Improve section transitions
This commit is contained in:
jaseg
parent
1bd8ebc041
commit
92f646fbf3
1 changed files with 112 additions and 96 deletions
|
|
@ -146,6 +146,9 @@ Section~\ref{sec_conclusion}.
|
|||
% summaries of research papers on HSMs. I have not found any actual prior art on anything involving mechanical motion
|
||||
% beyond ultrasound.
|
||||
|
||||
In this section, we will briefly explore the history of HSMs and the state of academic research on active tamper
|
||||
detection.
|
||||
|
||||
HSMs are an old technology tracing back decades in their electronic realization. Today's common approach of monitoring
|
||||
meandering electrical traces on a fragile foil that is wrapped around the HSM essentially transforms the security
|
||||
problem into the challenge to manufacture very fine electrical traces on a flexible foil~\cite{isaacs2013, immler2019,
|
||||
|
|
@ -188,7 +191,7 @@ compound that has been loaded with RF-reflective grains. In their concept, the R
|
|||
transceivers is shaped by the precise three-dimensional distribution of RF-reflective grains within the potting
|
||||
compound.
|
||||
|
||||
Our concept is novel in that mechanical motion has not been proposed before as part of a hardware security module. Most
|
||||
We are the the first to propose a mechanically moving HSM security barrier as part of a hardware security module. Most
|
||||
academic research concentrates on the issue of creating new, more sensitive security barriers for HSMs~\cite{immler2019}
|
||||
while commercial vendors concentrate on means to cheaply manufacture and certify these security
|
||||
barriers~\cite{drimer2008}. Our concept instead focuses on the issue of taking any existing, cheap low-performance
|
||||
|
|
@ -244,38 +247,40 @@ necessary.
|
|||
|
||||
\subsection{Mechanical layout}
|
||||
|
||||
The simplest way to mount a stationary payload in a spinning security mesh is to use a hollow shaft. The payload can be
|
||||
mounted on a fixed rod threaded through this hollow shaft along with wires for power and data. The shaft is a weak spot
|
||||
of the system, but this weak spot can be alleviated through either careful construction or a second layer of rotating
|
||||
meshes with a different axis of rotation. Configurations that do not use a hollow-shaft motor are possible, but may
|
||||
require additional bearings to keep the stator from vibrating.
|
||||
Thinking about the concrete construction of our mechanical HSM, the first challenge is mounting both mesh and payload on
|
||||
a single shaft. The simplest way we found to mount a stationary payload inside of a spinning security mesh is a hollow
|
||||
shaft. The payload can be mounted on a fixed rod threaded through this hollow shaft along with wires for power and
|
||||
data. The shaft is a weak spot of the system, but this weak spot can be alleviated through either careful construction
|
||||
or a second layer of rotating meshes with a different axis of rotation. Configurations that do not use a hollow-shaft
|
||||
motor are possible, but may require additional bearings to keep the stator from vibrating.
|
||||
|
||||
The spinning mesh must be designed to cover the entire surface of the payload during one revolution. Still, it can be
|
||||
designed with longitudinal gaps to allow outside air to flow through to the payload. In boundary-sensing HSMs, cooling
|
||||
of the processor inside is a serious issue since any air duct or heat pipe would have to penetrate the HSM's security
|
||||
boundary. This problem can only be solved with complex and costly siphon-style constructions, so in commercial systems
|
||||
heat conduction is used exclusively~\cite{isaacs2013}. This limits the maximum power dissipation of the payload and thus
|
||||
its processing power. Our setup allows direct air cooling, which increases the maximum possible power dissipation of
|
||||
the payload and unlocks much more powerful processing capabilities. Instead of gaps one could even integrate an actual
|
||||
fan into the rotor.
|
||||
The next design choice we have to make is the physical structure of the security mesh. The spinning mesh must be
|
||||
designed to cover the entire surface of the payload, but compared to a traditional HSM it suffices if it sweeps over
|
||||
every part of the payload once per rotation. This means we can design longitudinal gaps into the mesh that allow outside
|
||||
air to flow through to the payload. In traditional boundary-sensing HSMs, cooling of the payload processor is a serious
|
||||
issue since any air duct or heat pipe would have to penetrate the HSM's security boundary. This problem can only be
|
||||
solved with complex and costly siphon-style constructions, so in commercial systems heat conduction is used
|
||||
exclusively~\cite{isaacs2013}. This limits the maximum power dissipation of the payload and thus its processing power.
|
||||
Our setup allows direct air cooling of regular heatsinks. This greatly increases the maximum possible power dissipation
|
||||
of the payload and unlocks much more powerful processing capabilities. In an evolution of our design, the spinning mesh
|
||||
could even be designed to *be* a cooling fan.
|
||||
|
||||
\subsection{Spinning mesh power and data transmission}
|
||||
|
||||
The basic concept of a security mesh spinning at more than $\SI{500}{rpm}$ around a payload leaves us with a few
|
||||
On the electrical side, the idea of a security mesh spinning at more than $\SI{500}{rpm}$ leaves us with a few
|
||||
implementation challenges. Since the spinning mesh must be monitored for breaks or short circuits continuously, we need
|
||||
both a power supply for the spinning monitoring circuit and a data link back to the stator.
|
||||
both a power supply for the spinning monitoring circuit and a data link to the stator.
|
||||
|
||||
A good starting point for power transfer is a simple setup of a stationary bright lamp shining at a rotating solar
|
||||
panel. In contrast to e.g.\ slip rings, this setup is mechanically durable at high speeds and it also provides
|
||||
reasonable output power (see Appendix \ref{sec_energy_calculations} for some calculations on power consumption). A
|
||||
battery may not provide a useful lifetime without power-optimization. Likewise, an energy harvesting setup may not
|
||||
provide enough current to supply peak demand.
|
||||
We found that a bright lamp shining at a rotating solar panel is a good starting point. In contrast to e.g.\ slip
|
||||
rings, this setup is mechanically durable at high speeds and it also provides reasonable output power (see Appendix
|
||||
\ref{sec_energy_calculations} for some calculations on power consumption). A battery may not provide a useful lifetime
|
||||
without power-optimization. Likewise, an energy harvesting setup may not provide enough current to supply peak demand.
|
||||
|
||||
Since the monitoring circuit uses little current, power transfer efficiency is not important. On the other hand, cost
|
||||
may be a concern in a production device. Here it may prove worthwhile to replace the solar cell setup with an extra
|
||||
windings on the rotor of the BLDC motor driving the spinning mesh. This rotor is likely to be a custom part, so adding
|
||||
these windings is unlikely to increase cost significantly. Inductive power transfer may also be an option given that one
|
||||
can integrate it into the mechanical design.
|
||||
winding on the rotor of the BLDC motor driving the spinning mesh. This rotor is likely to be a custom part, so adding
|
||||
an extra winding is unlikely to increase cost significantly. More traditional inductive power transfer may also be an
|
||||
option if it can be integrated into the mechanical design.
|
||||
|
||||
Besides power, the data link between spinning mesh and payload is critical to the HSM's design. This link is used to
|
||||
transmit the occassional status report along with a low-latency alarm trigger (``heartbeat'') signal from mesh to payload.
|
||||
|
|
@ -286,76 +291,79 @@ purpose.
|
|||
\label{sec_attacks}
|
||||
|
||||
After outlining the basic mechanical design of an inertial HSM above, in this section we will detail possible ways to
|
||||
attack it. Fundamentally, attacks on an inertial HSM are the same as those on a traditional HSM, since the tamper
|
||||
detection mesh is the same. Only in the inertial HSM any attack on the mesh has to be carried out while the mesh is
|
||||
rotating, which for most types of attack will require a CNC attack robot moving in sync with it. In comparison to
|
||||
traditional designs, the data link between mesh and payload is an additional weak spot in the rotating desing. If it is
|
||||
optical, non-contact attacks are possible.
|
||||
attack it. Fundamentally, attacks on an inertial HSM are the same as those on a traditional HSM since the tamper
|
||||
detection mesh is the same. Only, in the inertial HSM any attack on the mesh has to be carried out while the mesh is
|
||||
rotating, which for most types of attack will require some kind of CNC attack robot moving in sync with it.
|
||||
|
||||
\subsection{Attacks on the mesh}
|
||||
|
||||
There are two locations where one can attack a tamper-detection mesh. On one hand, the mesh itself can be tampered with.
|
||||
This includes bridging its traces to allow for a hole to be cut. The other option is to tamper with the monitoring
|
||||
circuit itself, to prevent a damaged mesh from triggering an alarm and causing the HSM to erase its
|
||||
circuit itself to prevent a damaged mesh from triggering an alarm and causing the HSM to erase its
|
||||
contents~\cite{dexter2015}. Attacks in both locations are electronic attacks, i.e. they require electrical contact to
|
||||
parts of the circuit. Traditionally, this contact is made by soldering or by placing a probe such as a thin needle. We
|
||||
consider this contact infeasible to be performed on an object spinning at high speed without a complex setup that
|
||||
rotates along with the object or that involves ion beams, electron beams or liquids. Thus, we consider them to be
|
||||
practically infeasible outside of a well-funded, special-purpose laboratory.
|
||||
|
||||
\subsection{Attacks on the rotation sensor}
|
||||
|
||||
Instead of attacking the mesh in motion, an attacker may also try to first stop the rotor. To succeed, they would need
|
||||
to fool the rotor's MEMS accelerometer. An electronic attack on the sensor or the monitoring microcontroller would be no
|
||||
easier than directly bridging the mesh traces.
|
||||
|
||||
MEMS accelerometers usually use a cantilever design, where a proof mass moves a cantilever whose precise position can be
|
||||
measured electronically. A topic of recent academic interest have been acoustic attacks tampering with these
|
||||
mechanics~\cite{trippel2017}. In the authors' estimate these attacks are too hard to control to be practically useful
|
||||
against an inertial HSM.
|
||||
|
||||
A possible way to attack the accelerometer inside an inertial HSM may be to first decapsulate it using laser ablation
|
||||
synchronized with the device's rotation. Then, a fast-setting glue such as a cyanoacrylate could be deposited on the
|
||||
moving MEMS parts, locking them in place. To mitigate this type of attack the accelerometer should be mounted in a
|
||||
shielded place inside the security envelope. Further, this attack can only work if the rate of rotation and thus the
|
||||
expected accelerometer readings are constant. If the rate of rotation is set to vary over time this type of attack is
|
||||
quickly detected. In Appendix \ref{sec_degrees_of_freedom} we outline the constraints on sensor placement.
|
||||
|
||||
\subsection{Attacks on the alarm circuitry}
|
||||
|
||||
An electronic attack could also target the alarm circuitry inside the stationary payload, or the communication link
|
||||
between rotor and payload. The link can easily be proofed by using a cryptographically secured protocol along with a
|
||||
high-frequency heartbeat message. The alarm circuitry has to be designed such that it is entirely contained within the
|
||||
HSM's security envelope and has to tolerate environmental attacks such as ones using temperature, ionizing radiation,
|
||||
lasers, supply voltage variations, ultrasound or other vibration and gases or liquids. The easiest way to proof an alarm
|
||||
system against these is to employ adequate filtering of the incoming power supply and use sensors for the others,
|
||||
triggering an alarm in case extraordinary environmental variations are detected.
|
||||
Besides trying to deactivate the tamper detection mesh, an electronic attack could also target the alarm circuitry
|
||||
inside the stationary payload, or the communication link between rotor and payload. The link can be secured using a
|
||||
cryptographically secured protocol like one would use for wireless radio links along with a high-frequency heartbeat
|
||||
message. The alarm circuitry has to be designed such that it is entirely contained within the HSM's security envelope.
|
||||
Like in conventional HSMs it has to be built to either tolerate or detect environmental attacks such as ones using
|
||||
temperature, ionizing radiation, lasers, supply voltage variations, ultrasound or other vibration and gases or liquids.
|
||||
Conventionally, incoming power rails are filtered thoroughly to prevent electrical attacks and other types of attacks
|
||||
are prevented by sensors that thrigger an alarm.
|
||||
|
||||
If the alarm link between rotor and stator uses a spoofable interface such as an optical link, this link must be
|
||||
cryptographically verified. It also must be bidirectional to allow the alarm signal receiver to verify link latency. In
|
||||
a purely unidirectional spoofable link, an attacker could record the authenticated ``no alarm'' signal from the
|
||||
transmitter while simultaneously replaying it just slightly slower (say at $\SI{99}{\percent}$ speed) to the receiver.
|
||||
The receiver would not be able to distinguish between this attack and ordinary deviations in the transmitter's local
|
||||
clock frequency. However, the attacker can at any point simply stop the rotor and replay the leftover recorded ``no
|
||||
alarm'' signal. Given the frequency stability of commercial crystals, this would allow for an attack duration of several
|
||||
seconds per hour of recording time.
|
||||
In an inertial HSM, the mesh monitoring circuit's tamper alarm is transmitted from rotor to stator through a wireless
|
||||
link. Since an attacker may wirelessly spoof this link, it must be cryptographically secured. It also must be
|
||||
bidirectional to allow the alarm signal receiver to verify link latency: If it were unidirectional, an attacker could
|
||||
act as a Man-in-the-Middle and replay the mesh's authenticated ``no alarm'' signal at slightly below real-time speed
|
||||
(say at $\SI{99}{\percent}$ speed). The receiver would not be able to distinguish between this attack and ordinary
|
||||
deviations in the transmitter's local clock frequency. Thus, after some time the attacker can simply stop the rotor and
|
||||
break the mesh while replaying the leftover recorded ``no alarm'' signal. Given the frequency stability of commercial
|
||||
crystals, this would yield the attacker several seconds of undisturbed attack time per hour of recording time.
|
||||
|
||||
\subsection{Fast and violent attacks}
|
||||
|
||||
A variation of the above attacks on the alarm circuitry would be an attack that
|
||||
attempts to simply destroy this circuitry before the alarm can be acted upon using a tool like a large hammer or a gun.
|
||||
Mitigations for this type of attack include potting the payload inside a mechanically robust enclosure. The alarm
|
||||
signalling chain's integrity can be checked continuously using a cryptographic heartbeat protocol. A simple active-high
|
||||
or active-low alarm signal cannot be considered fail-safe in this scenario.
|
||||
|
||||
\subsection{Attacks on the rotation sensor}
|
||||
|
||||
An attacker may try to stop the rotor before tampering with the mesh. To succeed, they would need to fool the rotor's
|
||||
MEMS accelerometer. An electronic attack on the sensor or the monitoring microcontroller would be no easier than
|
||||
directly bridging the mesh traces. Physical attacks on the accelerometer are possible~\cite{trippel2017}, but in the
|
||||
authors' estimate are too hard to control to be practically useful.
|
||||
|
||||
A last type of attack might be to try to physically tamper with the accelerometer's sensing mechanism. MEMS
|
||||
accelerometers usually use a cantilever design, where a proof mass moves a cantilever whose precise position can be
|
||||
measured electronically. A possible way to attack such a device might be to first decapsulate it using laser ablation
|
||||
synchronized with the device's rotation. Then, a fast-setting glue such as a cyanoacrylate could be deposited on the
|
||||
moving MEMS parts, locking them in place. This attack would require direct access to the accelerometer from the outside
|
||||
and can be prevented by mounting the accelerometer in a shielded place inside the security envelope. This attack can
|
||||
only work if the rate of rotation and thus the accelerometer's readings are constant. If the rate of rotation is set to
|
||||
change on a schedule, this type of attack can be detected easily. In Appendix \ref{sec_degrees_of_freedom} we outline
|
||||
the constraints on sensor placement.
|
||||
A variation of the above attacks on the alarm circuitry is to simply destroy the part of the HSM that erases data in
|
||||
response to tampering before it can finish its job. This attack could use a tool such as a large hammer or a gun.
|
||||
Mitigations for this type of attack include potting the payload inside a mechanically robust enclosure. Additionally,
|
||||
the integrity of the entire alarm signalling chain can be checked continuously using a cryptographic heartbeat protocol.
|
||||
A simple active-high or active-low alarm signal as it is used in traditional HSMs cannot be considered fail-safe in this
|
||||
scenario as such an attack may well short-circuit or break PCB traces.
|
||||
|
||||
\section{Prototype implementation}
|
||||
\label{sec_proto}
|
||||
|
||||
To validate our theoretical design, we implemented a prototype rotary HSM. The main engineering challenges we solved in
|
||||
our prototype are:
|
||||
After elaborating the design principles of inertial HSMs and researching potential attack vectors we have validated
|
||||
these theoretical studies by implementing a prototype rotary HSM. The main engineering challenges we solved in our
|
||||
prototype are:
|
||||
|
||||
\begin{enumerate}
|
||||
\item Fundamental mechanical design suitable for rapid prototyping that can withstand a rotation of $\SI{500}{rpm}$.
