Include last of Olga's comments
This commit is contained in:
jaseg
parent
229bb34b09
commit
6fd1d985d4
2 changed files with 109 additions and 95 deletions
|
|
@ -201,6 +201,13 @@ basic construction and layout has not changed much since the early 1990ies~\cite
|
|||
macphersonImprovementsSecurityEnclosures1993,
|
||||
macphersonTamperRespondentEnclosure1999}.
|
||||
|
||||
Concluding this brief history of tamper sensing meshes, we find that they were initially developed for sensitive
|
||||
military applications, and their use in civil applications is a recent phenomenon. The implementation of tamper sensing
|
||||
meshes in civil applications was likely catalyzed by two advancements in electronics. First, electronic components
|
||||
became less expensive and more integrated reducing the cost overhead of tamper sensing circuits. Second, the mass-scale
|
||||
adoption of PCB and FPC production processes enabled their use as inexpensive, high-resolution substrates for such
|
||||
meshes.
|
||||
|
||||
\subsection{Monitoring Circuit Approaches}
|
||||
|
||||
Tamper sensing meshes are most effective when they are continuously monitored using a backup power supply while the rest
|
||||
|
|
@ -230,23 +237,21 @@ in early tamper sensing mesh implementations~\cite{
|
|||
Besides tamper sensing meshes, environmental sensors such as temperature or light sensors are frequently used as a
|
||||
secondary line of defence in HSMs and similar devices. By placing such sensors in the device and verifying the device is
|
||||
within its nominal operating environment, tampering can be made less convenient. Modern security standards often mandate
|
||||
the implementation of at least a temperature sensor to prevent cold-boot attacks on a device. A multitude of other
|
||||
sensors have been proposed, including humidity sensors, vibration sensors, light sensors, magnetometers, and radiation
|
||||
sensors such as X-ray sensors have been proposed. While the implementation cost of most sensor types is low, each
|
||||
additional environmental sensor comes with an increased false alarm rate.
|
||||
% FIXME citations?
|
||||
the implementation of at least a temperature sensor to prevent cold-boot attacks on a device~\cite{
|
||||
usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2019,
|
||||
ISOIEC19790}.
|
||||
A multitude of other sensors have been proposed, including vibration sensors, light sensors,
|
||||
magnetometers, and radiation sensors such as X-ray sensors have been proposed. While the implementation cost of most
|
||||
sensor types is low, each additional environmental sensor comes with an increased false alarm
|
||||
rate~\cite{andersonSecurityEngineeringGuide2020}.
|
||||
|
||||
\section{A Survey of Meshes in the Wild}
|
||||
|
||||
Concluding the brief history of tamper sensing meshes above, we find that they were initially developed for sensitive
|
||||
military applications, and their use in civil applications is a recent phenomenon. The implementation of tamper sensing
|
||||
meshes in civil applications was likely catalyzed by two advancements in electronics. First, electronic components
|
||||
became less expensive and more integrated reducing the cost overhead of tamper sensing circuits. Second, the mass-scale
|
||||
adoption of PCB and FPC production processes enabled their use as inexpensive, high-resolution substrates for such
|
||||
meshes. In this section, we will examine a large sample of recent devices that include tamper sensing meshes to gain an
|
||||
In this section, we will examine a large sample of recent devices that include tamper sensing meshes to gain an
|
||||
understanding of how they are implemented, and what security level they are targeted towards. Since we were unable to
|
||||
acquire a nuclear weapon for our research, we limited our survey to commercial devices with a focus on card payment
|
||||
terminals, which represent the most varied class of device incorporating such meshes.
|
||||
acquire a nuclear weapon for our research, we limited our survey to commercial devices. While we analyzed devices across
|
||||
a broad spectrum of applications, our survey includes a large variety of card payment terminals, which represent the
|
||||
most varied class of device incorporating such meshes.
|
||||
|
||||
\subsection{Specimen Selection}
|
||||
|
||||
|
|
@ -374,19 +379,19 @@ terminals are cost-sensitive devices, which is reflected in the construction of
|
|||
When credit card payments are handled on the web as opposed to in a physical store, HSMs are used in data centers to
|
||||
handle plaintext payment data such as credit card numbers. Such HSM appliances are usually standalone rackmount devices
|
||||
and are used across application domains. Depending on the application, these HSMs can be programmed with custom code, or
|
||||
can be used as coprocessors through an API. In practice, the standalone appliances are just low-end computers in a
|
||||
rackmount enclosure that expose the API of an internal HSM add-in card to the network. In this survey, we obtained two
|
||||
devices labelled as HSMs. We were only able to procure two such devices since they are expensive, and even used
|
||||
specimens of older models are usually listed for several hundreds to several thousands of Euro. Unfortunately, one of
|
||||
the devices we obtained did not contain any security meshes in its case, and thus would not provide adequate protection
|
||||
against advanced attacks. The other specimen we procured was a 2011 model Utimaco CryptoServer LAN. Our unit was a
|
||||
white-label variant procured by premium TV encryption technology provider Irdeto, presumably used in Germany to produce
|
||||
cryptographic key streams for TV signal encryption. We bought the device from a recycling company specialized on
|
||||
datacenter components. The device was sold with any HDDs removed. The device consisted of an older mainboard for
|
||||
embedded applications containing an Intel Core 2 Duo-brand processor and 2 GiB of DDR2 RAM, which was connected to the
|
||||
HSM add-in card through PCI. The device contained a small Lithium backup battery on the add-in card, and another, larger
|
||||
battery in an enclosure at the front of the device that was connected to the card through a cable. The device did not
|
||||
contain any obvious case intrusion sensors.
|
||||
can be used as coprocessors through an API~\cite{LunaNetworkHSM}. In practice, the standalone appliances are just
|
||||
low-end computers in a rackmount enclosure that expose the API of an internal HSM add-in card to the network. In this
|
||||
survey, we obtained two devices labelled as HSMs. We were only able to procure two such devices since they are
|
||||
expensive, and we found that even used specimens of older models are usually listed for several hundreds to several
|
||||
thousands of Euro. Unfortunately, one of the devices we obtained did not contain any security meshes in its case, and
|
||||
thus would not provide adequate protection against advanced attacks. The other specimen we procured was a 2011 model
|
||||
Utimaco CryptoServer LAN. Our unit was a white-label variant procured by premium TV encryption technology provider
|
||||
Irdeto, presumably used in Germany to produce cryptographic key streams for TV signal encryption. We bought the device
|
||||
from a recycling company specialized on datacenter components. The device was sold with any HDDs removed. The device
|
||||
consisted of an older mainboard for embedded applications containing an Intel Core 2 Duo-brand processor and 2 GiB of
|
||||
DDR2 RAM, which was connected to the HSM add-in card through PCI. The device contained a small Lithium backup battery on
|
||||
the add-in card, and another, larger battery in an enclosure at the front of the device that was connected to the card
|
||||
through a cable. The device did not contain any obvious case intrusion sensors.
|
||||
|
||||
\subsubsection{ATM Encrypting Pin Pads}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue