From d7eb668fcfbd9bc0992dc01de2d9077c8ee61298 Mon Sep 17 00:00:00 2001 From: jaseg Date: Wed, 5 Nov 2025 11:11:25 +0100 Subject: [PATCH] Fix broken reference --- chapter-ihsm/chapter.tex | 39 +++++++++++++++++++++------------------ 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/chapter-ihsm/chapter.tex b/chapter-ihsm/chapter.tex index be86bcc..302a5c0 100644 --- a/chapter-ihsm/chapter.tex +++ b/chapter-ihsm/chapter.tex @@ -83,14 +83,15 @@ detection. HSMs are an old technology that traces back decades in its electronic realization, initially being conceived by the US NSA during the second world war~\cite{boak1973}. Today's common approach of monitoring meandering electrical traces on a fragile foil that is wrapped around the HSM essentially transforms the security problem into the challenge to -manufacture very fine electrical traces on a flexible foil~\cite{isaacs2013, immler2019, andersonSecurityEngineeringGuide2020}. There has been -some research on monitoring the HSM's interior using e.g.\ electromagnetic radiation~\cite{tobisch2020, kreft2012} or -ultrasound~\cite{vrijaldenhoven2004} but none of this research has found widespread adoption yet. +manufacture very fine electrical traces on a flexible foil~\cite{isaacs2013, immler2019, +andersonSecurityEngineeringGuide2020}. There has been some research on monitoring the HSM's interior using e.g.\ +electromagnetic radiation~\cite{tobisch2020, kreft2012} or ultrasound~\cite{vrijaldenhoven2004} but none of this +research has found widespread adoption yet. -HSMs can be compared to physical seals~\cite{andersonSecurityEngineeringGuide2020}. Both are tamper-evident devices. The difference is that an -HSM continuously monitors itself whereas a physical seal only serves to record tampering and requires someone to examine -it. This examination can be done by eye in the field, but it can also be carried out in a laboratory using complex -equipment. An HSM in principle has to have this examination equipment built-in. +HSMs can be compared to physical seals~\cite{andersonSecurityEngineeringGuide2020}. Both are tamper-evident devices. The +difference is that an HSM continuously monitors itself whereas a physical seal only serves to record tampering and +requires someone to examine it. This examination can be done by eye in the field, but it can also be carried out in a +laboratory using complex equipment. An HSM in principle has to have this examination equipment built-in. Physical seals are used in a wide variety of applications. The most interesting ones from a research point of view that are recorded in public literature are those used for the monitoring of nuclear material under the International Atomic @@ -115,14 +116,16 @@ several minutes. While the state of electronics has advanced rapidly since Boak' has not increased correspondingly. Thus, we can conclude that even today, against a ``smart, well-equipped opponent with plenty of time'' as noted by Boak, this self-destruction functionality is essential. -In~\cite{andersonSecurityEngineeringGuide2020}, Anderson gives a comprehensive overview of physical security. An example HSM that he cites is -the IBM 4758, the details of which are laid out in-depth in~\cite{smith1998}. This HSM is an example of an -industry-standard construction. Although its turn of the century design is now a bit dated, the construction techniques -of the physical security mechanisms have not evolved much in the last two decades. Besides some auxiliary temperature -and radiation sensors to guard against attacks on the built-in SRAM memory, the module's main security barrier uses the -common construction of a flexible mesh foil wrapped around the module's core. In~\cite{smith1998}, the authors state -that the module monitors this mesh for short circuits, open circuits, and conductivity. Other commercial offerings use -similar approaches to tamper detection~\cite{obermaier2018,drimer2008,andersonSecurityEngineeringGuide2020,isaacs2013}. +In~\cite{andersonSecurityEngineeringGuide2020}, Anderson gives a comprehensive overview of physical security. An example +HSM that he cites is the IBM 4758, the details of which are laid out in-depth +in~\cite{smithBuildingHighperformanceProgrammable1999}. This HSM is an example of an industry-standard construction. +Although its turn of the century design is now a bit dated, the construction techniques of the physical security +mechanisms have not evolved much in the last two decades. Besides some auxiliary temperature and radiation sensors to +guard against attacks on the built-in SRAM memory, the module's main security barrier uses the common construction of a +flexible mesh foil wrapped around the module's core. In~\cite{smithBuildingHighperformanceProgrammable1999}, the authors +state that the module monitors this mesh for short circuits, open circuits, and conductivity. Other commercial offerings +use similar approaches to tamper +detection~\cite{obermaier2018,drimer2008,andersonSecurityEngineeringGuide2020,isaacs2013}. Shifting our focus from industry use to the academic state of the art, in~\cite{immler2019}, Immler et al. describe an HSM based on precise capacitance measurements of a security mesh, creating a PUF from the mesh. In contrast to @@ -611,9 +614,9 @@ penetrates the mesh at the axis. The mesh's tangential velocity decreases close allow an attacker to insert tools such as probes into the device through the opening it creates. Conventional HSMs also have to take precautions to protect their power and data connections. In conventional HSMs, power and data are routed into the enclosure along a meandering path through the PCB or through flat flex cables sandwiched in between security -mesh foil layers~\cite{smith1998}. As a result of these precautions, in conventional HSMs, this interface rarely is a -mechanical weak spot. In inertial HSMs, careful engineering is necessary to achieve the same effect. -Figure~\ref{shaft_cm} shows variations of the shaft interface with increasing complexity. +mesh foil layers~\cite{smithBuildingHighperformanceProgrammable1999}. As a result of these precautions, in conventional +HSMs, this interface rarely is a mechanical weak spot. In inertial HSMs, careful engineering is necessary to achieve the +same effect. Figure~\ref{shaft_cm} shows variations of the shaft interface with increasing complexity. \begin{figure} \begin{subfigure}[t]{0.3\textwidth}