survey: proofreading pass
This commit is contained in:
jaseg
parent
4ff4aa3f63
commit
9d7b420062
1 changed files with 97 additions and 79 deletions
|
|
@ -322,7 +322,7 @@ devices we selected for this study.
|
|||
\surveypic{31}{survey_diag_S31.jpg}\\
|
||||
\surveypic{32}{survey_diag_S32.jpg}&
|
||||
\end{tabular}
|
||||
\caption{External photos of all survey samples}
|
||||
\caption{External photos of all survey samples.}
|
||||
\label{fig_hsm_survey_sample_pics}
|
||||
\end{figure}
|
||||
|
||||
|
|
@ -336,9 +336,9 @@ networks, almost all payment terminals on the market irrespective of their count
|
|||
standards. Adding on to PCI's ecosystem impact, its security standards are thought out well and provide a higher level
|
||||
of security than one might expect from an industry association.
|
||||
|
||||
Physical security standards in card payment applications both on the client side -- payment terminals -- and on the
|
||||
server side -- HSM appliances -- are more stringent than one might expect since the finance industry has been reluctant
|
||||
to adopt modern cryptography. Not only are modern cryptographic protocols like Secure Multiparty Computation (SMPC) or
|
||||
Physical security standards in card payment applications both on the client side (payment terminals) and on the server
|
||||
side (HSM appliances) are more stringent than one might expect since the finance industry has been reluctant to adopt
|
||||
modern cryptography. Not only are modern cryptographic protocols like Secure Multiparty Computation (SMPC) or
|
||||
Zero-Knowledge Proofs (ZKPs) not commonly used. Even asymmetric cryptography has only been adopted reluctantly, and
|
||||
ancient ciphers such as Triple DES are still commonly referenced in industry
|
||||
standards~\cite{pcisecuritystandardscouncilPaymentCardIndustry2025}. As a result, increased hardware security is necessary to
|
||||
|
|
@ -350,18 +350,20 @@ terminals are cost-sensitive devices, which is reflected in the construction of
|
|||
|
||||
\subsubsection{HSM Appliances}
|
||||
|
||||
For datacenter applications, HSMs are sold both as add-in cards and as standalone rackmount appliances with a network
|
||||
interface. In practice, the standalone appliances are just low-end computers in a rackmount enclosure that expose the
|
||||
API of an internal HSM add-in card to the network. In this survey, we were only able to procure a single such HSM since
|
||||
these devices are expensive, and even used specimens of older models are usually listed for several hundreds to several
|
||||
thousands of EUR. The one sample we procured was a 2011 model Utimaco CryptoServer LAN. Our unit was a white-label
|
||||
variant procured by premium TV encryption technology provider Irdeto, presumably used in Germany to produce
|
||||
cryptographic key streams for TV signal encryption. We bought the device from a recycling company specialized on
|
||||
datacenter components. The device was sold with any HDDs removed. The device consisted of an older mainboard for
|
||||
embedded applications containing an Intel Core 2 Duo-brand processor and 2 GiB of DDR2 RAM, which was connected to the
|
||||
HSM add-in card through PCI. The device contained a small Lithium backup battery on the add-in card, and another, larger
|
||||
battery in an enclosure at the front of the device that was connected to the card through a cable. The device did not
|
||||
contain any obvious case intrusion sensors.
|
||||
When credit card payments are handled on the web as opposed to in a physical store, HSMs are used in data centers to
|
||||
handle plaintext payment data such as credit card numbers. Such HSM appliances are usually standalone rackmount devices
|
||||
and are used across application domains. Depending on the application, these HSMs can be programmed with custom code, or
|
||||
can be used as coprocessors through an API. In practice, the standalone appliances are just low-end computers in a
|
||||
rackmount enclosure that expose the API of an internal HSM add-in card to the network. In this survey, we were only able
|
||||
to procure a single such HSM since these devices are expensive, and even used specimens of older models are usually
|
||||
listed for several hundreds to several thousands of EUR. The one sample we procured was a 2011 model Utimaco
|
||||
CryptoServer LAN. Our unit was a white-label variant procured by premium TV encryption technology provider Irdeto,
|
||||
presumably used in Germany to produce cryptographic key streams for TV signal encryption. We bought the device from a
|
||||
recycling company specialized on datacenter components. The device was sold with any HDDs removed. The device consisted
|
||||
of an older mainboard for embedded applications containing an Intel Core 2 Duo-brand processor and 2 GiB of DDR2 RAM,
|
||||
which was connected to the HSM add-in card through PCI. The device contained a small Lithium backup battery on the
|
||||
add-in card, and another, larger battery in an enclosure at the front of the device that was connected to the card
|
||||
through a cable. The device did not contain any obvious case intrusion sensors.
|
||||
|
||||
\subsubsection{ATM Encrypting Pin Pads}
|
||||
|
||||
|
|
@ -386,7 +388,7 @@ transmit the plaintex PIN.
|
|||
|
||||
We acquired three different EPPs for analysis: Two designed by Sagem and apparently re-sold as a whitelabel product by
|
||||
Cryptera and Diebold, respectively, and one made by and branded NCR. All three devices have robust stainless steel front
|
||||
cases.
|
||||
cases, and are built in a sandwich construction of several layers of steel sheets and PCBs.
|
||||
|
||||
\subsubsection{Other miscellaneous devices}
|
||||
|
||||
|
|
@ -448,7 +450,7 @@ cutting and prying, and applying heat from a heat gun as necessary to soften pol
|
|||
% overlapping the previous row
|
||||
\rule{0pt}{25mm}
|
||||
\end{tabular}
|
||||
\caption{Internal overview photos of the survey samples}
|
||||
\caption{Internal overview photos of the survey samples.}
|
||||
\label{fig_hsm_survey_sample_internal_pics}
|
||||
\end{figure}
|
||||
|
||||
|
|
@ -464,12 +466,12 @@ We found meshes constructed from rigid PCBs as well as a number of Flexible Prin
|
|||
tamper sensing meshes constructed from PCBs sometimes used parts of an existing PCB, and sometimes additional PCBs only
|
||||
containing a mesh were added. Sometimes, multiple rigid PCB meshes were assembled in a house of cards fashion to enclose
|
||||
part of a device. For flexible meshes, with the exception of the Utimaco HSM appliance's HSM card that used an
|
||||
off-the-shelf Gore tamper sensing mesh foil were all clearly manufactured either entirely or mostly in standard
|
||||
off-the-shelf Gore tamper sensing mesh foil, all were clearly manufactured either entirely or mostly in standard
|
||||
processes. We found silkscreened silver ink and silkscreened carbon ink-based foils similar to those used for membrane
|
||||
keyboards, as well as conventional photolithographically etched copper/polyimide Flexible Printed Circuits (FPCs).
|
||||
Overall, etched PCBs showed better resolution compared to silkscreen-printed meshes. Feature size for both rigid and
|
||||
flexible etched PCB meshes was generally in the order of \qtyrange{100}{200}{\micro\meter}, while feature size for
|
||||
printed foil meshes was coarser at between \qtyrange{500}{3000}{\micro\meter}.
|
||||
screen printed foil meshes was coarser at between \qtyrange{500}{3000}{\micro\meter}.
|
||||
|
||||
\subsubsection{Mesh layout.}
|
||||
|
||||
|
|
@ -504,7 +506,8 @@ printed foil meshes was coarser at between \qtyrange{500}{3000}{\micro\meter}.
|
|||
|
||||
A key goal in tamper sensing mesh design is to avoid any gaps in coverage. In single-layer meshes, gaps between adjacent
|
||||
mesh traces cannot be avoided, and provide an easy approach for an attack. In multi-layer meshes, these structure
|
||||
size-dependent gaps can be mitigated in multiple ways as shown in Figure~\ref{hsm_fig_mesh_layout}.
|
||||
size-dependent gaps can be mitigated in multiple ways as shown in Figure~\ref{hsm_fig_mesh_layout}. In the following
|
||||
paragraphs, we will address several common structural features that we observed across samples.
|
||||
|
||||
\paragraph{Offset patterns.} In a two-sided foil mesh, most of the gaps between adjacent traces can be covered by simply
|
||||
offsetting the pattern by one structure size in both axes between the foil's top and bottom layers as shown in
|
||||
|
|
@ -522,7 +525,7 @@ foil used in an Utimaco HSM. This mesh consists of two foil layers bonded to eac
|
|||
both sides with a sparse pattern of thin serpentine traces with the patterns on both layers being orthogonal to each
|
||||
other. Both patterns are oriented at a \qty{45}{\degree} angle relative to the sides of the rectangular enclosed volume.
|
||||
The inner foil is only patterned on one side, and contains a thicker serpentine trace laid out in a zigzag pattern. The
|
||||
two foil layers are aligned such that no gaps remain between the layers.
|
||||
two foil layers are aligned such that no gaps remain between the layers.\todo{sample number here and below (ingenico)}
|
||||
|
||||
\paragraph{Using layer spacing.} Figure~\ref{hsm_fig_mesh_layout_epp} shows how an ATM Encrypting Pin Pad (EPP)
|
||||
implemented the mesh on its keypad. Off-the-shelf metal snap dome contacts were used on the surface of a conventional
|
||||
|
|
@ -600,14 +603,16 @@ inks have high resistance, and can be used to create embedded resistors. The cir
|
|||
Figure~\ref{hsm_fig_materials_silver_ink} contains a tamper sensing mesh on a lower layer, and a keypad matrix with
|
||||
carbon contacts on its surface.
|
||||
|
||||
Figure~\ref{hsm_fig_materials_gold_lds} shows part of a mesh and a contact created using Laser Direct Structuring and
|
||||
electroless gold plating. Where in electroplating electrical current is used to deposit metal atoms on a surface, in
|
||||
electroless plating a series of chemical reactions is used. Electroplating requires all traces to be electrically
|
||||
connected to form a single electrode, while electroless plating can be used on the finished circuit. In
|
||||
Figure~\ref{hsm_fig_materials_gold_lds}, it is visible how the trace was created using three parallel passes by the
|
||||
laser. The micrograph also shows the rather coarse edge structure created by LDS, which is caused by the rough surface
|
||||
left after pulsed laser ablation. The uneven, thin layer of metallization created by LDS results in mechanically fragile
|
||||
contacts. They must be contacted using a soft material, usually an elastomeric connector.
|
||||
Figure~\ref{hsm_fig_materials_gold_lds} shows part of a mesh and a contact created using Laser Direct Structuring, a
|
||||
technique combining selective activation of a plastic surface using a scanning laser and electroless gold plating. Where
|
||||
in electroplating electrical current is used to deposit metal atoms on a surface, in electroless plating a series of
|
||||
chemical reactions is used. Electroplating requires all traces to be electrically connected to form a single electrode,
|
||||
while electroless plating can be used on the finished circuit. Laser Direct Structuring allows patterning complex
|
||||
surfaces with fine structures made from metal deposited in a thin layer. In Figure~\ref{hsm_fig_materials_gold_lds}, it
|
||||
is visible how the trace was created using three parallel passes by the laser. The micrograph also shows the rather
|
||||
coarse edge structure created by LDS, which is caused by the rough surface left after pulsed laser ablation. The uneven,
|
||||
thin layer of metallization created by LDS results in mechanically fragile contacts that must be contacted using a soft
|
||||
material, usually an elastomeric connector.
|
||||
|
||||
\subsubsection{Connection methods}
|
||||
|
||||
|
|
@ -615,37 +620,37 @@ contacts. They must be contacted using a soft material, usually an elastomeric c
|
|||
\centering
|
||||
\begin{subfigure}[t]{0.3\textwidth}
|
||||
\centering\includegraphics[width=\linewidth]{connector_castellated_edge.jpg}
|
||||
\caption{}
|
||||
\caption{Direct soldering}
|
||||
\label{hsm_fig_connector_castellations}
|
||||
\end{subfigure}
|
||||
\quad
|
||||
\begin{subfigure}[t]{0.3\textwidth}
|
||||
\centering\includegraphics[width=\linewidth]{connector_stacking.jpg}
|
||||
\caption{}
|
||||
\caption{Elastomeric connector landing pattern as well as stacking board-to-board connector}
|
||||
\label{hsm_fig_connector_stack}
|
||||
\end{subfigure}
|
||||
\quad
|
||||
\begin{subfigure}[t]{0.3\textwidth}
|
||||
\centering\includegraphics[width=\linewidth]{connector_zif_fpc_2.jpg}
|
||||
\caption{}
|
||||
\caption{Landing pads for tactile contact domes as well as FPC connector}
|
||||
\label{hsm_fig_connector_fpc}
|
||||
\end{subfigure}
|
||||
\quad
|
||||
\begin{subfigure}[t]{0.3\textwidth}
|
||||
\centering\includegraphics[width=\linewidth]{connector_elastomeric.jpg}
|
||||
\caption{}
|
||||
\caption{Direct soldering of an FPC and an elastomeric connector}
|
||||
\label{hsm_fig_connector_elastomeric}
|
||||
\end{subfigure}
|
||||
\quad
|
||||
\begin{subfigure}[t]{0.3\textwidth}
|
||||
\centering\includegraphics[width=\linewidth]{connector_rf_gasket.jpg}
|
||||
\caption{}
|
||||
\caption{Soft, conductive EM shielding gaskets used as connectors}
|
||||
\label{hsm_fig_connector_gasket}
|
||||
\end{subfigure}
|
||||
\quad
|
||||
\begin{subfigure}[t]{0.3\textwidth}
|
||||
\centering\includegraphics[width=\linewidth]{connector_metal_dome.jpg}
|
||||
\caption{}
|
||||
\caption{Tactile dome}
|
||||
\label{hsm_fig_connector_dome}
|
||||
\end{subfigure}
|
||||
\caption[Mesh connecting methods]{Connecting methods used between tamper sensing mesh assemblies and their base PCBs}
|
||||
|
|
@ -658,6 +663,7 @@ a PCB using either a Land Grid Array (LGA) technique where pads on both PCBs are
|
|||
\emph{castellated} edges, where pads on the base PCB are soldered sideways to holes on the top PCB that have been milled
|
||||
in half as shown in Figure~\ref{hsm_fig_connector_castellations}. FPCs can also be soldered by draggin a solder blob
|
||||
across the contact as shown in Figure~\ref{hsm_fig_connector_elastomeric}, but this technique is only suitable for hand
|
||||
soldering. Hand soldering increases unit cost over mechanized soldering techniques such as wave soldering or reflow
|
||||
soldering.
|
||||
|
||||
FPCs are suitable for use with standard Zero Insertion Force (ZIF) FPC connectors as shown in
|
||||
|
|
@ -738,24 +744,24 @@ connection while guaranteeing adjacent spheres never touch each other.
|
|||
\label{hsm_fig_3d_struct}
|
||||
\end{figure}
|
||||
|
||||
In practice, meshes are almost always manufactured in planar processes first, and then transformed into a
|
||||
three-dimensional shape. Figure~\ref{hsm_fig_3d_struct}
|
||||
\subref{hsm_fig_3d_struct_folded_overlap}-\subref{hsm_fig_3d_struct_house_of_cards} show the construction styles we saw
|
||||
among our samples that shape a planar mesh into a three-dimensional structure.
|
||||
Figure~\ref{hsm_fig_3d_struct_folded_overlap} and Figure~\ref{hsm_fig_3d_struct_folded_no_overlap} have meshes produced
|
||||
as flexible printed circuits, in Figure~\ref{hsm_fig_3d_struct_folded_overlap} using a standard photolithographic
|
||||
copper/polyimide FPC process usually used for flexible PCBs, and in Figure~\ref{hsm_fig_3d_struct_folded_overlap} using
|
||||
a standard silver ink screenprinting process. The choice in Figure~\ref{hsm_fig_3d_struct_folded_no_overlap} not to
|
||||
overlap the mesh in the corner is likely caused by manufacturing considerations, since it mig~ht be difficult to ensure
|
||||
proper folding of a small foil tab with adhesive pre-applied.
|
||||
~
|
||||
Figure~\ref{hsm_fig_3d_struct_vacuum_form} shows a sample of a flexible circuit manufactured in a screenprinted
|
||||
silver-ink process thermoformed into a three-dimensional shape~\cite{weidnerHardwareschutzFormHalbschalen2007}. The
|
||||
flexible circuit mesh is first produced in a standard planar printing process. After printing and curing, the resulting
|
||||
foil is then heated to soften it, and forced into a three-dimensional shape using a mold. Depending on the process, one
|
||||
or two molds, and vacuum or pressured air can be used to shape the foil. The process requires a screenprinted flexible
|
||||
circuit, and would not work with copper/polyimide flexible PCBs since their copper layer is too thick to plastically
|
||||
deform without tearing, and because polyimide is not sufficiently thermoplastic at low temperatures.
|
||||
While practical meshes are almost always manufactured in planar processes first, their applications usually require at
|
||||
least partially covering a three-dimensional volume. In our survey, we saw a number of methods being used to create
|
||||
three-dimensional structures from planar meshes. Figure~\ref{hsm_fig_3d_struct}
|
||||
\subref{hsm_fig_3d_struct_folded_overlap}-\subref{hsm_fig_3d_struct_house_of_cards} show the major construction styles
|
||||
we saw among our samples. Figure~\ref{hsm_fig_3d_struct_folded_overlap} and
|
||||
Figure~\ref{hsm_fig_3d_struct_folded_no_overlap} have meshes produced as flexible printed circuits, in
|
||||
Figure~\ref{hsm_fig_3d_struct_folded_overlap} using a standard photolithographic copper/polyimide FPC process usually
|
||||
used for flexible PCBs, and in Figure~\ref{hsm_fig_3d_struct_folded_overlap} using a standard silver ink screenprinting
|
||||
process. The choice in Figure~\ref{hsm_fig_3d_struct_folded_no_overlap} not to overlap the mesh in the corner is likely
|
||||
caused by manufacturing considerations, since it might be difficult to ensure proper folding of a small foil tab with
|
||||
adhesive pre-applied. Figure~\ref{hsm_fig_3d_struct_vacuum_form} shows a sample of a flexible circuit manufactured in a
|
||||
screenprinted silver-ink process thermoformed into a three-dimensional
|
||||
shape~\cite{weidnerHardwareschutzFormHalbschalen2007}. The flexible circuit mesh is first produced in a standard planar
|
||||
printing process. After printing and curing, the resulting foil is then heated to soften it, and forced into a
|
||||
three-dimensional shape using a mold. Depending on the process, one or two molds, and vacuum or pressured air can be
|
||||
used to shape the foil. The process requires a screenprinted flexible circuit, and would not work with copper/polyimide
|
||||
flexible PCBs since their copper layer is too thick to plastically deform without tearing, and because polyimide is not
|
||||
sufficiently thermoplastic at low temperatures.
|
||||
|
||||
Thermoforming is a cheap industry standard process, but applied to flexible circuits it has some limitations. First,
|
||||
only 2.5-dimensional structures can be created since the starting product is always a planar sheet. Second, the sheet
|
||||
|
|
@ -822,10 +828,10 @@ which would be a flaw in a more standard HSM application.
|
|||
Besides the house of cards construction style shown in Figure~\ref{hsm_fig_3d_struct_house_of_cards} where PCBs are
|
||||
hand-assembled into a 3D shape, rigid PCBs are also often soldered planar on top of other PCBs to serve as meshes.
|
||||
Figure~\ref{hsm_fig_3d_sandwich} shows examples of such sandwich-style constructions.
|
||||
Figure~\ref{hsm_fig_3d_sandwich_obstacle} and Figure~\ref{hsm_fig_3d_sandwich_via_fence} show a popular construction
|
||||
Figure~\ref{hsm_fig_3d_sandwich_obstacle} and Figure~\ref{hsm_fig_3d_sandwich_via_fence} show a widely used construction
|
||||
technique where a small mesh PCB coupon is soldered using a Land Grid Array (LGA)-technique on top of a larger base PCB
|
||||
containing circuitry. The goal in this technique is to project a small part of the mesh into the space above the base
|
||||
PCB. While this does not prvevent targeted drilling, as the small coupon is easy to avoid, it does prevent an attacker
|
||||
PCB. While this does not prevent targeted drilling as the small coupon is easy to avoid, it does prevent an attacker
|
||||
from sawing or laser-cutting into the side of the device parallel to the base PCB. In the implementation shown in
|
||||
Figure~\ref{hsm_fig_3d_sandwich_obstacle}, the coupon simply contains a small mesh embedded in an inner layer.
|
||||
Figure~\ref{hsm_fig_3d_sandwich_via_fence} shows a different technique, where the mesh inside the coupon is not
|
||||
|
|
@ -855,7 +861,7 @@ via fence layers, at the bottom of the PCB is one more layer containing the pads
|
|||
\begin{subfigure}[t]{0.45\textwidth}
|
||||
\centering
|
||||
\includegraphics[width=\linewidth]{mesh_contact_joint.pdf}
|
||||
\caption{CT section cut with part of a mesh layer and the riveted metal mesh contacts visible.}
|
||||
\caption{CT section cut with part of a mesh layer and the crimped metal mesh contacts visible.}
|
||||
\label{hsm_fig_ingenico_potted_ct_cut}
|
||||
\end{subfigure}
|
||||
\quad
|
||||
|
|
@ -877,14 +883,20 @@ via fence layers, at the bottom of the PCB is one more layer containing the pads
|
|||
\end{figure}
|
||||
|
||||
% FIXME put the CT people in the acknowledgements! Also the microwave people!
|
||||
To evaluate CT imaging as an attack method, we performed CT imaging of the potted HSM module of an Ingenico payment
|
||||
terminal. Figure~\ref{hsm_fig_ingenico_potted} shows the module we analyzed and two images exported from the resulting
|
||||
CT scan data. Figure~\ref{hsm_fig_ingenico_potted_ct_cut} shows a horizontal cut across part of the module. In this cut,
|
||||
we can clearly identify a mesh layer with multiple traces, four solid metal contacts riveted to the mesh foil, and two
|
||||
unused contact pads and mesh traces in the lower part of the picture. An attacker would be able to use this information
|
||||
to target the metal contacts with a tool like a needle probe. From the CT scan we were able to measure that the mesh of
|
||||
the device has a pitch of \qty{1.0}{\milli\meter}. Thus, even inserting a thin needle probe right through one of the
|
||||
mesh's traces should be possible without breaking the trace.
|
||||
Hardware manufacturers implementing security meshes often attempt to keep the meshes' layouts hidden as a way of
|
||||
security by obscurity. In practice, this can take the form of opaque potting compounds (cf.
|
||||
Figure~\ref{hsm_fig_ingenico_potted_seated}), opaque cover layers (cf. Figure~\ref{hsm_fig_materials_gold_lds}), and
|
||||
burying the mesh beneath other features such as PCB ground planes (cf. Figure~\ref{hsm_fig_3d_sandwich_lid}).
|
||||
\todo{Pictures/refs of opaque materials, mention sample numbers}
|
||||
To circumvent such attempts, an obvious attack vector is to use radiographical imaging techniques such as X-ray or CT
|
||||
imaging. To evaluate CT imaging as an attack method, we experimentally imaged the potted HSM module of an Ingenico
|
||||
payment terminal using an industrial CT. Figure~\ref{hsm_fig_ingenico_potted} shows the module we analyzed and two
|
||||
images exported from the resulting CT scan data. Figure~\ref{hsm_fig_ingenico_potted_ct_cut} shows a horizontal cut
|
||||
across part of the module. In this cut, we can clearly identify a mesh layer with multiple traces, four solid metal
|
||||
contacts crimped to the mesh foil, and two unused contact pads and mesh traces in the lower part of the picture. An
|
||||
attacker would be able to use this information to target the metal contacts with a tool like a needle probe. From the CT
|
||||
scan we were able to measure that the mesh of the device has a pitch of \qty{1.0}{\milli\meter}. Thus, even inserting a
|
||||
thin needle probe right through one of the mesh's traces should be possible without breaking the trace.
|
||||
|
||||
Figure~\ref{hsm_fig_ingenico_potted_ct_3d} shows a 3D reconstruction of the mesh's conductor layout. While the
|
||||
reconstruction is slightly noisy due to the limited scan time available, it contains ample detail to reconstruct the
|
||||
|
|
@ -904,8 +916,8 @@ Concluding both our patent research and our experimental survey, we find that ta
|
|||
commonplace technology throughout the past 150 years. While mesh manufacturing technology has experienced some
|
||||
advancements from historical wire-wound meshes to modern meshes always being constructed in printed circuit processes,
|
||||
mesh monitoring approaches have received surprisingly little attention through the centuries and even in recent,
|
||||
state-of-the-art systems, a simple comparator monitoring a mesh arranged in a wheatstone bridge configuration is still
|
||||
considered sufficient by manufacturers.
|
||||
state-of-the-art systems, a simple comparator monitoring a mesh arranged in a bridge configuration is still considered
|
||||
sufficient by manufacturers.
|
||||
% FIXME todo above: show wheatstone bridge schematic
|
||||
|
||||
\subsection{Mesh construction techniques}
|
||||
|
|
@ -914,14 +926,16 @@ We found that in almost all cases, practical tamper sensing meshes are construct
|
|||
processes. In some card payment terminals, we found meshes that used slightly customized standard processes and e.g.
|
||||
integrated a mesh layer produced in a carbon printing process into a membrane keypad, but customizations were minimal.
|
||||
We only found one mesh manufactured in a bespoke process in the datacenter HSM appliance we examined, and that bespoke
|
||||
process turns out to be a turnkey solution used by at least two HSM vendors.
|
||||
process turns out to be a turnkey solution used by at least two HSM vendors. Underscoring stagnating development in the
|
||||
field, this particular mesh manufacturing process seems to have seen only minimal changes since the first patents
|
||||
covering it were published in the late 1990ies.\todo{source}
|
||||
|
||||
\subsection{Mesh monitoring circuits}
|
||||
|
||||
We observed that in general, academic research leads before patent literature, which is ahead of actual implementations
|
||||
in the field. Practical monitoring circuitry seems basic. Particularly the datacenter HSM appliance we examined showed a
|
||||
contrast between a mesh manufactured in a bespoke process combined with a unsophisticated, discrete monitoring circuit
|
||||
based around a number of voltage comparators.
|
||||
contrast between a mesh manufactured in a bespoke process combined with an unsophisticated, discrete monitoring circuit
|
||||
based around a number of voltage comparators.\todo{refer sample number}
|
||||
|
||||
\subsection{Computed Tomography Imaging}
|
||||
|
||||
|
|
@ -975,14 +989,14 @@ large-area photodiode coupled to a scintillator crystal converting X-ray photons
|
|||
|
||||
The widespread use of inexpensive but low-security commodity processes shows that in practical applications, cost is
|
||||
often prioritized over security. The IHSM approach naturally complements such a system that uses a low-security mesh
|
||||
material, increasing its security without the use of a more advanced mesh material. The beneficial construction
|
||||
material and increases its security without needing a more advanced mesh material. The beneficial construction
|
||||
techniques that we identified above such as the use of multiple, spaced layers and low-contrast trace materials
|
||||
complement IHSM technology naturally. The three-dimensional layout of a mesh becomes easier in an IHSM implementation
|
||||
since features like corners between mesh panels or gaps between mesh layers are often naturally protected by the mesh's
|
||||
since features like corners between mesh panels or gaps between mesh layers in most layouts are protected by the mesh's
|
||||
motion. An unintended advantage that results in IHSM implementations over conventional meshes is that they would provide
|
||||
a level of intrinsic resistance to X-ray and CT imaging. In contrast to optical cameras in the visible spectrum, X-ray
|
||||
image sensors need integration times in the hundreds of milliseconds or longer, which makes them unsuitable to image a
|
||||
quickly moving targets.
|
||||
quickly moving target.
|
||||
|
||||
\section{Conclusion}
|
||||
|
||||
|
|
@ -1001,13 +1015,17 @@ can even be forcibly separated from some potting compounds without destroying th
|
|||
The weakest systems we found completely omitted a tamper sensing mesh. Ironically, all of these systems were devices
|
||||
marketed as hardware security modules. Given the inexpensive nature of tamper sensing meshes and the high price point of
|
||||
such devices, we suspect market segmentation as a driving force behind their manufacturers' decision to omit tamper
|
||||
sensing meshes. We conclude from this observation that the term ``HSM'' does not imply state-of-the-art physical tamper
|
||||
sensing.
|
||||
sensing meshes despite their low cost. The primary security standard that is most often cited for the certification of
|
||||
HSMs is the US government's FIPS-140\todo{cite}, now in its third version. A peculiarity of this standard is that it
|
||||
only requires active tamper sensing meshes in the highest of the four security levels it defeies. Overall, we can
|
||||
conclude that the term ``HSM'' does not imply state-of-the-art physical tamper sensing.
|
||||
|
||||
From an academic point of view, the core finding of our survey is that tamper sensing meshes manufactured in a number of
|
||||
commercial manufacturing processes would yield acceptable surrogates for real devices found in the wild. With the
|
||||
exception of a single device that used a particularly fine structure size in the \qty{100}{\micro\meter} range, none of
|
||||
the devices we examined utilized particularly non-obvious construction techniques.
|
||||
From an academic point of view, the core finding of our survey is that for academic research on mesh manufacturing,
|
||||
monitoring or attacks on meshese, realistic tamper sensing mesh samples can easily be created. A number of commercial
|
||||
manufacturing processes would yield acceptable standins for real devices found in the wild. With the exception of a
|
||||
single device that used a particularly fine structure size in the \qty{100}{\micro\meter} range approaching the limit of
|
||||
inexpensive PCB manufacturing processes, none of the devices we examined utilized particularly non-obvious construction
|
||||
techniques.
|
||||
|
||||
Form an engineering point of view, we observe that across application domains, tamper sensing meshes often use basic
|
||||
construction techniques. Implementing such a system that matches the security of other systems seen in the wild should
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue