jaseg/phd-thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make ihsm related work flow better

Browse source
This commit is contained in:
jaseg 2026-01-19 07:03:33 +01:00
parent fe9dd77606
commit bf66366603
1 changed files with 4 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

25
chapter-ihsm/chapter.tex
View file

@ -74,8 +74,7 @@ This chapter contains the following contributions:
\label{prototype_picture}
\end{figure}
In Section~\ref{sec_related_work}, we will give an overview of the state of the art in HSM physical security. On this
basis, in Section~\ref{sec_ihsm_construction} we will elaborate the principles of our Inertial HSM approach. We will
In Section~\ref{sec_ihsm_construction} we will elaborate the principles of our Inertial HSM approach. We will
analyze its weaknesses in Section~\ref{sec_attacks}. Based on these results we have built a proof-of-concept hardware
prototype. In Section~\ref{sec_proto} we will elaborate on the design of this prototype. In Section~\ref{sec_accel_meas}
we present our characterization of an automotive MEMS accelerometer IC as a rotation sensor in this proof-of-concept
@ -86,9 +85,9 @@ prototype. We conclude this chapter with a general evaluation of our design in S
% summaries of research papers on HSMs. I have not found any actual prior art on anything involving mechanical motion
% beyond ultrasound.
HSMs are an old technology that traces back decades in its electronic realization, initially being conceived by the US
NSA during the second world war~\cite{boak1973}. Today's common approach of monitoring meandering electrical traces on a
fragile foil that is wrapped around the HSM essentially transforms the security problem into the challenge to
As we elaborated in Chapter~\ref{chapter-survey}, HSMs are an old technology that traces back decades in its electronic
realization. Today's common approach of monitoring meandering electrical traces on a fragile foil that is wrapped around
the HSM essentially transforms the security problem into the challenge to
manufacture very fine electrical traces on a flexible foil~\cite{isaacs2013, immler2019,
andersonSecurityEngineeringGuide2020}. There has been some research on monitoring the HSM's interior using e.g.\
electromagnetic radiation~\cite{tobisch2020, kreft2012} or ultrasound~\cite{vrijaldenhoven2004} but none of this
@ -99,22 +98,6 @@ difference is that an HSM continuously monitors itself whereas a physical seal o
requires someone to examine it. This examination can be done by eye in the field, but it can also be carried out in a
laboratory using complex equipment. An HSM in principle has to have this examination equipment built-in.
Physical seals are used in a wide variety of applications. The most interesting ones from a research point of view that
are recorded in public literature are those used for the monitoring of nuclear material under the International Atomic
Energy Authority (IAEA). Most of these seals use the same approach that is used in Physical Unclonable Functions (PUFs),
though their development predates that of PUFs by several decades. The seal is created in a way that intentionally
causes large, random device-to-device variations. These variations are precisely recorded at deployment. At the end of
the seal's lifetime, the seal is returned to a lab and closely examined to check for any deviations from the seal's
prior recorded state. The type of variation used in these seals includes random scratches in metal parts and random
blobs of solder (IAEA metal cap seal), randomly cut optical fibers (COBRA seal), the uncontrollably random distribution
of glitter particles in a polymer matrix (COBRA seal prototypes) as well as the precise three-dimensional surface
structure of metal parts at microscopic scales (LMCV)~\cite{iaea2011}.
The IAEA's equipment portfolio does include electronic seals such as the EOSS. These devices are intended for remote
reading, similar to an HSM. They are constructed from two components: A cable that is surveilled for tampering, and a
monitoring device. The monitoring device itself is in effect an HSM and uses a security mesh foil like it is used in
commercial HSMs.
The self-destruct built into an HSM serves as a strong tamper deterrent. For illustration, compare an HSM to a computer
inside a locked safe when opposing a well-funded attacker with plenty of time. In~\cite{boak1973}, Boak asserts that
absent an HSM's capability to self-destruct, the best safes can only withstand brute force attacks by an expert for