modules to detect attempts at drilling or cutting into the
+system~\cite{iaea2011,tolkSafeguardsSensorsSystems2007}. Unfortunately, no information on the precise construction of
+the tamper sensing mesh such as materials used or structure sizes are publically available.
 
 \paragraph{Commercial Use}
+Commercially, tamper sensing meshes have entered widespread use beginning around the turn of the millennium, initially
+in then-new HSMs, cryptographic coprocessors primarily aimed at the financial
+industry~\cite{andersonSecurityEngineeringGuide2020}. Today, their use in finance has spread from HSMs in datacenters
+and ATMs to the ATM pin pads themselves, which encrypt the customer's PIN right at the source, as well as in all kinds
+of card payment terminals. We will analyze two such ATM pin pads later in this paper.
+
+HSMs are used for highly sensitive operations even outside of the financial industry, although their adoption is
+hampered by their high cost. Such applications include key management in the TLS certificate infrastructure. In this
+paper, we will analyze a commercial HSM that was used in the key management infrastructure of a premium TV provider.
+
+Beyond finance, tamper-sensing meshes have found applications in a variety of other use cases as well. For instance, we
+have found them being used in mail franking machines to protect the credit counter and franking data, with one such unit
+analyzed in this paper. Furthermore, we have identified at least one model of key safe that in Germany is mounted
+externally on public buildings to provide keys to emergency services, and which includes a tamper sensing mesh on its
+outside-facing wall to detect attempts at drilling into it. Finally, we have found a processing unit used in a series of
+mid-2000s era slot machines in Germany that includes a tamper-sensing mesh, presumably to prevent modification or
+cloning. This device will also be analyzed later in this paper.
 
 \subsection{Security Mesh Manufacturing}
 \subsection{Security Mesh Monitoring}