Add TDR pulse gen diagram

This is a TUDa specific requirement for submission. It should not be
included in published versions.

Makefile

@@ -14,20 +14,34 @@ all: thesis.pdf
 
 # We need three runs for biblatex's defernumbers
 %.pdf: %.tex common-packages.tex common-defs.tex main.bib version.tex
-	pdflatex -shell-escape -jobname thesis '\def\thesispreviewmode{}\input{$<}'
+	pdflatex -shell-escape -jobname $* '\def\thesispreviewmode{}\input{$<}'
 	biber $*
-	pdflatex -shell-escape -jobname thesis '\def\thesispreviewmode{}\input{$<}'
+	pdflatex -shell-escape -jobname $* '\def\thesispreviewmode{}\input{$<}'
-	pdflatex -shell-escape -jobname thesis '\def\thesispreviewmode{}\input{$<}'
+	pdflatex -shell-escape -jobname $* '\def\thesispreviewmode{}\input{$<}'
 	echo
 	echo "Undefined biblatex references:"
 	grep -A2 'Package biblatex Warning: The following entry could not be found' thesis.log | sed -n '3~4{s/(biblatex) *//;p}' || echo "<None>"
 
-#.PHONY: preview
+%-oneside.pdf: %.tex common-packages.tex common-defs.tex main.bib version.tex
-final:
+	pdflatex -shell-escape -jobname $*-oneside '\def\thesispreviewmode{}\def\thesisoneside{}\input{$<}'
-	pdflatex -shell-escape $<
+	biber $*-oneside
-	biber $*
+	pdflatex -shell-escape -jobname $*-oneside '\def\thesispreviewmode{}\def\thesisoneside{}\input{$<}'
-	pdflatex -shell-escape $<
+	pdflatex -shell-escape -jobname $*-oneside '\def\thesispreviewmode{}\def\thesisoneside{}\input{$<}'
-	pdflatex -shell-escape $<
+	echo
+	echo "Undefined biblatex references:"
+	grep -A2 'Package biblatex Warning: The following entry could not be found' thesis.log | sed -n '3~4{s/(biblatex) *//;p}' || echo "<None>"
+
+%-final.pdf: %.tex common-packages.tex common-defs.tex main.bib version.tex abstract.tex abstract-de.tex
+	pdflatex -jobname $*-final -shell-escape $<
+	biber $*-final
+	pdflatex -jobname $*-final -shell-escape $<
+	pdflatex -jobname $*-final -shell-escape $<
+
+%-final-oneside.pdf: %.tex common-packages.tex common-defs.tex main.bib version.tex
+	pdflatex -shell-escape -jobname $*-final-oneside '\def\thesisoneside{}\input{$<}'
+	biber $*-final-oneside
+	pdflatex -shell-escape -jobname $*-final-oneside '\def\thesisoneside{}\input{$<}'
+	pdflatex -shell-escape -jobname $*-final-oneside '\def\thesisoneside{}\input{$<}'
 
 version.tex: thesis.tex $(addsuffix /chapter.tex,${CHAPTERS})
 	echo "${VERSION_STRING}" > $@

abstract-de.tex

@@ -4,38 +4,56 @@
 \adjustmtc
 \addcontentsline{toc}{chapter}{Kurzzusammenfassung}
 
-\todo{Re-translate, manually check translation}
+    \marginpar{This section is a translated copy of the English abstract below.}  
-\marginpar{This section is a machine-translated copy of the English abstract below.}  
+    Im Laufe der letzten Jahrzehnte habe Fortschritte in der Kryptographie sowie Techniken wie formale Verifikation den
-Mit kryptografischen Fortschritten und Techniken wie der formalen Verifizierung, die zu immer sichererer Software
+    Stand der Softwaresicherheit stetig verbessert. Gleichzeitig hat das Gebiet der Hardwaresicherheit mit diesen
-führen, rückt die Hardwareebene in den Fokus der aktuellen Computersicherheitsforschung. Der Stand der Technik in
+    Entwicklungen nicht Schritt halten können. Trotz Fortschritten in Teilgebieten wie der Resilienz gegenüber
-der Hardwaresicherheit stützt sich jedoch oft noch auf den Einsatz mikroelektronischer Integration, um Sicherheit durch
+    Seitenkanalangriffen und Physical Unclonable Functions (PUFs) ist der Stand der Technik in der Hardwaresicherheit
-Verschleierung zu erreichen, anstatt aufgrundlegendere Sicherheitsgarantien. Manchmal wird auch Manipulationsschutz auf
+    nach wie vor auf die Verwendung mikroelektronischer Strukturen fokussiert. Solche erreichen einen Grad der Security
-Systemebene eingesetzt, der jedoch aufgrund der hohen Kosten und der geringen Leistung von Geräten wie
+    by Obscurity, liefern jedoch keine fundierteren Sicherheitsgarantien. Systemweite Manipulationsschutzmaßnahmen
-Hardware-Sicherheitsmodulen (HSMs) nach wie vor auf Nischenanwendungen beschränkt ist.
+    werden nur vereinzelt in Geräten wie z.B.\ Hardware-Sicherheitsmodulen (HSMs) und Kartenzahlungsterminals
+    eingesetzt. Insbesondere HSMs werden aufgrund ihrer hohen Kosten und geringen Rechenleistung nur in
+    Nischenanwendungen wie z.B.\ der Zertifikatsausstellung im Transport Layer Security (TLS)-System sowie der
+    Zahlungsdatenverarbeitung eingesetzt.
 
-In dieser Arbeit stellt Jan Sebastian Götte das Inertial Hardware Security Module (IHSM) vor, eine neue Architektur für
+    In dieser Dissertation wird das Inertiale Hardware-Sicherheitsmodul (IHSM) vorgestellt, eine neue Architektur für
-kostengünstige Hardware-Sicherheitsmodule, die einen hohen aktiven Manipulationsschutz bieten und gleichzeitig
+    Hardware-Sicherheitsmodule. IHSMs stellen einen hoch sicheren, aktiven Manipulationsschutz bereit.
-Rechenleistungen unterstützen, dieim Vergleich zu herkömmlichen HSMs viel größer, schwerer und leistungsstärker sind. In
+    Gleichzeitig können mithilfe der IHSM-Technologie kryptographische Rechnersysteme von wesentlich größeren
-einem IHSM wird das kostspielige und schwer zu beschaffende Manipulationserkennungsgitter eines herkömmlichen HSM durch
+    Abmessungen, Gewicht und elektrischer Leistungsaufnahme geschützt werden, als es in konventionellen HSMs möglich
-ein Mesh aus einfachen Leiterplatten ersetzt, das sich mit hoher Geschwindigkeitum die Nutzlast dreht. Da sich das Mesh
+    ist. IHSMs ersetzen die kostenintensiven und in der Herstellung aufwendigen Meshes
-dreht, kann es nicht manipuliert werden, und die Sicherheit herkömmlicher Mesh, die in maßgeschneiderten
+    (Manipulationserkennungsmembranen) konventioneller HSMs durch eine Konstruktion, in der Meshes aus einfachen
-Fertigungsprozessen hergestellt werden, kann mit viel einfacheren und kostengünstigeren Konstruktionstechnikenerreicht
+    Platinen aufgebaut werden. Diese Meshes rotieren schnell um das geschützte Rechnersystem, was eine unerkannte
-werden. Die Dissertation präsentiert Lösungen für wichtige technische Herausforderungen bei der Konstruktion von IHSMs,
+    Manipulation verhindert. IHSMs erreichen so mithilfe wensentlich einfacherer und kostengünstiger
-darunter ein hochsymmetrischesplanares Induktionsspulendesign für die rotierende drahtlose Energieübertragung und ein
+    Konstruktionstechniken ein Sicherheitsniveau, das dem konventioneller Manipulationsschutzmembranen gleicht, die in
-hochpräzises Überwachungssystem für kostengünstige Sicherheitsgitter.
+    spezialisierten Herstellungsprozessen gefertigt werden. In der Dissertation werden die Ergebnisse einer
+    Übersichtsstudie vorgestellt, die etwa 30 echte Implementierungen socher Meshes untersucht. In der Studie werden
+    Kriterien für die Entwicklung sicherer Meshes abgeleitet, anhand derer das IHSM-Konzept kontextualisiert wird. Um
+    die Notwendigkeit sicherer Hardware zu erörtern, wird in dieser Dissertation darüber hinaus eine Analyse einiger
+    problematischer Aspekte des Hardwaresicherheitskonzeptes der Deutschen elektronischen Patientenakte vorgestellt.
 
-Unter Anwendung der IHSM-Technologie schließt die Dissertation mit zwei Analysen von Anwendungsfällen, die durch die
+    Um den Weg für zukünftige, praktische Implementierungen der IHSM-Technologie zu bereiten, werden weiterhin Lösungen
-erhöhte Größe und Verlustleistungsfähigkeit von IHSMs ermöglicht werden. In der ersten Analyse wird ein IHSM-gesicherter
+    für wichtige Schlüsselprobleme der Konstruktion von IHSMs vorgestellt. Diese Lösungen umfassen ein neues Konzept für
-Relaisknoten für Quantenschlüsselverteilungssysteme (QKD) vorgeschlagen, der deren praktische Implementierung über
+    rotationssymmetrische Planarspulen für die drahtlose Energieübertragung an rotierende Empfänger, sowie ein
-beliebige Entfernungen ermöglicht, wasaufgrund grundlegender physikalischer Einschränkungen vertrauenswürdige
+    hochpräzises und dennoch kostengünstiges Überwachungssystem für Meshes. Dieses Überwachungssystem beruht auf dem
-Relaisstationen erfordert. In der Studie werden IHSMs für solchehochsicheren QKD-Relais angepasst, indem der
+    Prinzip der Zeitbereichsreflektometrie und erkennt selbst fortgeschrittene Angriffstechniken zuverlässig. In
-IHSM-Netzdurchgang mit einem sekundären manipulationssensitiven Netz gesichert wird. In diesem Aufbau wird
+    praktischen Versuchen zeigte sich, dass das System ausreichend empfindlich ist, um mehrere identische Kopien
-ein Klammerdesign vorgeschlagen, das den Durchgang durch Glasfasern mit geringen Verlusten unterstützt.
+    desselben Meshes voneinander zu unterscheiden, was auf PUF-ähnliche Eigenschaften hindeutet.
 
-Der zweite vorgeschlagene Anwendungsfall passt ein IHSM-Gehäuse an die Anforderungen hinsichtlich Größe, Leistung und
+    In der Dissertation werden zwei konkrete Anwendungsszenarien erläutert, die erst durch das größere Volumen und die
-Wärmeableitung eines Hochleistungsservers an, um gemeinsam genutzte sichere Multiparty-Computing-Workloads (MPC) zu
+    höhere Leistungsaufnahme möglich werden, die die IHSM-Technologie ermöglicht. Im ersten Anwendungsszenario wird eine
-unterstützen. MPC ist in der Praxis durch Netzwerkbandbreite und Latenzbedingungen eingeschränkt, die ohne physisch
+    IHSM-geschützte Zwischenstation vorgeschlagen, um die durch physikalische Grundgesetze sonst stark eingeschränkte
-sichere Knoten nicht vermieden werden können. Herkömmliche HSMskönnen MPC-Workloads nicht bedienen, da ihre
+    erreichbare Entfernung eines Quantenschlüsselaustausch (QKD)-Systems zu vergrößern. Im Rahmen dieses
-kryptografische Leistung um viele Größenordnungen zu gering ist. Ein durch IHSM gesicherter MPC-Knoten umgeht diese
+    Anwendungsszenarios wird ein sekundäres Mesh vorgestellt, dass die Achsdurchführung des primären IHSM-Meshes
-Einschränkungen und eröffnet ein neues Leistungsspektrum.
+    zusätzlich schützt. Weiterhin wird in der Fallstudie der Entwurf eines mechanischen Trägers für diese zusätzlich
+    geschützte Achsdurchführung vorgestellt, der das QKD-System im inneren des IHSM mit der Außenwelt über
+    verlustarme Glasfaserleitungen verbindet.
+
+    In der zweiten Fallstudie wird ein Konzept vorgestellt, das mithilfe IHSM-geschützter, leistungsstarker
+    Serverhardware kolokierte Secure Multiparty Computation (MPC)-Berechnungen ermöglicht. Hierzu wird IHSM-Technologie
+    an die Anforderungen leistungsstaker Serverhardware in Größe, Leistungsaufnahme, und ableitbarer Verlustleistung
+    angepasst. Wird MPC praktisch eingesetzt, werden Knoten über mehrere Rechenzentren verteilt um einen Single Point of
+    Failure zu vermeiden. Diese Verteilung führt jedoch zu geringer Netzwerkbandbreite und hohen Latenzen zwischen den
+    MPC-Knoten, was die erreichbare MPC-Rechenleistung stark einschränkt. Durch den Einsatz von IHSMs können physisch
+    gesicherte MPC-Knoten innerhalb desselben Rechenzentrums betrieben werden, was durch die damit erreichbare höheren
+    Bandbreiten und geringeren Latenzen einen Leistungsbereich der MPC-Berechnungen erschließt.
 \end{otherlanguage}

abstract.tex

@@ -3,33 +3,40 @@
 \adjustmtc
 \addcontentsline{toc}{chapter}{Abstract}
 
-%Through advancements in cryptography, nowadays it is feasible to construct networked computer systems that for all
+In the past decades, cryptographic advancements and techniques like formal verification have steadily improved software
-%intents and purposes cannot be hacked over the network. Correctly applying cryptographic protocols and techniques such
+security. Meanwhile, the field of hardware security has not kept pace. Research has made progress in subfields such as
-%as formal verification, it can be ensured that a software implementation is a flawless representation of its theoretical
+resilience to Side-Channel Attacks (SCA) and Physical Unclonable Functions (PUFs). However, the state of the art still
-%model, and that the theoretical model is secure given universally accepted cryptographic assumptions. Despite 
+often relies on microelectronic integration to achieve security by obscurity insted of more fundamental security
+guarantees. While effective, system-level tamper protection is only used in few devices such as Hardware Security
+Modules (HSMs) and card payment terminals. Due to the high cost and low performance of HSMs in particular, they remain
+relegated to niche applications such as Transport Layer Security (TLS) certificate issuance and payment data processing.
 
-With cryptographic advancements and techniques like formal verification leading to increasingly secure software, the
+In this thesis, we introduce the Inertial Hardware Security Module (IHSM), a new architecture for low-cost hardware
-hardware level advances into the focus of contemporary applied computer security research. However, the state of the art
+security modules that provide high-level active tamper protection, while supporting computing payloads of much larger
-in hardware security still often relies on the use of microelectronic integration to achieve security by obscurity over
+size, weight and power dissipation compared to conventional HSMs. In an IHSM, the costly and difficult to source
-more fundamental security guarantees. System-level tamper protection is sometimes used, but remains relegated to niche
+tamper-sensing mesh of a conventional HSM is replaced by a mesh made from simple PCBs that is rotating at high speed
-applications due to the high cost and low performance of devices like Hardware Security Modules (HSMs).
+around the payload. Since the mesh is rotating at high speed, it cannot be manipulated, and the security of conventional
+meshes created in bespoke manufacturing processes can be achieved using much simpler and less expensive construction
+techniques. We present the results of a survey of approximately 30 real world tamper sensing mesh implementations. Based
+on our findings, we deduce design criteria for secure meshes and contextualize our design. We further motivate the
+necessity of secure hardware by presenting an analysis of problematic aspects in the hardware security design of
+Germany's new national electronic health record system.
 
-In this thesis, Jan Sebastian Götte introduces the Inertial Hardware Security Module (IHSM), a new architecture for
+To pave the way for practical implementations of IHSM technology, we present solutions to key engineering challenges in
-low-cost hardware security modules that provide high-level active tamper protection, while supporting computing payloads
+IHSM construction. We present a design and analysis of highly symmetric planar inductors for rotating wireless power
-of much larger size, weight and power dissipation compared to conventional HSMs. In an IHSM, the costly and difficult to
+transfer that improves self-resonant frequency by up to \qty{58}{\percent} and inductance by up to \qty{6.5}{\percent}
-source tamper-sensing mesh of a conventional HSM is replaced by a mesh made from simple PCBs that is rotating at high
+in our tests. Complementing this research, we present a high-fidelity, low-cost monitoring system for security meshes
-speed around the payload. Since the mesh is rotating, it cannot be manipulated, and the security of conventional meshes
+that is based on the principles of Time-Domain Reflectometry (TDR), reaching \qty{184}{\pico\second} time resolution. We
-created in bespoke manufacturing processes can be achieved using much simpler and less expensive construction
+validate our system and find that it is able to reliably detect several classes of advanced physical attacks. We find
-techniques. The thesis presents solutions to key engineering challenges in IHSM construction including a highly
+that our system is sensitive enough to detect differences between identical copies of the same mesh, suggesting PUF-like
-symmetric planar inductor design for rotating wireless power transfer and a high-fidelity monitoring system for low-cost
+properties.
-security meshes.
 
-Applying IHSM technology, the thesis concludes with analyses of two use cases that are unlocked by the increased
+Applying IHSM technology, we analyse two use cases that are unlocked by the increased size and power dissipation
-size and power dissipation capability of IHSMs. In the first analysis, an IHSM-secured relay node for Quantum Key
+capability of IHSMs. In the first analysis, an IHSM-secured relay node for Quantum Key Distribution (QKD) systems is
-Distribution (QKD) systems is proposed, enabling their practical implementation across arbitrary distances, which
+proposed, enabling their practical implementation across arbitrary distances, which requires trusted relay stations due
-requires trusted relay stations due to fundamental physical limitations. In the study, IHSMs are adapted for such
+to fundamental physical limitations. In the study, IHSMs are adapted for such high-security QKD relays by securing the
-high-security QKD relays by securing the IHSM mesh passthrough with a secondary tamper-sensing mesh. In this setup, a
+IHSM mesh passthrough with a secondary tamper-sensing mesh. In this setup, a bracket design is proposed that supports
-bracket design is proposed that supports passing through optical fibers at low loss.
+passing through optical fibers at low loss.
 
 The second proposed use case adapts an IHSM enclosure to the size, power and thermal dissipation requirements of a
 high-power server to support co-located secure Multiparty Computation (MPC) workloads. In practical MPC deployments,

ai-llm-use-disclosure.tex

@@ -6,25 +6,26 @@
 This thesis has been written during the years of 2020 - 2025. In this time, Artificial Intelligence (AI) technology
 including Large Language Models (LLMs) has entered widespread adoption. I have used such LLM systems in the preparation
 of this thesis. At the time this thesis was written, LLMs were a powerful and useful technology, but often produced
-wrong output. Thus, I used the following list of observations to guide my LLM use during the writing of this thesis.
+wrong output. Thus I used the following list of observations to guide my LLM use during the writing of this thesis.
 
 \begin{enumerate}
     \item Passing text through an LLM is an imprecise operation. Especially when large amounts of text are passed
         through an LLM, despite clear instructions such as ``only fix spelling errors,'' the LLM output might deviate
         from the source text. Therefore, the document text should never be passed through the LLM, and the LLM should be
         prompted to point out problems, or to produce a list of suggestions for improvements instead.
-    \item LLMs are really bad at summarizing text that contains novel concepts. LLM summaries of text often converge to
+    \item Contemporary LLMs are bad at summarizing text that contains novel concepts. LLM summaries of text often
-        a re-stating of the general consensus on the text's main topic. Where the source text deviates from conventional
+        converge to a re-stating of the general consensus on the text's main topic. Where the source text deviates from
-        wisdom or makes novel points, an LLM summary will likely mis-represent those conclusions. Additionally, LLMs are
+        conventional wisdom or makes novel points, an LLM summary will likely mis-represent those conclusions.
-        bad at capturing the point of a text. Unless extreme care is taken when prompting, it is easy to lead an LLM to
+        Additionally, LLMs are bad at capturing the point of a text. Unless extreme care is taken when prompting, it is
-        produce an inaccurate summary of a text that agrees with the prompt, but misses the gist of the text. Therefore,
+        easy to lead an LLM to produce an inaccurate summary of a text that agrees with the prompt, but misses the gist
-        extreme caution should be applied when using an LLM for summarization, and LLM output should be checked
+        of the text. Therefore, extreme caution should be applied when using an LLM for summarization, and LLM output
-        diligently in such instances.
+        should be checked diligently in such instances.
-    \item LLMs are bad at generating text from scratch. Especially on topics of academic interest that are novel and
+    \item Contemporary LLMs are bad at generating text from scratch. Especially on topics of academic interest that are
-        that do not have well-known answers that can be found in the training corpus for these models, in general they
+        novel and that do not have well-known answers that can be found in the training corpus for these models, in
-        will not produce useful text when prompted. Therefore, LLMs should never be used to generate novel text.
+        general they will not produce useful text when prompted. Therefore, LLMs should never be used to generate novel
-    \item LLMs are really bad at giving references. Prompts that ask for academic references on a topic are likely to
+        text.
-        produce non-existing ``hallucinated'' references. The existing references an LLM is most likely to dig up
+    \item Contemporary LLMs are bad at giving references. Prompts that ask for academic references on a topic are likely
+        to produce non-existing ``hallucinated'' references. The existing references an LLM is most likely to dig up
         usually occur on the first page of a web search on the topic, or are frequently cited in literature on the
         topic. Thus, LLMs should never be directly queried for references. When researching a new concept, a better use
         of an LLM is the generation of query strings for search engines like Google Scholar.

chapter-conclusion/chapter.tex

@@ -3,22 +3,29 @@
     political tool, and it confers on the field an intrinsically moral dimension.}
 \chapter{Conclusion}
 
-In this thesis, we propose Inertial Hardware Security Modules (IHSMs), a new approach to physical security that combines
+In this thesis, we provided an examination of the field of Hardware Security Modules both from an academic perspective
-conventional tamper-sensing meshes with physical movement to bootstrap a highly secure system from low-security,
+and with regards to their practical implementation. We answered our first research question introduced in
-off-the-shelf parts, solving our first research question introduced in Chapter~\ref{chapter-intro}. To motivate our
+Chapter~\ref{chapter-intro} on the current state of the art in Chapters~\ref{chapter-epa} and \ref{chapter-survey},
-research, we use the German national digital health record system as an example demonstrating the difficulties in
+providing a comprehensive view of practical implementations. Chapter~\ref{chapter-epa} motivates our research using the
-achieving useful hardware security in practice. Besides some minor cryptographic oddities, our analysis reveals at least
+German national digital health record system as an example that demonstrates the difficulties in achieving practical
-one essential specification mistake that negates the hardware security of the system by unnecessarily introducing a
+hardware security. Besides some minor cryptographic oddities, our analysis reveals at least one essential specification
-poorly protected HSM. With this motivation in mind, we support the construction of concretely secure IHSMs by providing
+mistake that negates the hardware security of the system by unnecessarily introducing a poorly protected HSM. In
-deep analyses of two key engineering challenges in IHSM construction, mesh monitoring and power transfer. Solving our
+Chapter~\ref{chapter-survey}, we answer our second research question in a detailed survey of a wide range of devices
-second research question, we propose a low-cost TDR-based mesh monitoring system that exceeds the capabilities of
+that utilize tamper-sensing meshes, distilling a set of criteria for the design of secure tamper-sensing meshes. In
-previous systems from academic or from patent literature. Our system is capable of monitoring large meshes while
+Chapter~\ref{chapter-ihsm}, we propose Inertial Hardware Security Modules (IHSMs), a new approach to physical security
-simultaneously providing detailed results. Our TDR-based mesh monitoring system is of independent interest, since it can
+that combines conventional tamper-sensing meshes with physical movement. IHSMs enable bootstrapping a highly secure
-also be integrated into traditional HSM designs. We additionally propose a new, generalized design for high-frequency
+system from low-security, off-the-shelf parts, thereby solving our third research question on achieving physical
-PCB inductors with low parasitic capacitance. Our design provides better bandwidth and lower parasitic capacitance
+security without bespoke components. We support the construction of concretely secure IHSMs by providing deep analyses
-compared to the state of the art without increasing implementation cost. We conclude this thesis with two chapters
+of two key engineering challenges in IHSM construction, mesh monitoring and power transfer. Solving our fourth research
-elaborating on two new use cases that are made possible by IHSM technology due to its ability to protect large payloads
+question on mesh monitoring fidelity, we propose a low-cost TDR-based mesh monitoring system that exceeds the
-that have high power consumption. Together, these results answer our third and final research question.
+capabilities of previous systems from academic or from patent literature. Our system is capable of monitoring large
+meshes while simultaneously providing detailed results. Our TDR-based mesh monitoring system is of independent interest,
+since it can also be integrated into traditional HSM designs. Solving our fifth research question on ripple reduction
+for rotating Wireless Power Transfer for IHSMs, we propose a new, generalized design for high-frequency PCB inductors
+with low parasitic capacitance. Beyond our IHSM application, our design provides better bandwidth and lower parasitic
+capacitance compared to the state of the art without increasing implementation cost. We conclude this thesis with two
+chapters elaborating on two new use cases that are made possible by IHSM technology due to its ability to protect large
+payloads that have high power consumption. Together, these results answer our sixth and final research question.
 
 The research presented in this thesis is aimed at advancing both academic research and applied engineering in hardware
 security. We believe that by publishing our research including its artifacts under open source licenses, we provide the
@@ -51,6 +58,9 @@ directions that we consider worthwhile for future investigation.
     long bearing life is challenging at the high rotation speed necessary at a small overall diameter. Finally, at high
     speeds, precisely balancing the whole assembly to avoid vibrations that could lead to early mechanical failure is
     difficult.
+\item Tackling motor control algorithms for IHSMs and developing tamper sensors based on counter-electromotive force as
+    a defense-in-depth measure.
+\item Integrating the IHSM hardware concept with software research on secure enclave and cryptographic coprocessors.
 \item Exploring IHSM applications beyond what we outlined in this thesis. For instance, one application of recent
     interests would be physically securing GPUs used for AI training. The background for such work could be either
     export control motivations, or a concern for security and privacy of user input, training data, or even trained

chapter-epa/chapter.tex

@@ -7,39 +7,41 @@
 }
 
 \chaptertitle{The German ePA: A Motivating Counter-Example}
+\label{chapter-epa}
 
 \todo{FIXME: Proper citation here}
-\sourceattrib{This part is based on a short paper written by me and presented by me at the HS3 workshop at ESORICS
+\sourceattrib{This part is based on a short paper written by Jan Sebastian Götte and presented by Jan Sebastian Götte at
-2025.}
+the HS3 workshop at ESORICS 2025~\cite{gotteGermanyRollingOut2026}.}
 Looking at the landscape of computer security solutions, we are presented with a wide variety of vendors and products
 that may give the impression that hardware security is a solved problem. Vendors sell various claims rangning from
-\emph{You don't need hardware security, just do it in the cloud!}~\cite{
+\emph{``You don't need hardware security, just do it in the cloud!''}~\cite{
     utimacoWhatCloudHSM2025,
     microsoftOverviewAzureCloud,
     ibmCloudHSM2016,
     amazonAWSCloudHSM,
     googleCloudHSMCloud2025,
     WhatCloudHSM}
-to \emph{Buy our HSM and you will be secure!}~\cite{utimacoUseCases,thalesLunaNetworkHardware}. In
+to \emph{``Buy our HSM and you will be secure!''}~\cite{utimacoUseCases,thalesLunaNetworkHardware}. In
 practice, things are not as easy and even well-intentioned projects still often go awry on the hardware security
 dimension. To motivate our research into physical security in this thesis, in this chapter we will have a look at one
 such project that was done by capable people with the best intentions, yet it resulted in a hardware security design
 that is dangerously inadequate for the purpose.
 
 Beginning May 2025, after several delays, Germany has started the nation-scale rollout of its new electronic medical
-record system, named ePA (short for \emph{elektronische Patientenakte}, ``electronic patient record''). The system aims
+record system, named ePA (short for \emph{elektronische Patientenakte}, ``electronic patient
-to create a national database accessible to all healthcare providers that holds the complete electronic medical records
+record'')~\cite{kochNochVieleUnklarheiten2025}. The system aims to create a national database accessible to all
-of all publically insured people living in Germany. The system aims to replace paper-based workflows that are
+healthcare providers that holds the complete electronic medical records of all publically insured people living in
-error-prone and lead to healthcare providers often only having access to a subset of patient's medical records. Data in
+Germany. The system aims to replace paper-based workflows that are error-prone and lead to healthcare providers often
-scope for the system includes medical letters, laboratory results, and medical imaging files.
+only having access to a subset of patient's medical records. Data in scope for the system includes medical letters,
+laboratory results, and medical imaging files.
 
 Due to Germany's mandatory health insurance laws, the system's user base encompasses the majority of all German
-residents. People who have replaced their public health insurance with private insurance as of now are not subject to
+residents, approximately 90\%. People who have replaced their public health insurance with private insurance as of now
-the system. In Germany, by law private health insurance is only available to people from the top 10th percentile of
+are not subject to the system. In Germany, by law private health insurance is only available to people from the top 10th
-household income. This means that the system disproportionally affects people who have low income, creating an equity
+percentile of household income. This means that the system disproportionally affects people who have low income,
-issue. While it is possible to opt out from the use of the new digital record, the process of opting out is difficult.
+creating an equity issue. While it is possible to opt out from the use of the new digital record, the process of opting
-Additionally, the government and health insurance providers have publically depicted the system in a one-sidedly
+out is difficult. Additionally, the government and health insurance providers have publically depicted the system in a
-positive way, meaning that it is unlikely the majority of people subject to the system have a comprehensive
+one-sidedly positive way, meaning that it is unlikely the majority of people subject to the system have a comprehensive
 understanding of the system's benefits and risks that would be necessary for an informed decision.
 
 While there has been loud criticism of the system's security from civil society organizations such as digital rights
@@ -48,7 +50,7 @@ been demonstrated practically, this criticism has largely been ignored by the po
 that despite this civil society outrage and the system's large scale, it has received little attention from the academic
 cryptography and information security community.
 
-In this chapter, we aim to point out some unconventional cryptographic engineering decisions in the system. In
+In this chapter, we aim to highlight some unconventional cryptographic engineering decisions in the system. In
 particular, we point out that the system's core per-user secrets are kept in a rudimentary key escrow system whose
 security is based on engineering assumptions, not on cryptographic principles. Furthermore, we observe that by
 specification, the individual user keys of the system are derived from a per-user cleartext salt based on a system-wide
@@ -60,40 +62,35 @@ long-term secret with only 256 bits of entropy\footnote{
     The current standard only requires one escrow service, and drops the entropy requirement of the root keys from 512
     bits to 256 bits. The apparent reason for the long-term nature of these keys is that they are updated manually.
 }. Finally, we note that according to specification, the only physical security requirement for the protection of this
-highly sensitive secret is a ``hard, opaque potting material'', with no tamper detection and response required. We
+highly sensitive secret is a ``hard, opaque potting material'', with no tamper detection and response required.
-belive that Inertial HSMs provide a path forward for systems like this, enabling physical security in applications that
-currently rely on insecure, legacy systems. Even if for regulatory reasons a poorly secured conventional HSM without
-active tamper sensing is chosen, it would be conceivable to construct an IHSM enclosure \emph{around} this conventional
-HSM, in effect retrofitting the missing active tamper-sensing envelope.
 
 We base our analysis of the ePA on the system's publicly available standards in their latest version as of the writing
 of the paper underlying this chapter in April 2025, describing version 3.0 of the healthcare record system \cite{
     gematikSpezifikationAktensystemEPA2025,
     gematikUbergreifendeSpezifikationVerwendung2024,
-}. We note that the implementation might well deviate from these standards and be more secure---however, with the
+}. We note that hypothetically, the implementation might deviate from these standards and be more secure. The reference
-system's history of flaws, we believe this is unlikely to be the case. The reference implementation provided by the
+implementation provided by the specification authority \cite{GithubRepositoryERPFD} follows the specified minimum
-specification authority \cite{GithubRepositoryERPFD} follows the specified minimum requirements closely. As of now,
+requirements closely. As of now, there is no meaningful way for either the public or for researchers such as us to
-there is no meaningful way for either the public or for researchers such as us to ascertain the concrete implementation
+ascertain the concrete implementation security of the system.
-security of the system.
 
 \section{The Design of ePA}
 
-ePA is embedded into Germany's national public healthcare backend system ``Telematikinfrastruktur'' (TI). TI is a highly
+ePA is embedded into Germany's national public healthcare backend system ``Telematikinfrastruktur'' (abbreviated TI;
-complex system, and a detailed description would exceed the limits of this analysis. Briefly put, TI consists of a
+German for ``telematics infrastructure''). TI is a highly complex system, and a detailed description would exceed the
-shared demilitarized zone (DMZ) that parties like insurance providers and healthcare providers connect to through a VPN.
+limits of this analysis. Briefly put, TI consists of a shared demilitarized zone (DMZ) that parties like insurance
-At the client location, usually an individual doctor's office or a hospital, this VPN connection is terminated by a
+providers and healthcare providers connect to through a VPN. At the client location, usually an individual doctor's
-specialized VPN appliance named ``Konnektor'' that simultaneously acts as a trusted component inside the client network
+office or a hospital, this VPN connection is terminated by a specialized VPN appliance named ``Konnektor'' that
-hosting some software for purposes such as authentication. The Konnektor contains several smart cards that store keys
+simultaneously acts as a trusted component inside the client network hosting some software for purposes such as
-used for authentication. Konnektor devices are offered by several vendors and healthcare providers like doctor's offices
+authentication. The Konnektor contains several smart cards that store keys used for authentication. Konnektor devices
-are indivudally responsible for purchasing and maintaining a Konnektor.
+are offered by several vendors and healthcare providers like doctor's offices are indivudally responsible for purchasing
+and maintaining a Konnektor.
 
 % FIXME: Is there a threat/trust model of the system that you could summarise in a few sentences?
 
 Every person enrolled in the system as well as every healthcare professional providing services under it is issued an ID
 card that contains a smart card with keys to authenticate towards the central infrastructure. The primary use of these
-smart cards up to now is that when an enrolled person visits a healthcare provider, they will insert their ID card into
+smart cards previously was to automatically provide personal information such as name, birth date, address and insurance
-a terminal so the healthcare provider can automatically fetch their personal information such as name, birth date,
+enrollment status when an enrolled person visits a healthcare provider.
-address and enrollment status from their insurance provider.
 
 ePA is implemented inside the TI system. Its centralized services are accessed by healthcare providers through the TI's
 VPN, and by patients through proxy servers connected to TI's VPN. Patient records are encrypted and decrypted inside
@@ -103,8 +100,8 @@ approved implementations of this server-side infrastructure.
 
 With the current version of the specificatoin, the overall architecture of ePA heavily relies on Trusted Execution
 Environments (TEEs). Data processing on the server side is done in plaintext inside TEEs, with some cryptographic key
-management delegated to a Hardware Security Module. While attacks on the TEEs are considered in the system, the HSMs are
+management delegated to a Hardware Security Module (HSM). While attacks on the TEEs are considered in the system, the
-assumed to be perfectly secure, and the system does not include mitigations for a compromised HSM. The primary
+HSMs are assumed to be perfectly secure, and the system does not include mitigations for a compromised HSM. The primary
 motivation for plaintext processing seems to be to enable large-scale data analysis for research purposes without
 requiring consent or cooperation of the people whose records are being
 processed~\cite{gematikWhitepaperDatenschutzUnd2025}.
@@ -117,23 +114,25 @@ unclear on the exact mechanism of key derivation, in previous versions of the st
 random salt, and the healthcare ID number of the enrolled person was used in SHA256-HKDF. The specification requires
 that a new root key is generated once a year, but as far as we can tell, record key rollover is not done automatically
 but is only meant to be done when the \emph{user} requests it, and old root keys must be retained forever to ensure old
-records can be accessed.
+records can be accessed. Through this lack of automatic key rollover combined with the need to retain root keys
+indefinitely, attack surface is maximized and incremental compromises of the system over long time spans become possible.
 
