WIP
This commit is contained in:
jaseg
parent
74c4d17572
commit
358b988a55
1 changed files with 85 additions and 43 deletions
|
|
@ -411,14 +411,14 @@ structure size, which limits the possible angles an attack tool could be inserte
|
|||
\end{subfigure}
|
||||
\quad
|
||||
\begin{subfigure}[t]{0.3\textwidth}
|
||||
\centering\includegraphics[width=\linewidth]{3d_construction_cards.jpg}
|
||||
\centering\includegraphics[width=\linewidth]{3d_construction_cards_standalone.jpg}
|
||||
\caption{House-of-Cards construction}
|
||||
\label{hsm_fig_3d_struct_house_of_cards}
|
||||
\end{subfigure}
|
||||
\quad
|
||||
\begin{subfigure}[t]{0.3\textwidth}
|
||||
\centering\includegraphics[width=\linewidth]{hsm_3d_style_lds.jpg}
|
||||
\caption{Laser Direct Structuring, Image from \cite{mahungORWLPCMost2016}}
|
||||
\centering\includegraphics[width=\linewidth]{3d_construction_lds_top.jpg}
|
||||
\caption{Laser Direct Structuring}
|
||||
\label{hsm_fig_3d_struct_lds}
|
||||
\end{subfigure}
|
||||
\caption[3D mesh construction styles]{Construction styles used to fit tamper sensing meshes into 3D envelopes.}
|
||||
|
|
@ -433,9 +433,9 @@ Figure~\ref{hsm_fig_3d_struct_folded_overlap} and Figure~\ref{hsm_fig_3d_struct_
|
|||
as flexible printed circuits, in Figure~\ref{hsm_fig_3d_struct_folded_overlap} using a standard photolithographic
|
||||
copper/polyimide FPC process usually used for flexible PCBs, and in Figure~\ref{hsm_fig_3d_struct_folded_overlap} using
|
||||
a standard silver ink screenprinting process. The choice in Figure~\ref{hsm_fig_3d_struct_folded_no_overlap} not to
|
||||
overlap the mesh in the corner is likely caused by manufacturing considerations, since it might be difficult to ensure
|
||||
overlap the mesh in the corner is likely caused by manufacturing considerations, since it mig~ht be difficult to ensure
|
||||
proper folding of a small foil tab with adhesive pre-applied.
|
||||
|
||||
~
|
||||
Figure~\ref{hsm_fig_3d_struct_vacuum_form} shows a sample of a flexible circuit manufactured in a screenprinted
|
||||
silver-ink process thermoformed into a three-dimensional shape. The flexible circuit mesh is first produced in a
|
||||
standard planar printing process. After printing and curing, the resulting foil is then heated to soften it, and forced
|
||||
|
|
@ -458,14 +458,7 @@ components on the PCB from tampering, this leaves a large gap between the bottom
|
|||
through which probes can be inserted to access either the payload circuit or the mesh monitoring circuitry.
|
||||
\todoplaceholder{take pic of sample H08 card slot cover}
|
||||
|
||||
Figure~\ref{house of cards pcb construction} shows a card slot being protected by several rigid PCBs assembled into a
|
||||
three-dimensional structure. Solder connections between large pads are used to mechanically and electrically join the
|
||||
boards. While the rigid PCBs used in such as structure can be produced in a highly inexpensive, standard process, this
|
||||
style of construction requires manual assembly leading to increased labor cost. Furthermore, the construction leaves
|
||||
large gaps at edges and corners, which is not a problem for card slot protection in payment applications but which would
|
||||
be a flaw in a more standard HSM application.
|
||||
|
||||
Figure~\ref{hsm_fig_3d_struct_lds} shows the resutl of Laser Direct Structuring (LDS), a process that avoids some of the
|
||||
Figure~\ref{hsm_fig_3d_struct_lds} shows the result of Laser Direct Structuring (LDS), a process that avoids some of the
|
||||
limitations of thermoformed planar meshes. In LDS, a plastic part is covered in a conductive pattern in a combination of
|
||||
selective laser erosion of its surface and a series of preparation and electroless metal plating steps. LDS allows
|
||||
covering complex three-dimensional shapes, with the main limitation being that all patterned areas must have a direct
|
||||
|
|
@ -476,56 +469,93 @@ disadvantage of LDS is that it is only suitable for single-layer patterns, while
|
|||
silkscreen and photolithographic PCB processes by patterning both sides of the substrate. More layers can be achived in
|
||||
these processes by simply stacking multiple foil layers and adding vias (through contacts), or by folding.
|
||||
|
||||
Figure~\ref{hsm_fig_3d_struct_house_of_cards} shows an assembly of several rigid PCBs assembled into a three-dimensional
|
||||
structure to protect a card slot. Solder connections between large pads are used to mechanically and electrically join
|
||||
the boards. While the rigid PCBs used in such as structure can be produced in a highly inexpensive, standard process,
|
||||
this style of construction requires manual assembly leading to increased labor cost. Furthermore, the construction
|
||||
leaves large gaps at edges and corners, which is not a problem for card slot protection in payment applications but
|
||||
which would be a flaw in a more standard HSM application.
|
||||
|
||||
\begin{figure}
|
||||
\centering
|
||||
\begin{subfigure}[t]{0.3\textwidth}
|
||||
\centering\includegraphics[width=\linewidth]{}
|
||||
\begin{subfigure}[t]{0.45\textwidth}
|
||||
\centering\includegraphics[width=\linewidth]{3d_construction_offset_mesh_delayered_contrast_improved.jpg}
|
||||
\caption{Small obstacle mesh coupons}
|
||||
\label{hsm_fig_3d_sandwich_obstacle}
|
||||
\end{subfigure}
|
||||
\quad
|
||||
\begin{subfigure}[t]{0.3\textwidth}
|
||||
\centering\includegraphics[width=\linewidth]{}
|
||||
\begin{subfigure}[t]{0.45\textwidth}
|
||||
\centering\includegraphics[width=\linewidth]{3d_construction_via_stitch_mesh_delayer_2.jpg}
|
||||
\caption{Via-fence meshes}
|
||||
\label{hsm_fig_3d_sandwich_via_fence}
|
||||
\end{subfigure}
|
||||
\quad
|
||||
\begin{subfigure}[t]{0.3\textwidth}
|
||||
\centering\includegraphics[width=\linewidth]{}
|
||||
\caption{PCB lid with routed cavity and embedded planar and via-fence meshes}
|
||||
\label{hsm_fig_3d_sandwich_lid}
|
||||
\begin{subfigure}[t]{0.45\textwidth}
|
||||
\centering\includegraphics[width=\linewidth]{3d_construction_planar_stack.jpg}
|
||||
\caption{Planar sandwich stack protecting the back of a connector}
|
||||
\label{hsm_fig_3d_sandwich_stack}
|
||||
\end{subfigure}
|
||||
\quad
|
||||
\begin{subfigure}[t]{0.3\textwidth}
|
||||
\centering\includegraphics[width=\linewidth]{}
|
||||
\caption{Sandwich stack}
|
||||
\label{hsm_fig_3d_sandwich_stack}
|
||||
\begin{subfigure}[t]{0.45\textwidth}
|
||||
\centering\includegraphics[width=\linewidth]{3d_construction_cavity_2.jpg}
|
||||
\caption{PCB lid with routed cavity and embedded planar and via-fence meshes}
|
||||
\label{hsm_fig_3d_sandwich_lid}
|
||||
\end{subfigure}
|
||||
\caption[Sandwich mesh construction styles]{Construction styles used to cover 3D volumes using sandwich-style
|
||||
construction.}
|
||||
\label{hsm_fig_3d_sandwich}
|
||||
\end{figure}
|
||||
|
||||
Besides the house of cards construction style shown in Figure~\ref{hsm_fig_3d_struct_house_of_cards} where PCBs are
|
||||
hand-assembled into a 3D shape, rigid PCBs are also often soldered planar on top of other PCBs to serve as meshes.
|
||||
Figure~\ref{hsm_fig_3d_sandwich} shows examples of such sandwich-style constructions.
|
||||
Figure~\ref{hsm_fig_3d_sandwich_obstacle} and Figure~\ref{hsm_fig_3d_sandwich_via_fence} show a popular construction
|
||||
technique where a small mesh PCB coupon is soldered using a Land Grid Array (LGA)-technique on top of a larger base PCB
|
||||
containing circuitry. The goal in this technique is to project a small part of the mesh into the space above the base
|
||||
PCB. While this does not prvevent targeted drilling, as the small coupon is easy to avoid, it does prevent an attacker
|
||||
from sawing or laser-cutting into the side of the device parallel to the base PCB. In the implementation shown in
|
||||
Figure~\ref{hsm_fig_3d_sandwich_obstacle}, the coupon simply contains a small mesh embedded in an inner layer.
|
||||
Figure~\ref{hsm_fig_3d_sandwich_via_fence} shows a different technique, where the mesh inside the coupon is not
|
||||
primarily laid out in the PCB plane, but instead a large number of vias is used to create a three-dimensional zig-zag
|
||||
trace structure. While due to structure size limitations this via structure is much coarser than a planar mesh like that
|
||||
in Figure~\ref{hsm_fig_3d_sandwich_obstacle} would be, it increases the fraction of the vertical space inside the coupon
|
||||
that is covered by the mesh.
|
||||
|
||||
Figure~\ref{hsm_fig_3d_sandwich_stack} shows a variation of this coupon technique where two such coupons are stacked to
|
||||
create a small overhang, here attempting to protect the back side of a magnetic stripe reader contact in a payment
|
||||
terminal. While a similar result could also be achieved by milling a slot into the side of a single custom-thickness
|
||||
PCB, the economics of PCB manufacturing are such that it may be more cost-effective to bond two standard-thickness PCBs
|
||||
on top of one another instead.
|
||||
|
||||
Figure~\ref{hsm_fig_3d_sandwich_lid} finally shows an advanced construction technique that uses a custom PCB with a
|
||||
large indent milled into its underside soldered on top of a base PCB to create a protected cavity on top of the base
|
||||
PCB. This PCB lid shows a complex internal structure. It is built up in a custom stackup with a total of six layers: A
|
||||
ground plane filling the top layer, then two orthogonal planar mesh layers covering the inside of the lid above the
|
||||
cavity. Below this standard mesh stackup are two that are used to create a via fence structure similar to that shown in
|
||||
Figure~\ref{hsm_fig_3d_sandwich_via_fence} in an attempt to protect the sides around the central cavity. Below these two
|
||||
via fence layers, at the bottom of the PCB is one more layer containing the pads connecting it to the base PCB.
|
||||
|
||||
\subsubsection{Contact and trace construction.}
|
||||
|
||||
Contacts
|
||||
|
||||
Figure~\ref{hsm_fig_materials_gold_lds} shows part of a mesh and a contact created
|
||||
using Laser Direct Structuring and electroless gold plating. Where in electroplating electrical current is used to
|
||||
deposit metal atoms on a surface, in electroless plating a series of chemical reactions is used. Electroplating requires
|
||||
all traces to be electrically connected to form a single electrode, while electroless plating can be used on the
|
||||
finished circuit. In Figure~\ref{hsm_fig_materials_gold_lds}, it is visible how the trace was created using three
|
||||
parallel passes by the laser. The micrograph also shows the rather coarse edge structure created by LDS, which is caused
|
||||
by the rough surface left after pulsed laser ablation. The uneven, thin layer of metallization created by LDS results in
|
||||
mechanically fragile contacts. They must be contacted using a soft material, usually an elastomeric connector.
|
||||
|
||||
Figure~\ref{hsm_fig_materials_carbon_ink}
|
||||
|
||||
\begin{figure}
|
||||
\centering
|
||||
\begin{subfigure}[t]{0.3\textwidth}
|
||||
\centering\includegraphics[width=\linewidth]{trace_material_carbon.jpg}
|
||||
\caption{Screen printing process using carbon ink}
|
||||
\label{hsm_fig_materials_carbon_ink}
|
||||
\end{subfigure}
|
||||
\quad
|
||||
\begin{subfigure}[t]{0.3\textwidth}
|
||||
\centering\includegraphics[width=\linewidth]{trace_material_silver.jpg}
|
||||
\caption{Screen printing process using silver ink}
|
||||
\label{hsm_fig_materials_silver_ink}
|
||||
\end{subfigure}
|
||||
\quad
|
||||
\begin{subfigure}[t]{0.3\textwidth}
|
||||
% FIXME \centering\includegraphics[width=\linewidth]{trace_material_gold.jpg}
|
||||
\caption{Laser direct structuring using electroless gold or other metals}
|
||||
\label{hsm_fig_materials_gold_lds}
|
||||
\centering\includegraphics[width=\linewidth]{trace_material_copper_pcb.jpg}
|
||||
\caption{Standard photolithographic copper PCB process on rigid FR-4 fiberglass substrate}
|
||||
\label{hsm_fig_materials_pcb_rigid}
|
||||
\end{subfigure}
|
||||
\quad
|
||||
\begin{subfigure}[t]{0.3\textwidth}
|
||||
|
|
@ -535,9 +565,21 @@ these processes by simply stacking multiple foil layers and adding vias (through
|
|||
\end{subfigure}
|
||||
\quad
|
||||
\begin{subfigure}[t]{0.3\textwidth}
|
||||
\centering\includegraphics[width=\linewidth]{trace_material_copper_pcb.jpg}
|
||||
\caption{Standard photolithographic copper PCB process on rigid FR-4 fiberglass substrate}
|
||||
\label{hsm_fig_materials_pcb_rigid}
|
||||
\centering\includegraphics[width=\linewidth]{trace_material_silver.jpg}
|
||||
\caption{Screen printing process using silver ink with some carbon ink contact pads for embedded buttons}
|
||||
\label{hsm_fig_materials_silver_ink}
|
||||
\end{subfigure}
|
||||
\quad
|
||||
\begin{subfigure}[t]{0.3\textwidth}
|
||||
\centering\includegraphics[width=\linewidth]{trace_material_contact_gold_lds.jpg}
|
||||
\caption{Laser direct structuring using electroless gold plating}
|
||||
\label{hsm_fig_materials_gold_lds}
|
||||
\end{subfigure}
|
||||
\quad
|
||||
\begin{subfigure}[t]{0.3\textwidth}
|
||||
\centering\includegraphics[width=\linewidth]{trace_material_carbon.jpg}
|
||||
\caption{Screen printing process using carbon ink}
|
||||
\label{hsm_fig_materials_carbon_ink}
|
||||
\end{subfigure}
|
||||
\caption[Mesh materials]{Materials and manufacturing processes used for mesh traces and contacts.}
|
||||
\label{hsm_fig_materials}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue