From 3132e788d647e35626340fe7aa718bd90b450e9e Mon Sep 17 00:00:00 2001 From: jaseg Date: Wed, 22 Oct 2025 17:13:25 +0200 Subject: [PATCH] Improve HSM survey chapter, move IHSM chapter up front --- chapter-hsms/chapter.tex | 35 +++++++++++++++++++++++++++-------- thesis.tex | 2 +- 2 files changed, 28 insertions(+), 9 deletions(-) diff --git a/chapter-hsms/chapter.tex b/chapter-hsms/chapter.tex index 71b759d..69cfcd3 100644 --- a/chapter-hsms/chapter.tex +++ b/chapter-hsms/chapter.tex @@ -6,17 +6,20 @@ \chaptertitle{Active Tamper Sensing in the Wild} -% FIXME introduction +Inertial Hardware Security Modules are the latest link in a series o developments bringing hardware security primitives +from niche military cipher machines to mass-market applications. The tamper-sensing technology that forms the primary +line of defense in such physical security systems goes back more than a century, with the earliest tamper-sensing meshes +being used in the late 19\textsuperscript{th} century, around the widespread commercialization of electricity. Today, +active tamper-sensing meshes are used in a wide array of devices ranging from card payment terminals to atomic bombs. + +In this chapter, we will start with a brief history of secure hardware with a particular focus on tamper-sensing meshes. +Complementing our historical analysis, we will present the results of a survey of a range of real-world devices using +tamper-sensing meshes and analyze their implementation. We will analyze the gaps left by the current state of the +industry, and evaluate how Inertial HSMs could close these gaps to make secure hardware accessible to a wider range of +applications. We will start with a brief history of secure hardware with a particular focus on tamper-sensing meshes. \section{The History of Tamper Sensing Meshes} -Tamper-sensing meshes are highly effective at preventing a large array of physical attacks and provide the core of the -tamper-response system of a Hardware Security Module. In this chapter we will take a look at a range of real-world -devices using tamper-sensing meshes and analyze their implementation. We will analyze the gaps left by the current state -of the industry, and evaluate how Inertial HSMs could close these gaps to make secure hardware accessible to a wider -range of applications. We will start with a brief history of secure hardware with a particular focus on tamper-sensing -meshes. - Tamper-sensing meshes offer many degrees of freedom in their design ranging from the precise conductor layout, through the manufacturing technology of the mesh and how it is wrapped around the payload during manufacturing up to their monitoring circuitry. As a result, manufacturers across application domains from datacenter appliance HSMs through card @@ -819,6 +822,19 @@ imaging can be actively detected to trigger a tamper alarm. During CT imaging, a images are taken. X-ray radiation can be reliably detected using off-the-shelf sensors that usually consist of a large-area photodiode coupled to a scintillator crystal converting X-ray photons to visible light. +\subsection{Application of Inertial HSM technology} + +The widespread use of inexpensive but low-security commodity processes shows that in practical applications, cost is +often prioritized over security. The IHSM approach naturally complements such a system that uses a low-security mesh +material, increasing its security without the use of a more advanced mesh material. The beneficial construction +techniques that we identified above such as the use of multiple, spaced layers and low-contrast trace materials +complement IHSM technology naturally. The three-dimensional layout of a mesh becomes easier in an IHSM implementation +since features like corners between mesh panels or gaps between mesh layers are often naturally protected by the mesh's +motion. An unintended advantage that results in IHSM implementations over conventional meshes is that they would provide +a level of intrinsic resistance to X-ray and CT imaging. In contrast to optical cameras in the visible spectrum, X-ray +image sensors need integration times in the hundreds of milliseconds or longer, which makes them unsuitable to image a +quickly moving targets. + \section{Conclusion} In our survey, we have found a wide variety in tamper sensing mesh construction techniques. Meshes are commonly @@ -848,4 +864,7 @@ Form an engineering point of view, we observe that across application domains, t construction techniques. Implementing such a system that matches the security of other systems seen in the wild should be achievable to most engineers. +We find that the IHSM approach is a natural extension of the state of the art that we saw reflected in tamper-sensing +mesh implementations in the field, and that the construction techniques that have been applied to improve their security +can be carried over to IHSM implementations. diff --git a/thesis.tex b/thesis.tex index ba1516c..cf7b036 100644 --- a/thesis.tex +++ b/thesis.tex @@ -36,8 +36,8 @@ \dochapter{chapter-introduction} % Status: In pretty good shape \dochapter{chapter-epa} % Status: In pretty good shape -\dochapter{chapter-hsms} % Status: TODO \dochapter{chapter-ihsm} % Status: Copy-paste done, build works, integration TODO +\dochapter{chapter-hsms} % Status: In pretty good shape \dochapter{chapter-sampling-mesh-monitor} % Status: Copy-paste done, build works, integration TODO \dochapter{chapter-nice-coils} % Status: Copy-paste done, build works, integration TODO \dochapter{chapter-qkd} % Status: Re-integration of changes from workshop paper TODO