jaseg/ihsm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

paper: Minor corrections for submission

Browse source
This commit is contained in:
jaseg 2021-04-16 11:25:06 +02:00
parent 7a3bcc5489
commit af41cb2a27
2 changed files with 18 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

2
paper/ihsm.bib
View file

@ -250,7 +250,7 @@
@Book{iaea2011,
author = {{{International Atomic Energy Agency}}},
date = {2011},
title = {Safeguards, techniques and equipmen.},
title = {Safeguards, techniques and equipment},
isbn = {978-92-0-118910-3},
series = {International Nuclear Verification Series},
url = {https://www-pub.iaea.org/MTCD/Publications/PDF/nvs1_web.pdf},

35
paper/ihsm_paper.tex
View file

@ -47,8 +47,8 @@
\maketitle
\begin{abstract}
In this paper, we introduce a novel countermeasure against physical attacks: Inertial hardware security modules
(iHSMs). Conventional systems have in common that their security requires the crafting of fine sensor structures
In this paper, we introduce a novel countermeasure against physical attacks: Inertial Hardware Security Modules
(IHSMs). Conventional systems have in common that their security requires the crafting of fine sensor structures
that respond to minute manipulations of the monitored security boundary or volume. Our approach is novel in that we
reduce the sensitivity requirement of security meshes and other sensors and increase the complexity of any
manipulations by rotating the security mesh or sensor at high speed---thereby presenting a moving target to an
@ -136,7 +136,7 @@ detection.
HSMs are an old technology that traces back decades in its electronic realization. Today's common approach of monitoring
meandering electrical traces on a fragile foil that is wrapped around the HSM essentially transforms the security
problem into the challenge to manufacture very fine electrical traces on a flexible foil~\cite{isaacs2013, immler2019,
anderson2020}. There has been some research on monitoring the HSM's inside using e.g.\ electromagnetic
anderson2020}. There has been some research on monitoring the HSM's interior using e.g.\ electromagnetic
radiation~\cite{tobisch2020, kreft2012} or ultrasound~\cite{vrijaldenhoven2004} but none of this research has found
widespread adoption yet.
@ -161,15 +161,14 @@ reading, similar to an HSM. They are constructed from two components: A cable th
monitoring device. The monitoring device itself is in effect an HSM and uses a security mesh foil such as it is used in
commercial HSMs.
In~\cite{anderson2020}, Anderson gives a comprehensive overview on physical security. An example HSM that they cite is
the IBM 4758 HSM whose details are laid out in depth in~\cite{smith1998}. This HSM is an example of an industry-standard
construction. Although its turn of the century design is now a bit dated, the construction techniques of the physical
security mechanisms have not evolved much in the last two decades. Besides some auxiliary temperature and radiation
sensors to guard against attacks on the built-in SRAM memory, the module's main security barrier uses the traditional
construction of a flexible mesh foil wrapped around the module's core. In~\cite{smith1998}, the authors state that the
module monitors this mesh for short circuits, open circuits and conductivity. The fundamental approach to tamper
detection and construction is similar to other commercial
offerings~\cite{obermaier2018,drimer2008,anderson2020,isaacs2013}.
In~\cite{anderson2020}, Anderson gives a comprehensive overview on physical security. An example HSM that he cites is
the IBM 4758, the details of which are laid out in depth in~\cite{smith1998}. This HSM is an example of an
industry-standard construction. Although its turn of the century design is now a bit dated, the construction techniques
of the physical security mechanisms have not evolved much in the last two decades. Besides some auxiliary temperature
and radiation sensors to guard against attacks on the built-in SRAM memory, the module's main security barrier uses the
common construction of a flexible mesh foil wrapped around the module's core. In~\cite{smith1998}, the authors state
that the module monitors this mesh for short circuits, open circuits and conductivity. Other commercial offerings use a
fundamentally similar approach to tamper detection~\cite{obermaier2018,drimer2008,anderson2020,isaacs2013}.
Shifting our focus from industry use to the academic state of the art, in~\cite{immler2019}, Immler et al. describe an
HSM based on precise capacitance measurements of a security mesh, creating a PUF from the mesh. In contrast to
@ -388,9 +387,9 @@ rotation, at the point where the shaft penetrates the mesh. The mesh's tangentia
and the shaft itself may allow an attacker to insert tools such as probes into the device through the opening it
creates. This issue is related to the issue conventional HSMs also face with their power and data connections. In
conventional HSMs, power and data are routed into the enclosure through the PCB or flat flex cables sandwiched in
between security mesh foil layers~\cite{smith1998}. In traditional HSMs this interface rarely is a mechanical weak spot
since they use a thin mesh substrate and create a meandering path by folding the interconnect substrate/security mesh
layers several times. In inertial HSMs, careful engineering is necessary to achieve the same effect.
between security mesh foil layers~\cite{smith1998}. In conventional HSMs this interface rarely is a mechanical weak
spot since they use a thin mesh substrate and create a meandering path by folding the interconnect substrate/security
mesh layers several times. In inertial HSMs, careful engineering is necessary to achieve the same effect.
Figure~\ref{shaft_cm} shows variations of the shaft interface with increasing complexity.
\begin{figure}
@ -669,8 +668,8 @@ Figure~\ref{fig-acc-theory} shows a plot of our measurement results against freq
blue, and theoretical behavior is shown in orange. From our measurements we can conclude that an accelerometer is a good
choice for an IHSM's braking sensor. A simple threshold set according to the sensor's calculated expected centrifugal
force should be sufficient to reliably detect manipulation attempts without resulting in false positives. Periodic
controlled changes in the IHSM's speed of rotation allow an offset and scale calibration of the accelerometer on the
fly, without stopping the rotor.
controlled changes in the IHSM's speed of rotation allow offset and scale calibration of the accelerometer on the fly,
without stopping the rotor.
\begin{figure}
\center
@ -707,7 +706,7 @@ fly, without stopping the rotor.
\section{Conclusion}
\label{sec_conclusion}
In this paper we introduced Inertial Hardware Security Modules (iHSMs), a novel concept for the construction of advanced
In this paper we introduced Inertial Hardware Security Modules (IHSMs), a novel concept for the construction of advanced
hardware security modules from simple components. We analyzed the concept for its security properties and highlighted
its ability to significantly strengthen otherwise weak tamper detection barriers. We validated our design by creating a
proof of concept hardware prototype. In this prototype we have demonstrated practical solutions to the major electronics