jaseg/ihsm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Strip down paper for tech report release

Browse source
This commit is contained in:
jaseg 2021-01-05 17:44:03 +01:00
parent a46d649a5b
commit 64c0eb8209
4 changed files with 34 additions and 350 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
doc/quick-tech-report/rotohsm_paper.pdf
View file

Binary file not shown.

16
doc/quick-tech-report/rotohsm_paper.tex
View file

@ -191,14 +191,14 @@ compound that has been loaded with RF-reflective grains. In their concept, the R
transceivers is shaped by the precise three-dimensional distribution of RF-reflective grains within the potting
compound.
We are the the first to propose a mechanically moving HSM security barrier as part of a hardware security module. Most
academic research concentrates on the issue of creating new, more sensitive security barriers for HSMs~\cite{immler2019}
while commercial vendors concentrate on means to cheaply manufacture and certify these security
barriers~\cite{drimer2008}. Our concept instead focuses on the issue of taking any existing, cheap low-performance
security barrier and transforming it into a marginally more expensive but very high-performance one. The closest to a
mechanical HSM that we were able to find during our research is an 1988 patent~\cite{rahman1988} that describes an
mechanism to detect tampering along a communication cable by enclosing the cable inside a conduit filled with
pressurized gas.
To the best of our knowledge, we are the the first to propose a mechanically moving HSM security barrier as part of a
hardware security module. Most academic research concentrates on the issue of creating new, more sensitive security
barriers for HSMs~\cite{immler2019} while commercial vendors concentrate on means to cheaply manufacture and certify
these security barriers~\cite{drimer2008}. Our concept instead focuses on the issue of taking any existing, cheap
low-performance security barrier and transforming it into a marginally more expensive but very high-performance one. The
closest to a mechanical HSM that we were able to find during our research is an 1988 patent~\cite{rahman1988} that
describes an mechanism to detect tampering along a communication cable by enclosing the cable inside a conduit filled
with pressurized gas.
\section{Inertial HSM construction and operation}
\label{sec_ihsm_construction}

BIN
doc/quick-tech-report/rotohsm_tech_report.pdf
View file

Binary file not shown.

368
doc/quick-tech-report/rotohsm_tech_report.tex
View file

@ -73,22 +73,23 @@
\begin{document}
\title{Can't Touch This: Inerial HSMs Thwart Advanced Physical Attacks}
\author{Jan Götte}
\date{2020-09-15}
\title{Tech Report: Inerial HSMs Thwart Advanced Physical Attacks}
\author{Jan Götte <hiig@jaseg.de>, Alexander von Humboldt Institut für Internet und Gesellschaft (HIIG)}
\date{2021-01-05}
\maketitle
\section*{Abstract}
In this paper, we introduce a novel countermeasure against physical attacks: Inertial hardware security modules.
In this tech report, we introduce a novel countermeasure against physical attacks: Inertial hardware security modules.
Conventional systems have in common that they try to detect attacks by crafting sensors responding to increasingly
minute manipulations of the monitored security boundary or volume. Our approach is novel in that we reduce the
sensitivity requirement of security meshes and other sensors and increase the complexity of any manipulations by
rotating the security mesh or sensor at high speed---thereby presenting a moving target to an attacker. Attempts to stop
the rotation are easily monitored with commercial MEMS accelerometers and gyroscopes. Our approach leads to a HSM that
can easily be built from off-the-shelf parts by any university electronics lab, yet offers a level of security that is
comparable to commercial HSMs. By building prototype hardware we have demonstrated solutions to the concept's
engineering challenges.
comparable to commercial HSMs.
This tech report is the abridged version of our forthcoming paper.
\section{Introduction}
@ -125,21 +126,10 @@ inhospitable to human life (see Appendix~\ref{sec_minimum_angular_velocity}). Si
optical attacks are more limited in the first place and can be shielded, we have effectively forced the attacker to use
an attack robot.
This work contains the following contributions:
\begin{enumerate}
\item We present the \emph{Inertial HSM} concept. Inertial HSMs enable cost-effective small-scale production of
highly secure HSMs.
\item We discuss possible boundary sensing modes for inertial HSMs.
\item We explore the design space of our inertial HSM concept.
\item We present our work on a prototype inertial HSM.
% FIXME \item Measurement of the prototype HSM's susceptibility to various types of attack.
\end{enumerate}
In Section~\ref{sec_related_work}, we will give an overview of the state of the art in the physical security of HSMs. On
this basis, in Section~\ref{sec_ihsm_construction} we will elaborate the principles of our inertial HSM approach. We
will analyze its weaknesses in Section~\ref{sec_attacks}. Based on these results we have built a prototype system that
we will illustrate in Section~\ref{sec_proto}. We conclude this paper with a general evaluation of our design in
Section~\ref{sec_conclusion}.
will analyze its weaknesses in Section~\ref{sec_attacks}. We conclude this paper with a general evaluation of our
concept in Section~\ref{sec_conclusion}.
\section{Related work}
\label{sec_related_work}
@ -165,40 +155,14 @@ construction of a flexible mesh wrapped around the module's core. In~\cite{smith
monitors this mesh for short circuits, open circuits and conductivity. The fundamental approach to tamper detection and
construction is similar to other commercial offerings~\cite{obermaier2018,drimer2008,anderson2020,isaacs2013}.
In~\cite{immler2019}, Immler et al. describe a HSM based on precise capacitance measurements of a mesh. In contrast to
traditional meshes, the mesh they use consists of a large number of individual traces (more than 30 in their example).
Their concept promises a very high degree of protection. The main disadvantages of their concept are a limitation in
covered area and component height, as well as the high cost of the advanced analog circuitry required for monitoring. A
core component of their design is that they propose its use as a PUF to allow for protection even when powered off,
similar to a smart card---but the design is not limited to this use.
In~\cite{tobisch2020}, Tobisch et al.\ describe a construction technique for a hardware security module that is based
around commodity Wifi hardware inside a conductive enclosure. In their design, an RF transmitter transmits a reference
signal into the RF cavity formed by the conductive enclosure. One or more receivers listen for the signal's reflections
and use them to characterize the RF cavity w.r.t.\ phase and frequency response. Their fundamental assumption is that
the RF behavior of the cavity is inscrutable from the outside, and that even a small disturbance anywhere within the
volume of the cavity will cause a significant change in its RF response. The core idea in~\cite{tobisch2020} is to use
commodity Wifi hardware to reduce the cost of the HSM's sensing circuitry. The resulting system is likely both much
cheaper and capable of protecting a much larger security envelope than e.g. the design from~\cite{immler2019}, at the
cost of worse and less predictable security guarantees. Where~\cite{tobisch2020} use electromagnetic radiation,
Vrijaldenhoven in~\cite{vrijaldenhoven2004} uses ultrasound waves travelling on a surface acoustic wave (SAW) device to
a similar end.
While~\cite{tobisch2020} approach the sensing frontend cost as their only optimization target, the prior work of Kreft
and Adi~\cite{kreft2012} considers sensing quality. Their target is an HSM that envelopes a volume barely larger than a
single chip. They theorize how an array of distributed RF transceivers can measure the physical properties of a potting
compound that has been loaded with RF-reflective grains. In their concept, the RF response characterized by these
transceivers is shaped by the precise three-dimensional distribution of RF-reflective grains within the potting
compound.
We are the the first to propose a mechanically moving HSM security barrier as part of a hardware security module. Most
academic research concentrates on the issue of creating new, more sensitive security barriers for HSMs~\cite{immler2019}
while commercial vendors concentrate on means to cheaply manufacture and certify these security
barriers~\cite{drimer2008}. Our concept instead focuses on the issue of taking any existing, cheap low-performance
security barrier and transforming it into a marginally more expensive but very high-performance one. The closest to a
mechanical HSM that we were able to find during our research is an 1988 patent~\cite{rahman1988} that describes an
mechanism to detect tampering along a communication cable by enclosing the cable inside a conduit filled with
pressurized gas.
To the best of our knowledge, we are the the first to propose a mechanically moving HSM security barrier as part of a
hardware security module. Most academic research concentrates on the issue of creating new, more sensitive security
barriers for HSMs~\cite{immler2019} while commercial vendors concentrate on means to cheaply manufacture and certify
these security barriers~\cite{drimer2008}. Our concept instead focuses on the issue of taking any existing, cheap
low-performance security barrier and transforming it into a marginally more expensive but very high-performance one. The
closest to a mechanical HSM that we were able to find during our research is an 1988 patent~\cite{rahman1988} that
describes an mechanism to detect tampering along a communication cable by enclosing the cable inside a conduit filled
with pressurized gas.
\section{Inertial HSM construction and operation}
\label{sec_ihsm_construction}
@ -235,16 +199,9 @@ constant.
Large centrifugal acceleration at high speeds poses the engineering challenge of preventing the whole thing from flying
apart, but it also creates an obstacle to any attacker trying to manipulate the sensor. We do not need to move the
entire contents of the HSM. It suffices if we move the tamper detection barrier around a stationary payload. This
reduces the moment of inertia of the moving part and it means we can use cables for payload power and data.
From our back-of-the-envelope calculation in Appendix \ref{sec_minimum_angular_velocity} we conclude that even at
reduces the moment of inertia of the moving part and it means we can use cables for payload power and data. Even at
moderate speeds above $\SI{500}{rpm}$, an attack would have to be carried out using a robot.
In Appendix \ref{sec_degrees_of_freedom} we consider sensor configurations and we conclude that one three-axis
accelerometer each in the rotor and in the stator are a good baseline configuration. In general, the system will be more
sensitive to attacks if we over-determine the system of equations describing its motion by using more sensors than
necessary.
\subsection{Mechanical layout}
Thinking about the concrete construction of our mechanical HSM, the first challenge is mounting both mesh and payload on
@ -271,7 +228,7 @@ On the electrical side, the idea of a security mesh spinning at more than $\SI{5
implementation challenges. Since the spinning mesh must be monitored for breaks or short circuits continuously, we need
both a power supply for the spinning monitoring circuit and a data link to the stator.
We found that a bright lamp shining at a rotating solar panel is a good starting point. In contrast to e.g.\ slip
We think that a bright lamp shining at a rotating solar panel is a good starting point. In contrast to e.g.\ slip
rings, this setup is mechanically durable at high speeds and it also provides reasonable output power (see Appendix
\ref{sec_energy_calculations} for some calculations on power consumption). A battery may not provide a useful lifetime
without power-optimization. Likewise, an energy harvesting setup may not provide enough current to supply peak demand.
@ -282,226 +239,23 @@ winding on the rotor of the BLDC motor driving the spinning mesh. This rotor is
an extra winding is unlikely to increase cost significantly. More traditional inductive power transfer may also be an
option if it can be integrated into the mechanical design.
Besides power, the data link between spinning mesh and payload is critical to the HSM's design. This link is used to
transmit the occassional status report along with a low-latency alarm trigger (``heartbeat'') signal from mesh to payload.
As we will elaborate in Section~\ref{sec_proto} a simple infrared optical link turned out to be a good solution for this
purpose.
\section{Attacks}
\label{sec_attacks}
After outlining the basic mechanical design of an inertial HSM above, in this section we will detail possible ways to
attack it. Fundamentally, attacks on an inertial HSM are the same as those on a traditional HSM since the tamper
detection mesh is the same. Only, in the inertial HSM any attack on the mesh has to be carried out while the mesh is
rotating, which for most types of attack will require some kind of CNC attack robot moving in sync with it.
\subsection{Attacks on the mesh}
There are two locations where one can attack a tamper-detection mesh. On one hand, the mesh itself can be tampered with.
This includes bridging its traces to allow for a hole to be cut. The other option is to tamper with the monitoring
circuit itself to prevent a damaged mesh from triggering an alarm and causing the HSM to erase its
contents~\cite{dexter2015}. Attacks in both locations are electronic attacks, i.e. they require electrical contact to
parts of the circuit. Traditionally, this contact is made by soldering or by placing a probe such as a thin needle. We
consider this contact infeasible to be performed on an object spinning at high speed without a complex setup that
rotates along with the object or that involves ion beams, electron beams or liquids. Thus, we consider them to be
practically infeasible outside of a well-funded, special-purpose laboratory.
\subsection{Attacks on the rotation sensor}
Instead of attacking the mesh in motion, an attacker may also try to first stop the rotor. To succeed, they would need
to fool the rotor's MEMS accelerometer. An electronic attack on the sensor or the monitoring microcontroller would be no
easier than directly bridging the mesh traces.
MEMS accelerometers usually use a cantilever design, where a proof mass moves a cantilever whose precise position can be
measured electronically. A topic of recent academic interest have been acoustic attacks tampering with these
mechanics~\cite{trippel2017}. In the authors' estimate these attacks are too hard to control to be practically useful
against an inertial HSM.
A possible way to attack the accelerometer inside an inertial HSM may be to first decapsulate it using laser ablation
synchronized with the device's rotation. Then, a fast-setting glue such as a cyanoacrylate could be deposited on the
moving MEMS parts, locking them in place. To mitigate this type of attack the accelerometer should be mounted in a
shielded place inside the security envelope. Further, this attack can only work if the rate of rotation and thus the
expected accelerometer readings are constant. If the rate of rotation is set to vary over time this type of attack is
quickly detected. In Appendix \ref{sec_degrees_of_freedom} we outline the constraints on sensor placement.
\subsection{Attacks on the alarm circuitry}
Besides trying to deactivate the tamper detection mesh, an electronic attack could also target the alarm circuitry
inside the stationary payload, or the communication link between rotor and payload. The link can be secured using a
cryptographically secured protocol like one would use for wireless radio links along with a high-frequency heartbeat
message. The alarm circuitry has to be designed such that it is entirely contained within the HSM's security envelope.
Like in conventional HSMs it has to be built to either tolerate or detect environmental attacks such as ones using
temperature, ionizing radiation, lasers, supply voltage variations, ultrasound or other vibration and gases or liquids.
Conventionally, incoming power rails are filtered thoroughly to prevent electrical attacks and other types of attacks
are prevented by sensors that thrigger an alarm.
In an inertial HSM, the mesh monitoring circuit's tamper alarm is transmitted from rotor to stator through a wireless
link. Since an attacker may wirelessly spoof this link, it must be cryptographically secured. It also must be
bidirectional to allow the alarm signal receiver to verify link latency: If it were unidirectional, an attacker could
act as a Man-in-the-Middle and replay the mesh's authenticated ``no alarm'' signal at slightly below real-time speed
(say at $\SI{99}{\percent}$ speed). The receiver would not be able to distinguish between this attack and ordinary
deviations in the transmitter's local clock frequency. Thus, after some time the attacker can simply stop the rotor and
break the mesh while replaying the leftover recorded ``no alarm'' signal. Given the frequency stability of commercial
crystals, this would yield the attacker several seconds of undisturbed attack time per hour of recording time.
\subsection{Fast and violent attacks}
A variation of the above attacks on the alarm circuitry is to simply destroy the part of the HSM that erases data in
response to tampering before it can finish its job. This attack could use a tool such as a large hammer or a gun.
Mitigations for this type of attack include potting the payload inside a mechanically robust enclosure. Additionally,
the integrity of the entire alarm signalling chain can be checked continuously using a cryptographic heartbeat protocol.
A simple active-high or active-low alarm signal as it is used in traditional HSMs cannot be considered fail-safe in this
scenario as such an attack may well short-circuit or break PCB traces.
\section{Prototype implementation}
\label{sec_proto}
After elaborating the design principles of inertial HSMs and researching potential attack vectors we have validated
these theoretical studies by implementing a prototype rotary HSM. The main engineering challenges we solved in our
prototype are:
\begin{enumerate}
\item Fundamental mechanical design suitable for rapid prototyping that can withstand a rotation of $\SI{500}{rpm}$.
\item Automatic generation of security mesh PCB layouts for quick adaption to new form factors.
\item Non-contact power transmission from stator to rotor.
\item Non-contact bidirectional data communication between stator and rotor.
\end{enumerate}
\subsection{Mechanical design}
We sized our prototype to have space for up to two full-size Raspberry Pi boards. Each one of these boards is already
more powerful than an ordinary HSM, but they are small enough to simplify our prototype's design. For low-cost
prototyping we designed our prototype to use printed circuit boards as its main structural material. The interlocking
parts were designed in FreeCAD as shown in Figure \ref{proto_3d_design}. The mechanical designs were exported to KiCAD
for electrical design before being sent to a commercial PCB manufacturer. Rotor and stator are built from interlocking,
soldered PCBs. The components are mounted to a $\SI{6}{\milli\meter}$ brass tube using FDM 3D printed flanges. The rotor
is driven by a small hobby quadcopter motor.
Security is provided by a PCB security mesh enveloping the entire system and extending to within a few millimeters of
the shaft. For security it is not necessary to cover the entire circumference of the module with mesh, so we opted to
use only three narrow longitudinal struts to save weight.
To mount the entire HSM, we chose to use ``2020'' modular aluminium profile.
\begin{figure}
\center
\includegraphics[height=7cm]{proto_3d_design.jpg}
\caption{The 3D CAD design of the prototype.}
\label{proto_3d_design}
\end{figure}
\subsection{PCB security mesh generation}
The security mesh covers a total of five interlocking PCBs. A sixth PCB contains the monitoring circuit and connects to
these mesh PCBs. To allow us to quickly iterate our design without manually re-routing several large security meshes
for every mechanical chage we wrote a plugin for the KiCAD EDA suite that automatically generates parametrized security
meshes. When KiCAD is used in conjunction with FreeCAD through FreeCAD's KiCAD StepUp plugin, this ends up in an
efficient toolchain from mechanical CAD design to security mesh PCB gerber files. The mesh generation plugin can be
found at its website\footnote{\url{https://blog.jaseg.de/posts/kicad-mesh-plugin/}}. The meshes it produces have a
practical level of security in our application.
The mesh generation process starts by overlaying a grid on the target area. It then produces a randomized tree covering
this grid. The individual mesh traces are then traced along a depth-first search through this tree. A visualization of
the steps is shown in Figure \ref{mesh_gen_viz}. A sample of the production results from our prototype is shown in
Figure \ref{mesh_gen_sample}.
\begin{figure}
\center
\includegraphics[width=9cm]{mesh_gen_viz.pdf}
\caption{Overview of the automatic security mesh generation process. 1 - the blob is the example target area. 2 - A
grid is overlayed. 3 - Grid cells outside of the target area are removed. 4 - A random tree covering the remaining
cells is generated. 5 - The mesh traces are traced along a depth-first walk of the tree. 6 - Result.}
\label{mesh_gen_viz}
\end{figure}
\begin{figure}
\center
\includegraphics[width=6cm]{mesh_scan_crop.jpg}
\caption{A section of the security mesh PCB we produced with our toolchain for the prototype HSM.}
\label{mesh_gen_sample}
\end{figure}
\subsection{Data transmission through rotating joint}
With the mesh done, the next engineering challenge was the mesh monitoring data link between rotor and stator. As a
baseline solution, we settled on a $\SI{115}{\kilo\baud}$ UART signal sent through a simple bidirectional infrared link.
In the transmitter, the UART TX line on-off modulates a $\SI{920}{\nano\meter}$ IR LED through a common-emitter driver
transistor. In the receiver, an IR PIN photodiode reverse-biased to $\frac{1}{2}V_\text{CC}$ is connected to a
reasonably wideband transimpedance amplifier (TIA) with a $\SI{100}{\kilo\ohm}$ transimpedance. As shown in Figure
\ref{photolink_schematic}, the output of this TIA is fed through another $G=100$ amplifier whose output is then squared
up by a comparator. We used an \texttt{MCP6494} quad CMOS op-amp. At a specified $\SI{2}{\milli\ampere}$ current
consumption it is within our rotor's power budget, and its Gain Bandwidth Product of $\SI{7.5}{\mega\hertz}$ yields a
useful transimpedance in the photodiode-facing TIA stage.
To reduce the requirements on power transmission to the rotor, we have tried to reduce power consumption of the
rotor-side receiver/transmitter pair trading off stator-side power consumption. One part of this is that we use
a wide-angle photodiode and IR LED on the stator, but use narrow-angle components on the rotor. The two rx/tx pairs are
arranged next to the motor on opposite sides. By placing the narrow-angle rotor rx/tx components on the outside as
shown in Figure \ref{ir_tx_schema}, the motor shields both IR links from crosstalk. The rotor transmitter LED is
driven at $\SI{1}{\milli\ampere}$ while the stator transmitter LED is driven at $\SI{20}{\milli\ampere}$.
\begin{figure}
\center
\includegraphics{ir_tx_schema.pdf}
\caption{Schema of our bidirectional IR communication link between rotor and stator, view along axis of rotation. 1
- Rotor base PCB. 2 - Stator IR link PCB. 3 - Motor. 4 - receiver PIN photodiode. 5 - transmitter IR LED.}
\caption{Example of a bidirectional IR communication link between rotor and stator, view along axis of rotation. 1
- Rotor base plate. 2 - Stator base plate. 3 - Motor. 4 - receiver PIN photodiode. 5 - transmitter IR LED.}
\label{ir_tx_schema}
\end{figure}
\begin{figure}
\center
\includegraphics[width=9cm]{photolink_schematic.pdf}
\caption{Schematic of the IR communication link. Component values are only examples. In particular C2 depends highly
on the photodiode used and stray capacitances due to the component layout.}
\label{photolink_schematic}
\end{figure}
\subsection{Power transmission through rotating joint}
Besides the data link, the other electrical interface we need between rotor and stator is for power transmission. We
power Since this prototype serves only demonstration purposes, we chose to use the simplest possible method of power
transmission: solar cells. We mounted six series-connected solar cells in three commercially available modules on the
circular PCB at the end of our cylindrical rotor. The solar cells direclty feed the rotor's logic supply with buffering
by a large $\SI{33}{\micro\farad}$ ceramic capacitor. With six cells in series, they provide around $\SI{3.0}{\volt}$ at
several tens of $\si{\milli\ampere}$ given sufficient illumination.
For simplicity and weight reduction, at this point we chose to forego large buffer capacitors on the rotor. This means
variations in solar cell illumination directly couple into the microcontroller's supply rail. Initially, we experimented
with regular residential LED light bulbs, but those turned out to have too much flicker and lead to our microcontroller
frequently rebooting. Trials using an incandecent light produced a stable supply, but the large amount of infrared light
emitted by the incandecent light bulb severely disturbed our near-infrared communication link. As a consequence of
this, we settled on a small LED light intended for use as a studio light that provdided us with almost flicker-free
light at lower frequencies, leading to a sufficiently stable microcontroller VCC rail without any disturbance to the IR
link.
\subsection{Evaluation}
After building our prototype inertial HSM according to the design decisions we outlined above, we performed a series of
experiments to validate the critical components of the design.
During these experiments, our prototype performed as intended. Both power and data transmission through the rotating
joint were working reliably. Figure \ref{prototype_early_comms} shows our prototype performing reliably at maximum speed
for the first time. Our improvised IR link is open in both directions for about $\SI{60}{\degree}$ of the rotation,
which allows us to reliably transfer several tens of bytes in each direction during the receivers' fly-by even at high
speed of rotation. As a result of our prototype experiments, we consider a larger-scale implementation of the inertial
HSM concept practical.
\begin{figure}
\center
\includegraphics[width=8cm]{prototype_early_comms_small.jpg}
\caption{The protoype when we first achieved reliable power transfer and bidirectional communication between stator
and rotor. In the picture, the prototype was communicating reliably up to the maximum $\approx\SI{1500}{rpm}$ that
we could get out of its hobby quadcopter parts.}
\label{prototype_early_comms}
\end{figure}
Besides power, the data link between spinning mesh and payload is critical to the HSM's design. This link is used to
transmit the occassional status report along with a low-latency alarm trigger (``heartbeat'') signal from mesh to payload.
A simple infrared optical link as shown in Figure~\ref{ir_tx_schema} may be a good solution for this purpose.
\section{Conclusion}
\label{sec_conclusion} To conclude, in this paper we introduced inertial hardware security modules (iHSMs), a
\label{sec_conclusion} To conclude, in this tech report we introduced inertial hardware security modules (iHSMs), a
novel concept for the construction of highly secure hardware security modules from inexpensive, commonly available
parts. We elaborated the engineering considerations underlying a practical implementation of this concept. We
implemented a prototype demonstrating practical solutions to the significant engineering challenges of this concept. We
analyzed the concept for its security properties and highlighted its ability to significantly strengthen otherwise weak
tamper detection barriers.
parts. We elaborated the engineering considerations underlying a practical implementation of this concept.
Inertial HSMs offer a high level of security beyond what traditional techniques can offer. They allow the construction
of devices secure against a wide range of practical attacks at prototype quantities and without specialized tools. We
@ -509,76 +263,6 @@ hope that this simple construction will stimulate academic research into secure
\printbibliography[heading=bibintoc]
\appendix
\subsection{Spinning mesh energy calculations}
\label{sec_energy_calculations}
Assume that the spinning mesh sensor should send its tamper status to the static monitoring circuit at least once every
$T_\text{tx} = \SI{10}{\milli\second}$. At $\SI{100}{\kilo\baud}$ a transmission of a one-byte message in standard UART
framing would take $\SI{100}{\micro\second}$ and yield an $\SI{1}{\percent}$ duty cycle. If we assume an optical or RF
transmitter that requires $\SI{10}{\milli\ampere}$ of active current, this yields an average operating current of
$\SI{100}{\micro\ampere}$. Reserving another $\SI{100}{\micro\ampere}$ for the monitoring circuit itself we arrive at an
energy consumption of $\SI{1.7}{\ampere\hour\per\year}$.
\subsubsection{Battery power}
\label{sec_energy_calculations_battery}
The annual energy consumption we calculated above is about equivalent to the capacity of a single CR123A
lithium primary cell. Using several such cells or optimizing power consumption would thus easily yield several years of
battery life.
\subsubsection{LED and solar cell}
\label{sec_energy_calculations_led}
Let us assume an LED with a light output of $\SI{1}{W}$ illuminating a small solar cell. Let us pessimistically assume a
$\SI{5}{\percent}$ conversion efficiency in the solar cell. Let us assume that when the rotor is at its optimal
rotational angle, $\SI{20}{\percent}$ of the LED's light output couple into the solar cell. Let us assume that we loose
another $\SI{90}{\percent}$ of light output on average during one rotation when the rotor is in motion. This results in
an energy output from the solar cell of $\SI{1}{\milli\watt}$. Assuming a $\SI{3.3}{\volt}$ supply this yields
$\SI{300}{\micro\ampere}$ for our monitoring circuit. This is enough even with some conversion losses in the step-up
converter boosing the solar cell's $\SI{0.6}{\volt}$ working voltage to the monitoring circuit's supply voltage.
\subsection{Minimum angular velocity: Rotating human attacker}
\label{sec_minimum_angular_velocity}
An attacker might try to rotate along with the HSM to attack the security mesh without triggering the accelerometer. Let
us pessimistically assume that the attacker has the axis of rotation running through their center of mass. The
attacker's body is probably at least $\SI{200}{\milli\meter}$ wide along its shortest axis, resulting in a minimum
radius from axis of rotation to surface of about $\SI{100}{\milli\meter}$. We choose $\SI{250}{\meter\per\second^2}$ as
an arbitrary acceleration well past the range tolerable by humans according to Wikipedia. Centrifugal acceleration is
$a=\omega^2 r$. In our example this results in a minimum angular velocity of $\omega_\text{min} = \sqrt{\frac{a}{r}} =
\sqrt{\frac{\SI{250}{\meter\per\second^2}}{\SI{100}{\milli\meter}}} \approx 8\cdot 2\pi\frac{1}{\si{\second}} \approx 500
\text{rpm}$.
\subsection{Fooling the accelerometer}
\label{sec_degrees_of_freedom}
Let us consider a general inertial HSM with one or more sensors that is attacked by an attacker. In this scenario, it is
reasonable to assume that the rotating parts of the HSM are rigidly coupled to one another and will stay that way: For
the attacker to decouple parts of the HSM (e.g. to remove one of its accelerometers from the PCB), the attacker would
already have to circumvent the rotor's security mesh.
Assuming the HSM is stationary, a sensor on the rotating part will experience two significant accelerations:
\begin{enumerate}
\item Gravity $g = 9.8\frac{m}{s^2}$
\item Centrifugal force $a_C=\omega^2 r$, in the order of $\SI{1000}{\meter\per\second^2}$ or $100 g$ at
$r=\SI{100}{\milli\meter}$ and $\SI{1000}{rpm}$
\end{enumerate}
Due to the vast differences in both radius and angular velocity, we can neglegt any influence of the earth's rotation on
our system.
In normal operation, the HSM is stationary ($\mathbf v=0$) and the HSM's motor is tuned to exactly counter-balance
friction so the rotor's angular velocity remains constant. As a rigid body, the rotor's motion is fully defined by its
rotation and translation. In total, this makes for six degrees of freedom. The three degrees of freedom of linear
translation we can measure directly with an accelerometer in the stationary part on the inside of the HSM. This
accelerometer could detect any rapid acceleration of the HSM's rotor. To measure rotation, we could mount a
gyroscope on the rotor to detect deceleration. The issue with this is that like other MEMS acceleration sensors,
commercial MEMS gyroscopes are vulnerable to drift and an attacker could slowly decelerate the rotor without being
detected.
A linear accelerometer mounted on the rotor however is able to catch even this attack. Subtracting gravity, it could
determine both magnitude and direction of the centrifugal force, which is proportional to the square of angular velocity
and not its derivative.
In summary, a single three-axis accelerometer on the rotor combined with a three-axis accelerometer in the stator would
be a good baseline configuration.
\subsection{Patents and licensing}
During development, we performed several hours of research on prior art for the inertial HSM concept. Yet, we could not