|
||||
\item Automatic generation of security mesh PCB layouts for quick adaption to new form factors.
|
||||
\item Non-contact power transmission to rotor.
|
||||
\item Non-contact power transmission from stator to rotor.
|
||||
\item Non-contact bidirectional data communication between stator and rotor.
|
||||
\end{enumerate}
|
||||
|
||||
|
|
@ -384,16 +392,18 @@ To mount the entire HSM, we chose to use ``2020'' modular aluminium profile.
|
|||
|
||||
\subsection{PCB security mesh generation}
|
||||
|
||||
To allow a quick iteration of our design while producing results with a realistic level of security, we wrote a plugin
|
||||
for the KiCAD EDA suite that automatically generates parametrized security meshes. When KiCAD is used in conjunction
|
||||
with FreeCAD through FreeCAD's KiCAD StepUp plugin, this ends up in an efficient toolchain from mechanical CAD design to
|
||||
security mesh PCB gerber files. The mesh generation plugin can be found at its
|
||||
website\footnote{\url{https://blog.jaseg.de/posts/kicad-mesh-plugin/}}.
|
||||
The security mesh covers a total of five interlocking PCBs. A sixth PCB contains the monitoring circuit and connects to
|
||||
these mesh PCBs. To allow us to quickly iterate our design without manually re-routing several large security meshes
|
||||
for every mechanical chage we wrote a plugin for the KiCAD EDA suite that automatically generates parametrized security
|
||||
meshes. When KiCAD is used in conjunction with FreeCAD through FreeCAD's KiCAD StepUp plugin, this ends up in an
|
||||
efficient toolchain from mechanical CAD design to security mesh PCB gerber files. The mesh generation plugin can be
|
||||
found at its website\footnote{\url{https://blog.jaseg.de/posts/kicad-mesh-plugin/}}. The meshes it produces have a
|
||||
practical level of security in our application.
|
||||
|
||||
Our mesh generation plugin overlays a grid on the target area and then produces a randomized tree covering this grid.
|
||||
The individual mesh traces are then traced along a depth-first search through this tree. A visualization of the steps is
|
||||
shown in Figure \ref{mesh_gen_viz}. A sample of the production results from our prototype is shown in Figure
|
||||
\ref{mesh_gen_sample}.
|
||||
The mesh generation process starts by overlaying a grid on the target area. It then produces a randomized tree covering
|
||||
this grid. The individual mesh traces are then traced along a depth-first search through this tree. A visualization of
|
||||
the steps is shown in Figure \ref{mesh_gen_viz}. A sample of the production results from our prototype is shown in
|
||||
Figure \ref{mesh_gen_sample}.
|
||||
|
||||
\begin{figure}
|
||||
\center
|
||||
|
|
@ -413,14 +423,15 @@ shown in Figure \ref{mesh_gen_viz}. A sample of the production results from our
|
|||
|
||||
\subsection{Data transmission through rotating joint}
|
||||
|
||||
As a baseline solution for data transmission, we settled on a $\SI{115}{\kilo\baud}$ UART signal sent through a simple
|
||||
bidirectional infrared link. In the transmitter, the UART TX line on-off modulates a $\SI{920}{\nano\meter}$ IR LED
|
||||
through a common-emitter driver transistor. In the receiver, an IR PIN photodiode reverse-biased to
|
||||
$\frac{1}{2}V_\text{CC}$ is connected to a reasonably wideband transimpedance amplifier (TIA) with a
|
||||
$\SI{100}{\kilo\ohm}$ transimpedance. As shown in Figure \ref{photolink_schematic}, the output of this TIA is fed
|
||||
through another $G=100$ amplifier whose output is then squared up by a comparator. We used an \texttt{MCP6494} quad
|
||||
CMOS op-amp. At a specified $\SI{2}{\milli\ampere}$ current consumption it is within our rotor's power budget, and its
|
||||
Gain Bandwidth Product of $\SI{7.5}{\mega\hertz}$ yields a useful transimpedance in the photodiode-facing TIA stage.
|
||||
With the mesh done, the next engineering challenge was the mesh monitoring data link between rotor and stator. As a
|
||||
baseline solution, we settled on a $\SI{115}{\kilo\baud}$ UART signal sent through a simple bidirectional infrared link.
|
||||
In the transmitter, the UART TX line on-off modulates a $\SI{920}{\nano\meter}$ IR LED through a common-emitter driver
|
||||
transistor. In the receiver, an IR PIN photodiode reverse-biased to $\frac{1}{2}V_\text{CC}$ is connected to a
|
||||
reasonably wideband transimpedance amplifier (TIA) with a $\SI{100}{\kilo\ohm}$ transimpedance. As shown in Figure
|
||||
\ref{photolink_schematic}, the output of this TIA is fed through another $G=100$ amplifier whose output is then squared
|
||||
up by a comparator. We used an \texttt{MCP6494} quad CMOS op-amp. At a specified $\SI{2}{\milli\ampere}$ current
|
||||
consumption it is within our rotor's power budget, and its Gain Bandwidth Product of $\SI{7.5}{\mega\hertz}$ yields a
|
||||
useful transimpedance in the photodiode-facing TIA stage.
|
||||
|
||||
To reduce the requirements on power transmission to the rotor, we have tried to reduce power consumption of the
|
||||
rotor-side receiver/transmitter pair trading off stator-side power consumption. One part of this is that we use
|
||||
|
|
@ -446,8 +457,8 @@ driven at $\SI{1}{\milli\ampere}$ while the stator transmitter LED is driven at
|
|||
\end{figure}
|
||||
|
||||
\subsection{Power transmission through rotating joint}
|
||||
|
||||
Since this prototype serves only demonstration purposes, we chose to use the simplest possible method of power
|
||||
Besides the data link, the other electrical interface we need between rotor and stator is for power transmission. We
|
||||
power Since this prototype serves only demonstration purposes, we chose to use the simplest possible method of power
|
||||
transmission: solar cells. We mounted six series-connected solar cells in three commercially available modules on the
|
||||
circular PCB at the end of our cylindrical rotor. The solar cells direclty feed the rotor's logic supply with buffering
|
||||
by a large $\SI{33}{\micro\farad}$ ceramic capacitor. With six cells in series, they provide around $\SI{3.0}{\volt}$ at
|
||||
|
|
@ -464,12 +475,15 @@ link.
|
|||
|
||||
\subsection{Evaluation}
|
||||
|
||||
During experiments, our prototype performed as intended. After some experimentation, we got both power and data
|
||||
transmission through the rotating joint working reliably. Figure \ref{prototype_early_comms} shows our prototype
|
||||
performing reliably at maximum speed for the first time. Our improvised IR link is open in both directions for about
|
||||
$\SI{60}{\degree}$ of the rotation, which allows us to reliably transfer several tens of bytes in each direction during
|
||||
each receiver's fly-by even at high speed of rotation. As a result of our prototype experiments, we consider a
|
||||
larger-scale implementation of the inertial HSM concept practical.
|
||||
After building our prototype inertial HSM according to the design decisions we outlined above, we performed a series of
|
||||
experiments to validate the critical components of the design.
|
||||
|
||||
During these experiments, our prototype performed as intended. Both power and data transmission through the rotating
|
||||
joint were working reliably. Figure \ref{prototype_early_comms} shows our prototype performing reliably at maximum speed
|
||||
for the first time. Our improvised IR link is open in both directions for about $\SI{60}{\degree}$ of the rotation,
|
||||
which allows us to reliably transfer several tens of bytes in each direction during the receivers' fly-by even at high
|
||||
speed of rotation. As a result of our prototype experiments, we consider a larger-scale implementation of the inertial
|
||||
HSM concept practical.
|
||||
|
||||
\begin{figure}
|
||||
\center
|
||||
|
|
@ -480,7 +494,9 @@ larger-scale implementation of the inertial HSM concept practical.
|
|||
\label{prototype_early_comms}
|
||||
\end{figure}
|
||||
|
||||
\section{Conclusion} \label{sec_conclusion} In this paper, we introduced inertial hardware security modules (iHSMs), a
|
||||
\section{Conclusion}
|
||||
|
||||
\label{sec_conclusion} To conclude, in this paper we introduced inertial hardware security modules (iHSMs), a
|
||||
novel concept for the construction of highly secure hardware security modules from inexpensive, commonly available
|
||||
parts. We elaborated the engineering considerations underlying a practical implementation of this concept. We
|
||||
implemented a prototype demonstrating practical solutions to the significant engineering challenges of this concept. We
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue