WIP

2025-09-10 14:29:01 +02:00 · 2025-09-10 14:29:01 +02:00 · 3f7f699388
commit 3f7f699388
parent 85e348bc6e
13 changed files with 206 additions and 120 deletions
--- a/chapter-hsms/chapter.tex
+++ b/chapter-hsms/chapter.tex
@ -390,57 +390,6 @@ structure size, which limits the possible angles an attack tool could be inserte

 \subsubsection{Contact and trace construction.}

-Regular Printed Circuit Boards are frequently used to implement tamper-sensing meshes as shown in
-Figure~\ref{hsm_fic_materials_pcb_rigid}. PCB production is a highly advanced, large-scale industry and PCBs are
-inexpensive, commodity products. PCBs can be manufactured with many layers, at almost arbitrary total thickness, and
-offer small structure sizes enabling the creation of fine features down to approximately \qty{100}{\micro\meter} even on
-commodity processes. The primary disadvantage of using PCBs to implement tamper-sensing meshes is that PCBs are
-fundamentally designed to be as robust as possible. The traces on the top of a PCB are etched from a thick (usually
-\qty{35}{\micro\meter} on the outer layers) copper foil adhered to the PCB substrate. As a result, the PCB and the
-traces on its surface are easy to manipulate by hand using tools like knives and techniques like soldering. For a
-tamper-sensing mesh, trace patterns manufactured to be more fragile might be advantageous. Additionally, standard PCBs
-are made using a rigid FR-4 fiberglass/epoxy substrate. Since a tamper-sensing mesh must often enclose all sides of a
-payload, flexible foils offer benefits over rigid PCBs.
-
-Figure~\ref{hsm_fig_materials_pcb_flex} shows a Flexible Printed Circuits (FPCs) produced in a standard commercial
-process similar to PCB production. In FPCs, a copper foil adhered to a substrate is etched, but the substrate here
-usually is a thin foil made from polyimide, an orange, temperature-resistant polymer that survives common reflow (hot
-air) soldering temperatures. In contrast to rigid PCBs, FPCs are usually limited to no more than four layers before
-losing flexibility. Flexible PCBs are often used for tamper-sensing meshes that wrap around a payload, but they come
-with the same limitation as standard PCBs: Due to their robust substrate and thick copper layers, they are easily
-manipulated by hand.
-
-Both rigid PCBs and FPCs can be soldered directly to a PCB. FPCs are additionally suitable for use with standard
-Zero Insertion Force (ZIF) FPC connectors. % FIXME pics
-The FPC in Figure~\ref{hsm_fig_materials_pcb_flex} has a contact area for a ZIF connector on the right side, called
-\emph{gold fingers} in industry terms. Soldered board-to-board connectors can be used in situations where the mesh PCB
-or FPC needs to be connected at an offset or at an angle. % FIXME pics
-
-% FIXME intro into elastomeric connectors
-Elastomeric connectors as well as RF shielding gaskets can also be used with rigid PCBs or with FPCs when a rigid
-backing material is used. In tamper-sensing mesh applications both have the advantage that they simultaneously serve as
-an intrinsic disassembly detector since they require continuous pressure to maintain electrical contact.
-Figure~\ref{hsm_fig_materials_pcb_rigid} shows a landing pattern for an elastomeric connector on a PCB.
-
-Figure~\ref{hsm_fig_materials_silver_ink} shows an FPC created in a different process. Here, instead of
-photolithographically etching a continuous copper foil adhered to a flexible substrate, the substrate is instead printed
-using a conductive ink. A variety of printing processes are suitable for this technique. The conductive ink is based on
-small conductive particles suspended in a hardening binder. Common conductive ink materials are silver and carbon.
-Silver-based inks offer lower resistance compared to carbon-based inks, but are prone to surface oxitation and as such
-are not suitable for contacts. As such, they are often combined with a carbon ink used in contact areas. Carbon-based
-inks have high resistance, and can be used to create embedded resistors. The circuit shown in
-Figure~\ref{hsm_fig_materials_silver_ink} contains a tamper-sensing mesh on a lower layer, and a keypad matrix with
-carbon contacts on its surface.
-
-Figure~\ref{hsm_fig_materials_gold_lds} shows part of a mesh and a contact created using Laser Direct Structuring and
-electroless gold plating. Where in electroplating electrical current is used to deposit metal atoms on a surface, in
-electroless plating a series of chemical reactions is used. Electroplating requires all traces to be electrically
-connected to form a single electrode, while electroless plating can be used on the finished circuit. In
-Figure~\ref{hsm_fig_materials_gold_lds}, it is visible how the trace was created using three parallel passes by the
-laser. The micrograph also shows the rather coarse edge structure created by LDS, which is caused by the rough surface
-left after pulsed laser ablation. The uneven, thin layer of metallization created by LDS results in mechanically fragile
-contacts. They must be contacted using a soft material, usually an elastomeric connector.
-
 \begin{figure}
    \centering
    \begin{subfigure}[t]{0.3\textwidth}
@ -476,6 +425,135 @@ contacts. They must be contacted using a soft material, usually an elastomeric c
    \label{hsm_fig_materials}
 \end{figure}

+Regular Printed Circuit Boards are frequently used to implement tamper-sensing meshes as shown in
+Figure~\ref{hsm_fic_materials_pcb_rigid}. PCB production is a highly advanced, large-scale industry and PCBs are
+inexpensive, commodity products. PCBs can be manufactured with many layers, at almost arbitrary total thickness, and
+offer small structure sizes enabling the creation of fine features down to approximately \qty{100}{\micro\meter} even on
+commodity processes. The primary disadvantage of using PCBs to implement tamper-sensing meshes is that PCBs are
+fundamentally designed to be as robust as possible. The traces on the top of a PCB are etched from a thick (usually
+\qty{35}{\micro\meter} on the outer layers) copper foil adhered to the PCB substrate. As a result, the PCB and the
+traces on its surface are easy to manipulate by hand using tools like knives and techniques like soldering. For a
+tamper-sensing mesh, trace patterns manufactured to be more fragile might be advantageous. Additionally, standard PCBs
+are made using a rigid FR-4 fiberglass/epoxy substrate. Since a tamper-sensing mesh must often enclose all sides of a
+payload, flexible foils offer benefits over rigid PCBs.
+
+Figure~\ref{hsm_fig_materials_pcb_flex} shows a Flexible Printed Circuits (FPCs) produced in a standard commercial
+process similar to PCB production. In FPCs, a copper foil adhered to a substrate is etched, but the substrate here
+usually is a thin foil made from polyimide, an orange, temperature-resistant polymer that survives common reflow (hot
+air) soldering temperatures. In contrast to rigid PCBs, FPCs are usually limited to no more than four layers before
+losing flexibility. Flexible PCBs are often used for tamper-sensing meshes that wrap around a payload, but they come
+with the same limitation as standard PCBs: Due to their robust substrate and thick copper layers, they are easily
+manipulated by hand.
+
+Figure~\ref{hsm_fig_materials_silver_ink} shows an FPC created in a different process. Here, instead of
+photolithographically etching a continuous copper foil adhered to a flexible substrate, the substrate is instead printed
+using a conductive ink. A variety of printing processes are suitable for this technique. The conductive ink is based on
+small conductive particles suspended in a hardening binder. Common conductive ink materials are silver and carbon.
+Silver-based inks offer lower resistance compared to carbon-based inks, but are prone to surface oxitation and as such
+are not suitable for contacts. As such, they are often combined with a carbon ink used in contact areas. Carbon-based
+inks have high resistance, and can be used to create embedded resistors. The circuit shown in
+Figure~\ref{hsm_fig_materials_silver_ink} contains a tamper-sensing mesh on a lower layer, and a keypad matrix with
+carbon contacts on its surface.
+
+Figure~\ref{hsm_fig_materials_gold_lds} shows part of a mesh and a contact created using Laser Direct Structuring and
+electroless gold plating. Where in electroplating electrical current is used to deposit metal atoms on a surface, in
+electroless plating a series of chemical reactions is used. Electroplating requires all traces to be electrically
+connected to form a single electrode, while electroless plating can be used on the finished circuit. In
+Figure~\ref{hsm_fig_materials_gold_lds}, it is visible how the trace was created using three parallel passes by the
+laser. The micrograph also shows the rather coarse edge structure created by LDS, which is caused by the rough surface
+left after pulsed laser ablation. The uneven, thin layer of metallization created by LDS results in mechanically fragile
+contacts. They must be contacted using a soft material, usually an elastomeric connector.
+
+\subsubsection{Connection methods}
+
+\begin{figure}
+    \centering
+    \begin{subfigure}[t]{0.3\textwidth}
+        \centering\includegraphics[width=\linewidth]{connector_castellated_edge.jpg}
+        \caption{}
+        \label{hsm_fig_connector_castellations}
+    \end{subfigure}
+    \quad
+    \begin{subfigure}[t]{0.3\textwidth}
+        \centering\includegraphics[width=\linewidth]{connector_stacking.jpg}
+        \caption{}
+        \label{hsm_fig_connector_stack}
+    \end{subfigure}
+    \quad
+    \begin{subfigure}[t]{0.3\textwidth}
+        \centering\includegraphics[width=\linewidth]{connector_zif_fpc_2.jpg}
+        \caption{}
+        \label{hsm_fig_connector_fpc}
+    \end{subfigure}
+    \quad
+    \begin{subfigure}[t]{0.3\textwidth}
+        \centering\includegraphics[width=\linewidth]{connector_elastomeric.jpg}
+        \caption{}
+        \label{hsm_fig_connector_elastomeric}
+    \end{subfigure}
+    \quad
+    \begin{subfigure}[t]{0.3\textwidth}
+        \centering\includegraphics[width=\linewidth]{connector_rf_gasket.jpg}
+        \caption{}
+        \label{hsm_fig_connector_gasket}
+    \end{subfigure}
+    \quad
+    \begin{subfigure}[t]{0.3\textwidth}
+        \centering\includegraphics[width=\linewidth]{connector_metal_dome.jpg}
+        \caption{}
+        \label{hsm_fig_connector_dome}
+    \end{subfigure}
+    \caption[Mesh connecting methods]{Connecting methods used between tamper-sensing mesh assemblies and their base PCBs}
+    \label{hsm_fig_connector}
+\end{figure}
+
+In our survey, we found a wide variety of connecting methods used to connect tamper-sensing mesh assemblies with their
+base PCBs with a selection shown in Figure~\ref{hsm_fig_connector}. Both rigid PCBs and FPCs can be soldered directly to
+a PCB using either a Land Grid Array (LGA) technique where pads on both PCBs are soldered facing each other, or using
+\emph{castellated} edges, where pads on the base PCB are soldered sideways to holes on the top PCB that have been milled
+in half as shown in Figure~\ref{hsm_fig_connector_castellations}. FPCs can also be soldered by draggin a solder blob
+across the contact as shown in Figure~\ref{hsm_fig_connector_elastomeric}, but this technique is only suitable for hand
+soldering.
+
+FPCs are suitable for use with standard Zero Insertion Force (ZIF) FPC connectors as shown in
+Figure~\ref{hsm_fig_connector_fpc} that directly mate to a contact area, called \emph{gold fingers} in industry terms,
+on the FPC. Both FPCs and rigid PCBs can be used with standard board-to-board stacking connectors such as the one
+visible in the center of Figure~\ref{hsm_fig_connector_stack}, but their use on FPCs requires a stiffener on the FPC's
+back side to ensure the solder joints don't break from mechanical stress when connecting or disconnecting.
+
+In our survey, we frequently found elastomeric connectors used to connect to both flexible and rigid tamper-sensing mesh
+assemblies. Elastomeric connectors such as the one shown in the center of Figure~\ref{hsm_fig_connector_elastomeric} are
+usually used in LCD construction to contact a PCB to the LCD's Indium Tin Oxide (ITO)-coated conductive glass, but they
+can be used between any two parallel, conductive surfaces\cite{andreaElectronicConnectorBook2022}. Elastomeric
+connectors consist of two insulating elastic polymer layers on the outside, with a thin strip of fine, alternating
+conductive and insulating elastic polymer layers sandwiched in between. In Figure~\ref{hsm_fig_connector_elastomeric}
+the outer insulating layers are the blue polymer, and the alternating pattern can be seen embedded in their middle. The
+fine alternating pattern mates to much larger pads on the two contact surfaces, ensuring that adjacent contacts are
+electrically insulated. In tamper-sensing mesh applications, elastomeric connectors provide an intrinsic disassembly
+detection since they require continuous pressure to maintain electrical contact. In the top part of
+Figure~\ref{hsm_fig_connector_stack}, a land pattern for an elastomeric connector is visible.
+
+Elastomeric connectors are elegant and allow for multiple contacts to be made in a small area using a single elastomeric
+connector strip, but they are not off-the-shelf components and are always custom made to order. We found several
+instances where other, off-the-shelf technologies were used instead to create a pressure-sensitive connection.
+Figure~\ref{fig_hsm_connector_gasket} shows a connection made using conductive gaskets intended for creating gapless
+connections between PCBs and enclosures to shield Electromagnetic Emissions (EMI). Unlike elastomeric connectors, they
+are not anisotropic and thus they must be cut into pieces to maintain isolation between adjacent pads. This results in a
+much larger contact pitch compared to other solutions.
+
+Figure~\ref{hsm_fig_connector_dome} shows another technique, here used to connect the mesh layer embedded into a key pad
+to a base PCB. Here, a tactile metal dome intended to be used for creating buttons in low-profile keypads is used to
+connect the mesh to the base PCB.
+
+An alternative to soldering and elastomeric connectors that we did not observe during our survey but that deserves
+mention here is Anisotropic Conductive Film (ACF)\cite{huangHardwareHackerAdventures2019}. Similar to elastomeric
+connectors, ACF is industrially used to contact flexible PCBs to ITO-coated glass in TFT displays. ACF comes as a
+double-sided tape that is bonded using pressure and sometimes high temperatures, and creates a connection between
+conductive surfaces on both sides of the tape. This connection has an anisotropic nature, meaning that the tape only
+electrically conducts from one face to the other, and not laterally. Technically, this is achieved by embedding a large
+number of tiny conductive spheres inside the tape that when the tape is mounted get squished between the two contact
+surfaces. During ACF manufacturing, the distribution of these spheres is carefully controlled to provide a reliable
+connection while guaranteeing adjacent spheres never touch each other.

 \subsubsection{3D construction.}

@ -510,7 +588,8 @@ contacts. They must be contacted using a soft material, usually an elastomeric c
        \caption{Laser Direct Structuring}
        \label{hsm_fig_3d_struct_lds}
    \end{subfigure}
-    \caption[3D mesh construction styles]{Construction styles used to fit tamper sensing meshes into 3D envelopes.}
+    \caption[3D mesh construction styles]{Construction styles used to fit tamper sensing meshes into 3D envelopes. Grids
+        in the background are \qty{10}{\milli\meter}, subdivisions are \qty{5}{\milli\meter}.}
    \label{hsm_fig_3d_struct}
 \end{figure}

@ -624,66 +703,38 @@ cavity. Below this standard mesh stackup are two that are used to create a via f
 Figure~\ref{hsm_fig_3d_sandwich_via_fence} in an attempt to protect the sides around the central cavity. Below these two
 via fence layers, at the bottom of the PCB is one more layer containing the pads connecting it to the base PCB.

-\subsubsection{Payment Terminal Construction}
+\subsubsection{CT Imaging}

 \begin{figure}
    \centering
-    \includegraphics[width=0.7\textwidth]{mesh_fold_screenshot.pdf}
-    \caption[HSM appliance CT scan]{Computed Tomography (CT) scan of a corner of the PCIe HSM module from an Utimaco
-        rackmount HSM appliance. Visible are several capacitors, the edge of a large IC, and a large Flat Flexible Cable
-        (FFC) connector. Two layers of metal enclosures with resin potting in between are visible, and the security mesh
-        can be seen folded between layers of the folded FFC cable connecting to the outside.}
-    \label{hsm_fig_utimaco_ct}
+    \begin{subfigure}[t]{0.45\textwidth}
+        \centering
+        \includegraphics[width=\linewidth]{mesh_contact_joint.pdf}
+        \caption{CT section cut with part of a mesh layer and the riveted metal mesh contacts visible.}
+        \label{hsm_fig_ingenico_potted_ct_cut}
+    \end{subfigure}
+    \quad
+    \begin{subfigure}[t]{0.45\textwidth}
+        \centering
+        \includegraphics[width=\linewidth]{mesh_geom.pdf}
+        \caption{CT 3D reconstruction of the mesh's trace geometry.}
+        \label{hsm_fig_ingenico_potted_ct_3d}
+    \end{subfigure}
+    \quad
+    \begin{subfigure}[t]{0.45\textwidth}
+        \centering
+        \includegraphics[width=\linewidth]{ingenico_hsm_module.jpg}
+        \caption{Photo of the HSM module seated on the payment terminal's main PCB.}
+        \label{hsm_fig_ingenico_potted_seated}
+    \end{subfigure}
+    \caption[Potted module CT images]{Optical photograph and CT pictures of a potted HSM module.}
+    \label{hsm_fig_ingenico_potted}
 \end{figure}

-\begin{figure}
-    \centering
-    \includegraphics[width=\textwidth]{cut_chip_scene.pdf}
-    \caption[Ingenico Payment Terminal HSM CT Section Cut]{CT Section cut across the Ingenico potted module sample. The
-        fold pattern of the mesh foil can be seen clearly. The mesh traces can be seen on both sides of the foil. The
-        two-layer PCB and the lead frame and bond wires of a chip soldered on its top side are visible.}
-    \label{fig_ingenico_cut}
-\end{figure}
-
-\begin{figure}
-    \centering
-    \includegraphics[width=\textwidth]{mesh_pitch.pdf}
-    \caption[Ingenico Payment Terminal HSM Mesh Pitch]{A horizontal cut through the Ingenico potted module with
-        millimeter scale next to the mesh foil. As is visible, the mesh has a trace pitch of \qty{1.0}{\milli\meter} and
-        traces are offset between the two mesh layers to reduce the amount of gaps between traces.}
-    \label{fig_ingenico_pitch}
-\end{figure}
-
-\begin{figure}
-    \centering
-    \includegraphics[width=\textwidth]{mesh_contact_joint.pdf}
-    \caption[Ingenico Payment Terminal HSM Mesh Contacts]{Mesh contact joints in the Ingenico potted module sample. The
-        mesh is a foil that is attached to the PCB through bent stamped metal contacts. The contacts are riveted into
-        large contact pads patterend onto the mesh foil, and are soldered to the PCB. Next to the contacts, the mesh
-        layout is visble clearly.}
-    \label{fig_ingenico_contacts}
-\end{figure}
-
-\begin{figure}
-    \centering
-    \includegraphics[width=\textwidth]{open_end_detail.pdf}
-    \caption[Ingenico Payment Terminal HSM End Closure]{Connector end of the Ingenico potted module sample. This cut
-        shows that the mesh only encloses the PCB on three sides, and the connector side is left unprotected.}
-    \label{fig_ingenico_end}
-\end{figure}
-
-\begin{figure}
-    \centering
-    \includegraphics[width=\textwidth]{mesh_geom.pdf}
-    \caption[Ingenico Payment Terminal HSM Mesh 3D]{3D reconstruction of the mesh from the Ingenico potted module
-        sample. The mesh layout can clearly be seen. From this 3D view, the mesh construction is evident: A T-shaped
-        mesh foil is wrapped around the PCB on three sides, with PCB tabs at two corners acting as locating and
-        fixturing features. In the corners, cylindrical components are visible that likely serve as an attempt at
-        sensing intrusion through the corners.}
-    \label{fig_ingenico_3d}
-\end{figure}
-
-
+% FIXME put the CT people in the acknowledgements! Also the microwave people!
+To evaluate CT imaging as an attack method, we performed CT imaging of the potted HSM module of an Ingenico payment
+terminal. Figure~\ref{hsm_fig_ingenico_potted} shows the module we analyzed and two images exported from the resulting
+CT scan data. % FIXME

 \section{Discussion}

@ -723,6 +774,16 @@ unit-by-unit basis. CT imaging could be used to discern this type of customizati
 to provide sub-millimeter accurate positioning for an attack, even if the sample to be attacked has large production
 tolerances. We found that CT imaging can be made more difficult using three complementary techniques.

+\begin{figure}
+    \centering
+    \includegraphics[width=0.7\textwidth]{mesh_fold_screenshot.pdf}
+    \caption[HSM appliance CT scan]{Computed Tomography (CT) scan of a corner of the PCIe HSM module from an Utimaco
+        rackmount HSM appliance. Visible are several capacitors, the edge of a large IC, and a large Flat Flexible Cable
+        (FFC) connector. Two layers of metal enclosures with resin potting in between are visible, and the security mesh
+        can be seen folded between layers of the folded FFC cable connecting to the outside.}
+    \label{hsm_fig_utimaco_ct}
+\end{figure}
+
 \paragraph{Low-contrast trace materials.}
 CT imaging can be made more difficult by manufacturing the mesh with very thin conductive traces, and using a trace
 material that has low atomic number, corresponding to low X-ray absorption. For instance, the Gore mesh sample used a
@ -730,25 +791,28 @@ carbon-based ink that judging by structure size was screen-printed, which leads
 solution.

 \paragraph{Use of X-ray attenuating materials.}
-We found that placing any highly X-ray attenuating material in the HSM makes CT imaging more difficult since it
-makes using higher-energy X-rays necessary, which lead to poorer contrast on X-ray-transparent features like polymers.
-The result of this difference can be seen in the difference in image fidelity between the Utimaco HSM appliance and
-Ingenico potted module samples. The Ingenico sample was easy to image since it consisted of a PCB wrapped with a mesh
-foil and encased in resin inside of an injection-molded plastic enclosure. Thus, we were able to image it at a low X-ray
-energy and we were able to easily reconstruct detail on both the mesh's layout and the PCB's circuitry. In contrast, the
-Utimaco HSM module was potted inside a metal shell open on one side and had a second, spot-welded metal shell enclosing
-the PCB right underneath the mesh foil. While the outer metal shell could have been removed through e.g.\ milling, this
-inner metal shell was inaccessible. The Utimaco CT scans look worse because we chose a higher X-ray energy due to the
-large amount of metal, leading to poorer image contrast. In a practical application, a sheed made from elementary tin or
-a tin alloy would be a suitable choice for such an X-ray absorbing feature since tin is cheap, non-hazardous and absorbs
-X-rays almost as well as lead. Alternatively to a sheet-metal enclosure, an X-ray absorbing material could also be
-incorporated into a potting compound as a powder.
+We found that placing any highly X-ray attenuating material in the HSM makes CT imaging more difficult.
+Figure~\ref{hsm_fig_utimaco_ct} shows a CT image taken from an Utimaco HSM. The device has two thick metal layers with a
+potting resin and the tamper-sensing mesh in between, so high-energy X-rays were necessary to penetrate both metal
+layers and image the device. As a result, the contrast on X-ray-transparent features like polymers is low. In
+comparison, the Ingenico sample was easy to image since it consisted of a PCB wrapped with a mesh foil and encased in
+resin inside of an injection-molded plastic enclosure. Thus, we were able to image it at a low X-ray energy and we were
+able to easily reconstruct detail on both the mesh's layout and the PCB's circuitry. To apply X-ray dense materials for
+defense in a practical design, a sheet made from elementary tin or a tin alloy would be a suitable choice for such an
+X-ray absorbing feature since tin is cheap, non-hazardous and absorbs X-rays almost as well as lead. Alternatively to a
+sheet-metal enclosure, an X-ray absorbing material could also be incorporated into a potting compound as a powder.

 \paragraph{Size.}
 Finally, we found that a larger module size makes CT imaging more difficult simply due to the thickness of material that
 the X-rays need to penetrate. Ideally, a HSM should aim for a cuboid form factor, as the common flat construction style
 is easily penetrated by X-rays along at least one axis.

+\paragraph{Radiation sensors.}
+Besides engineering techniques making CT imaging harder, in battery-powered devices with active tamper sensing, CT
+imaging can be actively detected to trigger a tamper alarm. During CT imaging, a large amount of high-energy X-ray
+images are taken. X-ray radiation can be reliably detected using off-the-shelf sensors that usually consist of a
+large-area photodiode coupled to a scintillator crystal converting X-ray photons to visible light.
+
 \section{Conclusion}

 In our survey, we have found a wide variety in tamper sensing mesh construction techniques. Meshes are commonly
--- a/chapter-hsms/figures/3d_construction_offset_mesh_delayered_contrast_improved.jpg
+++ b/chapter-hsms/figures/3d_construction_offset_mesh_delayered_contrast_improved.jpg
--- a/chapter-hsms/figures/connector_castellated_edge.jpg
+++ b/chapter-hsms/figures/connector_castellated_edge.jpg
--- a/chapter-hsms/figures/connector_direct_soldering.jpg
+++ b/chapter-hsms/figures/connector_direct_soldering.jpg
--- a/chapter-hsms/figures/connector_elastomeric.jpg
+++ b/chapter-hsms/figures/connector_elastomeric.jpg
--- a/chapter-hsms/figures/connector_elastomeric_2.jpg
+++ b/chapter-hsms/figures/connector_elastomeric_2.jpg
--- a/chapter-hsms/figures/connector_metal_dome.jpg
+++ b/chapter-hsms/figures/connector_metal_dome.jpg
--- a/chapter-hsms/figures/connector_rf_gasket.jpg
+++ b/chapter-hsms/figures/connector_rf_gasket.jpg
--- a/chapter-hsms/figures/connector_stacking.jpg
+++ b/chapter-hsms/figures/connector_stacking.jpg
--- a/chapter-hsms/figures/connector_zif_fpc.jpg
+++ b/chapter-hsms/figures/connector_zif_fpc.jpg
--- a/chapter-hsms/figures/connector_zif_fpc_2.jpg
+++ b/chapter-hsms/figures/connector_zif_fpc_2.jpg
--- a/chapter-hsms/figures/ingenico_hsm_module.jpg
+++ b/chapter-hsms/figures/ingenico_hsm_module.jpg
--- a/main.bib
+++ b/main.bib
@ -255,6 +255,15 @@
  langid = {english}
 }

+@book{andreaElectronicConnectorBook2022,
+  title = {The {{Electronic Connector Book}}},
+  author = {Andrea, Davide},
+  date = {2022},
+  edition = {1},
+  url = {https://connectorbook.com/},
+  isbn = {978-1-300-09248-3}
+}
+
@online{AntimatterAlgorithmThat,
  title = {Antimatter: An Algorithm That Prunes {{CRDT}}/{{OT}} History},
  url = {https://braid.org/antimatter},
@ -2738,6 +2747,19 @@
  urldate = {2024-06-28}
 }

+@book{huangHardwareHackerAdventures2019,
+  title = {The {{Hardware Hacker}}: {{Adventures}} in {{Making}} and {{Breaking Hardware}}},
+  shorttitle = {The {{Hardware Hacker}}},
+  author = {Huang, Andrew "bunnie"},
+  date = {2019},
+  publisher = {No Starch Press},
+  location = {San Francisco},
+  abstract = {Intro -- Praise for The Hardware Hacker -- Title Page -- Copyright Page -- Acknowledgments -- brief contents -- contents in detail -- preface -- part 1: adventures in manufacturing -- Chapter 1. made in china -- The Ultimate Electronic Component Flea Market -- The Next Technological Revolution -- Touring Factories with Chumby -- Scale in Shenzhen -- Feeding the Factory -- Dedication to Quality -- Building Technology Without Using It -- Skilled Workers -- The Need for Craftspeople -- Automation for Electronics Assembly -- Precision, Injection Molding, and Patience -- The Challenge of Quality -- Closing Thoughts -- Chapter 2. inside three very different factories -- Where Arduinos Are Born -- Starting with a Sheet of Copper -- Applying the PCB Pattern to the Copper -- Etching the PCBs -- Applying Soldermask and Silkscreen -- Testing and Finishing the Boards -- Where USB Memory Sticks Are Born -- The Beginning of a USB Stick -- Hand-Placing Chips on a PCB -- Bonding the Chips to the PCB -- A Close Look at the USB Stick Boards -- A Tale of Two Zippers -- A Fully Automated Process -- A Semiautomated Process -- The Irony of Scarcity and Demand -- Chapter 3. the factory floor -- How to Make a Bill of Materials -- A Simple BOM for a Bicycle Safety Light -- Approved Manufacturers -- Tolerance, Composition, and Voltage Specification -- Electronic Component Form Factor -- Extended Part Numbers -- The Bicycle Safety Light BOM Revisited -- Planning for and Coping with Change -- Process Optimization: Design for Manufacturing -- Why DFM? -- Tolerances to Consider -- Following DFM Helps Your Bottom Line -- The Product Behind Your Product -- Testing vs. Validation -- Finding Balance in Industrial Design -- The chumby One's Trim and Finish -- The Arduino Uno's Silkscreen Art -- My Design Process -- Picking (and Maintaining) a Partner},
+  isbn = {978-1-59327-758-1 978-1-59327-813-7},
+  langid = {english},
+  pagetotal = {1}
+}
+
@report{hundRadiofrequencyResistanceInductance1925,
  type = {Technologic Papers of the Bureau of Standards},
  title = {Radio-Frequency Resistance and Inductance of Coils Used in Broadcast Reception.},