jaseg/ihsm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

More detail on attacks, future work

Browse source
This commit is contained in:
jaseg 2021-07-09 17:33:47 +02:00
parent 83e8ccd65d
commit a13fd9f969
3 changed files with 541 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
paper/attack-robot.pdf Normal file
View file

Binary file not shown.

463
paper/attack-robot.svg Normal file
View file

@ -0,0 +1,463 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
width="118.6135mm"
height="85.444748mm"
viewBox="0 0 118.6135 85.444748"
version="1.1"
id="svg5"
sodipodi:docname="attack-robot.svg"
inkscape:version="1.1 (c4e8f9ed74, 2021-05-24)"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns="http://www.w3.org/2000/svg"
xmlns:svg="http://www.w3.org/2000/svg">
<sodipodi:namedview
id="namedview7"
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1.0"
inkscape:pageshadow="2"
inkscape:pageopacity="0.0"
inkscape:pagecheckerboard="0"
inkscape:document-units="mm"
showgrid="false"
inkscape:snap-global="false"
inkscape:zoom="1.4142136"
inkscape:cx="225.21351"
inkscape:cy="54.093669"
inkscape:window-width="1920"
inkscape:window-height="1024"
inkscape:window-x="0"
inkscape:window-y="0"
inkscape:window-maximized="1"
inkscape:current-layer="layer1"
fit-margin-top="5"
fit-margin-left="5"
fit-margin-right="5"
fit-margin-bottom="5" />
<defs
id="defs2">
<rect
x="359.98044"
y="69.053543"
width="194.04721"
height="135.26814"
id="rect25216" />
<rect
x="401.33646"
y="59.548355"
width="139.31168"
height="98.362732"
id="rect22864" />
<rect
x="368.71024"
y="74.453217"
width="98.056488"
height="82.006744"
id="rect21370" />
<pattern
inkscape:collect="always"
xlink:href="#Strips1_3"
id="pattern17674"
patternTransform="matrix(0.20997628,0.12451448,-0.41802153,0.70493516,99.831237,39.867125)" />
<pattern
inkscape:collect="always"
patternUnits="userSpaceOnUse"
width="4"
height="1"
patternTransform="translate(0,0) scale(10,10)"
id="Strips1_3"
inkscape:stockid="Stripes 1:3">
<rect
style="fill:#cc0000;stroke:none"
x="0"
y="-0.5"
width="1"
height="2"
id="rect16592" />
</pattern>
<rect
x="359.98044"
y="69.053543"
width="194.04721"
height="135.26814"
id="rect27445" />
<rect
x="359.98044"
y="69.053543"
width="194.04721"
height="135.26814"
id="rect27859" />
<rect
x="359.98044"
y="69.053543"
width="194.04721"
height="135.26814"
id="rect27859-2" />
<rect
x="359.98044"
y="69.053543"
width="194.04721"
height="135.26814"
id="rect27859-7" />
<rect
x="359.98044"
y="69.053543"
width="194.04721"
height="135.26814"
id="rect27859-6" />
<rect
x="359.98044"
y="69.053543"
width="194.04721"
height="135.26814"
id="rect27859-1" />
</defs>
<g
inkscape:label="Layer 1"
inkscape:groupmode="layer"
id="layer1"
transform="translate(-30.254311,-7.5139967)">
<path
style="fill:none;stroke:#000000;stroke-width:0.965;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:0.965, 0.965;stroke-dashoffset:0;stroke-opacity:1"
d="M 133.31448,52.882625 V 46.614226 H 120.54082"
id="path12713"
sodipodi:nodetypes="ccc" />
<rect
style="fill:#003399;stroke-width:1;stroke-linejoin:round;stroke-dasharray:4, 4;stop-color:#000000"
id="rect31"
width="10.662453"
height="17.252211"
x="73.817886"
y="29.329372" />
<ellipse
style="fill:#6699ff;stroke-width:1;stroke-linejoin:round;stroke-dasharray:4, 4;stop-color:#000000"
id="path55"
cx="79.149109"
cy="53.069786"
rx="13.855765"
ry="4.6185884" />
<ellipse
style="fill:#6699ff;stroke-width:1;stroke-linejoin:round;stroke-dasharray:4, 4;stop-color:#000000"
id="path55-7"
cx="79.149109"
cy="21.26178"
rx="13.855765"
ry="4.6185884" />
<path
style="color:#000000;fill:url(#pattern17674);stroke-linejoin:round;stroke-dasharray:4, 4;-inkscape-stroke:none"
d="m 93.004874,43.359661 c 10e-7,2.550776 -6.203437,4.618589 -13.855765,4.618589 -7.652328,0 -13.855766,-2.067813 -13.855765,-4.618589 v -9.279067 c 10e-7,2.550776 6.203438,4.618588 13.855765,4.618588 7.652327,0 13.855764,-2.067812 13.855765,-4.618588 z"
id="path55-7-6" />
