WIP
This commit is contained in:
jaseg
parent
82053a518a
commit
f8e74bbff3
4 changed files with 46 additions and 38 deletions
|
|
@ -6,29 +6,27 @@
|
|||
|
||||
\chaptertitle{Active Tamper Sensing in the Wild}
|
||||
|
||||
In this chapter we will take a look at how the tamper-sensing meshes that provide the core tamper response in Hardware
|
||||
Security Modules are built and what they are used for. We will analyze the gaps left by the current state of the
|
||||
industry, and evaluate how Inertial HSMs could close these gaps to make secure hardware accessible to everyone. We will
|
||||
start with a brief history of secure hardware with a particular focus on tamper-sensing meshes since the tamper-sensing
|
||||
mesh is the primary line of defense that delineates a hardware security module from other, weaker secure hardware
|
||||
primitives such as Smart Cards or Trusted Platform Modules (TPMs).
|
||||
|
||||
% FIXME include stuff from EPA paper
|
||||
|
||||
\section{The History of Tamper Sensing Meshes}
|
||||
|
||||
Tamper-sensing meshes can be implemented in many different ways. Their design offers various degrees of freedom from the
|
||||
precise conductor layout, through the manufacturing technology of the mesh and how it is wrapped around the payload
|
||||
during manufacturing up to its monitoring circuitry. As a result, manufacturers across application domains from
|
||||
datacenter appliance HSMs through card payment terminals have historically used patents on parts of their tamper-sensing
|
||||
mesh implementations as a means to prevent copying of their designs~\cite{
|
||||
Tamper-sensing meshes are highly effective at preventing a large array of physical attacks and provide the core of the
|
||||
tamper-response system of a Hardware Security Module. In this chapter we will take a look at a range of real-world
|
||||
devices using tamper-sensing meshes and analyze their implementation. We will analyze the gaps left by the current state
|
||||
of the industry, and evaluate how Inertial HSMs could close these gaps to make secure hardware accessible to a wider
|
||||
range of applications. We will start with a brief history of secure hardware with a particular focus on tamper-sensing
|
||||
meshes.
|
||||
|
||||
Tamper-sensing meshes offer many degrees of freedom in their design ranging from the precise conductor layout, through
|
||||
the manufacturing technology of the mesh and how it is wrapped around the payload during manufacturing up to their
|
||||
monitoring circuitry. As a result, manufacturers across application domains from datacenter appliance HSMs through card
|
||||
payment terminals have historically used patents on parts of their tamper-sensing mesh implementations as a means to
|
||||
prevent copying of their designs~\cite{
|
||||
razaghiCircuitBoardHold2019,
|
||||
heitmannTamperBarrierElectronic2005,
|
||||
clarkTamperDetectionSystem2005,
|
||||
heitmannMethodMakingTamper2009,
|
||||
perreaultSystemMethodInstalling2005,
|
||||
}. The basic principle of modern tamper-sensing meshes of preventing intrusion by force through embedding a looped
|
||||
conductor to cover a surface traces back as far as at least 1870~\cite{
|
||||
}. The basic principle of modern tamper-sensing meshes, preventing physical intrusion using an embedded looped conductor
|
||||
to cover a surface traces back as far as at least 1870~\cite{
|
||||
ImprovementProtectingSafes1870,
|
||||
ImprovementElectromagneticEnvelopes1870}, when it was applied to the protection of bank vaults from robbers
|
||||
attempting to dig, drill and saw through the vault's floor and walls. Even multi-layer, orthogonal tamper-sensing meshes
|
||||
|
|
@ -51,9 +49,8 @@ the widespread adoption of cryptography in commercial applications~\cite{
|
|||
|
||||
\subsection{Use by the US Military}
|
||||
|
||||
Electronic tamper sensing meshes are documented in literature beginning around World War \RN{2}. The earliest mention of
|
||||
such a system we are aware of is from notes on a series of lectures given by Dr.~David~G. Boak, a specialist in
|
||||
communications security and signal intelligence at the US National Security
|
||||
One of the earliest practical uses of tamper sensing meshes is documented in notes on a series of lectures given by
|
||||
Dr.~David~G. Boak, a specialist in communications security and signal intelligence at the US National Security
|
||||
Agency\cite{nsaHistoryUSCommunications1973,nsaHistoryUSCommunications1981}. In this lecture series, Boak mentions that
|
||||
around World War \RN{2}, the US became concerned about the security of their ciphering machines, which at the time were
|
||||
large, fridge-sized electro-mechanical contraptions. Initially, simple safes were used to protect those
|
||||
|
|
@ -129,15 +126,15 @@ Commercially, tamper sensing meshes have entered widespread use beginning around
|
|||
in then-new HSMs, cryptographic coprocessors primarily aimed at the financial
|
||||
industry~\cite{andersonSecurityEngineeringGuide2020}. Today, their use in finance has spread from HSMs in datacenters
|
||||
and ATMs to the ATM pin pads themselves, which encrypt the customer's PIN right at the source, as well as in all kinds
|
||||
of card payment terminals. We will analyze two such ATM pin pads later in this paper.
|
||||
of card payment terminals. We will analyze two such ATM pin pads later in this chapter.
|
||||
|
||||
HSMs are used for highly sensitive operations even outside of the financial industry, although their adoption is
|
||||
hampered by their high cost. Such applications include key management in the TLS certificate infrastructure. In this
|
||||
paper, we will analyze a commercial HSM that was used in the key management infrastructure of a premium TV provider.
|
||||
chapter, we will analyze a commercial HSM that was used in the key management infrastructure of a premium TV provider.
|
||||
|
||||
Beyond finance, tamper-sensing meshes have found applications in a variety of other use cases as well. For instance, we
|
||||
have found them being used in mail franking machines to protect the credit counter and franking data, with one such unit
|
||||
analyzed in this paper. Furthermore, we have identified at least one model of key safe that in Germany is mounted
|
||||
analyzed in this chapter. Furthermore, we have identified at least one model of key safe that in Germany is mounted
|
||||
externally on public buildings to provide keys to emergency services, and which includes a tamper sensing mesh on its
|
||||
outside-facing wall to detect attempts at drilling into it. Finally, we have found a processing unit used in a series of
|
||||
mid-2000s era slot machines in Germany that includes a tamper-sensing mesh, presumably to prevent modification or
|
||||
|
|
@ -145,7 +142,7 @@ cloning. This device will also be analyzed later in this chapter.
|
|||
|
||||
\section{The Principles of Tamper-Sensing Mesh Construction and Monitoring}
|
||||
|
||||
\subsection{Tamper-sensing Mesh Manufacturing}
|
||||
%\subsection{Tamper-sensing Mesh Manufacturing}
|
||||
|
||||
The manufacturing technology of a tamper sensing mesh is a critical factor in its security. While in many applications,
|
||||
meshes manufactured from off-the-shelf processes such as Flexible Printed Circuit (FPC) processes are used, these
|
||||
|
|
@ -170,7 +167,7 @@ mesh is embedded inside after installation are clearly co-designed with the carb
|
|||
material adheres well to both, leading to the traces being destroyed when either are peeled off.
|
||||
|
||||
The design of these IBM/Gore meshes is documented in an extensive list of patents, mostly under IBM's name. Its
|
||||
fundamental layout has not changed much since the early 1990ies~\cite{
|
||||
basic construction and layout has not changed much since the early 1990ies~\cite{
|
||||
macphersonImprovementsSecurityEnclosures1993,
|
||||
macphersonTamperRespondentEnclosure1999}.
|
||||
|
||||
|
|
@ -188,18 +185,15 @@ e.g.\ 5 years, this corresponds to a maximum average power consumption of \qty{4
|
|||
% keyword: wire covering
|
||||
To achieve low power consumption, a popular technique known since at least
|
||||
1902~\cite{suttonElectricallyprotectedStructure1902} and still used
|
||||
today~\cite{cesanaTamperResistantCard2001,razaghiCircuitBoardHold2019} is to measure the mesh's deviation from its
|
||||
baseline value. This measurement can be implemented either by directly comparing a mesh trace's resistance with a
|
||||
reference resistor, or using a wheatstone bridge. Using a bridge circuit was already used in early tamper-sensing mesh
|
||||
implementations~\cite{
|
||||
today~\cite{cesanaTamperResistantCard2001,razaghiCircuitBoardHold2019} is to measure the deviation of the mesh's
|
||||
end-to-end ohmic resistance from its baseline value. This measurement can be implemented either by directly comparing a
|
||||
mesh trace's resistance with a reference resistor, or using a wheatstone bridge. Using a bridge circuit was already used
|
||||
in early tamper-sensing mesh implementations~\cite{
|
||||
ElektrischeSicherheitseinrichtungSchutze1932,
|
||||
hamPrintedcircuitTypeSecurity1971,
|
||||
dalphinEnceinteProtegeeAvec1987,
|
||||
} and makes it possible to detect small changes in the mesh's resistance with little complexity.
|
||||
|
||||
% TODO US7345497B2 uses balanced transmission lines / fast pulses
|
||||
% NOTE: US3882324A mentions exploding the device as tamper response
|
||||
|
||||
\subsection{Other Tamper Sensing Techniques}
|
||||
|
||||
Besides tamper-sensing meshes, environmental sensors such as temperature or light sensors are frequently used as a
|
||||
|
|
|
|||
|
|
@ -302,8 +302,8 @@ to use in online searches, and when using Large Language Models (LLMs), it frequ
|
|||
|
||||
\section{A Motivating Counter-Example}
|
||||
|
||||
% EPA paper from ESORICS HS3 workshop
|
||||
|
||||
\todo{FIXME: Proper citation here}
|
||||
\sourceattrib{This part is based on a short paper presented at the HS3 workshop at ESORICS 2025.}
|
||||
Looking at the landscape of computer security solutions, we are presented with a wide variety of vendors and products
|
||||
that may give the impression that hardware security is a solved problem. Vendors sell various claims rangning from
|
||||
\emph{You don't need hardware security, just do it in the cloud!} to \emph{Buy our HSM and you will be secure!}. In
|
||||
|
|
|
|||
|
|
@ -155,7 +155,7 @@ tampering is detected~\cite{
|
|||
ISOIEC24759,
|
||||
pcisecuritystandardscouncilPaymentCardIndustry2021}.
|
||||
Like other PUF-based systems, their system naturally lacks this capability.
|
||||
|
||||
~
|
||||
Key differences of our system include:
|
||||
\begin{itemize}
|
||||
\item Our system can cover larger meshes without loss of precision using a single TDR frontend through multiplexing.
|
||||
|
|
@ -200,7 +200,8 @@ Closest to our proposal in the academic corpus is the work of
|
|||
domain response of a mesh using a circuit made from a pulse generator and a fast Analog-to-Digital Converter (ADC). To
|
||||
avoid an expensive, high-speed digital processing pipeline, their design is centered around a specialized high-speed ADC
|
||||
that has a built-in sample memory. Using this part, they capture a pulse at high speed after it traverses the mesh.
|
||||
Subsequently, they slowly process the captured data from memory.
|
||||
Subsequently, they slowly process the captured data from memory. A 2007
|
||||
patent~\cite{matsunoProtectionCircuitSemiconductor2008} proposes the same delay-based approach.
|
||||
|
||||
Advantages of their design include better sensitivity to changes in total mesh trace length compared to simple
|
||||
continuity monitoring and the low complexity of their analog frontend. Disadvantages include the reliance on a specialty
|
||||
|
|
|
|||
|
|
@ -88,6 +88,7 @@
|
|||
|
||||
\newcommand{\todo}[1]{
|
||||
\ifdefined\thesispreviewmode
|
||||
\noindent%
|
||||
\marginpar{
|
||||
\setlength{\fboxsep}{2mm}
|
||||
\shadowbox{
|
||||
|
|
@ -104,6 +105,16 @@
|
|||
\fi
|
||||
}
|
||||
|
||||
\newcommand{\sourceattrib}[1]{%
|
||||
\noindent%
|
||||
\marginpar{%
|
||||
\raggedleft%
|
||||
\footnotesize%
|
||||
\textit{#1}%
|
||||
}%
|
||||
\ignorespaces%
|
||||
}
|
||||
|
||||
\newcommand{\todoplaceholder}[1]{\textbf{TODO}\todo{#1}}
|
||||
|
||||
% https://tex.stackexchange.com/questions/30720/footnote-without-a-marker
|
||||
|
|
@ -141,15 +152,17 @@
|
|||
|
||||
\newcommand{\chapterbibliography}{
|
||||
\clearpage % clearpage flushes all figures. force this here so we don't get figures floating in between references.
|
||||
\addcontentsline{toc}{section}{References}
|
||||
\newrefcontext{webref}
|
||||
\printbibliography[type={online},title={Web sources},heading=subbibintoc,resetnumbers=false,segment=\therefsegment]
|
||||
\printbibliography[type={online},title={Web sources},heading=none,resetnumbers=false,segment=\therefsegment]
|
||||
\newrefcontext{defref}
|
||||
\printbibliography[nottype={online},nottype={patent},heading=subbibintoc,resetnumbers=false,segment=\therefsegment]
|
||||
\printbibliography[nottype={online},nottype={patent},heading=none,resetnumbers=false,segment=\therefsegment]
|
||||
\newrefcontext{patref}
|
||||
\printbibliography[type={patent},title={Patent References},heading=subbibintoc,resetnumbers=false,segment=\therefsegment]
|
||||
\printbibliography[type={patent},title={Patent References},heading=none,resetnumbers=false,segment=\therefsegment]
|
||||
}
|
||||
|
||||
\newrefcontext{defref}
|
||||
|
||||
\hyphenation{a-me-na-ble}
|
||||
\hyphenation{da-ta-cen-ter}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue