jaseg/phd-thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Improve HSM survey chapter, move IHSM chapter up front

Browse source
This commit is contained in:
jaseg 2025-10-22 17:13:25 +02:00
parent bc7a3e3d34
commit 3132e788d6
2 changed files with 28 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

35
chapter-hsms/chapter.tex
View file

@ -6,17 +6,20 @@
\chaptertitle{Active Tamper Sensing in the Wild}
% FIXME introduction
Inertial Hardware Security Modules are the latest link in a series o developments bringing hardware security primitives
from niche military cipher machines to mass-market applications. The tamper-sensing technology that forms the primary
line of defense in such physical security systems goes back more than a century, with the earliest tamper-sensing meshes
being used in the late 19\textsuperscript{th} century, around the widespread commercialization of electricity. Today,
active tamper-sensing meshes are used in a wide array of devices ranging from card payment terminals to atomic bombs.
In this chapter, we will start with a brief history of secure hardware with a particular focus on tamper-sensing meshes.
Complementing our historical analysis, we will present the results of a survey of a range of real-world devices using
tamper-sensing meshes and analyze their implementation. We will analyze the gaps left by the current state of the
industry, and evaluate how Inertial HSMs could close these gaps to make secure hardware accessible to a wider range of
applications. We will start with a brief history of secure hardware with a particular focus on tamper-sensing meshes.
\section{The History of Tamper Sensing Meshes}
Tamper-sensing meshes are highly effective at preventing a large array of physical attacks and provide the core of the
tamper-response system of a Hardware Security Module. In this chapter we will take a look at a range of real-world
devices using tamper-sensing meshes and analyze their implementation. We will analyze the gaps left by the current state
of the industry, and evaluate how Inertial HSMs could close these gaps to make secure hardware accessible to a wider
range of applications. We will start with a brief history of secure hardware with a particular focus on tamper-sensing
meshes.
Tamper-sensing meshes offer many degrees of freedom in their design ranging from the precise conductor layout, through
the manufacturing technology of the mesh and how it is wrapped around the payload during manufacturing up to their
monitoring circuitry. As a result, manufacturers across application domains from datacenter appliance HSMs through card
@ -819,6 +822,19 @@ imaging can be actively detected to trigger a tamper alarm. During CT imaging, a
images are taken. X-ray radiation can be reliably detected using off-the-shelf sensors that usually consist of a
large-area photodiode coupled to a scintillator crystal converting X-ray photons to visible light.
\subsection{Application of Inertial HSM technology}
The widespread use of inexpensive but low-security commodity processes shows that in practical applications, cost is
often prioritized over security. The IHSM approach naturally complements such a system that uses a low-security mesh
material, increasing its security without the use of a more advanced mesh material. The beneficial construction
techniques that we identified above such as the use of multiple, spaced layers and low-contrast trace materials
complement IHSM technology naturally. The three-dimensional layout of a mesh becomes easier in an IHSM implementation
since features like corners between mesh panels or gaps between mesh layers are often naturally protected by the mesh's
motion. An unintended advantage that results in IHSM implementations over conventional meshes is that they would provide
a level of intrinsic resistance to X-ray and CT imaging. In contrast to optical cameras in the visible spectrum, X-ray
image sensors need integration times in the hundreds of milliseconds or longer, which makes them unsuitable to image a
quickly moving targets.
\section{Conclusion}
In our survey, we have found a wide variety in tamper sensing mesh construction techniques. Meshes are commonly
@ -848,4 +864,7 @@ Form an engineering point of view, we observe that across application domains, t
construction techniques. Implementing such a system that matches the security of other systems seen in the wild should
be achievable to most engineers.
We find that the IHSM approach is a natural extension of the state of the art that we saw reflected in tamper-sensing
mesh implementations in the field, and that the construction techniques that have been applied to improve their security
can be carried over to IHSM implementations.