jaseg/ihsm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Condensed.

Browse source
This commit is contained in:
jaseg 2021-09-24 20:43:10 +02:00
parent 6d978908e3
commit fc588530eb
1 changed files with 34 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

85
paper/ihsm_paper.tex
View file

@ -247,18 +247,15 @@ adversary such as a secret service or organized cyber-crime.
First, there are several ways how we can approach motion. Periodic, aperiodic and continuous motion could serve the
purpose. There is also linear motion as well as rotation. We can also vary the degree of electronic control in this
motion. The main constraints we have on the HSM's motion pattern are that it needs to be (almost) continuous so as to
not expose any weak spots during instantaneous standstill of the HSM. Additionally, for space efficiency, the HSM has to
stay within a confined space. This means that linear motion would have to be periodic, like that of a pendulum. Such
periodic linear motion will have to quickly reverse direction at its apex so the device is not stationary long enough
for this to become a weak spot.
motion. The main constraints on the HSM's motion pattern are that it needs to be (almost) continuous to not expose any
weak spots. Additionally, it has to stay within a confined space: Linear motion would have to be periodic, like that of
a pendulum. Such periodic linear motion will have to quickly reverse direction at its apex so the device is not
stationary long enough for this to become a weak spot.
In contrast to linear motion, rotation is space-efficient and can be continuous if the axis of rotation is inside the
device. In case it has a fixed axis, rotation will expose a weak spot at the axis of rotation where the surface's
tangential velocity is low. Faster rotation can lessen the security impact of this fact at the expense of power
consumption and mechanical stress, but it can never eliminate it. This effect can be alleviated in two ways: Either by
adding additional tamper protection at the axis, or by having the HSM perform a compound rotation that has no fixed
axis.
device. When the axis is fixed, rotation will expose a weak spot close to the axis where tangential velocity is low.
Possible mitigations are faster rotation to lessen the impact, additional tamper protection at the axis, and having the
HSM perform a compound rotation that has no fixed axis.
Large centrifugal acceleration at high speeds poses the engineering challenge of preventing rapid unscheduled
disassembly of the device, but it also creates an obstacle to any attacker trying to manipulate the device in what we
@ -284,62 +281,50 @@ fabricate enclosures that embed characteristics of a Physically Unclonable Funct
the enclosure material to form a PUF, such academic designs effectively leverage signal processing techniques to improve
the system's security level by a significant margin.
In our research, we focus on security meshes as our IHSM's tamper sensors. Most of the cost in commercial security mesh
implementations lies in the advanced manufacturing techniques and special materials necessary to achieve a sensitive
mesh at fine structure sizes. The foundation of an IHSM security is that by moving the mesh even a primitive, coarse
mesh made e.g.\ from mesh traces on a PCB becomes very hard to attack in practice. This allows us to use a simple
construction made up of low-cost components. Additionally, the use of a mesh allows us to only spin the mesh itself and
its monitoring circuit and keep the payload inside the mesh stationary. Tamper sensing technologies that use the entire
volume of the HSM such as RF-based systems do not allow for this degree of freedom in their design: They would require
the entire IHSM to spin, including its payload, which would entail costly and complex systems for data and power
transfer from the outside to the payload.
In our research, we focus on security meshes as our IHSM's tamper sensors. The cost of advanced manufacturing
techniques and special materials used in commercial meshes poses an obstacle. The foundation of an IHSM security is
that by moving the mesh even a primitive, coarse mesh made e.g.\ from mesh traces on a PCB becomes very hard to attack
in practice. This allows us to use a simple construction made up of low-cost components. Additionally, the use of a
mesh allows us to only spin the mesh itself and its monitoring circuit and keep the payload inside the mesh stationary
for reduced design complexity. RF-based tamper sensing systems do not allow for this degree of freedom.
\subsection{Braking detection}
The security mesh is a critical component in the IHSM's defense against physical attacks, but its monitoring is only one
half of this defense. The other half consists of a reliable and sensitive braking detection system. This system must be
able to quickly detect any slowdown of the IHSM's rotation. Ideally, a sufficiently sensitive sensor is able to measure
any external force applied to the IHSM's rotor and should already trigger a response at the first signs of a
manipulation attempt.
able to quickly detect any slowdown of the IHSM's rotation.
While the obvious choice to monitor rotation would be a magnetic or optical tachometer sensor attached to the IHSM's
shaft, this would be a poor choice for our purposes since optical and magnetic sensors are susceptible to contact-less
interference from outside. A different option would be to use feedback from the motor driver electronics. When using a
BLDC motor, the driver electronics precisely know the rotor's position at all times. The issue with this approach is
that depending on construction, it might allow for attacks at the mechanical interface between the mesh and the motor's
shaft. If an attacker can decouple the mesh from the motor e.g.\ by drilling, laser ablation, or electrical discharge
machining (EDM) on the motor's shaft, the motor could keep spinning at its nominal frequency while the mesh is already
standing still.
interference from outside. We could use feedback from the motor driver electronics to determine the speed, but this
might allow for attacks at the mechanical interface between the mesh and the motor's shaft that decouple the mesh from
the motor.
Instead of a stator-side sensor like a magnetic tachometer or feedback from the BLDC controller, an inertial sensor such
as an accelerometer or gyroscope placed inside the spinning mesh monitoring circuit would be a good component to serve
as an IHSM's tamper sensor. A gyroscope would need to be placed close to the IHSM's shaft where centrifugal force is
low, and would directly measure changes in angular velocity. An accelerometer could be placed anywhere on the rotor and
would measure centrifugal acceleration.
Instead of a stator-side sensor, a rotor-side inertial sensor such as an accelerometer or gyroscope would be a good
component to serve as an IHSM's tamper sensor. A gyroscope would need to be placed close to the IHSM's shaft where
centrifugal force is low, and would directly measure changes in angular velocity. An accelerometer could be placed
anywhere on the rotor and would measure centrifugal acceleration.
Modern, fully integrated MEMS accelerometers are very precise. By comparing acceleration measurements against a model of
the device's mechanical motion, deviations can quickly be detected. This limits an attacker's ability to tamper with the
device's motion. It may also allow remote monitoring of the device's mechanical components such as bearings: MEMS
accelerometers are fast enough to capture vibrations, which can be used as an early warning sign of failing mechanical
components~\cite{kvk2019,sh2016,adc2019,e2013}.
device's motion. It may also allow remote monitoring of wear of the device's mechanical components such as
bearings~\cite{kvk2019,sh2016,adc2019,e2013}.
In a spinning IHSM, an accelerometer mounted at a known radius with its axis pointing radially will measure centrifugal
acceleration. Centrifugal acceleration rises linearly with radius, and with the square of frequency: $a=\omega^2 r$. For
a given target speed of rotation, the accelerometer's location has to be carefully chosen to maximize dynamic range. A
key point here is that for rotation speeds between $500$ and $\SI{1000}{rpm}$, centrifugal acceleration already becomes
a given accelerometer and target speed of rotation, the accelerometer's location should be chosen to maximize dynamic
range. A key point here is that for speeds between $500$ and $\SI{1000}{rpm}$, centrifugal acceleration already becomes
very large at a radius of just a few $\si{\centi\meter}$. At $\SI{1000}{rpm}\approx\SI{17}{\hertz}$ and at a
$\SI{10}{\centi\meter}$ radius, acceleration already is above $\SI{1000}{\meter\per\second}$ or $100\,g$. While
beneficial for security, this large acceleration leads to two practical constraints. First, off-axis performance of
commercial accelerometers is usually in the order of $\SI{1}{\percent}$ so this large acceleration will feed through
into all accelerometer axes, even those that are tangential to the rotation. Second, we either have to place the
accelerometer close to the axis or we are limited to a small selection of high-$g$ accelerometers mostly used in
$\SI{10}{\centi\meter}$ radius, centrifugal acceleration already is above $\SI{1000}{\meter\per\second}$ or $100\,g$.
Due to this large acceleration, off-axis performance of the accelerometer has to be considered. Suitable high-$g$
accelerometers for the large accelerations found on the circumference of an IHSM's rotor are ones mostly used in
automotive applications.
To evaluate the feasibility of accelerometers as tamper sensors we can use a simple benchmark. Let us assume an IHSM
spinning at $\SI{1000}{rpm}$. To detect any attempt to brake it below $\SI{500}{rpm}$, we have to detect a difference in
acceleration of a factor of $\frac{\omega_2^2}{\omega_1^2}=4$. Even should sub-optimal placement compromise dynamic
range, any commercial MEMS accelerometer will provide this degree of accuracy. The only caveat is that to detect very
slow deceleration, we have to take into account the accelerometer's drift characteristics.
acceleration of a factor of $\frac{\omega_2^2}{\omega_1^2}=4$. Even in case of sub-optimal placement, any commercial
MEMS accelerometer will provide this degree of dynamic range and accuracy. To detect slow deceleration drift
characteristics have to be taken into account.
In Section~\ref{sec_accel_meas} below, we conduct an empirical evaluation of a commercial automotive high-$g$ MEMS
accelerometer for braking detection in our prototype IHSM.
@ -349,11 +334,9 @@ accelerometer for braking detection in our prototype IHSM.
With our IHSM's components taken care of, what remains to be decided is how to put together these individual components
into a complete device. A basic spinning HSM might look as shown in Figure~\ref{fig_schema_one_axis}. Visible are the
axis of rotation, an accelerometer on the rotating part that is used to detect braking, the protected payload, and the
area covered by the rotating tamper detection mesh. A key observation is that we only have to move the tamper
protection mesh, not the entire contents of the HSM. The HSM's payload and with it most of the HSM's mass can be
stationary. This reduces the moment of inertia of the moving part. This basic schema accepts a weak spot at the point
where the shaft penetrates the spinning mesh. This trade-off makes for a simple mechanical construction and allows
power and data connections to the stationary payload through a hollow shaft.
area covered by the rotating tamper detection mesh. Note that we only have to move the tamper protection mesh, not the
entire contents of the HSM, keeping most of the HSM's mass stationary. In our proof-of-concept prototype, we accept a
weak spot at the point where the shaft penetrates the mesh to simplify mechanical construction.
\begin{figure}
\center