jaseg/phd-thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

WIP

Browse source
This commit is contained in:
jaseg 2025-11-03 14:11:37 +01:00
parent c3df93a3b6
commit 9715bf6bd1
4 changed files with 231 additions and 87 deletions
Download patch file Download diff file Expand all files Collapse all files

288
chapter-hsms/chapter.tex
View file

@ -462,16 +462,20 @@ supplementary material to this thesis.
\todo{Actually assemble the supplementary material and include all photos}
\subsubsection{Mesh materials.}
We found meshes constructed from rigid PCBs as well as a number of Flexible Printed Circuit (FPC) processes.
tamper sensing meshes constructed from PCBs sometimes used parts of an existing PCB, and sometimes additional PCBs only
containing a mesh were added. Sometimes, multiple rigid PCB meshes were assembled in a house of cards fashion to enclose
part of a device. For flexible meshes, with the exception of the Utimaco HSM appliance's HSM card that used an
We found meshes constructed from rigid PCBs (e.g.\ samples~\sampleno{H02}, \sampleno{H03} and \sampleno{H08}) as well as
a number of Flexible Printed Circuit (FPC) processes. Tamper sensing meshes constructed from PCBs sometimes used parts
of an existing PCB (e.g.\ samples~\sampleno{H03} and \sampleno{H10}), and sometimes additional PCBs only containing a
mesh were added (e.g.\ sample~\sampleno{H02} and \sampleno{H08}). In some samples (e.g.\ samples~\sampleno{H08} and
\sampleno{H18}), multiple rigid PCB meshes were assembled in a house of cards fashion to enclose a card slot. For
flexible meshes, with the exception of the Utimaco HSM appliance's HSM card (sample~\sampleno{H30}) that used an
off-the-shelf Gore tamper sensing mesh foil, all were clearly manufactured either entirely or mostly in standard
processes. We found silkscreened silver ink and silkscreened carbon ink-based foils similar to those used for membrane
keyboards, as well as conventional photolithographically etched copper/polyimide Flexible Printed Circuits (FPCs).
Overall, etched PCBs showed better resolution compared to silkscreen-printed meshes. Feature size for both rigid and
flexible etched PCB meshes was generally in the order of \qtyrange{100}{200}{\micro\meter}, while feature size for
screen printed foil meshes was coarser at between \qtyrange{500}{3000}{\micro\meter}.
processes. We found printed silver ink (e.g.\ sample~\sampleno{H12}) and printed carbon ink-based foils (e.g.\
sample~\sampleno{H09}) similar to those used for membrane keyboards, as well as conventional photolithographically
etched copper/polyimide Flexible Printed Circuits (FPCs) (e.g.\ samples~\sampleno{H03}, \sampleno{H04} and
\sampleno{H08}). Overall, etched PCBs showed better resolution compared to silkscreen-printed meshes. Feature size for
both rigid and flexible etched PCB meshes was generally in the order of \qtyrange{100}{200}{\micro\meter}, while feature
size for screen printed foil meshes was coarser at between \qtyrange{500}{3000}{\micro\meter}.
\subsubsection{Mesh layout.}
@ -479,25 +483,25 @@ screen printed foil meshes was coarser at between \qtyrange{500}{3000}{\micro\me
\centering
\begin{subfigure}[t]{0.45\textwidth}
\centering\includegraphics[width=\linewidth]{hsm_mesh_offset.jpg}
\caption{Offset layers for more complete coverage}
\caption{Offset layers for more complete coverage (sample~\sampleno{H12}).}
\label{hsm_fig_mesh_layout_offset}
\end{subfigure}
\quad
\begin{subfigure}[t]{0.45\textwidth}
\centering\includegraphics[width=\linewidth]{hsm_mesh_orthogonal.jpg}
\caption{Orthogonal patterns on subsequent layers}
\caption{Orthogonal patterns on subsequent layers (sample~\sampleno{H14}).}
\label{hsm_fig_mesh_layout_orthogonal}
\end{subfigure}
\quad
\begin{subfigure}[t]{0.45\textwidth}
\centering\includegraphics[width=\linewidth]{hsm_utimaco_mesh_gore.jpg}
\caption{Combining orthogonal layers with area-covering pattern}
\caption{Combining orthogonal layers with area-covering pattern (sample~\sampleno{H30}).}
\label{hsm_fig_mesh_layout_utimaco}
\end{subfigure}
\quad
\begin{subfigure}[t]{0.45\textwidth}
\centering\includegraphics[width=\linewidth]{hsm_mesh_stack_epp.jpg}
\caption{Spacing mesh layers apart to constrict angular freedom of an attack tool}
\caption{Spacing mesh layers apart to constrict angular freedom of an attack tool (sample~\sampleno{H28}).}
\label{hsm_fig_mesh_layout_epp}
\end{subfigure}
\caption{Mesh trace layout approaches for multi-layer meshes.}
@ -507,34 +511,37 @@ screen printed foil meshes was coarser at between \qtyrange{500}{3000}{\micro\me
A key goal in tamper sensing mesh design is to avoid any gaps in coverage. In single-layer meshes, gaps between adjacent
mesh traces cannot be avoided, and provide an easy approach for an attack. In multi-layer meshes, these structure
size-dependent gaps can be mitigated in multiple ways as shown in Figure~\ref{hsm_fig_mesh_layout}. In the following
paragraphs, we will address several common structural features that we observed across samples.
