WIP
This commit is contained in:
jaseg
parent
82053a518a
commit
f8e74bbff3
4 changed files with 46 additions and 38 deletions
|
|
@ -6,29 +6,27 @@
|
|||
|
||||
\chaptertitle{Active Tamper Sensing in the Wild}
|
||||
|
||||
In this chapter we will take a look at how the tamper-sensing meshes that provide the core tamper response in Hardware
|
||||
Security Modules are built and what they are used for. We will analyze the gaps left by the current state of the
|
||||
industry, and evaluate how Inertial HSMs could close these gaps to make secure hardware accessible to everyone. We will
|
||||
start with a brief history of secure hardware with a particular focus on tamper-sensing meshes since the tamper-sensing
|
||||
mesh is the primary line of defense that delineates a hardware security module from other, weaker secure hardware
|
||||
primitives such as Smart Cards or Trusted Platform Modules (TPMs).
|
||||
|
||||
% FIXME include stuff from EPA paper
|
||||
|
||||
\section{The History of Tamper Sensing Meshes}
|
||||
|
||||
Tamper-sensing meshes can be implemented in many different ways. Their design offers various degrees of freedom from the
|
||||
precise conductor layout, through the manufacturing technology of the mesh and how it is wrapped around the payload
|
||||
during manufacturing up to its monitoring circuitry. As a result, manufacturers across application domains from
|
||||
datacenter appliance HSMs through card payment terminals have historically used patents on parts of their tamper-sensing
|
||||
mesh implementations as a means to prevent copying of their designs~\cite{
|
||||
Tamper-sensing meshes are highly effective at preventing a large array of physical attacks and provide the core of the
|
||||
tamper-response system of a Hardware Security Module. In this chapter we will take a look at a range of real-world
|
||||
devices using tamper-sensing meshes and analyze their implementation. We will analyze the gaps left by the current state
|
||||
of the industry, and evaluate how Inertial HSMs could close these gaps to make secure hardware accessible to a wider
|
||||
range of applications. We will start with a brief history of secure hardware with a particular focus on tamper-sensing
|
||||
meshes.
|
||||
|
||||
Tamper-sensing meshes offer many degrees of freedom in their design ranging from the precise conductor layout, through
|
||||
the manufacturing technology of the mesh and how it is wrapped around the payload during manufacturing up to their
|
||||
monitoring circuitry. As a result, manufacturers across application domains from datacenter appliance HSMs through card
|
||||
payment terminals have historically used patents on parts of their tamper-sensing mesh implementations as a means to
|
||||
prevent copying of their designs~\cite{
|
||||
razaghiCircuitBoardHold2019,
|
||||
heitmannTamperBarrierElectronic2005,
|
||||
clarkTamperDetectionSystem2005,
|
||||
heitmannMethodMakingTamper2009,
|
||||
perreaultSystemMethodInstalling2005,
|
||||
}. The basic principle of modern tamper-sensing meshes of preventing intrusion by force through embedding a looped
|
||||
conductor to cover a surface traces back as far as at least 1870~\cite{
|
||||
}. The basic principle of modern tamper-sensing meshes, preventing physical intrusion using an embedded looped conductor
|
||||
to cover a surface traces back as far as at least 1870~\cite{
|
||||
ImprovementProtectingSafes1870,
|
||||
ImprovementElectromagneticEnvelopes1870}, when it was applied to the protection of bank vaults from robbers
|
||||
attempting to dig, drill and saw through the vault's floor and walls. Even multi-layer, orthogonal tamper-sensing meshes
|
||||
|
|
@ -51,9 +49,8 @@ the widespread adoption of cryptography in commercial applications~\cite{
|
|||
|
||||
\subsection{Use by the US Military}
|
||||
|
||||
Electronic tamper sensing meshes are documented in literature beginning around World War \RN{2}. The earliest mention of
|
||||
such a system we are aware of is from notes on a series of lectures given by Dr.~David~G. Boak, a specialist in
|
||||
communications security and signal intelligence at the US National Security
|
||||
One of the earliest practical uses of tamper sensing meshes is documented in notes on a series of lectures given by
|
||||
Dr.~David~G. Boak, a specialist in communications security and signal intelligence at the US National Security
|
||||
Agency\cite{nsaHistoryUSCommunications1973,nsaHistoryUSCommunications1981}. In this lecture series, Boak mentions that
|
||||
around World War \RN{2}, the US became concerned about the security of their ciphering machines, which at the time were
|
||||
large, fridge-sized electro-mechanical contraptions. Initially, simple safes were used to protect those
|
||||
|
|
@ -129,15 +126,15 @@ Commercially, tamper sensing meshes have entered widespread use beginning around
|
|||
in then-new HSMs, cryptographic coprocessors primarily aimed at the financial
|
||||
industry~\cite{andersonSecurityEngineeringGuide2020}. Today, their use in finance has spread from HSMs in datacenters
|
||||
and ATMs to the ATM pin pads themselves, which encrypt the customer's PIN right at the source, as well as in all kinds
|
||||
of card payment terminals. We will analyze two such ATM pin pads later in this paper.
|
||||
of card payment terminals. We will analyze two such ATM pin pads later in this chapter.
|
||||
|
||||
HSMs are used for highly sensitive operations even outside of the financial industry, although their adoption is
|
||||
hampered by their high cost. Such applications include key management in the TLS certificate infrastructure. In this
|
||||
paper, we will analyze a commercial HSM that was used in the key management infrastructure of a premium TV provider.
|
||||
chapter, we will analyze a commercial HSM that was used in the key management infrastructure of a premium TV provider.
|
||||
|
||||
Beyond finance, tamper-sensing meshes have found applications in a variety of other use cases as well. For instance, we
|
||||
have found them being used in mail franking machines to protect the credit counter and franking data, with one such unit
|
||||
analyzed in this paper. Furthermore, we have identified at least one model of key safe that in Germany is mounted
|
||||
analyzed in this chapter. Furthermore, we have identified at least one model of key safe that in Germany is mounted
|
||||
externally on public buildings to provide keys to emergency services, and which includes a tamper sensing mesh on its
|
||||
outside-facing wall to detect attempts at drilling into it. Finally, we have found a processing unit used in a series of
|
||||
mid-2000s era slot machines in Germany that includes a tamper-sensing mesh, presumably to prevent modification or
|
||||
|
|
@ -145,7 +142,7 @@ cloning. This device will also be analyzed later in this chapter.
|
|||
|
||||
\section{The Principles of Tamper-Sensing Mesh Construction and Monitoring}
|
||||
|
||||
\subsection{Tamper-sensing Mesh Manufacturing}
|
||||
%\subsection{Tamper-sensing Mesh Manufacturing}
|
||||
|
||||
The manufacturing technology of a tamper sensing mesh is a critical factor in its security. While in many applications,
|
||||
meshes manufactured from off-the-shelf processes such as Flexible Printed Circuit (FPC) processes are used, these
|
||||
|
|
@ -170,7 +167,7 @@ mesh is embedded inside after installation are clearly co-designed with the carb
|
|||
material adheres well to both, leading to the traces being destroyed when either are peeled off.
|
||||
|
||||
The design of these IBM/Gore meshes is documented in an extensive list of patents, mostly under IBM's name. Its
|
||||
fundamental layout has not changed much since the early 1990ies~\cite{
|
||||
basic construction and layout has not changed much since the early 1990ies~\cite{
|
||||
macphersonImprovementsSecurityEnclosures1993,
|
||||
macphersonTamperRespondentEnclosure1999}.
|
||||
|
||||
|
|
@ -188,18 +185,15 @@ e.g.\ 5 years, this corresponds to a maximum average power consumption of \qty{4
|
|||
% keyword: wire covering
|
||||
To achieve low power consumption, a popular technique known since at least
|
||||
1902~\cite{suttonElectricallyprotectedStructure1902} and still used
|
||||
today~\cite{cesanaTamperResistantCard2001,razaghiCircuitBoardHold2019} is to measure the mesh's deviation from its
|
||||
baseline value. This measurement can be implemented either by directly comparing a mesh trace's resistance with a
|
||||
reference resistor, or using a wheatstone bridge. Using a bridge circuit was already used in early tamper-sensing mesh
|
||||
implementations~\cite{
|
||||
today~\cite{cesanaTamperResistantCard2001,razaghiCircuitBoardHold2019} is to measure the deviation of the mesh's
|
||||
end-to-end ohmic resistance from its baseline value. This measurement can be implemented either by directly comparing a
|
||||
mesh trace's resistance with a reference resistor, or using a wheatstone bridge. Using a bridge circuit was already used
|
||||
in early tamper-sensing mesh implementations~\cite{
|
||||
ElektrischeSicherheitseinrichtungSchutze1932,
|
||||
hamPrintedcircuitTypeSecurity1971,
|
||||
dalphinEnceinteProtegeeAvec1987,
|
||||
} and makes it possible to detect small changes in the mesh's resistance with little complexity.
|
||||
|
||||
% TODO US7345497B2 uses balanced transmission lines / fast pulses
|
||||
% NOTE: US3882324A mentions exploding the device as tamper response
|
||||
|
||||
\subsection{Other Tamper Sensing Techniques}
|
||||
|
||||
Besides tamper-sensing meshes, environmental sensors such as temperature or light sensors are frequently used as a
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue