Integrate EPA paper
This commit is contained in:
jaseg
parent
a955f5fb7d
commit
28c42e928d
2 changed files with 269 additions and 39 deletions
|
|
@ -4,18 +4,51 @@
|
|||
entering the patient from the wrong end.
|
||||
}
|
||||
|
||||
\chaptertitle{Hardware Security Modules in the Wild}
|
||||
\chaptertitle{Active Tamper Sensing in the Wild}
|
||||
|
||||
In this chapter we will take a look at how Hardware Security Modules are built and what they are used for. We will
|
||||
analyze the gaps left by the current state of the industry, and evaluate how Inertial HSMs could close these gaps to
|
||||
make secure hardware accessible to everyone. We will start with a brief history of secure hardware with a particular
|
||||
focus on tamper-sensing meshes since the tamper-sensing mesh is the primary line of defense that delineates a hardware
|
||||
security module from other, weaker secure hardware primitives such as Smart Cards or Trusted Platform Modules (TPMs).
|
||||
In this chapter we will take a look at how the tamper-sensing meshes that provide the core tamper response in Hardware
|
||||
Security Modules are built and what they are used for. We will analyze the gaps left by the current state of the
|
||||
industry, and evaluate how Inertial HSMs could close these gaps to make secure hardware accessible to everyone. We will
|
||||
start with a brief history of secure hardware with a particular focus on tamper-sensing meshes since the tamper-sensing
|
||||
mesh is the primary line of defense that delineates a hardware security module from other, weaker secure hardware
|
||||
primitives such as Smart Cards or Trusted Platform Modules (TPMs).
|
||||
|
||||
% FIXME include stuff from EPA paper
|
||||
|
||||
\section{The History of Tamper Sensing Meshes}
|
||||
|
||||
Tamper-sensing meshes can be implemented in many different ways. Their design offers various degrees of freedom from the
|
||||
precise conductor layout, through the manufacturing technology of the mesh and how it is wrapped around the payload
|
||||
during manufacturing up to its monitoring circuitry. As a result, manufacturers across application domains from
|
||||
datacenter appliance HSMs through card payment terminals have historically used patents on parts of their tamper-sensing
|
||||
mesh implementations as a means to prevent copying of their designs~\cite{
|
||||
razaghiCircuitBoardHold2019,
|
||||
heitmannTamperBarrierElectronic2005,
|
||||
clarkTamperDetectionSystem2005,
|
||||
heitmannMethodMakingTamper2009,
|
||||
perreaultSystemMethodInstalling2005,
|
||||
}. The basic principle of modern tamper-sensing meshes of preventing intrusion by force through embedding a looped
|
||||
conductor to cover a surface traces back as far as at least 1870~\cite{
|
||||
ImprovementProtectingSafes1870,
|
||||
ImprovementElectromagneticEnvelopes1870}, when it was applied to the protection of bank vaults from robbers
|
||||
attempting to dig, drill and saw through the vault's floor and walls. Even multi-layer, orthogonal tamper-sensing meshes
|
||||
are documented as far back as 1902~\cite{suttonElectricallyprotectedStructure1902}. Using printed circuits instead of
|
||||
wires for this purpose occurs in literature as soon as printed circuit technology finds widespread commercial adoption
|
||||
in the 1960ies~\cite{hamPrintedcircuitTypeSecurity1971}. The history of more HSM-like devices begins in the 1990ies with
|
||||
the widespread adoption of cryptography in commercial applications~\cite{
|
||||
kleijneSecurityDeviceSecure1986,
|
||||
joyceMethodDetectPenetration1996,
|
||||
droegeSicherheitsmodulMitEinteiliger1997,
|
||||
cesanaTamperResistantCard2001,
|
||||
cesanaSecurityClothDesign2006,
|
||||
elbertSecureCircuitAssembly2006,
|
||||
cookTamperDetectionCircuit2020,
|
||||
brodskyCircuitLayoutsTamperrespondent2018,
|
||||
cobianuLargeAreaDistributed2008,
|
||||
phamAntitamperMesh2011,
|
||||
} when instead of protecting an entire device it became feasible to create a protected cryptographic coprocessor.
|
||||
|
||||
|
||||
\subsection{Use by the US Military}
|
||||
|
||||
Electronic tamper sensing meshes are documented in literature beginning around World War \RN{2}. The earliest mention of
|
||||
|
|
@ -112,37 +145,6 @@ cloning. This device will also be analyzed later in this chapter.
|
|||
|
||||
\section{The Principles of Tamper-Sensing Mesh Construction and Monitoring}
|
||||
|
||||
Tamper-sensing meshes can be implemented in many different ways. Their design offers various degrees of freedom from the
|
||||
precise conductor layout, through the manufacturing technology of the mesh and how it is wrapped around the payload
|
||||
during manufacturing up to its monitoring circuitry. As a result, manufacturers across application domains from
|
||||
datacenter appliance HSMs through card payment terminals have historically used patents on parts of their tamper-sensing
|
||||
mesh implementations as a means to prevent copying of their designs~\cite{
|
||||
razaghiCircuitBoardHold2019,
|
||||
heitmannTamperBarrierElectronic2005,
|
||||
clarkTamperDetectionSystem2005,
|
||||
heitmannMethodMakingTamper2009,
|
||||
perreaultSystemMethodInstalling2005,
|
||||
}. The basic principle of modern tamper-sensing meshes of preventing intrusion by force through embedding a looped
|
||||
conductor to cover a surface traces back as far as at least 1870~\cite{
|
||||
ImprovementProtectingSafes1870,
|
||||
ImprovementElectromagneticEnvelopes1870}, when it was applied to the protection of bank vaults from robbers
|
||||
attempting to dig, drill and saw through the vault's floor and walls. Even multi-layer, orthogonal tamper-sensing meshes
|
||||
are documented as far back as 1902~\cite{suttonElectricallyprotectedStructure1902}. Using printed circuits instead of
|
||||
wires for this purpose occurs in literature as soon as printed circuit technology finds widespread commercial adoption
|
||||
in the 1960ies~\cite{hamPrintedcircuitTypeSecurity1971}. The history of more HSM-like devices begins in the 1990ies with
|
||||
the widespread adoption of cryptography in commercial applications~\cite{
|
||||
kleijneSecurityDeviceSecure1986,
|
||||
joyceMethodDetectPenetration1996,
|
||||
droegeSicherheitsmodulMitEinteiliger1997,
|
||||
cesanaTamperResistantCard2001,
|
||||
cesanaSecurityClothDesign2006,
|
||||
elbertSecureCircuitAssembly2006,
|
||||
cookTamperDetectionCircuit2020,
|
||||
brodskyCircuitLayoutsTamperrespondent2018,
|
||||
cobianuLargeAreaDistributed2008,
|
||||
phamAntitamperMesh2011,
|
||||
} when instead of protecting an entire device it became feasible to create a protected cryptographic coprocessor.
|
||||
|
||||
\subsection{Tamper-sensing Mesh Manufacturing}
|
||||
|
||||
The manufacturing technology of a tamper sensing mesh is a critical factor in its security. While in many applications,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue