118 lines
6.6 KiB
TeX
118 lines
6.6 KiB
TeX
\documentclass[a4paper]{scrartcl}
|
|
\usepackage[T1]{fontenc}
|
|
\usepackage{amssymb,amsmath}
|
|
\usepackage{eurosym}
|
|
\usepackage{wasysym}
|
|
\usepackage{amsthm}
|
|
\usepackage{censor}
|
|
\usepackage[
|
|
backend=biber,
|
|
style=numeric,
|
|
natbib=true,
|
|
url=false,
|
|
doi=true,
|
|
eprint=false
|
|
]{biblatex}
|
|
\addbibresource{ihsm.bib}
|
|
|
|
|
|
\makeatletter
|
|
\@ifclasswith{iacrtrans}{submission}{
|
|
\newcommand{\censorIfSubmission}[1]{\censor{#1}{\scriptsize[Author information removed for double-blind peer review]}}
|
|
}{
|
|
\newcommand{\censorIfSubmission}[1]{#1}
|
|
}
|
|
\makeatother
|
|
|
|
\usepackage[binary-units]{siunitx}
|
|
\DeclareSIUnit{\baud}{Bd}
|
|
\DeclareSIUnit{\year}{a}
|
|
\usepackage{commath}
|
|
\usepackage{graphicx,color}
|
|
\usepackage{subcaption}
|
|
\usepackage{array}
|
|
\usepackage{hyperref}
|
|
|
|
\renewcommand{\floatpagefraction}{.8}
|
|
\newcommand{\degree}{\ensuremath{^\circ}}
|
|
\newcolumntype{P}[1]{>{\centering\arraybackslash}p{#1}}
|
|
\newcommand{\partnum}[1]{\texttt{#1}}
|
|
|
|
\begin{document}
|
|
\title{Can't Touch This: Inertial HSMs Thwart Advanced Physical Attacks}
|
|
\subtitle{Changes of Major Revision compared to version submitted to TCHES 21/4}
|
|
\maketitle
|
|
|
|
We again wish to express our deep gratitude for the reviewers' profound insights and valuable feedback in the TCHES 21/4
|
|
review round. After the program committee's ``major revision'' decision we have reflected upon our submission with the
|
|
new insights we have gained from the reviewers' comments. In the remainder of this document, we will list the requested
|
|
changes that we have identified from the reviewers' helpful comments and explain how we adressed these requests in the
|
|
enclosed major revision of our submission. We hope that by extensively reworking our initial submission we have improved
|
|
it to the satisfaction of the reviewers and program committee. We are grateful for the chance to improve upon our
|
|
original submission and we truly appreciate the reviewers and the program committee devoting their valuable time to
|
|
consider our major revision.
|
|
|
|
\paragraph{Lack of discussion of operational constraints.}
|
|
|
|
As pointed out by Reviewers~A and~B, our initial submission lacked a detailed discussion of the operational constraints of
|
|
Inertial Hardware Security Modules. We thank the reveiwer for this helpful observation. We have adressed this with more
|
|
than two pages of new content on the operation of IHSMs in the new Sections~3.5 ``Long-Term Operation'' and~3.6
|
|
``Transportation''. In these sections we address the reviewers' points on the continuous power supply requirement and go
|
|
into detail on the likelihood of spurious tamper alarms triggered by external vibrations. Section~3.5 also addresses
|
|
Reviewer~B's insightful comments on failover, backup and replication of cryptographic secrets.
|
|
|
|
\paragraph{Lack of discussion of improved cooling capabilities of IHSMs compared to traditional HSMs.}
|
|
|
|
As Reviewer~D pointed out, our initial submission alluded to the possibility of facilitating cooling airflow through an
|
|
IHSM's security mesh and noted that this would allow for greater processing capabilities, but did not go into detail on
|
|
the extent of this effect. To address this valid remark, in our revised paper, we have extended Section~3.4 ``Mechanical
|
|
Layout'' with an order-of-magnitude estimation of this effect based on real-world benchmarks and information available
|
|
from vendors of traditional HSMs.
|
|
|
|
\paragraph{Mechanical Rotating Stage Attacks.}
|
|
|
|
As pointed out by Reviewer~D, in our original submission our discussion of the Swivel Chair Attack discusses attacks by
|
|
by a rotating human attacker in depth and mentions the possibility of a fully mechanized attack robot. However, our
|
|
initial submission did not go into detail on the constraints of such a fully mechanized attack. We are grateful to the
|
|
reviewer for pointing out the lack of detail in this regard. In our revised paper we have completed our discussion in
|
|
this section with one half page of new content and one new diagram discussing fully mechanized attack robots.
|
|
|
|
\paragraph{Comparison of IHSM attacks to those on traditional HSMs.}
|
|
|
|
In addition to the previous point, Reviewer~D pointed out that the discussion of attacks on IHSMs in our initial
|
|
submission would have benefited from a more thorough contextualization of the attacks possible on traditional HSMs. We
|
|
wish to thank the reviewer for their thorough and thoughtful comments. In response to this suggestion, we have
|
|
significantly extended Section~4 ``Attacks'' with one page of new content in two new Subsections~4.2 ``Attacks that
|
|
don't work'' and~4.3 ``Attacks that work on any HSM'' that provide this missing context to guide the reader.
|
|
|
|
\paragraph{Notes on future work.}
|
|
|
|
Reviewer~D stated that they would find an outlook on the next design steps towards a practically usable design
|
|
interesting. We appreciate this helpful comment. We have adressed future work at the end of Section~7 ``Conclusion'' to
|
|
the extent of our current plans.
|
|
|
|
\paragraph{Design Artifact Availability.}
|
|
|
|
Reviewer~D stated that access to design artifacts would be useful for readers of the paper. We are thankful for their
|
|
interest in the results of our work. While we cannot make our design artifacts available as part of the peer review
|
|
process as they contain a multitude of references to the identities of the authors and their employer, we have added a
|
|
brief appendix that the publication version of our paper will contain with a link to the open-source repository
|
|
containing all hardware, software and paper sources relating to our research project.
|
|
|
|
\paragraph{Detailed discussion of contactless attacks.}
|
|
|
|
Reviewer~C noted that like a traditional HSM an IHSM cannot prevent contactless attacks such as electromagnetic
|
|
sidechannel attacks or laser fault injection. We wish to express our gratitude for the insightful comment. While our
|
|
initial submission acknowledged this property of our design, our original submission did not provide a detailed
|
|
discussion of its extent. In our revised paper, we have added a new Section~4.2 ``Attacks that work on any HSM'' that
|
|
provides more detail on contactless attacks. In this section we observe that the IHSM design allows for some mitigations
|
|
against contactless attacks due to the physically larger space it can provide to its payload.
|
|
|
|
\paragraph{Justification of mesh monitor power consumption estimates.}
|
|
|
|
A point noted by Reviewers~A and~B is that in our initial submission we provided an estimate on the current consumption
|
|
of an IHSM monitoring circuit without providing a detailed justification of our estimate. We wish to thank the reviewers
|
|
for thoughtfully pointing out this oversight. In response, we have extended Section~5.3 ``Power transmission from stator
|
|
to rotor'' with a more detailed justification of this estimate.
|
|
|
|
\end{document}
|