list, we will address several common structural features that we observed across samples.
\paragraph{Offset patterns.} In a two-sided foil mesh, most of the gaps between adjacent traces can be covered by simply
offsetting the pattern by one structure size in both axes between the foil's top and bottom layers as shown in
Figure~\ref{hsm_fig_mesh_layout_offset}. Depending on the mesh layout, only a small number of point-shaped gaps remain
at corners in mesh traces on one of the layers. The number of these gaps can be reduced by reducing the number of
misaligned corners between both layers for instance by choosing a systematic serpentine or spiral trace layout.
\paragraph{Orthogonal patterns.} In some other specimens, the manufacturer chose the opposite approach of keeping the
mesh pattern mostly orthogonal on the mesh's two layers as shown in Figure~\ref{hsm_fig_mesh_layout_orthogonal}. While
this leads to a larger amount of gaps compared to offset patterns as described above, it also reduces the largest gap
size to about one structure size by one structure size.
\paragraph{Combined approaches.} Figure~\ref{hsm_fig_mesh_layout_utimaco} shows the layout of a Gore tamper sensing mesh
foil used in an Utimaco HSM. This mesh consists of two foil layers bonded to each other. The outer foil is patterned on
both sides with a sparse pattern of thin serpentine traces with the patterns on both layers being orthogonal to each
other. Both patterns are oriented at a \qty{45}{\degree} angle relative to the sides of the rectangular enclosed volume.
The inner foil is only patterned on one side, and contains a thicker serpentine trace laid out in a zigzag pattern. The
two foil layers are aligned such that no gaps remain between the layers.\todo{sample number here and below (ingenico)}
\paragraph{Using layer spacing.} Figure~\ref{hsm_fig_mesh_layout_epp} shows how an ATM Encrypting Pin Pad (EPP)
implemented the mesh on its keypad. Off-the-shelf metal snap dome contacts were used on the surface of a conventional
rigid PCB to create the keys. On top of the rigid PCB and contact domes, a two-layer copper/polyimide FPC with an
additional polyimide cover layer was glued down. Meshes were placed on both layers of the FPC, as well as on one
internal layer of the rigid PCB. The resulting structure had the FPC mesh layers separated from the rigid PCB mesh layer
by several hundred micrometers of the rigid PCB's substrate. The meshes on both the FPC and the rigid PCB used a
structure size of \qty{150}{\micro\meter}. The vertical separation between the two meshes was several times that
structure size, which limits the possible angles an attack tool could be inserted through both mesh layers.
\begin{enumerate}
\item\textbf{Offset patterns.} In a two-sided foil mesh, most of the gaps between adjacent traces can be covered by
simply offsetting the pattern by one structure size in both axes between the foil's top and bottom layers as
shown in Figure~\ref{hsm_fig_mesh_layout_offset}. Depending on the mesh layout, only a small number of
point-shaped gaps remain at corners in mesh traces on one of the layers. The number of these gaps can be reduced
by reducing the number of misaligned corners between both layers for instance by choosing a systematic
serpentine or spiral trace layout.
\item \textbf{Orthogonal patterns.} In some other specimens, the manufacturer chose the opposite approach of keeping
the mesh pattern mostly orthogonal on the mesh's two layers as shown in
Figure~\ref{hsm_fig_mesh_layout_orthogonal}. While this leads to a larger amount of gaps compared to offset
patterns as described above, it also reduces the largest gap size to about one structure size by one structure
size.
\item \textbf{Combined approaches.} Figure~\ref{hsm_fig_mesh_layout_utimaco} shows the layout of a Gore tamper
sensing mesh foil used in an Utimaco HSM. This mesh consists of two foil layers bonded to each other. The outer
foil is patterned on both sides with a sparse pattern of thin serpentine traces with the patterns on both layers
being orthogonal to each other. Both patterns are oriented at a \qty{45}{\degree} angle relative to the sides of
the rectangular enclosed volume. The inner foil is only patterned on one side, and contains a thicker serpentine
trace laid out in a zigzag pattern. The two foil layers are aligned such that no gaps remain between the
layers.\todo{sample number here and below (ingenico)}
\item \textbf{Using layer spacing.} Figure~\ref{hsm_fig_mesh_layout_epp} shows how an ATM Encrypting Pin Pad (EPP)
implemented the mesh on its keypad. Off-the-shelf metal snap dome contacts were used on the surface of a
conventional rigid PCB to create the keys. On top of the rigid PCB and contact domes, a two-layer
copper/polyimide FPC with an additional polyimide cover layer was glued down. Meshes were placed on both layers
of the FPC, as well as on one internal layer of the rigid PCB. The resulting structure had the FPC mesh layers
separated from the rigid PCB mesh layer by several hundred micrometers of the rigid PCB's substrate. The meshes
on both the FPC and the rigid PCB used a structure size of \qty{150}{\micro\meter}. The vertical separation
between the two meshes was several times that structure size, which limits the possible angles an attack tool
could be inserted through both mesh layers.
\end{enumerate}
\subsubsection{Contact and trace construction.}
@ -542,31 +549,33 @@ structure size, which limits the possible angles an attack tool could be inserte
\centering
\begin{subfigure}[t]{0.3\textwidth}
\centering\includegraphics[width=\linewidth]{trace_material_copper_pcb.jpg}
\caption{Standard photolithographic copper PCB process on rigid FR-4 fiberglass substrate}
\caption{Standard photolithographic copper PCB process on rigid FR-4 fiberglass substrate
(sample~\sampleno{H10}).}
\label{hsm_fig_materials_pcb_rigid}
\end{subfigure}
\quad
\begin{subfigure}[t]{0.3\textwidth}
\centering\includegraphics[width=\linewidth]{trace_material_copper_flex.jpg}
\caption{Standard photolithographic copper PCB process on flexible polyimide substrate}
\caption{Standard photolithographic copper PCB process on flexible polyimide substrate (sample~\sampleno{H15}).}
\label{hsm_fig_materials_pcb_flex}
\end{subfigure}
\quad
\begin{subfigure}[t]{0.3\textwidth}
\centering\includegraphics[width=\linewidth]{trace_material_silver.jpg}
\caption{Screen printing process using silver ink with some carbon ink contact pads for embedded buttons}
\caption{Screen printing process using silver ink with some carbon ink contact pads for embedded buttons
(sample~\sampleno{H14}).}
\label{hsm_fig_materials_silver_ink}
\end{subfigure}
\quad
\begin{subfigure}[t]{0.3\textwidth}
\centering\includegraphics[width=\linewidth]{trace_material_contact_gold_lds.jpg}
\caption{Laser direct structuring using electroless gold plating}
\caption{Laser direct structuring using electroless gold plating (sample~\sampleno{H32}).}
\label{hsm_fig_materials_gold_lds}
\end{subfigure}
\quad
\begin{subfigure}[t]{0.3\textwidth}
\centering\includegraphics[width=\linewidth]{trace_material_carbon.jpg}
\caption{Screen printing process using carbon ink}
\caption{Screen printing process using carbon ink (sample~\sampleno{H30}).}
\label{hsm_fig_materials_carbon_ink}
\end{subfigure}
\caption[Mesh materials]{Materials and manufacturing processes used for mesh traces and contacts.}
@ -620,37 +629,38 @@ material, usually an elastomeric connector.
\centering
\begin{subfigure}[t]{0.3\textwidth}
\centering\includegraphics[width=\linewidth]{connector_castellated_edge.jpg}
\caption{Direct soldering}
\caption{Direct soldering (sample~\sampleno{H05}).}
\label{hsm_fig_connector_castellations}
\end{subfigure}
\quad
\begin{subfigure}[t]{0.3\textwidth}
\centering\includegraphics[width=\linewidth]{connector_stacking.jpg}
\caption{Elastomeric connector landing pattern as well as stacking board-to-board connector}
\caption{Elastomeric connector landing pattern as well as stacking board-to-board connector
(sample~\sampleno{H17}).}
\label{hsm_fig_connector_stack}
\end{subfigure}
\quad
\begin{subfigure}[t]{0.3\textwidth}
\centering\includegraphics[width=\linewidth]{connector_zif_fpc_2.jpg}
\caption{Landing pads for tactile contact domes as well as FPC connector}
\caption{Landing pads for tactile contact domes as well as FPC connector (sample~\sampleno{H20}).}
\label{hsm_fig_connector_fpc}
\end{subfigure}
\quad
\begin{subfigure}[t]{0.3\textwidth}
\centering\includegraphics[width=\linewidth]{connector_elastomeric.jpg}
\caption{Direct soldering of an FPC and an elastomeric connector}
\caption{Direct soldering of an FPC and an elastomeric connector (sample~\sampleno{H31}).}
\label{hsm_fig_connector_elastomeric}
\end{subfigure}
\quad
\begin{subfigure}[t]{0.3\textwidth}
\centering\includegraphics[width=\linewidth]{connector_rf_gasket.jpg}
\caption{Soft, conductive EM shielding gaskets used as connectors}
\caption{Soft, conductive EM shielding gaskets used as connectors (sample~\sampleno{H14}).}
\label{hsm_fig_connector_gasket}
\end{subfigure}
\quad
\begin{subfigure}[t]{0.3\textwidth}
\centering\includegraphics[width=\linewidth]{connector_metal_dome.jpg}
\caption{Tactile dome}
\caption{Tactile dome (sample~\sampleno{H06}).}
\label{hsm_fig_connector_dome}
\end{subfigure}
\caption[Mesh connecting methods]{Connecting methods used between tamper sensing mesh assemblies and their base PCBs}
@ -712,31 +722,31 @@ connection while guaranteeing adjacent spheres never touch each other.
\centering
\begin{subfigure}[t]{0.3\textwidth}
\centering\includegraphics[width=\linewidth]{hsm_3d_style_fold_overlap.jpg}
\caption{Folded with overlap}
\caption{Folded with overlap (sample~\sampleno{H03})}
\label{hsm_fig_3d_struct_folded_overlap}
\end{subfigure}
\quad
\begin{subfigure}[t]{0.3\textwidth}
\centering\includegraphics[width=\linewidth]{hsm_3d_style_fold_no_overlap.jpg}
\caption{Folded without overlap}
\caption{Folded without overlap (sample~\sampleno{H14})}
\label{hsm_fig_3d_struct_folded_no_overlap}
\end{subfigure}
\quad
\begin{subfigure}[t]{0.3\textwidth}
\centering\includegraphics[width=\linewidth]{hsm_3d_style_vacform.jpg}
\caption{Thermoformed}
\caption{Thermoformed (sample~\sampleno{H12})}
\label{hsm_fig_3d_struct_vacuum_form}
\end{subfigure}
\quad
\begin{subfigure}[t]{0.3\textwidth}
\centering\includegraphics[width=\linewidth]{3d_construction_cards_standalone.jpg}
\caption{House-of-Cards construction}
\caption{House-of-Cards construction (sample~\sampleno{H08})}
\label{hsm_fig_3d_struct_house_of_cards}
\end{subfigure}
\quad
\begin{subfigure}[t]{0.3\textwidth}
\centering\includegraphics[width=\linewidth]{3d_construction_lds_top.jpg}
\caption{Laser Direct Structuring}
\caption{Laser Direct Structuring (sample~\sampleno{H32})}
\label{hsm_fig_3d_struct_lds}
\end{subfigure}
\caption[3D mesh construction styles]{Construction styles used to fit tamper sensing meshes into 3D envelopes. Grids
@ -751,17 +761,18 @@ three-dimensional structures from planar meshes. Figure~\ref{hsm_fig_3d_struct}
we saw among our samples. Figure~\ref{hsm_fig_3d_struct_folded_overlap} and
Figure~\ref{hsm_fig_3d_struct_folded_no_overlap} have meshes produced as flexible printed circuits, in
Figure~\ref{hsm_fig_3d_struct_folded_overlap} using a standard photolithographic copper/polyimide FPC process usually
used for flexible PCBs, and in Figure~\ref{hsm_fig_3d_struct_folded_overlap} using a standard silver ink screenprinting
process. The choice in Figure~\ref{hsm_fig_3d_struct_folded_no_overlap} not to overlap the mesh in the corner is likely
caused by manufacturing considerations, since it might be difficult to ensure proper folding of a small foil tab with
adhesive pre-applied. Figure~\ref{hsm_fig_3d_struct_vacuum_form} shows a sample of a flexible circuit manufactured in a
screenprinted silver-ink process thermoformed into a three-dimensional
shape~\cite{weidnerHardwareschutzFormHalbschalen2007}. The flexible circuit mesh is first produced in a standard planar
printing process. After printing and curing, the resulting foil is then heated to soften it, and forced into a
three-dimensional shape using a mold. Depending on the process, one or two molds, and vacuum or pressured air can be
used to shape the foil. The process requires a screenprinted flexible circuit, and would not work with copper/polyimide
flexible PCBs since their copper layer is too thick to plastically deform without tearing, and because polyimide is not
sufficiently thermoplastic at low temperatures.
used for flexible PCBs, and in Figure~\ref{hsm_fig_3d_struct_folded_nooverlap} using a standard silver ink
screenprinting process. The choice in Figure~\ref{hsm_fig_3d_struct_folded_no_overlap} not to overlap the mesh in the
corner is likely caused by manufacturing considerations, since it might be difficult to ensure proper folding of a small
foil tab with adhesive pre-applied.
Figure~\ref{hsm_fig_3d_struct_vacuum_form} shows a sample of a flexible circuit manufactured in a screenprinted
silver-ink process thermoformed into a three-dimensional shape~\cite{weidnerHardwareschutzFormHalbschalen2007}. The
flexible circuit mesh is first produced in a standard planar printing process. After printing and curing, the resulting
foil is then heated to soften it, and forced into a three-dimensional shape using a mold. Depending on the process, one
or two molds, and vacuum or pressured air can be used to shape the foil. The process requires a screenprinted flexible
circuit, and would not work with copper/polyimide flexible PCBs since their copper layer is too thick to plastically
deform without tearing, and because polyimide is not sufficiently thermoplastic at low temperatures.
Thermoforming is a cheap industry standard process, but applied to flexible circuits it has some limitations. First,
only 2.5-dimensional structures can be created since the starting product is always a planar sheet. Second, the sheet
@ -769,13 +780,60 @@ cannot be cut or contain slots or large holes before forming since it needs to b
sides to ensure it evenly stretches into the mold. Finally, the depth achievable in such a process is rather limited,
with no sample in our survey exceeding \qty{2}{\milli\meter}\todo{Get proper number}. Higher depths would require
extensive deformation of the mesh circuit's plastic substrate, which could lead to tears in the mesh traces since the
particle-based conductive inks used for screen-printed electronics are inelastic.
particle-based conductive inks used for screen-printed electronics are inelastic. Among our samples, we saw two
instances of thermoformed meshes. First, all recent Ingenico terminals (\sampleno{H06,H13,H23,H24}) integrated an ink
printed mesh with thermoformed cavities into their key pad overlay. These terminals implement their key pad using
tactile domes with contacts patterned on their main PCBs' surface. These domes are commonly placed on an adhesive sheet
that is die cut to size so that the whole sheet can be placed on the PCB in one assembly step, instead of individually
placing each dome. In these samples, a mesh was integrated into this adhesive sheet using a silver ink printing process,
and two additional domes were used to provide contact between this integrated mesh and the main PCB. Cavities were
formed into this mesh to enclose the upper side of the main cryptographic processor and associated components.
The specimen in Figure~\ref{hsm_fig_3d_struct_vacuum_form} shows one further design defect. The mesh shown does not
extend to the edges of the plastic cover it has been molded into. When this cover is placed on top of a PCB to protect
components on the PCB from tampering, this leaves a large gap between the bottom edge of the mesh and the PCB surface,
through which probes can be inserted to access either the payload circuit or the mesh monitoring circuitry.
\todoplaceholder{take pic of sample H08 card slot cover}
Figure~\ref{fig_ingenico_forming} shows the mesh of sample~\sampleno{H24} both before and after removing the black
opaque cover lacquer used on the bottom side of these meshes to obscure their features. The lacquer was removed by
gently rubbing it with a cotton swap soaked with acetone. In Figure~\ref{fig_ingenico_forming_after}, we see how the
mesh's structure was adapted around the formed cavities to reduce the risk of a break during the forming process: The
mesh's traces were kept parallel to the direction the foil was stretched, and the feature size of the mesh was increased
by a large factor in these areas. In the corners of the formed cavity, where the foil experiences stretching in both
directions, the features were scaled even larger than along the cavity's edges. This increase in structure size
compromises the mesh's security level, especially given that the edges of the cavity are at a convenient direction for
access by probes.
\begin{figure}
\begin{center}
\begin{subfigure}[t]{0.4\textwidth}
\includegraphics[width=\linewidth]{survey_formed_mesh_before.jpg}
\caption{Before removing opaque cover lacquer.}
\label{fig_ingenico_forming_before}
\end{subfigure}
\begin{subfigure}[t]{0.4\textwidth}
\includegraphics[width=\linewidth]{survey_formed_mesh_after.jpg}
\caption{After removing opaque cover lacquer.}
\label{fig_ingenico_forming_after}
\end{subfigure}
\end{center}
\caption{Formed cavities in printed foil mesh in sample~\sampleno{H24}.}
\label{fig_ingenico_forming}
\end{figure}
Sample~\sampleno{H12}, shown in Figure~\ref{hsm_fig_3d_struct_vacuum_form}, displays one further design defect. The mesh
shown does not extend to the edges of the plastic cover it has been molded into. When this cover is placed on top of a
PCB to protect components on the PCB from tampering, this leaves a large gap between the bottom edge of the mesh and the
PCB surface, through which probes can be inserted to access either the payload circuit or the mesh monitoring circuitry.
A similar design defect was mitigated in the specimens manufactured by Banksys, card payment terminal \sampleno{H08} and
ATM encrypting pin pads \sampleno{H03} and \sampleno{H04}. These specimens all have a polyimide/copper FPC mesh glued to
the inside of a casted zinc lid form five sides of a cuboid. These meshes sit atop their base PCBs, and a possible
vulnerability would be the interface between the mesh and the PCB, where there will be an unavoidable gap of at least
several hundred micrometers. In sample~\sampleno{H03}, this was mitigated by milling a slot into the base PCB for the
mesh to sit inside, thereby placing the top layer of the base PCB as well as any internal mesh layers inside the cavity
of the mesh lid. In sample~\sampleno{H04}, the payload circuit was instead placed on a daughterboard sitting inside
the lid using board-to-board stacking connectors (cf. Figure~\ref{hsm_fig_connector_stack}). Here, an additional rigid
mesh PCB was soldered flat on top of the base PCB to cover the open side of the mesh lid, creating an overlap at the
edges. In sample~\sampleno{H08}, a card payment terminal, a simpler construction was used with a simple metal ring
soldered to the base PCB mechanically shielding the edge. We are unable to ascertain why this purely mechanical
shielding technique was used instead of the more secure overlapping technique seen in sample~\ref{H03}, which should
have a similar, low manufacturing cost.
Figure~\ref{hsm_fig_3d_struct_lds} shows the result of Laser Direct Structuring (LDS), a process that avoids some of the
limitations of thermoformed planar meshes. In LDS, a plastic part is covered in a conductive pattern in a combination of
@ -799,25 +857,25 @@ which would be a flaw in a more standard HSM application.
\centering
\begin{subfigure}[t]{0.45\textwidth}
\centering\includegraphics[width=\linewidth]{3d_construction_offset_mesh_delayered_contrast_improved.jpg}
\caption{Small obstacle mesh coupons}
\caption{Small obstacle mesh coupons (sample~\sampleno{H17}).}
\label{hsm_fig_3d_sandwich_obstacle}
\end{subfigure}
\quad
\begin{subfigure}[t]{0.45\textwidth}
\centering\includegraphics[width=\linewidth]{3d_construction_via_stitch_mesh_delayer_2.jpg}
\caption{Via-fence meshes}
\caption{Via-fence meshes (sample~\sampleno{H24}).}
\label{hsm_fig_3d_sandwich_via_fence}
\end{subfigure}
\quad
\begin{subfigure}[t]{0.45\textwidth}
\centering\includegraphics[width=\linewidth]{3d_construction_planar_stack.jpg}
\caption{Planar sandwich stack protecting the back of a connector}
\caption{Planar sandwich stack protecting the back of a connector (sample~\sampleno{H24}).}
\label{hsm_fig_3d_sandwich_stack}
\end{subfigure}
\quad
\begin{subfigure}[t]{0.45\textwidth}
\centering\includegraphics[width=\linewidth]{3d_construction_cavity_2.jpg}
\caption{PCB lid with routed cavity and embedded planar and via-fence meshes}
\caption{PCB lid with routed cavity and embedded planar and via-fence meshes (sample~\sampleno{H14}).}
\label{hsm_fig_3d_sandwich_lid}
\end{subfigure}
\caption[Sandwich mesh construction styles]{Construction styles used to cover 3D volumes using sandwich-style
@ -854,6 +912,79 @@ cavity. Below this standard mesh stackup are two that are used to create a via f
Figure~\ref{hsm_fig_3d_sandwich_via_fence} in an attempt to protect the sides around the central cavity. Below these two
via fence layers, at the bottom of the PCB is one more layer containing the pads connecting it to the base PCB.
\subsubsection{Tabular results}
\begin{table}
\footnotesize
\rowcolors{2}{gray!15}{white}
\begin{tabular}[c]{c>{\RaggedRight\arraybackslash}p{20mm}>{\RaggedRight\arraybackslash}p{30mm}lccccc}
\textbf{ID} & \textbf{Device} & \textbf{Manufacturer} & \textbf{Type code} &
\textbf{Mesh Contacts} & \textbf{Mesh Material} & \textbf{3D Construction} &
\textbf{Obscurity Features} & \textbf{Others} \\
\hline
H01 & PED & Verifone & VX 570 & & & & & \\
H02 & Slot machine CPU module & Merkur / ADP Gauselmann & Sam 12 EC2 & & & & & \\
H03 & EPP & Sagem & USA1315-4240 & & & & & \\
H04 & EPP & Sagem & USA1316-5120 & & & & & \\
H05 & PED & Xac & xAPT-103 & & & & & \\
H06 & PED & Ingenico & iCT250 & & & & & \\
H08 & PED & Sagem & NOR4100 & & & & & \\
H09 & PED & Hypercom & M4230 & & & & & \\
H10 & PED & Worldline & YOMANI XR & & & & & \\
H11 & PED & Banksys & C-ZAM Smash Portable & & & & & \\
H12 & PED & Hypercom & P2100 & & & & & \\
H13 & PED & Ingenico & iCT 220 & & & & & \\
H14 & PED & Verifone & H5000 & & & & & \\
H15 & PED & Verifone & MX 925 & & & & & \\
H16 & PED & Verifone & V200c CTLS & & & & & \\
H17 & PED & Verifone & VX 680 & & & & & \\
H18 & PED & Ingenico & i7910 & & & & & \\
H19 & PED & Banksys & XENTA & & & & & \\
H20 & PED & Verifone & VX 520 3G & & & & & \\
H21 & PED & Verifone & V400m Plus 4G & & & & & \\
H22 & PED & Ingenico & Move 3500 & & & & & \\
H23 & PED & Ingenico & iPP 350 & & & & & \\
H24 & PED & Ingenico & iWL255 & & & & & \\
H25 & Franking Machine & Neopost & IJ-25 & & & & & \\
H27 & PED & Sumup & AIR1E205 & & & & & \\
H28 & EPP & NCR & 5814 & & & & & \\
H29 & HSM & SafeNet & VBD-05 & & & & & \\
H30 & HSM & Irdeto & C201 & & & & & \\
H31 & PED & SumUp & SumUp 3G & & & & & \\
H32 & PED & SumUp & SumUp Air & & & & & \\
\end{tabular}
\caption{Features found in the samples we dissected. Column key:
\emph{Mesh contacts:}
Elastomeric (Figures~\ref{hsm_fig_connector_elastomeric}, \ref{hsm_fig_connector_stack}),
Soldered (Figure~\ref{hsm_fig_connector_castellations}),
Stacking (Figure~\ref{hsm_fig_connector_stack}),
Tactile Dome (Figures~\ref{hsm_fig_connector_dome}, \ref{hsm_fig_connector_fpc}),
FPC Connector (Figure~\ref{hsm_fig_connector_fpc}),
Mesh EMI Gasket (Figure~\ref{hsm_fig_connector_gasket}).
\emph{Mesh Material:}
Rigid PCB (Figure~\ref{hsm_fig_materials_pcb_rigid}),
Copper FPC (Figure~\ref{hsm_fig_materials_pcb_flex}),
Printed silver ink (Figure~\ref{hsm_fig_materials_silver_ink}),
Printed carbon ink (Figure~\ref{hsm_fig_materials_carbon_ink}),
Gold Laser Direct Structuring (Figure~\ref{hsm_fig_materials_lds}).
\emph{3D Construction:}
Folded mesh (Figures~\ref{hsm_fig_3d_struct_folded_overlap} and \ref{hsm_fig_3d_struct_folded_no_overlap}),
House of cards (Figure~\ref{hsm_fig_3d_struct_house_of_cards}),
Laser Direct Structuring (Figure~\ref{hsm_fig_3d_struct_lds}),
Thermoformed (Figures~\ref{hsm_fig_3d_struct_vacuum_form} and \ref{fig_ingenico_forming}),
Planar obstacle (Figures~\ref{hsm_fig_3d_sandwich_obstacle} and \ref{hsm_fig_3d_sandwich_via_fence}),
Complex planar (Figures~\ref{hsm_fig_3d_sandwich_stack} and \ref{hsm_fig_3d_sandwich_lid}),
\emph{Obscurity Features:}
Metal enclosure (Figure~\ref{hsm_fig_3d_struct_folded_overlap}),
Potting (Figure~\ref{hsm_fig_ingenico_potted_seated}),
Opaque foil (Figure~\ref{hsm_fig_connector_dome}),
Opaque lacquer (Figure~\ref{fig_ingenico_forming}).
\emph{Other Features:}
Integrated tactile domes (Figure~\ref{hsm_fig_connector_dome}),
-Integrated tactile Dome landing pad (Figure~\ref{hsm_fig_connector_fpc}).
}
\label{tab_hsm_survey_sample_results}
\end{table}
\subsubsection{CT Imaging}
\begin{figure}
@ -878,7 +1009,8 @@ via fence layers, at the bottom of the PCB is one more layer containing the pads
\caption{Photo of the HSM module seated on the payment terminal's main PCB.}
\label{hsm_fig_ingenico_potted_seated}
\end{subfigure}
\caption[Potted module CT images]{Optical photograph and CT pictures of a potted HSM module.}
\caption[Potted module CT images]{Optical photograph and CT pictures of a potted HSM module
(sample~\sampleno{H18}).}
\label{hsm_fig_ingenico_potted}
\end{figure}

1
common-defs.tex
View file

@ -174,6 +174,7 @@
\setstretch{1.3}
\newcommand{\sampleno}[1]{\textsf{#1}}
% Settings for tocloft as applied to minitoc
%\setlength{\cftbeforesecskip}{-1pt}
%\setlength{\cftbeforesubsecskip}{-1pt}

15
main.bib
View file

@ -505,8 +505,8 @@
}
@incollection{baumMoz$$mathbbZ_2^k$$arellaEfficient2022,
title = {Moz\$\$\textbackslash mathbb \{\vphantom\}{{Z}}\vphantom\{\}\_\{2\textasciicircum k\}\$\$arella: {{Efficient Vector-OLE}} and {{Zero-Knowledge Proofs}} over \$\$\textbackslash mathbb \{\vphantom\}{{Z}}\vphantom\{\}\_\{2\textasciicircum k\}\$\$},
shorttitle = {Moz\$\$\textbackslash mathbb \{\vphantom\}{{Z}}\vphantom\{\}\_\{2\textasciicircum k\}\$\$arella},
title = {Moz\$\$\textbackslash mathbb \{{{Z}}\}\_\{2\textasciicircum k\}\$\$arella: {{Efficient Vector-OLE}} and {{Zero-Knowledge Proofs}} over \$\$\textbackslash mathbb \{{{Z}}\}\_\{2\textasciicircum k\}\$\$},
shorttitle = {Moz\$\$\textbackslash mathbb \{{{Z}}\}\_\{2\textasciicircum k\}\$\$arella},
booktitle = {Advances in {{Cryptology}} {{CRYPTO}} 2022},
author = {Baum, Carsten and Braun, Lennart and Munch-Hansen, Alexander and Scholl, Peter},
editor = {Dodis, Yevgeniy and Shrimpton, Thomas},
@ -2097,6 +2097,17 @@
keywords = {Computer Science - Cryptography and Security}
}
@online{gctwnlWhenChatGPTSummarises2024,
title = {When {{ChatGPT}} Summarises, It Actually Does Nothing of the Kind.},
author = {{GCTWNL}},
date = {2024-05-27T21:58:15+00:00},
url = {https://ea.rna.nl/2024/05/27/when-chatgpt-summarises-it-actually-does-nothing-of-the-kind/},
urldate = {2025-11-02},
abstract = {One of the use cases I thought was reasonable to expect from ChatGPT and Friends (LLMs) was summarising. It turns out I was wrong. What ChatGPT isnt summarising at all, it only looks like it…},
langid = {english},
organization = {R\&A IT Strategy \& Architecture}
}
@online{gematikSpezifikationAktensystemEPA2025,
title = {Spezifikation Aktensystem ePA für alle v1.4.1},
author = {{gematik}},

14
thesis.tex
View file

@ -38,14 +38,14 @@
\listoftables
\mainmatter
\dochapter{chapter-introduction} % Status: In pretty good shape
\dochapter{chapter-epa} % Status: In pretty good shape
%\dochapter{chapter-introduction} % Status: In pretty good shape
%\dochapter{chapter-epa} % Status: In pretty good shape
\dochapter{chapter-hsms} % Status: In pretty good shape
\dochapter{chapter-ihsm} % Status: Copy-paste done, build works, integration TODO
\dochapter{chapter-sampling-mesh-monitor} % Status: Copy-paste done, build works, integration TODO
\dochapter{chapter-nice-coils} % Status: Copy-paste done, build works, integration TODO
\dochapter{chapter-qkd} % Status: Re-integration of changes from workshop paper done
\dochapter{chapter-smpc} % Status: TODO
%\dochapter{chapter-ihsm} % Status: Copy-paste done, build works, integration TODO
%\dochapter{chapter-sampling-mesh-monitor} % Status: Copy-paste done, build works, integration TODO
%\dochapter{chapter-nice-coils} % Status: Copy-paste done, build works, integration TODO
%\dochapter{chapter-qkd} % Status: Re-integration of changes from workshop paper done
%\dochapter{chapter-smpc} % Status: TODO
\input{chapter-conclusion/chapter.tex} % Status: draft done