108 lines
5.4 KiB
TeX
108 lines
5.4 KiB
TeX
\documentclass[a4paper]{scrartcl}
|
|
\usepackage[T1]{fontenc}
|
|
\usepackage{amssymb,amsmath}
|
|
\usepackage{eurosym}
|
|
\usepackage{wasysym}
|
|
\usepackage{amsthm}
|
|
\usepackage{censor}
|
|
\usepackage[
|
|
backend=biber,
|
|
style=numeric,
|
|
natbib=true,
|
|
url=false,
|
|
doi=true,
|
|
eprint=false
|
|
]{biblatex}
|
|
\addbibresource{ihsm.bib}
|
|
|
|
|
|
\makeatletter
|
|
\@ifclasswith{iacrtrans}{submission}{
|
|
\newcommand{\censorIfSubmission}[1]{\censor{#1}{\scriptsize[Author information removed for double-blind peer review]}}
|
|
}{
|
|
\newcommand{\censorIfSubmission}[1]{#1}
|
|
}
|
|
\makeatother
|
|
|
|
\usepackage[binary-units]{siunitx}
|
|
\DeclareSIUnit{\baud}{Bd}
|
|
\DeclareSIUnit{\year}{a}
|
|
\usepackage{commath}
|
|
\usepackage{graphicx,color}
|
|
\usepackage{subcaption}
|
|
\usepackage{array}
|
|
\usepackage{hyperref}
|
|
|
|
\renewcommand{\floatpagefraction}{.8}
|
|
\newcommand{\degree}{\ensuremath{^\circ}}
|
|
\newcolumntype{P}[1]{>{\centering\arraybackslash}p{#1}}
|
|
\newcommand{\partnum}[1]{\texttt{#1}}
|
|
|
|
\begin{document}
|
|
\title{Can't Touch This: Inertial HSMs Thwart Advanced Physical Attacks}
|
|
\subtitle{Changes of Major Revision compared to version submitted to TCHES 20/4}
|
|
\maketitle
|
|
|
|
This document lists the requested revisions we identified from the reviewers comments and explains how we adressed these
|
|
requests.
|
|
|
|
\paragraph{Lack of discussion of operational constraints.}
|
|
|
|
As pointed out by Reviewer~B, our initial submission lacked a detailed discussion of the operational constraints of
|
|
Inertial Hardware Security Modules. We have adressed this with more than two pages of new content on the operation of
|
|
IHSMs in the new Sections~3.5 ``Long-Term Operation'' and~3.6 ``Transportation''. In these sections we address the
|
|
reviewers' points on the continuous power supply requirement and go into detail on the likelihood of spurious tamper
|
|
alarms triggered by external vibrations. Section~3.5 also addressses Reviewer~B's comments on failover, backup and
|
|
replication of cryptographic secrets.
|
|
|
|
\paragraph{Lack of discussion of improved cooling capabilities of IHSMs compared to traditional HSMs.}
|
|
|
|
As Reviewer~D pointed out, our initial submission alluded to the possibility of facilitating cooling airflow through an
|
|
IHSM's security mesh and noted that this would allow for greater processing capabilities, but did not go into detail on
|
|
the extent of this effect. In our revised paper, we have extended Section~3.4 ``Mechanical Layout'' with an
|
|
order-of-magnitude estimation of this effect based on real-world benchmarks and information available from vendors of
|
|
traditional HSMs.
|
|
|
|
\paragraph{Mechanical Rotating Stage Attacks.}
|
|
|
|
As pointed out by Reviewer~D, in our original submission our discussion of the Swivel Chair Attack discusses attacks by
|
|
by a rotating human attacker in depth and mentions the possibility of a fully mechanized attack robot. However, our
|
|
initial submission did not go into detail on the constraints of such a fully mechanized attack. In our revised paper we
|
|
have completed our discussion in this section with one half page of new content and one new diagram discussing
|
|
fully mechanized attack robots.
|
|
|
|
\paragraph{Comparison of IHSM attacks to those on traditional HSMs.}
|
|
|
|
In addition to the previous point, Reviewer~D pointed out that the discussion of attacks on IHSMs in our initial
|
|
submission would have benefited from a more thorough contextualization of the attacks possible on traditional HSMs. In
|
|
response, we have significantly extended Section~4 ``Attacks'' with one page of new content in two new Subsections~4.2
|
|
``Attacks that don't work'' and~4.3 ``Attacks that work on any HSM'' that provide this missing context to guide the
|
|
reader.
|
|
|
|
\paragraph{Notes on future work.}
|
|
Reviewer~D stated that they would find an outlook on the next design steps towards a practically usable design
|
|
interesting. We have adressed this at the end of Section~7 ``Conclusion'' to the extent of our current plans.
|
|
|
|
\paragraph{Design Artifact Availability.}
|
|
Reviewer~D state that acceess to design artifacts would be useful for readers of the paper. While we cannot make our
|
|
design artifacts available as part of the peer review process as they contain a multitude of references to the
|
|
identities of the authors and their employer, we have added a brief appendix that in the publication version of our
|
|
paper will contain a link to the open-source repository containing all hardware, software and paper sources relating to
|
|
our research project.
|
|
|
|
\paragraph{Detailed discussion of contactless attacks.}
|
|
|
|
Reviewer~C noted that like a traditional HSM an IHSM cannot prevent contactless attacks such as electromagnetic
|
|
sidechannel attacks or laser fault injection. While our initial submission acknowledged this property of our design, our
|
|
original submission did not provide a detailed discussion of its extent. In our revised paper, we have added a new
|
|
Section~4.2 ``Attacks that work on any HSM'' that provides more detail on contactless attacks. In this section we
|
|
observe that the IHSM design allows for some mitigations against contactless attacks due to the physically larger space
|
|
it can provide to its payload.
|
|
|
|
\paragraph{Justification of mesh monitor power consumption estimates.}
|
|
|
|
A point noted by Reviewer~B is that in our initial submission we provided an estimate on the current consumption of an
|
|
IHSM monitoring cirucit without providing a detailed justification of our estimate. In response, we have extended
|
|
Section~5.3 ``Power transmission from Stator to rotor'' with a more detailed justification of this estimate.
|
|
|
|
\end{document}
|