From 9715bf6bd1acec9def5137c764caea1e81e5c07f Mon Sep 17 00:00:00 2001 From: jaseg Date: Mon, 3 Nov 2025 14:11:37 +0100 Subject: [PATCH] WIP --- chapter-hsms/chapter.tex | 288 ++++++++++++++++++++++++++++----------- common-defs.tex | 1 + main.bib | 15 +- thesis.tex | 14 +- 4 files changed, 231 insertions(+), 87 deletions(-) diff --git a/chapter-hsms/chapter.tex b/chapter-hsms/chapter.tex index 5132260..0eb19ce 100644 --- a/chapter-hsms/chapter.tex +++ b/chapter-hsms/chapter.tex @@ -462,16 +462,20 @@ supplementary material to this thesis. \todo{Actually assemble the supplementary material and include all photos} \subsubsection{Mesh materials.} -We found meshes constructed from rigid PCBs as well as a number of Flexible Printed Circuit (FPC) processes. -tamper sensing meshes constructed from PCBs sometimes used parts of an existing PCB, and sometimes additional PCBs only -containing a mesh were added. Sometimes, multiple rigid PCB meshes were assembled in a house of cards fashion to enclose -part of a device. For flexible meshes, with the exception of the Utimaco HSM appliance's HSM card that used an + +We found meshes constructed from rigid PCBs (e.g.\ samples~\sampleno{H02}, \sampleno{H03} and \sampleno{H08}) as well as +a number of Flexible Printed Circuit (FPC) processes. Tamper sensing meshes constructed from PCBs sometimes used parts +of an existing PCB (e.g.\ samples~\sampleno{H03} and \sampleno{H10}), and sometimes additional PCBs only containing a +mesh were added (e.g.\ sample~\sampleno{H02} and \sampleno{H08}). In some samples (e.g.\ samples~\sampleno{H08} and +\sampleno{H18}), multiple rigid PCB meshes were assembled in a house of cards fashion to enclose a card slot. For +flexible meshes, with the exception of the Utimaco HSM appliance's HSM card (sample~\sampleno{H30}) that used an off-the-shelf Gore tamper sensing mesh foil, all were clearly manufactured either entirely or mostly in standard -processes. We found silkscreened silver ink and silkscreened carbon ink-based foils similar to those used for membrane -keyboards, as well as conventional photolithographically etched copper/polyimide Flexible Printed Circuits (FPCs). -Overall, etched PCBs showed better resolution compared to silkscreen-printed meshes. Feature size for both rigid and -flexible etched PCB meshes was generally in the order of \qtyrange{100}{200}{\micro\meter}, while feature size for -screen printed foil meshes was coarser at between \qtyrange{500}{3000}{\micro\meter}. +processes. We found printed silver ink (e.g.\ sample~\sampleno{H12}) and printed carbon ink-based foils (e.g.\ +sample~\sampleno{H09}) similar to those used for membrane keyboards, as well as conventional photolithographically +etched copper/polyimide Flexible Printed Circuits (FPCs) (e.g.\ samples~\sampleno{H03}, \sampleno{H04} and +\sampleno{H08}). Overall, etched PCBs showed better resolution compared to silkscreen-printed meshes. Feature size for +both rigid and flexible etched PCB meshes was generally in the order of \qtyrange{100}{200}{\micro\meter}, while feature +size for screen printed foil meshes was coarser at between \qtyrange{500}{3000}{\micro\meter}. \subsubsection{Mesh layout.} @@ -479,25 +483,25 @@ screen printed foil meshes was coarser at between \qtyrange{500}{3000}{\micro\me \centering \begin{subfigure}[t]{0.45\textwidth} \centering\includegraphics[width=\linewidth]{hsm_mesh_offset.jpg} - \caption{Offset layers for more complete coverage} + \caption{Offset layers for more complete coverage (sample~\sampleno{H12}).} \label{hsm_fig_mesh_layout_offset} \end{subfigure} \quad \begin{subfigure}[t]{0.45\textwidth} \centering\includegraphics[width=\linewidth]{hsm_mesh_orthogonal.jpg} - \caption{Orthogonal patterns on subsequent layers} + \caption{Orthogonal patterns on subsequent layers (sample~\sampleno{H14}).} \label{hsm_fig_mesh_layout_orthogonal} \end{subfigure} \quad \begin{subfigure}[t]{0.45\textwidth} \centering\includegraphics[width=\linewidth]{hsm_utimaco_mesh_gore.jpg} - \caption{Combining orthogonal layers with area-covering pattern} + \caption{Combining orthogonal layers with area-covering pattern (sample~\sampleno{H30}).} \label{hsm_fig_mesh_layout_utimaco} \end{subfigure} \quad \begin{subfigure}[t]{0.45\textwidth} \centering\includegraphics[width=\linewidth]{hsm_mesh_stack_epp.jpg} - \caption{Spacing mesh layers apart to constrict angular freedom of an attack tool} + \caption{Spacing mesh layers apart to constrict angular freedom of an attack tool (sample~\sampleno{H28}).} \label{hsm_fig_mesh_layout_epp} \end{subfigure} \caption{Mesh trace layout approaches for multi-layer meshes.} @@ -507,34 +511,37 @@ screen printed foil meshes was coarser at between \qtyrange{500}{3000}{\micro\me A key goal in tamper sensing mesh design is to avoid any gaps in coverage. In single-layer meshes, gaps between adjacent mesh traces cannot be avoided, and provide an easy approach for an attack. In multi-layer meshes, these structure size-dependent gaps can be mitigated in multiple ways as shown in Figure~\ref{hsm_fig_mesh_layout}. In the following -paragraphs, we will address several common structural features that we observed across samples. +list, we will address several common structural features that we observed across samples. -\paragraph{Offset patterns.} In a two-sided foil mesh, most of the gaps between adjacent traces can be covered by simply -offsetting the pattern by one structure size in both axes between the foil's top and bottom layers as shown in -Figure~\ref{hsm_fig_mesh_layout_offset}. Depending on the mesh layout, only a small number of point-shaped gaps remain -at corners in mesh traces on one of the layers. The number of these gaps can be reduced by reducing the number of -misaligned corners between both layers for instance by choosing a systematic serpentine or spiral trace layout. - -\paragraph{Orthogonal patterns.} In some other specimens, the manufacturer chose the opposite approach of keeping the -mesh pattern mostly orthogonal on the mesh's two layers as shown in Figure~\ref{hsm_fig_mesh_layout_orthogonal}. While -this leads to a larger amount of gaps compared to offset patterns as described above, it also reduces the largest gap -size to about one structure size by one structure size. - -\paragraph{Combined approaches.} Figure~\ref{hsm_fig_mesh_layout_utimaco} shows the layout of a Gore tamper sensing mesh -foil used in an Utimaco HSM. This mesh consists of two foil layers bonded to each other. The outer foil is patterned on -both sides with a sparse pattern of thin serpentine traces with the patterns on both layers being orthogonal to each -other. Both patterns are oriented at a \qty{45}{\degree} angle relative to the sides of the rectangular enclosed volume. -The inner foil is only patterned on one side, and contains a thicker serpentine trace laid out in a zigzag pattern. The -two foil layers are aligned such that no gaps remain between the layers.\todo{sample number here and below (ingenico)} - -\paragraph{Using layer spacing.} Figure~\ref{hsm_fig_mesh_layout_epp} shows how an ATM Encrypting Pin Pad (EPP) -implemented the mesh on its keypad. Off-the-shelf metal snap dome contacts were used on the surface of a conventional -rigid PCB to create the keys. On top of the rigid PCB and contact domes, a two-layer copper/polyimide FPC with an -additional polyimide cover layer was glued down. Meshes were placed on both layers of the FPC, as well as on one -internal layer of the rigid PCB. The resulting structure had the FPC mesh layers separated from the rigid PCB mesh layer -by several hundred micrometers of the rigid PCB's substrate. The meshes on both the FPC and the rigid PCB used a -structure size of \qty{150}{\micro\meter}. The vertical separation between the two meshes was several times that -structure size, which limits the possible angles an attack tool could be inserted through both mesh layers. +\begin{enumerate} + \item\textbf{Offset patterns.} In a two-sided foil mesh, most of the gaps between adjacent traces can be covered by + simply offsetting the pattern by one structure size in both axes between the foil's top and bottom layers as + shown in Figure~\ref{hsm_fig_mesh_layout_offset}. Depending on the mesh layout, only a small number of + point-shaped gaps remain at corners in mesh traces on one of the layers. The number of these gaps can be reduced + by reducing the number of misaligned corners between both layers for instance by choosing a systematic + serpentine or spiral trace layout. + \item \textbf{Orthogonal patterns.} In some other specimens, the manufacturer chose the opposite approach of keeping + the mesh pattern mostly orthogonal on the mesh's two layers as shown in + Figure~\ref{hsm_fig_mesh_layout_orthogonal}. While this leads to a larger amount of gaps compared to offset + patterns as described above, it also reduces the largest gap size to about one structure size by one structure + size. + \item \textbf{Combined approaches.} Figure~\ref{hsm_fig_mesh_layout_utimaco} shows the layout of a Gore tamper + sensing mesh foil used in an Utimaco HSM. This mesh consists of two foil layers bonded to each other. The outer + foil is patterned on both sides with a sparse pattern of thin serpentine traces with the patterns on both layers + being orthogonal to each other. Both patterns are oriented at a \qty{45}{\degree} angle relative to the sides of + the rectangular enclosed volume. The inner foil is only patterned on one side, and contains a thicker serpentine + trace laid out in a zigzag pattern. The two foil layers are aligned such that no gaps remain between the + layers.\todo{sample number here and below (ingenico)} + \item \textbf{Using layer spacing.} Figure~\ref{hsm_fig_mesh_layout_epp} shows how an ATM Encrypting Pin Pad (EPP) + implemented the mesh on its keypad. Off-the-shelf metal snap dome contacts were used on the surface of a + conventional rigid PCB to create the keys. On top of the rigid PCB and contact domes, a two-layer + copper/polyimide FPC with an additional polyimide cover layer was glued down. Meshes were placed on both layers + of the FPC, as well as on one internal layer of the rigid PCB. The resulting structure had the FPC mesh layers + separated from the rigid PCB mesh layer by several hundred micrometers of the rigid PCB's substrate. The meshes + on both the FPC and the rigid PCB used a structure size of \qty{150}{\micro\meter}. The vertical separation + between the two meshes was several times that structure size, which limits the possible angles an attack tool + could be inserted through both mesh layers. +\end{enumerate} \subsubsection{Contact and trace construction.} @@ -542,31 +549,33 @@ structure size, which limits the possible angles an attack tool could be inserte \centering \begin{subfigure}[t]{0.3\textwidth} \centering\includegraphics[width=\linewidth]{trace_material_copper_pcb.jpg} - \caption{Standard photolithographic copper PCB process on rigid FR-4 fiberglass substrate} + \caption{Standard photolithographic copper PCB process on rigid FR-4 fiberglass substrate + (sample~\sampleno{H10}).} \label{hsm_fig_materials_pcb_rigid} \end{subfigure} \quad \begin{subfigure}[t]{0.3\textwidth} \centering\includegraphics[width=\linewidth]{trace_material_copper_flex.jpg} - \caption{Standard photolithographic copper PCB process on flexible polyimide substrate} + \caption{Standard photolithographic copper PCB process on flexible polyimide substrate (sample~\sampleno{H15}).} \label{hsm_fig_materials_pcb_flex} \end{subfigure} \quad \begin{subfigure}[t]{0.3\textwidth} \centering\includegraphics[width=\linewidth]{trace_material_silver.jpg} - \caption{Screen printing process using silver ink with some carbon ink contact pads for embedded buttons} + \caption{Screen printing process using silver ink with some carbon ink contact pads for embedded buttons + (sample~\sampleno{H14}).} \label{hsm_fig_materials_silver_ink} \end{subfigure} \quad \begin{subfigure}[t]{0.3\textwidth} \centering\includegraphics[width=\linewidth]{trace_material_contact_gold_lds.jpg} - \caption{Laser direct structuring using electroless gold plating} + \caption{Laser direct structuring using electroless gold plating (sample~\sampleno{H32}).} \label{hsm_fig_materials_gold_lds} \end{subfigure} \quad \begin{subfigure}[t]{0.3\textwidth} \centering\includegraphics[width=\linewidth]{trace_material_carbon.jpg} - \caption{Screen printing process using carbon ink} + \caption{Screen printing process using carbon ink (sample~\sampleno{H30}).} \label{hsm_fig_materials_carbon_ink} \end{subfigure} \caption[Mesh materials]{Materials and manufacturing processes used for mesh traces and contacts.} @@ -620,37 +629,38 @@ material, usually an elastomeric connector. \centering \begin{subfigure}[t]{0.3\textwidth} \centering\includegraphics[width=\linewidth]{connector_castellated_edge.jpg} - \caption{Direct soldering} + \caption{Direct soldering (sample~\sampleno{H05}).} \label{hsm_fig_connector_castellations} \end{subfigure} \quad \begin{subfigure}[t]{0.3\textwidth} \centering\includegraphics[width=\linewidth]{connector_stacking.jpg} - \caption{Elastomeric connector landing pattern as well as stacking board-to-board connector} + \caption{Elastomeric connector landing pattern as well as stacking board-to-board connector + (sample~\sampleno{H17}).} \label{hsm_fig_connector_stack} \end{subfigure} \quad \begin{subfigure}[t]{0.3\textwidth} \centering\includegraphics[width=\linewidth]{connector_zif_fpc_2.jpg} - \caption{Landing pads for tactile contact domes as well as FPC connector} + \caption{Landing pads for tactile contact domes as well as FPC connector (sample~\sampleno{H20}).} \label{hsm_fig_connector_fpc} \end{subfigure} \quad \begin{subfigure}[t]{0.3\textwidth} \centering\includegraphics[width=\linewidth]{connector_elastomeric.jpg} - \caption{Direct soldering of an FPC and an elastomeric connector} + \caption{Direct soldering of an FPC and an elastomeric connector (sample~\sampleno{H31}).} \label{hsm_fig_connector_elastomeric} \end{subfigure} \quad \begin{subfigure}[t]{0.3\textwidth} \centering\includegraphics[width=\linewidth]{connector_rf_gasket.jpg} - \caption{Soft, conductive EM shielding gaskets used as connectors} + \caption{Soft, conductive EM shielding gaskets used as connectors (sample~\sampleno{H14}).} \label{hsm_fig_connector_gasket} \end{subfigure} \quad \begin{subfigure}[t]{0.3\textwidth} \centering\includegraphics[width=\linewidth]{connector_metal_dome.jpg} - \caption{Tactile dome} + \caption{Tactile dome (sample~\sampleno{H06}).} \label{hsm_fig_connector_dome} \end{subfigure} \caption[Mesh connecting methods]{Connecting methods used between tamper sensing mesh assemblies and their base PCBs} @@ -712,31 +722,31 @@ connection while guaranteeing adjacent spheres never touch each other. \centering \begin{subfigure}[t]{0.3\textwidth} \centering\includegraphics[width=\linewidth]{hsm_3d_style_fold_overlap.jpg} - \caption{Folded with overlap} + \caption{Folded with overlap (sample~\sampleno{H03})} \label{hsm_fig_3d_struct_folded_overlap} \end{subfigure} \quad \begin{subfigure}[t]{0.3\textwidth} \centering\includegraphics[width=\linewidth]{hsm_3d_style_fold_no_overlap.jpg} - \caption{Folded without overlap} + \caption{Folded without overlap (sample~\sampleno{H14})} \label{hsm_fig_3d_struct_folded_no_overlap} \end{subfigure} \quad \begin{subfigure}[t]{0.3\textwidth} \centering\includegraphics[width=\linewidth]{hsm_3d_style_vacform.jpg} - \caption{Thermoformed} + \caption{Thermoformed (sample~\sampleno{H12})} \label{hsm_fig_3d_struct_vacuum_form} \end{subfigure} \quad \begin{subfigure}[t]{0.3\textwidth} \centering\includegraphics[width=\linewidth]{3d_construction_cards_standalone.jpg} - \caption{House-of-Cards construction} + \caption{House-of-Cards construction (sample~\sampleno{H08})} \label{hsm_fig_3d_struct_house_of_cards} \end{subfigure} \quad \begin{subfigure}[t]{0.3\textwidth} \centering\includegraphics[width=\linewidth]{3d_construction_lds_top.jpg} - \caption{Laser Direct Structuring} + \caption{Laser Direct Structuring (sample~\sampleno{H32})} \label{hsm_fig_3d_struct_lds} \end{subfigure} \caption[3D mesh construction styles]{Construction styles used to fit tamper sensing meshes into 3D envelopes. Grids @@ -751,17 +761,18 @@ three-dimensional structures from planar meshes. Figure~\ref{hsm_fig_3d_struct} we saw among our samples. Figure~\ref{hsm_fig_3d_struct_folded_overlap} and Figure~\ref{hsm_fig_3d_struct_folded_no_overlap} have meshes produced as flexible printed circuits, in Figure~\ref{hsm_fig_3d_struct_folded_overlap} using a standard photolithographic copper/polyimide FPC process usually -used for flexible PCBs, and in Figure~\ref{hsm_fig_3d_struct_folded_overlap} using a standard silver ink screenprinting -process. The choice in Figure~\ref{hsm_fig_3d_struct_folded_no_overlap} not to overlap the mesh in the corner is likely -caused by manufacturing considerations, since it might be difficult to ensure proper folding of a small foil tab with -adhesive pre-applied. Figure~\ref{hsm_fig_3d_struct_vacuum_form} shows a sample of a flexible circuit manufactured in a -screenprinted silver-ink process thermoformed into a three-dimensional -shape~\cite{weidnerHardwareschutzFormHalbschalen2007}. The flexible circuit mesh is first produced in a standard planar -printing process. After printing and curing, the resulting foil is then heated to soften it, and forced into a -three-dimensional shape using a mold. Depending on the process, one or two molds, and vacuum or pressured air can be -used to shape the foil. The process requires a screenprinted flexible circuit, and would not work with copper/polyimide -flexible PCBs since their copper layer is too thick to plastically deform without tearing, and because polyimide is not -sufficiently thermoplastic at low temperatures. +used for flexible PCBs, and in Figure~\ref{hsm_fig_3d_struct_folded_nooverlap} using a standard silver ink +screenprinting process. The choice in Figure~\ref{hsm_fig_3d_struct_folded_no_overlap} not to overlap the mesh in the +corner is likely caused by manufacturing considerations, since it might be difficult to ensure proper folding of a small +foil tab with adhesive pre-applied. + +Figure~\ref{hsm_fig_3d_struct_vacuum_form} shows a sample of a flexible circuit manufactured in a screenprinted +silver-ink process thermoformed into a three-dimensional shape~\cite{weidnerHardwareschutzFormHalbschalen2007}. The +flexible circuit mesh is first produced in a standard planar printing process. After printing and curing, the resulting +foil is then heated to soften it, and forced into a three-dimensional shape using a mold. Depending on the process, one +or two molds, and vacuum or pressured air can be used to shape the foil. The process requires a screenprinted flexible +circuit, and would not work with copper/polyimide flexible PCBs since their copper layer is too thick to plastically +deform without tearing, and because polyimide is not sufficiently thermoplastic at low temperatures. Thermoforming is a cheap industry standard process, but applied to flexible circuits it has some limitations. First, only 2.5-dimensional structures can be created since the starting product is always a planar sheet. Second, the sheet @@ -769,13 +780,60 @@ cannot be cut or contain slots or large holes before forming since it needs to b sides to ensure it evenly stretches into the mold. Finally, the depth achievable in such a process is rather limited, with no sample in our survey exceeding \qty{2}{\milli\meter}\todo{Get proper number}. Higher depths would require extensive deformation of the mesh circuit's plastic substrate, which could lead to tears in the mesh traces since the -particle-based conductive inks used for screen-printed electronics are inelastic. +particle-based conductive inks used for screen-printed electronics are inelastic. Among our samples, we saw two +instances of thermoformed meshes. First, all recent Ingenico terminals (\sampleno{H06,H13,H23,H24}) integrated an ink +printed mesh with thermoformed cavities into their key pad overlay. These terminals implement their key pad using +tactile domes with contacts patterned on their main PCBs' surface. These domes are commonly placed on an adhesive sheet +that is die cut to size so that the whole sheet can be placed on the PCB in one assembly step, instead of individually +placing each dome. In these samples, a mesh was integrated into this adhesive sheet using a silver ink printing process, +and two additional domes were used to provide contact between this integrated mesh and the main PCB. Cavities were +formed into this mesh to enclose the upper side of the main cryptographic processor and associated components. -The specimen in Figure~\ref{hsm_fig_3d_struct_vacuum_form} shows one further design defect. The mesh shown does not -extend to the edges of the plastic cover it has been molded into. When this cover is placed on top of a PCB to protect -components on the PCB from tampering, this leaves a large gap between the bottom edge of the mesh and the PCB surface, -through which probes can be inserted to access either the payload circuit or the mesh monitoring circuitry. -\todoplaceholder{take pic of sample H08 card slot cover} +Figure~\ref{fig_ingenico_forming} shows the mesh of sample~\sampleno{H24} both before and after removing the black +opaque cover lacquer used on the bottom side of these meshes to obscure their features. The lacquer was removed by +gently rubbing it with a cotton swap soaked with acetone. In Figure~\ref{fig_ingenico_forming_after}, we see how the +mesh's structure was adapted around the formed cavities to reduce the risk of a break during the forming process: The +mesh's traces were kept parallel to the direction the foil was stretched, and the feature size of the mesh was increased +by a large factor in these areas. In the corners of the formed cavity, where the foil experiences stretching in both +directions, the features were scaled even larger than along the cavity's edges. This increase in structure size +compromises the mesh's security level, especially given that the edges of the cavity are at a convenient direction for +access by probes. + +\begin{figure} + \begin{center} + \begin{subfigure}[t]{0.4\textwidth} + \includegraphics[width=\linewidth]{survey_formed_mesh_before.jpg} + \caption{Before removing opaque cover lacquer.} + \label{fig_ingenico_forming_before} + \end{subfigure} + \begin{subfigure}[t]{0.4\textwidth} + \includegraphics[width=\linewidth]{survey_formed_mesh_after.jpg} + \caption{After removing opaque cover lacquer.} + \label{fig_ingenico_forming_after} + \end{subfigure} + \end{center} + \caption{Formed cavities in printed foil mesh in sample~\sampleno{H24}.} + \label{fig_ingenico_forming} +\end{figure} + +Sample~\sampleno{H12}, shown in Figure~\ref{hsm_fig_3d_struct_vacuum_form}, displays one further design defect. The mesh +shown does not extend to the edges of the plastic cover it has been molded into. When this cover is placed on top of a +PCB to protect components on the PCB from tampering, this leaves a large gap between the bottom edge of the mesh and the +PCB surface, through which probes can be inserted to access either the payload circuit or the mesh monitoring circuitry. + +A similar design defect was mitigated in the specimens manufactured by Banksys, card payment terminal \sampleno{H08} and +ATM encrypting pin pads \sampleno{H03} and \sampleno{H04}. These specimens all have a polyimide/copper FPC mesh glued to +the inside of a casted zinc lid form five sides of a cuboid. These meshes sit atop their base PCBs, and a possible +vulnerability would be the interface between the mesh and the PCB, where there will be an unavoidable gap of at least +several hundred micrometers. In sample~\sampleno{H03}, this was mitigated by milling a slot into the base PCB for the +mesh to sit inside, thereby placing the top layer of the base PCB as well as any internal mesh layers inside the cavity +of the mesh lid. In sample~\sampleno{H04}, the payload circuit was instead placed on a daughterboard sitting inside +the lid using board-to-board stacking connectors (cf. Figure~\ref{hsm_fig_connector_stack}). Here, an additional rigid +mesh PCB was soldered flat on top of the base PCB to cover the open side of the mesh lid, creating an overlap at the +edges. In sample~\sampleno{H08}, a card payment terminal, a simpler construction was used with a simple metal ring +soldered to the base PCB mechanically shielding the edge. We are unable to ascertain why this purely mechanical +shielding technique was used instead of the more secure overlapping technique seen in sample~\ref{H03}, which should +have a similar, low manufacturing cost. Figure~\ref{hsm_fig_3d_struct_lds} shows the result of Laser Direct Structuring (LDS), a process that avoids some of the limitations of thermoformed planar meshes. In LDS, a plastic part is covered in a conductive pattern in a combination of @@ -799,25 +857,25 @@ which would be a flaw in a more standard HSM application. \centering \begin{subfigure}[t]{0.45\textwidth} \centering\includegraphics[width=\linewidth]{3d_construction_offset_mesh_delayered_contrast_improved.jpg} - \caption{Small obstacle mesh coupons} + \caption{Small obstacle mesh coupons (sample~\sampleno{H17}).} \label{hsm_fig_3d_sandwich_obstacle} \end{subfigure} \quad \begin{subfigure}[t]{0.45\textwidth} \centering\includegraphics[width=\linewidth]{3d_construction_via_stitch_mesh_delayer_2.jpg} - \caption{Via-fence meshes} + \caption{Via-fence meshes (sample~\sampleno{H24}).} \label{hsm_fig_3d_sandwich_via_fence} \end{subfigure} \quad \begin{subfigure}[t]{0.45\textwidth} \centering\includegraphics[width=\linewidth]{3d_construction_planar_stack.jpg} - \caption{Planar sandwich stack protecting the back of a connector} + \caption{Planar sandwich stack protecting the back of a connector (sample~\sampleno{H24}).} \label{hsm_fig_3d_sandwich_stack} \end{subfigure} \quad \begin{subfigure}[t]{0.45\textwidth} \centering\includegraphics[width=\linewidth]{3d_construction_cavity_2.jpg} - \caption{PCB lid with routed cavity and embedded planar and via-fence meshes} + \caption{PCB lid with routed cavity and embedded planar and via-fence meshes (sample~\sampleno{H14}).} \label{hsm_fig_3d_sandwich_lid} \end{subfigure} \caption[Sandwich mesh construction styles]{Construction styles used to cover 3D volumes using sandwich-style @@ -854,6 +912,79 @@ cavity. Below this standard mesh stackup are two that are used to create a via f Figure~\ref{hsm_fig_3d_sandwich_via_fence} in an attempt to protect the sides around the central cavity. Below these two via fence layers, at the bottom of the PCB is one more layer containing the pads connecting it to the base PCB. +\subsubsection{Tabular results} + +\begin{table} + \footnotesize + \rowcolors{2}{gray!15}{white} + \begin{tabular}[c]{c>{\RaggedRight\arraybackslash}p{20mm}>{\RaggedRight\arraybackslash}p{30mm}lccccc} + \textbf{ID} & \textbf{Device} & \textbf{Manufacturer} & \textbf{Type code} & + \textbf{Mesh Contacts} & \textbf{Mesh Material} & \textbf{3D Construction} & + \textbf{Obscurity Features} & \textbf{Others} \\ + \hline + H01 & PED & Verifone & VX 570 & & & & & \\ + H02 & Slot machine CPU module & Merkur / ADP Gauselmann & Sam 12 EC2 & & & & & \\ + H03 & EPP & Sagem & USA1315-4240 & & & & & \\ + H04 & EPP & Sagem & USA1316-5120 & & & & & \\ + H05 & PED & Xac & xAPT-103 & & & & & \\ + H06 & PED & Ingenico & iCT250 & & & & & \\ + H08 & PED & Sagem & NOR4100 & & & & & \\ + H09 & PED & Hypercom & M4230 & & & & & \\ + H10 & PED & Worldline & YOMANI XR & & & & & \\ + H11 & PED & Banksys & C-ZAM Smash Portable & & & & & \\ + H12 & PED & Hypercom & P2100 & & & & & \\ + H13 & PED & Ingenico & iCT 220 & & & & & \\ + H14 & PED & Verifone & H5000 & & & & & \\ + H15 & PED & Verifone & MX 925 & & & & & \\ + H16 & PED & Verifone & V200c CTLS & & & & & \\ + H17 & PED & Verifone & VX 680 & & & & & \\ + H18 & PED & Ingenico & i7910 & & & & & \\ + H19 & PED & Banksys & XENTA & & & & & \\ + H20 & PED & Verifone & VX 520 3G & & & & & \\ + H21 & PED & Verifone & V400m Plus 4G & & & & & \\ + H22 & PED & Ingenico & Move 3500 & & & & & \\ + H23 & PED & Ingenico & iPP 350 & & & & & \\ + H24 & PED & Ingenico & iWL255 & & & & & \\ + H25 & Franking Machine & Neopost & IJ-25 & & & & & \\ + H27 & PED & Sumup & AIR1E205 & & & & & \\ + H28 & EPP & NCR & 5814 & & & & & \\ + H29 & HSM & SafeNet & VBD-05 & & & & & \\ + H30 & HSM & Irdeto & C201 & & & & & \\ + H31 & PED & SumUp & SumUp 3G & & & & & \\ + H32 & PED & SumUp & SumUp Air & & & & & \\ + \end{tabular} + \caption{Features found in the samples we dissected. Column key: + \emph{Mesh contacts:} + Elastomeric (Figures~\ref{hsm_fig_connector_elastomeric}, \ref{hsm_fig_connector_stack}), + Soldered (Figure~\ref{hsm_fig_connector_castellations}), + Stacking (Figure~\ref{hsm_fig_connector_stack}), + Tactile Dome (Figures~\ref{hsm_fig_connector_dome}, \ref{hsm_fig_connector_fpc}), + FPC Connector (Figure~\ref{hsm_fig_connector_fpc}), + Mesh EMI Gasket (Figure~\ref{hsm_fig_connector_gasket}). + \emph{Mesh Material:} + Rigid PCB (Figure~\ref{hsm_fig_materials_pcb_rigid}), + Copper FPC (Figure~\ref{hsm_fig_materials_pcb_flex}), + Printed silver ink (Figure~\ref{hsm_fig_materials_silver_ink}), + Printed carbon ink (Figure~\ref{hsm_fig_materials_carbon_ink}), + Gold Laser Direct Structuring (Figure~\ref{hsm_fig_materials_lds}). + \emph{3D Construction:} + Folded mesh (Figures~\ref{hsm_fig_3d_struct_folded_overlap} and \ref{hsm_fig_3d_struct_folded_no_overlap}), + House of cards (Figure~\ref{hsm_fig_3d_struct_house_of_cards}), + Laser Direct Structuring (Figure~\ref{hsm_fig_3d_struct_lds}), + Thermoformed (Figures~\ref{hsm_fig_3d_struct_vacuum_form} and \ref{fig_ingenico_forming}), + Planar obstacle (Figures~\ref{hsm_fig_3d_sandwich_obstacle} and \ref{hsm_fig_3d_sandwich_via_fence}), + Complex planar (Figures~\ref{hsm_fig_3d_sandwich_stack} and \ref{hsm_fig_3d_sandwich_lid}), + \emph{Obscurity Features:} + Metal enclosure (Figure~\ref{hsm_fig_3d_struct_folded_overlap}), + Potting (Figure~\ref{hsm_fig_ingenico_potted_seated}), + Opaque foil (Figure~\ref{hsm_fig_connector_dome}), + Opaque lacquer (Figure~\ref{fig_ingenico_forming}). + \emph{Other Features:} + Integrated tactile domes (Figure~\ref{hsm_fig_connector_dome}), + -Integrated tactile Dome landing pad (Figure~\ref{hsm_fig_connector_fpc}). + } + \label{tab_hsm_survey_sample_results} +\end{table} \subsubsection{CT Imaging} \begin{figure} @@ -878,7 +1009,8 @@ via fence layers, at the bottom of the PCB is one more layer containing the pads \caption{Photo of the HSM module seated on the payment terminal's main PCB.} \label{hsm_fig_ingenico_potted_seated} \end{subfigure} - \caption[Potted module CT images]{Optical photograph and CT pictures of a potted HSM module.} + \caption[Potted module CT images]{Optical photograph and CT pictures of a potted HSM module + (sample~\sampleno{H18}).} \label{hsm_fig_ingenico_potted} \end{figure} diff --git a/common-defs.tex b/common-defs.tex index d72fb58..e866f52 100644 --- a/common-defs.tex +++ b/common-defs.tex @@ -174,6 +174,7 @@ \setstretch{1.3} +\newcommand{\sampleno}[1]{\textsf{#1}} % Settings for tocloft as applied to minitoc %\setlength{\cftbeforesecskip}{-1pt} %\setlength{\cftbeforesubsecskip}{-1pt} diff --git a/main.bib b/main.bib index 85fa000..b5683c9 100644 --- a/main.bib +++ b/main.bib @@ -505,8 +505,8 @@ } @incollection{baumMoz$$mathbbZ_2^k$$arellaEfficient2022, - title = {Moz\$\$\textbackslash mathbb \{\vphantom\}{{Z}}\vphantom\{\}\_\{2\textasciicircum k\}\$\$arella: {{Efficient Vector-OLE}} and {{Zero-Knowledge Proofs}} over \$\$\textbackslash mathbb \{\vphantom\}{{Z}}\vphantom\{\}\_\{2\textasciicircum k\}\$\$}, - shorttitle = {Moz\$\$\textbackslash mathbb \{\vphantom\}{{Z}}\vphantom\{\}\_\{2\textasciicircum k\}\$\$arella}, + title = {Moz\$\$\textbackslash mathbb \{{{Z}}\}\_\{2\textasciicircum k\}\$\$arella: {{Efficient Vector-OLE}} and {{Zero-Knowledge Proofs}} over \$\$\textbackslash mathbb \{{{Z}}\}\_\{2\textasciicircum k\}\$\$}, + shorttitle = {Moz\$\$\textbackslash mathbb \{{{Z}}\}\_\{2\textasciicircum k\}\$\$arella}, booktitle = {Advances in {{Cryptology}} – {{CRYPTO}} 2022}, author = {Baum, Carsten and Braun, Lennart and Munch-Hansen, Alexander and Scholl, Peter}, editor = {Dodis, Yevgeniy and Shrimpton, Thomas}, @@ -2097,6 +2097,17 @@ keywords = {Computer Science - Cryptography and Security} } +@online{gctwnlWhenChatGPTSummarises2024, + title = {When {{ChatGPT}} Summarises, It Actually Does Nothing of the Kind.}, + author = {{GCTWNL}}, + date = {2024-05-27T21:58:15+00:00}, + url = {https://ea.rna.nl/2024/05/27/when-chatgpt-summarises-it-actually-does-nothing-of-the-kind/}, + urldate = {2025-11-02}, + abstract = {One of the use cases I thought was reasonable to expect from ChatGPT and Friends (LLMs) was summarising. It turns out I was wrong. What ChatGPT isn’t summarising at all, it only looks like it…}, + langid = {english}, + organization = {R\&A IT Strategy \& Architecture} +} + @online{gematikSpezifikationAktensystemEPA2025, title = {Spezifikation Aktensystem ePA für alle v1.4.1}, author = {{gematik}}, diff --git a/thesis.tex b/thesis.tex index 75fbed8..13a52c7 100644 --- a/thesis.tex +++ b/thesis.tex @@ -38,14 +38,14 @@ \listoftables \mainmatter -\dochapter{chapter-introduction} % Status: In pretty good shape -\dochapter{chapter-epa} % Status: In pretty good shape +%\dochapter{chapter-introduction} % Status: In pretty good shape +%\dochapter{chapter-epa} % Status: In pretty good shape \dochapter{chapter-hsms} % Status: In pretty good shape -\dochapter{chapter-ihsm} % Status: Copy-paste done, build works, integration TODO -\dochapter{chapter-sampling-mesh-monitor} % Status: Copy-paste done, build works, integration TODO -\dochapter{chapter-nice-coils} % Status: Copy-paste done, build works, integration TODO -\dochapter{chapter-qkd} % Status: Re-integration of changes from workshop paper done -\dochapter{chapter-smpc} % Status: TODO +%\dochapter{chapter-ihsm} % Status: Copy-paste done, build works, integration TODO +%\dochapter{chapter-sampling-mesh-monitor} % Status: Copy-paste done, build works, integration TODO +%\dochapter{chapter-nice-coils} % Status: Copy-paste done, build works, integration TODO +%\dochapter{chapter-qkd} % Status: Re-integration of changes from workshop paper done +%\dochapter{chapter-smpc} % Status: TODO \input{chapter-conclusion/chapter.tex} % Status: draft done