Improve HSM survey chapter, move IHSM chapter up front
This commit is contained in:
jaseg
parent
bc7a3e3d34
commit
3132e788d6
2 changed files with 28 additions and 9 deletions
|
|
@ -6,17 +6,20 @@
|
|||
|
||||
\chaptertitle{Active Tamper Sensing in the Wild}
|
||||
|
||||
% FIXME introduction
|
||||
Inertial Hardware Security Modules are the latest link in a series o developments bringing hardware security primitives
|
||||
from niche military cipher machines to mass-market applications. The tamper-sensing technology that forms the primary
|
||||
line of defense in such physical security systems goes back more than a century, with the earliest tamper-sensing meshes
|
||||
being used in the late 19\textsuperscript{th} century, around the widespread commercialization of electricity. Today,
|
||||
active tamper-sensing meshes are used in a wide array of devices ranging from card payment terminals to atomic bombs.
|
||||
|
||||
In this chapter, we will start with a brief history of secure hardware with a particular focus on tamper-sensing meshes.
|
||||
Complementing our historical analysis, we will present the results of a survey of a range of real-world devices using
|
||||
tamper-sensing meshes and analyze their implementation. We will analyze the gaps left by the current state of the
|
||||
industry, and evaluate how Inertial HSMs could close these gaps to make secure hardware accessible to a wider range of
|
||||
applications. We will start with a brief history of secure hardware with a particular focus on tamper-sensing meshes.
|
||||
|
||||
\section{The History of Tamper Sensing Meshes}
|
||||
|
||||
Tamper-sensing meshes are highly effective at preventing a large array of physical attacks and provide the core of the
|
||||
tamper-response system of a Hardware Security Module. In this chapter we will take a look at a range of real-world
|
||||
devices using tamper-sensing meshes and analyze their implementation. We will analyze the gaps left by the current state
|
||||
of the industry, and evaluate how Inertial HSMs could close these gaps to make secure hardware accessible to a wider
|
||||
range of applications. We will start with a brief history of secure hardware with a particular focus on tamper-sensing
|
||||
meshes.
|
||||
|
||||
Tamper-sensing meshes offer many degrees of freedom in their design ranging from the precise conductor layout, through
|
||||
the manufacturing technology of the mesh and how it is wrapped around the payload during manufacturing up to their
|
||||
monitoring circuitry. As a result, manufacturers across application domains from datacenter appliance HSMs through card
|
||||
|
|
@ -819,6 +822,19 @@ imaging can be actively detected to trigger a tamper alarm. During CT imaging, a
|
|||
images are taken. X-ray radiation can be reliably detected using off-the-shelf sensors that usually consist of a
|
||||
large-area photodiode coupled to a scintillator crystal converting X-ray photons to visible light.
|
||||
|
||||
\subsection{Application of Inertial HSM technology}
|
||||
|
||||
The widespread use of inexpensive but low-security commodity processes shows that in practical applications, cost is
|
||||
often prioritized over security. The IHSM approach naturally complements such a system that uses a low-security mesh
|
||||
material, increasing its security without the use of a more advanced mesh material. The beneficial construction
|
||||
techniques that we identified above such as the use of multiple, spaced layers and low-contrast trace materials
|
||||
complement IHSM technology naturally. The three-dimensional layout of a mesh becomes easier in an IHSM implementation
|
||||
since features like corners between mesh panels or gaps between mesh layers are often naturally protected by the mesh's
|
||||
motion. An unintended advantage that results in IHSM implementations over conventional meshes is that they would provide
|
||||
a level of intrinsic resistance to X-ray and CT imaging. In contrast to optical cameras in the visible spectrum, X-ray
|
||||
image sensors need integration times in the hundreds of milliseconds or longer, which makes them unsuitable to image a
|
||||
quickly moving targets.
|
||||
|
||||
\section{Conclusion}
|
||||
|
||||
In our survey, we have found a wide variety in tamper sensing mesh construction techniques. Meshes are commonly
|
||||
|
|
@ -848,4 +864,7 @@ Form an engineering point of view, we observe that across application domains, t
|
|||
construction techniques. Implementing such a system that matches the security of other systems seen in the wild should
|
||||
be achievable to most engineers.
|
||||
|
||||
We find that the IHSM approach is a natural extension of the state of the art that we saw reflected in tamper-sensing
|
||||
mesh implementations in the field, and that the construction techniques that have been applied to improve their security
|
||||
can be carried over to IHSM implementations.
|
||||
|
||||
|
|
|
|||
|
|
@ -36,8 +36,8 @@
|
|||
|
||||
\dochapter{chapter-introduction} % Status: In pretty good shape
|
||||
\dochapter{chapter-epa} % Status: In pretty good shape
|
||||
\dochapter{chapter-hsms} % Status: TODO
|
||||
\dochapter{chapter-ihsm} % Status: Copy-paste done, build works, integration TODO
|
||||
\dochapter{chapter-hsms} % Status: In pretty good shape
|
||||
\dochapter{chapter-sampling-mesh-monitor} % Status: Copy-paste done, build works, integration TODO
|
||||
\dochapter{chapter-nice-coils} % Status: Copy-paste done, build works, integration TODO
|
||||
\dochapter{chapter-qkd} % Status: Re-integration of changes from workshop paper TODO
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue