jaseg/ihsm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

paper: Minor corrections for submission

Browse source
This commit is contained in:
jaseg 2021-04-16 11:25:06 +02:00
parent 7a3bcc5489
commit af41cb2a27
2 changed files with 18 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

2
paper/ihsm.bib
View file

@ -250,7 +250,7 @@
@Book{iaea2011, @Book{iaea2011,
author = {{{International Atomic Energy Agency}}}, author = {{{International Atomic Energy Agency}}},
date = {2011}, date = {2011},
title = {Safeguards, techniques and equipmen.}, title = {Safeguards, techniques and equipment},
isbn = {978-92-0-118910-3}, isbn = {978-92-0-118910-3},
series = {International Nuclear Verification Series}, series = {International Nuclear Verification Series},
url = {https://www-pub.iaea.org/MTCD/Publications/PDF/nvs1_web.pdf}, url = {https://www-pub.iaea.org/MTCD/Publications/PDF/nvs1_web.pdf},

35
paper/ihsm_paper.tex
View file

@ -47,8 +47,8 @@
\maketitle \maketitle
\begin{abstract} \begin{abstract}
In this paper, we introduce a novel countermeasure against physical attacks: Inertial hardware security modules In this paper, we introduce a novel countermeasure against physical attacks: Inertial Hardware Security Modules
(iHSMs). Conventional systems have in common that their security requires the crafting of fine sensor structures (IHSMs). Conventional systems have in common that their security requires the crafting of fine sensor structures
that respond to minute manipulations of the monitored security boundary or volume. Our approach is novel in that we that respond to minute manipulations of the monitored security boundary or volume. Our approach is novel in that we
reduce the sensitivity requirement of security meshes and other sensors and increase the complexity of any reduce the sensitivity requirement of security meshes and other sensors and increase the complexity of any
manipulations by rotating the security mesh or sensor at high speed---thereby presenting a moving target to an manipulations by rotating the security mesh or sensor at high speed---thereby presenting a moving target to an
@ -136,7 +136,7 @@ detection.
HSMs are an old technology that traces back decades in its electronic realization. Today's common approach of monitoring HSMs are an old technology that traces back decades in its electronic realization. Today's common approach of monitoring
meandering electrical traces on a fragile foil that is wrapped around the HSM essentially transforms the security meandering electrical traces on a fragile foil that is wrapped around the HSM essentially transforms the security
problem into the challenge to manufacture very fine electrical traces on a flexible foil~\cite{isaacs2013, immler2019, problem into the challenge to manufacture very fine electrical traces on a flexible foil~\cite{isaacs2013, immler2019,
anderson2020}. There has been some research on monitoring the HSM's inside using e.g.\ electromagnetic anderson2020}. There has been some research on monitoring the HSM's interior using e.g.\ electromagnetic
radiation~\cite{tobisch2020, kreft2012} or ultrasound~\cite{vrijaldenhoven2004} but none of this research has found radiation~\cite{tobisch2020, kreft2012} or ultrasound~\cite{vrijaldenhoven2004} but none of this research has found
widespread adoption yet. widespread adoption yet.
@ -161,15 +161,14 @@ reading, similar to an HSM. They are constructed from two components: A cable th
monitoring device. The monitoring device itself is in effect an HSM and uses a security mesh foil such as it is used in monitoring device. The monitoring device itself is in effect an HSM and uses a security mesh foil such as it is used in
commercial HSMs. commercial HSMs.
In~\cite{anderson2020}, Anderson gives a comprehensive overview on physical security. An example HSM that they cite is In~\cite{anderson2020}, Anderson gives a comprehensive overview on physical security. An example HSM that he cites is
the IBM 4758 HSM whose details are laid out in depth in~\cite{smith1998}. This HSM is an example of an industry-standard the IBM 4758, the details of which are laid out in depth in~\cite{smith1998}. This HSM is an example of an
construction. Although its turn of the century design is now a bit dated, the construction techniques of the physical industry-standard construction. Although its turn of the century design is now a bit dated, the construction techniques
security mechanisms have not evolved much in the last two decades. Besides some auxiliary temperature and radiation of the physical security mechanisms have not evolved much in the last two decades. Besides some auxiliary temperature
sensors to guard against attacks on the built-in SRAM memory, the module's main security barrier uses the traditional and radiation sensors to guard against attacks on the built-in SRAM memory, the module's main security barrier uses the
construction of a flexible mesh foil wrapped around the module's core. In~\cite{smith1998}, the authors state that the common construction of a flexible mesh foil wrapped around the module's core. In~\cite{smith1998}, the authors state
module monitors this mesh for short circuits, open circuits and conductivity. The fundamental approach to tamper that the module monitors this mesh for short circuits, open circuits and conductivity. Other commercial offerings use a
detection and construction is similar to other commercial fundamentally similar approach to tamper detection~\cite{obermaier2018,drimer2008,anderson2020,isaacs2013}.
offerings~\cite{obermaier2018,drimer2008,anderson2020,isaacs2013}.
Shifting our focus from industry use to the academic state of the art, in~\cite{immler2019}, Immler et al. describe an Shifting our focus from industry use to the academic state of the art, in~\cite{immler2019}, Immler et al. describe an
HSM based on precise capacitance measurements of a security mesh, creating a PUF from the mesh. In contrast to HSM based on precise capacitance measurements of a security mesh, creating a PUF from the mesh. In contrast to
@ -388,9 +387,9 @@ rotation, at the point where the shaft penetrates the mesh. The mesh's tangentia
and the shaft itself may allow an attacker to insert tools such as probes into the device through the opening it and the shaft itself may allow an attacker to insert tools such as probes into the device through the opening it
creates. This issue is related to the issue conventional HSMs also face with their power and data connections. In creates. This issue is related to the issue conventional HSMs also face with their power and data connections. In
conventional HSMs, power and data are routed into the enclosure through the PCB or flat flex cables sandwiched in conventional HSMs, power and data are routed into the enclosure through the PCB or flat flex cables sandwiched in
between security mesh foil layers~\cite{smith1998}. In traditional HSMs this interface rarely is a mechanical weak spot between security mesh foil layers~\cite{smith1998}. In conventional HSMs this interface rarely is a mechanical weak
since they use a thin mesh substrate and create a meandering path by folding the interconnect substrate/security mesh spot since they use a thin mesh substrate and create a meandering path by folding the interconnect substrate/security
layers several times. In inertial HSMs, careful engineering is necessary to achieve the same effect. mesh layers several times. In inertial HSMs, careful engineering is necessary to achieve the same effect.
Figure~\ref{shaft_cm} shows variations of the shaft interface with increasing complexity. Figure~\ref{shaft_cm} shows variations of the shaft interface with increasing complexity.
\begin{figure} \begin{figure}
@ -669,8 +668,8 @@ Figure~\ref{fig-acc-theory} shows a plot of our measurement results against freq
blue, and theoretical behavior is shown in orange. From our measurements we can conclude that an accelerometer is a good blue, and theoretical behavior is shown in orange. From our measurements we can conclude that an accelerometer is a good
choice for an IHSM's braking sensor. A simple threshold set according to the sensor's calculated expected centrifugal choice for an IHSM's braking sensor. A simple threshold set according to the sensor's calculated expected centrifugal
force should be sufficient to reliably detect manipulation attempts without resulting in false positives. Periodic force should be sufficient to reliably detect manipulation attempts without resulting in false positives. Periodic
controlled changes in the IHSM's speed of rotation allow an offset and scale calibration of the accelerometer on the controlled changes in the IHSM's speed of rotation allow offset and scale calibration of the accelerometer on the fly,
fly, without stopping the rotor. without stopping the rotor.
\begin{figure} \begin{figure}
\center \center
@ -707,7 +706,7 @@ fly, without stopping the rotor.
\section{Conclusion} \section{Conclusion}
\label{sec_conclusion} \label{sec_conclusion}
In this paper we introduced Inertial Hardware Security Modules (iHSMs), a novel concept for the construction of advanced In this paper we introduced Inertial Hardware Security Modules (IHSMs), a novel concept for the construction of advanced
hardware security modules from simple components. We analyzed the concept for its security properties and highlighted hardware security modules from simple components. We analyzed the concept for its security properties and highlighted
its ability to significantly strengthen otherwise weak tamper detection barriers. We validated our design by creating a its ability to significantly strengthen otherwise weak tamper detection barriers. We validated our design by creating a
proof of concept hardware prototype. In this prototype we have demonstrated practical solutions to the major electronics proof of concept hardware prototype. In this prototype we have demonstrated practical solutions to the major electronics