<ellipse
style="fill:#ffcc00;stroke-width:1;stroke-linejoin:round;stroke-dasharray:3.99999, 3.99999;stop-color:#000000"
id="path55-3"
cx="79.149109"
cy="77.363274"
rx="26.374798"
ry="8.7915993" />
<path
style="fill:none;stroke:#cc0000;stroke-width:1.265;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
d="M 54.952027,75.847393 36.961772,54.454551 51.587497,39.828827 52.837643,35.163215 h 5.459365"
id="path262"
sodipodi:nodetypes="ccccc" />
<path
style="fill:none;stroke:#cc0000;stroke-width:1.265;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
d="m 51.587497,39.828827 4.016952,2.188162 3.087632,-3.875926"
id="path264" />
<path
style="fill:none;stroke:#cc0000;stroke-width:0.264583px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
d="m 51.331833,33.239445 c -2.68657,-0.969769 -4.582535,-0.902044 -6.182511,1.460654 -1.618086,2.389441 0.340442,4.649205 1.464189,7.307178 0.903228,2.136383 1.41266,4.435217 0.388035,6.009975 -1.05617,1.623241 -2.695367,2.1185 -5.274308,2.442718 -1.630479,0.20498 -2.862181,0.360967 -3.879118,1.651826 -0.589968,0.748883 -0.897981,2.318141 -0.897981,2.318141"
id="path3622"
sodipodi:nodetypes="csssssc" />
<circle
style="fill:#cc0000;stroke:none;stroke-width:1.265;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stop-color:#000000"
id="path5297"
cx="51.488754"
cy="40.025257"
r="2.0969195" />
<circle
style="fill:#cc0000;stroke:none;stroke-width:1.265;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stop-color:#000000"
id="circle5381"
cx="37.351231"
cy="54.811962"
r="2.0969195" />
<g
id="g7210"
transform="matrix(0,1.1922409,-1.1922409,0,248.33096,-8.4206447)"
style="fill:#ffcc00;stroke-width:0.838757">
<path
id="rect5641"
style="fill:#ffcc00;stroke-width:4.01018;stroke-linecap:round;stroke-linejoin:round;stop-color:#000000"
d="m 429.97266,227.56055 c -5.96767,-0.0295 -12.48274,0.88665 -19.7793,3.15429 v 61.97461 c 15.01758,4.60846 27.15999,3.02819 38.30273,0 v -61.97461 c -5.69943,-1.87261 -11.76007,-3.12082 -18.52343,-3.15429 z m -1.75,10.37109 h 2.24414 v 25.41797 h -2.24414 z m -5.81055,1.04492 h 2.24414 v 25.41797 h -2.24414 z m 11.62305,0 h 2.24218 v 25.41797 h -2.24218 z m -17.43555,2.33399 h 2.24414 v 25.41797 h -2.24414 z m 23.24609,0 h 2.24414 v 25.41797 h -2.24414 z"
transform="matrix(0,-0.26458333,0.26458333,0,-10.403218,210.05896)" />
<path
id="rect6111"
style="fill:#ffcc00;stroke-width:1.06103;stroke-linecap:round;stroke-linejoin:round;stop-color:#000000"
d="m 70.069991,94.02773 h 0.710689 c 0.177412,2.636457 1.474716,2.084634 1.554899,0 h 0.796942 v 5.595253 h -0.695153 c -0.208773,-3.101954 -1.589566,-1.8514 -1.519101,0 h -0.848276 z"
sodipodi:nodetypes="ccccccccc" />
<rect
style="fill:#ffcc00;stroke:none;stroke-width:1.06103;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stop-color:#000000"
id="rect7045"
width="8.5858679"
height="1.0710945"
x="63.572243"
y="96.139145" />
</g>
<g
id="g8590"
transform="matrix(1.6227793,0,0,1.6227793,-48.776549,-55.42076)"
style="fill:#ff6600;stroke-width:0.616227">
<rect
style="fill:#ff6600;stroke:none;stroke-width:0.779527;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stop-color:#000000"
id="rect7234"
width="12.868855"
height="6.3858981"
x="92.149086"
y="59.305691"
rx="0.7708323"
ry="0.7708323" />
<g
id="g8386"
transform="translate(0,0.07592982)"
style="fill:#ff6600;stroke-width:0.616227">
<path
style="fill:#ff6600;stroke:none;stroke-width:0.163043px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
d="m 92.728216,62.858935 h -3.78272 v -3.33134 h 0.709639 l 1.547135,1.547138 h 1.53894 z"
id="path7954"
sodipodi:nodetypes="ccccccc" />
<use
x="0"
y="0"
xlink:href="#path7954"
id="use8302"
transform="matrix(1,0,0,-1,0,124.84542)"
width="100%"
height="100%"
style="fill:#ff6600;stroke-width:0.616227" />
</g>
</g>
<path
style="fill:none;stroke:#6699ff;stroke-width:0.665;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
d="M 65.625844,52.96581 V 21.058565"
id="path9384" />
<path
style="fill:none;stroke:#6699ff;stroke-width:0.665;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
d="M 92.672374,52.96581 V 21.058565"
id="path9384-6" />
<g
id="g2844"
transform="matrix(0.87583294,0.42434778,-0.42434778,0.87583294,24.703823,-3.7780156)"
style="fill:#cc0000;stroke-width:1.02752">
<g
id="g2249"
transform="translate(-10.957802,-4.8495503)"
style="fill:#cc0000;stroke-width:1.02752">
<path
style="fill:#cc0000;stroke:none;stroke-width:0.271864px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
d="m 51.802698,27.189339 c 0.0038,-0.358372 0.08447,-0.300802 0.310004,-0.331827 0.494104,-0.06797 1.117564,-0.07823 1.480174,-0.163994 0.328415,-0.07768 0.329328,-0.264077 0.44198,-0.446063 l 8.372187,-0.146866 c 0.813022,-0.166145 0.764656,-0.644617 1.071405,-0.863087 0,0 0.184585,-0.224681 0.312419,-0.222508 0.10223,0.0017 0.230806,0.0849 0.243652,0.186331 0.07299,0.576371 0.08562,1.976868 0.08562,1.976868 z"
id="path266"
sodipodi:nodetypes="cssccssscc" />
<use
x="0"
y="0"
xlink:href="#path266"
id="use793"
transform="matrix(1,0,0,-1,0,54.356394)"
width="100%"
height="100%"
style="fill:#cc0000;stroke-width:1.02752" />
</g>
<path
style="fill:#cc0000;stroke:none;stroke-width:0.271864px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
d="m 51.074672,22.328651 h 11.293803 l -0.35065,-0.228818 h -1.302856 v -0.40726 H 59.84365 v 0.135882 h -8.813018 z"
id="path2369"
sodipodi:nodetypes="ccccccccc" />
<use
x="0"
y="0"
xlink:href="#path2369"
id="use2617"
transform="matrix(1,0,0,-1,1.785403e-8,44.657302)"
width="100%"
height="100%"
style="fill:#cc0000;stroke-width:1.02752" />
<g
id="g2834"
transform="translate(-2.1557979,0.20827974)"
style="fill:#cc0000;stroke-width:1.02752">
<rect
style="fill:#cc0000;stroke:none;stroke-width:1.02752;stroke-linejoin:round;stroke-dasharray:4.11007, 4.11007;stop-color:#000000"
id="rect2748"
width="0.22969821"
height="0.6890946"
x="62.32338"
y="21.225693" />
<rect
style="fill:#cc0000;stroke:none;stroke-width:1.02752;stroke-linejoin:round;stroke-dasharray:4.11007, 4.11007;stop-color:#000000"
id="rect2750"
width="0.6350857"
height="0.30754745"
x="62.120686"
y="21.037823" />
</g>
</g>
<path
style="font-variation-settings:normal;opacity:1;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.965;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:0.965, 0.965;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000;stop-opacity:1"
d="M 132.95752,76.859499 H 79.367469"
id="path12828"
sodipodi:nodetypes="cc" />
<text
xml:space="preserve"
transform="scale(0.26458333)"
id="text21368"
style="font-size:26.6667px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect21370)" />
<text
xml:space="preserve"
transform="scale(0.26458333)"
id="text22862"
style="font-size:26.6667px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect22864)" />
<g
id="g27435"
transform="translate(6.7098762,1.0448544)">
<circle
style="font-variation-settings:normal;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:0.665;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000;stop-opacity:1"
id="path20362"
cx="114.19244"
cy="39.213848"
r="3.9914834" />
<text
xml:space="preserve"
transform="matrix(0.26458333,0,0,0.26458333,17.624612,16.964555)"
id="text25214"
style="font-size:26.6667px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect25216)"><tspan
x="359.98047"
y="93.557974"
id="tspan31831"><tspan
style="font-family:Bahnschrift;-inkscape-font-specification:Bahnschrift"
id="tspan31829">1</tspan></tspan></text>
</g>
<g
id="g27443"
transform="translate(25.351394,12.342086)">
<circle
style="font-variation-settings:normal;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:0.665;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000;stop-opacity:1"
id="circle27437"
cx="114.19244"
cy="39.213848"
r="3.9914834" />
<text
xml:space="preserve"
transform="matrix(0.26458333,0,0,0.26458333,17.095445,16.964555)"
id="text27441"
style="font-size:26.6667px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect27445)"><tspan
x="359.98047"
y="93.557974"
id="tspan31835"><tspan
style="font-family:Bahnschrift;-inkscape-font-specification:Bahnschrift"
id="tspan31833">2</tspan></tspan></text>
</g>
<g
id="g27857"
transform="translate(-17.130934,44.420913)">
<circle
style="font-variation-settings:normal;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:0.665;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000;stop-opacity:1"
id="circle27851"
cx="114.19244"
cy="39.213848"
r="3.9914834" />
<text
xml:space="preserve"
transform="matrix(0.26458333,0,0,0.26458333,17.095445,16.964555)"
id="text27855"
style="font-size:26.6667px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect27859)"><tspan
x="359.98047"
y="93.557974"
id="tspan31839"><tspan
style="font-family:Bahnschrift;-inkscape-font-specification:Bahnschrift"
id="tspan31837">3</tspan></tspan></text>
</g>
<g
id="g27857-9"
transform="translate(-70.974954,23.273767)">
<circle
style="font-variation-settings:normal;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:0.665;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000;stop-opacity:1"
id="circle27851-1"
cx="114.19244"
cy="39.213848"
r="3.9914834" />
<text
xml:space="preserve"
transform="matrix(0.26458333,0,0,0.26458333,16.70906,16.964555)"
id="text27855-2"
style="font-size:26.6667px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect27859-2)"><tspan
x="359.98047"
y="93.557974"
id="tspan31843"><tspan
style="font-family:Bahnschrift;-inkscape-font-specification:Bahnschrift"
id="tspan31841">4</tspan></tspan></text>
</g>
<g
id="g27857-0"
transform="translate(-26.822028,-22.375868)">
<circle
style="font-variation-settings:normal;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:0.665;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000;stop-opacity:1"
id="circle27851-9"
cx="114.19244"
cy="39.213848"
r="3.9914834" />
<text
xml:space="preserve"
transform="matrix(0.26458333,0,0,0.26458333,17.095445,16.964555)"
id="text27855-3"
style="font-size:26.6667px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect27859-7)"><tspan
x="359.98047"
y="93.557974"
id="tspan31847"><tspan
style="font-family:Bahnschrift;-inkscape-font-specification:Bahnschrift"
id="tspan31845">7</tspan></tspan></text>
</g>
<g
id="g27857-06"
transform="translate(-39.731146,-8.157129)">
<circle
style="font-variation-settings:normal;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:0.665;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000;stop-opacity:1"
id="circle27851-2"
cx="114.19244"
cy="39.213848"
r="3.9914834" />
<text
xml:space="preserve"
transform="matrix(0.26458333,0,0,0.26458333,17.095445,16.964555)"
id="text27855-6"
style="font-size:26.6667px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect27859-6)"><tspan
x="359.98047"
y="93.557974"
id="tspan31851"><tspan
style="font-family:Bahnschrift;-inkscape-font-specification:Bahnschrift"
id="tspan31849">6</tspan></tspan></text>
</g>
<g
id="g27857-8"
transform="translate(-43.852246,9.3261724)">
<circle
style="font-variation-settings:normal;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:0.665;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000;stop-opacity:1"
id="circle27851-7"
cx="114.19244"
cy="39.213848"
r="3.9914834" />
<text
xml:space="preserve"
transform="matrix(0.26458333,0,0,0.26458333,17.095445,16.964555)"
id="text27855-9"
style="font-size:26.6667px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect27859-1)"><tspan
x="359.98047"
y="93.557974"
id="tspan31855"><tspan
style="font-family:Bahnschrift;-inkscape-font-specification:Bahnschrift"
id="tspan31853">5</tspan></tspan></text>
</g>
</g>
</svg>
Side by side

After

Width:  |  Height:  |  Size: 20 KiB

92
paper/ihsm_paper.tex
View file

@ -488,19 +488,44 @@ In the sections below, we will go into detail on such attacks on IHSMs. To put t
we will start with a brief overview on attacks on conventional HSMs that the IHSM is defended against.
%FIXME \paragraph{...}
\subsection{Contactless probing of the payload}
In principle, there are three ways to attack a conventional HSM. The hard way is to find a way to go through the
security mesh without triggering the alarm, e.g.\ by using a probe that is finer than the mesh's structure size. An
attacker willing to invest some effort can also try to uncover the mesh traces buried in plastic to then hot-wire the
mesh, bridging over a part that will subsequently be removed. HSMs attempt to detect such attacks by measuring the mesh
traces' resistance instead of only checking their continuity~\cite{obermaier2019}. However, if an attacker only wishes
to disable a small section of the mesh to insert a handful of fine probes into the device, this hardening approach
becomes challenging. Consider a mesh is covering an area of $\SI{100}{\milli\meter}$ by $\SI{100}{\milli\meter}$. An
attacker who circumvents a $\SI{5}{\milli\meter}$ by $\SI{5}{\milli\meter}$ section of this mesh using wires with a low
resistance will change the mesh trace's resistance by approximately
$\frac{\SI{5}{\milli\meter}\cdot\SI{5}{\milli\meter}}{\SI{100}{\milli\meter}\cdot\SI{100}{\milli\meter}} = 0.25
\%$. Detecting this change would require a resistance measurement of at least $\SI{9}{bit}$ of precision and
corresponding temperature stability of the mesh material.
Irrespective of the HSM's technology (conventional or IHSM), there are some types of attack bypassing the HSM's security
mesh that in principle cannot be prevented. One such type are contactless attacks such as electromagnetic (EM)
sidechannel attacks, but attacks through the HSM's application interface such as Ethernet also follow this theme. While
IHSMs allow for the use of off-the-shelf server hardware as their payload, the combination of payload hardware and the
software running on top of this hardware still has to be evaluated for fitness in this particular application. EM
sidechannel attacks can be mitigated by shielding and by designing the IHSM's payload such that critical components such
as CPUs are physically distant to the security mesh, preventing EM probes from being brought close. Conducted EMI
sidechannels that could be used for power analysis can be mitigated by placing filters on the inside of the security
mesh at the point where the power and network connections penetrate the mesh. Attacks through the network interface must
be prevented as in any other networked system by only exposing the minimum necessary amount of API surface to the
outside world, and by carefully vetting this remaining attack surface.
The second way to attack a HSM is to go \emph{around} the mesh. Many commercial HSMs sandwich the payload PCB between
two mesh-equipped enclosure halves. This design in particular is vulnerable to attempts to stick a fine needle through
the interface between mesh lid and PCB. Conventional HSMs mitigate this weak spot by wrapping a patterned conductive
foil that forms the security mesh around the HSM, leaving only the foil's corners and the payload's power and data
feed-through as potential weak spots.
The third and last way to attack a conventional HSM is to disable the mesh monitoring circuit~\cite{dexter2015}. An
attacker may need to insert several probes to wiretap the payload processor's secrets, but depending on its
implementation they may be able to disable the mesh alarm circuit with only one. To harden a conventional HSM against
this type of attack, the mesh monitoring circuit must be carefully designed to avoid single points of failure as well as
any fail-open failure modes.
\subsection{Attacks that work on any HSM}
While an IHSM provides an effective mitigation against direct attacks on the security mesh as described in the previous
paragraphs, certain attacks are generic against any HSM technology, conventional or IHSM. One type of such attacks are
contactless attacks such as electromagnetic (EM) sidechannel attacks. EM sidechannel attacks can be mitigated by
shielding and by designing the IHSM's payload such that critical components such as CPUs are physically distant to the
security mesh, preventing EM probes from being brought close. Conducted EMI sidechannels that could be used for power
analysis can be mitigated by placing filters on the inside of the security mesh at the point where the power and network
connections penetrate the
mesh~\cite{anderson2020}.
Finally, the API between the HSM's payload and the outside world provides attack surface. Attacks through the network
interface must be prevented as in any other networked system by only exposing the minimum necessary amount of API
surface to the outside world, and by carefully vetting this remaining attack surface~\cite{anderson2020}.
\subsection{The Swivel Chair Attack}
\label{sec_swivel_chair_attack}
@ -520,6 +545,41 @@ acceleration is $a=\omega^2 r$. In our example this results in a minimum angular
$\SI{1000}{rpm}$ and above, a manual attack is no longer possible and any attack would have to be carried out using some
kind of mechanical tool.
\begin{figure}
\center
\includegraphics[width=6cm]{attack-robot.pdf}
\caption{Schematic overview of a robotic rotating-stage attack. An optical sensor (1) observes the IHSM's rotation
and adjusts the setpoint of a servo motor (2) that rotates the attack stage (3). On the rotating attack stage, a
remote controlled manipulator (4) is mounted that deactivates the security mesh (7) and creates an opening (5).
Through this opening, a human operator can then insert tools such as probes to read out sensitive information from
the actual payload (6).}
\label{fig_attack_robot}
\end{figure}
While it is certainly possible to create a mechanical tool to attack an IHSM in motion, we also consider this attack
method reasonably remote. Figure~\ref{fig_attack_robot} shows a schematic overview of what such an attack tool would
have to look like. Most fundamentally, the tool itself has to rotate at the IHSM's speed, and cannot simply rotate the
IHSM. If the tool were to counter-rotate the IHSM such that relative to a stationary observer the rotor would be slowed
down, the accelerometer on the rotor would measure lower centrifugal acceleration and detect this attempt. Instead, the
attack tool has to follow the rotation of the IHSM. At the high speeds an IHSM would be rotating at, following the
rotation closely enough that a manipulator mounted on the attack tool is stationary w.r.t.\ the IHSM is not easy. To
stay within $\pm\SI{5}{\milli\meter}$ of a target over a period of $\SI{10}{\second}$ on an IHSM mesh with radius
$r=\SI{100}{\milli\meter}$ requires both speeds to be matched to better than
$\frac{\SI{5}{\milli\meter}}{\SI{10}{\second}} \cdot \frac{1}{2\pi r} = \SI{8.0}{\milli\hertz} = \SI{0.048}{rpm}$.
Relative to a realsistic IHSM's speed of $\SI{1000}{rpm}$ this corresponds to approximately $\SI{50}{ppm}$. Active servo
control of the attack tool's rotation locked against optical tracking of the IHSM's rotor would likely be the most
realistic option to achieve this precision. This strict accuracy requirement leads to a complex attack setup.
If an attacker were to solve the tracking issue, the remaining issue is that they still need to construct a
remote-controlled manipulator that can be mounted on the attack tool's rotating stage and that is able to actually
disable the IHSM's mesh. Consider that simply bypassing the mesh e.g. by drilling an undetected hole does not gain an
attacker much in this scenario, as the payload is stationary and an attack tool rotating at $\SI{1000}{rpm}$ is useless
against it. Instead, the attacker would have to disable the mesh using the rotating tool, in order to then cut an
opening into it through which they could insert a stationary tool to attack the payload with. Given the degree of manual
skill necessary even for normal soldering work, we estimate that creating a remote-controllable manipulator that can be
used to successfully attack a security mesh is infeasible.
\subsection{Mechanical weak spots}
The tamper defense of an IHSM rests on the security mesh moving too fast to tamper. Depending on the type of motion
@ -864,12 +924,16 @@ allow the construction of devices secure against a wide range of practical attac
specialized tools. The rotating mesh allows longitudinal gaps, which enables new applications that are impossible with
traditional HSMs. Such gaps can be used to integrate a fan for air cooling into the HSM, allowing the use of powerful
computing hardware inside the HSM. We hope that this simple construction will stimulate academic research into (more)
secure hardware.
secure hardware. We have published all design artifacts of our PoC online, see Appendix~\ref{sec_repo}. The next steps
towards a practical application of our design will be to design a manufacturable stator/rotor interface with inductive
power and data transfer integrated into the motor's magnetics and a custom motor driver tuned for the application that
is able to precisely measure both angular velocity and winding current for an added degree of tamper detection.
\printbibliography[heading=bibintoc]
\appendix
\section{Source code and Design artifacts}
\section{Source code and design artifacts}
\label{sec_repo}
During our research on this paper, we have created a number of digital design artifacts including a 3D mechanical CAD
model of our prototype IHSM, schematics and PCB layouts for all of its PCBs including the prototype security mesh