-\subsection{Related Work}
+\subsection{Previous Analyses}
 
-The state-owned company specifying the system commissioned several security assessments of the system relating to the
+\emph{gematik}, the state-owned company specifying the system, commissioned several security assessments of the system
-key escrow service. \textcite{fischlinKryptographischeAnalyseSpezifikation2021} focuses on the cryptographic
+relating to the key escrow service.
-dimension of the key escrow service used in an older version of the standard, and is now obsolete.
+\citeauthor{fischlinKryptographischeAnalyseSpezifikation2021}~\cite{fischlinKryptographischeAnalyseSpezifikation2021}
-\textcite{slanySicherheitsanalyseZurSicherheit2020} approaches the system at a higher level, and focuses on the
+focuses on the cryptographic dimension of the key escrow service used in an older version of the standard, and is now
-cryptography of the inner protocol layers spoken between the system's components. Industry research organization
+obsolete. \textcite{slanySicherheitsanalyseZurSicherheit2020} approaches the system at a higher level, and focuses on
+the cryptography of the inner protocol layers spoken between the system's components. Industry research organization
 Fraunhofer SIT was comissioned for a structured, theoretical assessment of attack paths to the system
-\cite{fraunhofersitAbschlussberichtSicherheitsanalyseGesamtsystems2024}. We are not currently aware of
+\cite{fraunhofersitAbschlussberichtSicherheitsanalyseGesamtsystems2024}. We are not currently aware of independent
-independent academic security research on the system. 
+academic security research on the system. 
 
 The design and operation of the system have been independently described in detail by civil society activists, who have
-demonstrated several successful attacks on the system. \textcite{tschirsichHackerHinOder0100} demonstrated how they
+demonstrated several successful attacks on the system. \textcite{tschirsichHackerHinOder2019} demonstrated how they
 could trivially acquire each of the smartcards as well as the Konnektor necessary for accessing the system.
-\textcite{tschirsichKonnteBisherNoch0100} summarize the history of attacks demonstrated on the system and show multiple
+\textcite{tschirsichKonnteBisherNoch2024} summarize the history of attacks demonstrated on the system and show multiple
 practical attacks on various parts of the system's implementation.
 
 \section{Concerning Cryptographic Engineering Choices}
@@ -143,11 +142,11 @@ by no means an exhaustive list, and is only meant to underscore why we believe t
 
 \subsection{Use of Key Escrow}
 
-First, the system's general approach of using a key escrow service instead of securely storing the keys inside the
+Key escrow describes a concept that was originally devised during the 1990ies out of a fear that the widespread
-system's already existing smart card infrastructure is concerning, given that this key escrow service poses a
+availability of strong encryption would stifle the ability of law enforcement agencies to wiretap communications in the
-centralized security risk. The system's designers made this decision since it was deemed important that access to an
+prosecution of crime. At the core of the concept rests the idea that a trusted \emph{key escrow} service should hold a
-encrypted record can be restored quickly after an insurance ID card is lost, without requiring the cooperation of the
+copy of every private key in use. In case the government wants to access one of these keys, the key escrow service can
-healthcare providers holding the primary copies of the person's medical records.
+provide this access\textcite{andersonSecurityEngineeringGuide2020,jarvisCryptoWarsFight2020}.
 
 While key escrow services have been a topic of political debate in decades past, in the cryptographic community,
 consensus generally is that they are a bad idea since they pose a centralized target for attack, and increase attack
@@ -158,8 +157,16 @@ surface \cite{
     rogawayMoralCharacterCryptographic2015,
 }.
 
+Our first concern is the system's general approach of using a key escrow service instead of securely storing the keys
+inside the system's already existing smart card infrastructure. Like any other key escrow system, this key escrow
+service poses a centralized security risk. The system's designers made this decision since it was considered important
+that when an encrypted record must be restored after an insurance ID card is lost, it can be re-created without the
+cooperation of the healthcare providers holding the primary copies of the person's medical records.
+
 \subsection{Cryptographic Design}
 
+\todo{Feedback from HS3 reviewer: I feel that this section is a mix-up of critique on the cryptographic design and the
+    approach to privacy protection and data minimisation. How are they linked? I'm missing some discussion here.}
 The system's overall cryptographic design is intentionally kept simple. The standard explicitly mentions that symmetric
 primitives have been preferred over asymmetric primitives in the core key escrow functions due to the risk of an attack
 on asymmetric primitives in the long term. Notably, other advanced cryptographic techniques such as secret sharing
@@ -174,28 +181,25 @@ For instance, the system leaks a person's insurance ID number to the key escrow
 requested. Along with the timing and frequency of these requests, this leaks information on the person's condition to
 the key escrow service in an identifiable way.
 
-% TODO I feel that this section is a mix-up of critique on the cryptographic design and the approach to privacy
-% protection and data minimisation. How are they linked? I'm missing some discussion here.
-
 \subsection{A Realistic Attacker Model}
 
-We observe that the system as a whole does not appear to be designed to defend against well-resourced adversaries. The
+We observe that the system as a whole does not appear to be designed to defend against well-resourced adversaries. A
-series of practical attacks that have been demonstrated on the system confirm this impression. In
+series of demonstrated practical attacks on the system, none of which required advanced capabilities, confirm this
-\textcite{tschirsichKonnteBisherNoch0100} summarize a series of successful attacks. Attacks include social engineering
+impression. In \textcite{tschirsichKonnteBisherNoch2024} summarize a series of successful attacks. Attacks include
-resulting in access to copies of smartcards enabling accessing patient records, using misconfigured Konnektor VPN
+social engineering resulting in access to copies of smartcards enabling accessing patient records, using misconfigured
-appliances with their LAN DMZ and authentication interface exposed on the public internet, circumventing video-based
+Konnektor VPN appliances with their local network DMZ and authentication interface exposed on the public internet,
-authentication processes resulting in duplicate file keys being provided, classis SQL injection on a backend service
+circumventing video-based authentication processes resulting in duplicate file keys being provided, classis SQL
-maintaining an authentication database, accessing all national patient records through brute-force enumeration of weak
+injection on a backend service maintaining an authentication database, accessing all national patient records through
-identifiers, and several more.
+brute-force enumeration of weak identifiers, and several more.
 
-We believe that a system like this must be designed to withstand well-resourced adversaries such as enemy secret
+We believe that a system like this must be designed to withstand well-resourced adversaries such as foreign secret
 services, since the medical data stored in such as information on chronic illness, sexually transmittable disease or
 severe food allergies has intelligence value. Repeated breaches of national digital infrastructure such as the 2015
 breach of the US Office of Personnel Management \cite{barrettUSSuspectsHackers2015} or the 2024 compromise of US
 telecommunications wiretapping systems \cite{mennChineseGovernmentHackers2024} demonstrate that such state-sponsored
 attacks on national digital infrastructure are a realistic concern. A possible scenario in the ePA system would be an
-enemy secret service gaining access to one of the HSMs storing the systems' root secrets, extracting the root secret by
+foreign secret service gaining access to one of the HSMs storing the systems' root secrets, extracting the root secret
-an advanced physical attack, then being able to decrypt captured encrypted health records at will. Similarly, a
+by an advanced physical attack, then being able to decrypt captured encrypted health records at will. Similarly, a
 nation-state adversary might have access to an exploit allowing the compromise of the system's TEEs, which would enable
 the extraction of any patient records being processed in plaintext inside these TEEs.
 
@@ -203,19 +207,20 @@ the extraction of any patient records being processed in plaintext inside these
 
 Physical security has received some consideration in the system's specification. First, smart cards are used extensively
 for authentication. Second, Hardware Security Modules are used in key locations of the system to process some
-cryptographic secrets. The core of the system's key escrow service is implemented inside an HSM. However, it is notable
+cryptographic secrets. The core of the system's key escrow service is implemented inside an HSM that is part of a
-that the actual security level required for this HSM is only FIPS 140-2 level 3
+redundant HSM cluster. However, it is notable that the actual security level required for this HSM is only FIPS 140-2
-\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2002}. FIPS 140-2 is a US government
+level 3 \cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2002}. FIPS 140-2 is a US
-standard that used to be popular for the specification of HSMs. However, not only has FIPS 140-2 been superseded by FIPS
+government standard that used to be popular for the specification of HSMs. However, not only has FIPS 140-2 been made
-140-3 since 2019 \cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2019}, its security
+obsolete by FIPS 140-3 in 2019 \cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2019},
-level 3 mostly provides logical separation of cryptographic functions from other logic and is not very meaningful in the
+its security level 3 mostly provides logical separation of cryptographic functions from other logic and is not very
-context of physical attacks. The only physical requirement of FIPS 140-2 level 3 is that the HSM has a hard, opaque
+meaningful in the context of physical attacks. The only physical requirement of FIPS 140-2 level 3 is that the HSM has a
-coating. This coating is specified to be tamper-evident, but notably no active tamper detection or response features are
+hard, opaque coating. This coating is specified to be tamper-evident, but notably no active tamper detection or response
-required by this standard~\cite{andersonSecurityEngineeringGuide2020}. In contrast to the newer FIPS 140-3 standard and
+features are required by this standard~\cite{andersonSecurityEngineeringGuide2020}. In contrast to the newer FIPS 140-3
-the related ISO/IEC 19790 \cite{ISOIEC19790} as well as ISO/IEC 24759 \cite{ISOIEC24759} standards, FIPS 140-2 does not
+standard and the related ISO/IEC 19790 \cite{ISOIEC19790} as well as ISO/IEC 24759 \cite{ISOIEC24759} standards, FIPS
-make any particular requirements regarding resistance to side-channel attacks. The lack of tamper response, unspecified
+140-2 does not make any particular requirements regarding resistance to side-channel attacks. The lack of tamper
-resistance to side-channel attacks and the fact that the ePA specification only requires the long-lived key escrow root
+response, unspecified resistance to side-channel attacks and the fact that the ePA specification only requires the
-key inside the HSM to have 256 bits of entropy lead to an unsatisfactory overall constellation.
+long-lived key escrow root key inside the HSM to have 256 bits of entropy lead to an unsatisfactory overall
+constellation.
 
 \section{Conclusion}
 
@@ -242,5 +247,7 @@ that better accomodate real-world use cases.
 
 We believe that Inertial HSMs can address this use case by cleanly separating the physical security primitive into a
 retargetable design that can be applied to entire servers if needed, and augment or replace technology like conventional
-HSMs or trusted execution environments to provide high-level hardware security.
+HSMs or trusted execution environments to provide high-level hardware security. Before introducing IHSMs in
+Chapter~\ref{chapter-ihsm}, in the following chapter, we will first complement this chapter's outlook on the state of
+the art in hardware security with a survey of tamper sensing meshes in a wide range of real world devices.
 

chapter-hsms/chapter.tex

@@ -14,7 +14,7 @@ being used in the late 19\textsuperscript{th} century, around the widespread com
 active tamper sensing meshes are used in a wide array of devices ranging from card payment terminals to atomic bombs.
 
 In this chapter, we will start with a brief history of tamper sensing meshes. Complementing our historical analysis, we
-will present the results of a survey of a range of real-world devices that use tamper sensing meshes and we will analyze
+will present the results of a survey of a range of real-world devices that use tamper sensing meshes and we will examine
 their implementation. We will analyze the gaps left by the current state of the art in commercial practice, and evaluate
 how Inertial HSMs could close these gaps to make secure hardware accessible to a wider range of applications. The
 contributions in this chapter are as follows:
@@ -27,8 +27,8 @@ contributions in this chapter are as follows:
         illustrating them.
     \item From our sample, we extract several design patterns that can be applied to increase the security of a design.
     \item We note security flaws in several of our samples.
-    \item We provide the results of CT measurements of multiple samples, and we evaluate their impact on tamper sensing
+    \item We provide the results of Computed Tomography (CT) imaging of multiple samples, and we evaluate their impact
-        mesh security.
+        on tamper sensing mesh security.
 \end{itemize}
 
 \section{The History of Tamper Sensing Meshes}
@@ -70,9 +70,9 @@ the widespread adoption of cryptography in commercial applications~\cite{
 One early practical uses of tamper sensing meshes for information security as opposed to the security of some physical
 good is documented in notes on a series of lectures given by Dr.~David~G. Boak, a specialist in communications security
 and signal intelligence at the US National Security
-Agency~\cite{nsaHistoryUSCommunications1973,nsaHistoryUSCommunications1981}. In this lecture series, Boak mentions that
+Agency~\cite{boakHistoryUSCommunications1981,boakHistoryUSCommunications1973}. In this lecture series, Boak mentions
-around World War \RN{2}, the US became concerned about the security of their ciphering machines, which at the time were
+that around World War \RN{2}, the US became concerned about the security of their ciphering machines, which at the time
-large, fridge-sized electro-mechanical contraptions. Initially, simple safes were used to protect those
+were large, fridge-sized electro-mechanical contraptions. Initially, simple safes were used to protect those
 devices---however, as Boak notes, the US was well aware that they could not build a safe that a well-equipped specialist
 could not break open within an hour. As a solution, the NSA started development on what we would today call a Hardware
 Security Module by encapsulating a crypto coprocessor in a tamper sensing envelope. Boak observes that as a tamper
@@ -111,24 +111,29 @@ history of nuclear material passing through these facilities.
 
 When using sensors to monitor treaty compliance, the IAEA has to consider the possibility of a host state tampering with
 its sensors to abuse nuclear material without being noticed. Historically, the IAEA has responded to this threat by the
-extensive use of tamper-indicating enclosures and of seals. In both systems, the approach taken is that the enclosure or
+extensive use of tamper-indicating enclosures and of seals\footnote{
-seal is treated similarly to what these days, in computing we call a Physically Uncloneable Function. The enclosure or
+    Note that in IAEA terminology, both tamper detection and tamper evidence are combined into the term ``tamper
-seal is manufactured in a process that leaves an unpredictable and uncontrollable pattern of manufacturing variations
+    indication''. The IAEA distinguishes between active tamper indication, which we conventionally call tamper
-such as surface imperfections. A process used in the IAEA is to package devices in aluminium enclosures passivated in a
+    detection, and passive tamper indication, which we conventionally call tamper evidence. Tamper indicating devices
-bright color, which leaves a random, microscopic pattern of pits in the surface from the etching step. Before such a
+    include seals, but also the aforementioned uniquely characterizable enclosures, which IAEA terminology calls
-device is deployed in the field, it is precisely measured from all sides. Later on, after field deployment, its
+    intrinsically tamper-indicating. An example for an active tamper indicating device would be a seismic sensor at the
-integrity can then be checked by comparing its current state to these initial measurements. The underlying assumption is
+    bottom of a borehole that has been back-filled with concrete such that any attempt to reach the sensor would be
-that drilling or cutting into something like a metal enclosure will leave detectable traces, and that perfectly
+    well-visible in the sensor's own readings~\cite{simmonsHowInsureThat1988}.
-replicating an object including features such as minute surface imperfections is infeasible even to a nation
+}. In both systems, the approach taken is that the enclosure or seal is treated similarly to what these days, in
-state~\cite{iaea2011}.
+computing we call a Physical Unclonable Function (PUF). The concept of a PUF centers on electronic component
+manufactured such that random manufacturing variations can later be measured by the finished circuit. The core idea is
+that since these manufacturing variations are random, they can be used as a source for cryptographic entropy.
+Furthermore, the concept is based on the assumption that these manufacturing variations cannot be controlled, hence
+making the device \emph{unclonable}.
 
-In IAEA terminology, both tamper detection and tamper evidence are combined into the term ``tamper indication''. The
+Similar to a PUF, in the IAEA's application an enclosure or seal is manufactured in a process that leaves an
-IAEA distinguishes between active tamper indication, which we conventionally call tamper detection, and passive tamper
+unpredictable and uncontrollable pattern of manufacturing variations such as surface imperfections. A process used in
-indication, which we conventionally call tamper evidence. Tamper indicating devices include seals, but also the
+the IAEA is to package devices in aluminium enclosures passivated in a bright color, which leaves a random, microscopic
-aforementioned uniquely characterizable enclosures, which IAEA terminology calls intrinsically tamper-indicating. An
+pattern of pits in the surface from the etching step. Before such a device is deployed in the field, it is precisely
-example for an active tamper indicating device would be a seismic sensor at the bottom of a borehole that has been
+measured from all sides. Later on, after field deployment, its integrity can then be checked by comparing its current
-back-filled with concrete such that any attempt to reach the sensor would be well-visible in the sensor's own
+state to these initial measurements. The underlying assumption is that drilling or cutting into something like a metal
-readings~\cite{simmonsHowInsureThat1988}.
+enclosure will leave detectable traces, and that perfectly replicating an object including features such as minute
+surface imperfections is infeasible even to a nation state~\cite{iaea2011}.
 
 With smarter electronics becoming more affordable in both monetary and in power budget, over the decades, other active
 tamper sensors have received attention as well. The IAEA reports on attempts at burying sensors such as piezoelectric
@@ -148,12 +153,12 @@ and ATMs to the ATM pin pads themselves, which encrypt the customer's PIN right
 of card payment terminals.
 
 HSMs are used for highly sensitive operations even outside of the financial industry, although their adoption is
-hampered by their high cost. These applications include key management in the TLS certificate infrastructure. In this
+hampered by their high cost. In this chapter, we will analyze a commercial HSM that was used in the key management
-chapter, we will analyze a commercial HSM that was used in the key management infrastructure of a premium TV provider.
+infrastructure of a premium TV provider as one example of such uses. Examples of other applications include mail
-Other applications include mail franking machines, where they are used to protect the credit counter and franking data,
+franking machines, where they are used to protect the credit counter and franking data, with one such unit analyzed in
-with one such unit analyzed in this chapter. Furthermore, we have identified several models of key safes that in Germany
+this chapter. Furthermore, we have identified several models of key safes that in Germany are mounted externally on
-are mounted externally on public buildings to provide keys to emergency services, and which include tamper sensing
+public buildings to provide keys to emergency services, and which include tamper sensing meshes on their door and
-meshes on their door and interior walls to detect attempts at drilling into them~\cite{SD04203RB25D5,
+interior walls to detect attempts at drilling into them~\cite{SD04203RB25D5,
 krusesicherheitssystemeDatenblattKRUSEFWSchlusseldepot2018}. Finally, we have found a processing unit used in a series
 of mid-2000s era slot machines in Germany that includes a tamper sensing mesh, presumably to prevent modification or
 cloning. This device will also be analyzed later in this chapter.
@@ -196,6 +201,13 @@ basic construction and layout has not changed much since the early 1990ies~\cite
     macphersonImprovementsSecurityEnclosures1993,
     macphersonTamperRespondentEnclosure1999}.
 
+Concluding this brief history of tamper sensing meshes, we find that they were initially developed for sensitive
+military applications, and their use in civil applications is a recent phenomenon. The implementation of tamper sensing
+meshes in civil applications was likely catalyzed by two advancements in electronics. First, electronic components
+became less expensive and more integrated reducing the cost overhead of tamper sensing circuits. Second, the mass-scale
+adoption of PCB and FPC production processes enabled their use as inexpensive, high-resolution substrates for such
+meshes. 
+
 \subsection{Monitoring Circuit Approaches}
 
 Tamper sensing meshes are most effective when they are continuously monitored using a backup power supply while the rest
@@ -213,7 +225,7 @@ To achieve low power consumption, a popular technique known since at least
 1902~\cite{suttonElectricallyprotectedStructure1902} and still used
 today~\cite{cesanaTamperResistantCard2001,razaghiCircuitBoardHold2019} is to measure the deviation of the mesh's
 end-to-end ohmic resistance from its baseline value. This measurement can be implemented either by directly comparing a
-mesh trace's resistance with a reference resistor, or using a wheatstone bridge. Bridge circuits were already used
+mesh trace's resistance with a reference resistor, or using a Wheatstone bridge. Bridge circuits were already used
 in early tamper sensing mesh implementations~\cite{
     ElektrischeSicherheitseinrichtungSchutze1932,
     hamPrintedcircuitTypeSecurity1971,
@@ -225,34 +237,29 @@ in early tamper sensing mesh implementations~\cite{
 Besides tamper sensing meshes, environmental sensors such as temperature or light sensors are frequently used as a
 secondary line of defence in HSMs and similar devices. By placing such sensors in the device and verifying the device is
 within its nominal operating environment, tampering can be made less convenient. Modern security standards often mandate
-the implementation of at least a temperature sensor to prevent cold-boot attacks on a device. A multitude of other
+the implementation of at least a temperature sensor to prevent cold-boot attacks on a device~\cite{
-sensors have been proposed, including humidity sensors, vibration sensors, light sensors, magnetometers, and radiation
+    usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2019,
-sensors such as X-ray sensors have been proposed. While the implementation cost of most sensor types is low, each
+    ISOIEC19790}.
-additional environmental sensor comes with an increased false alarm rate. Anecdotally, we have heard of light sensors
+A multitude of other sensors have been proposed, including vibration sensors, light sensors,
-being removed from a datacenter HSM product because they caused frequent false alarms despite extensive efforts like
+magnetometers, and radiation sensors such as X-ray sensors have been proposed. While the implementation cost of most
-custom injection-molded plastic light baffles at all air vents of the device designed to prevent ingress of outside
+sensor types is low, each additional environmental sensor comes with an increased false alarm
-light.
+rate~\cite{andersonSecurityEngineeringGuide2020}.
-% FIXME citations?
 
 \section{A Survey of Meshes in the Wild}
 
-Concluding the brief history of tamper sensing meshes above, we find that they were initially developed for sensitive
+In this section, we will examine a large sample of recent devices that include tamper sensing meshes to gain an
-military applications, and their use in civil applications is a recent phenomenon. The implementation of tamper sensing
-meshes in civil applications was likely catalyzed by two advancements in electronics. First, electronic components
-became less expensive and more integrated reducing the cost overhead of tamper sensing circuits. Second, the mass-scale
-adoption of PCB and FPC production processes enabled their use as inexpensive, high-resolution substrates for such
-meshes. In this section, we will examine a large sample of recent devices that include tamper sensing meshes to gain an
 understanding of how they are implemented, and what security level they are targeted towards. Since we were unable to
-acquire a nuclear weapon for our research, we limited our survey to commercial devices with a focus on card payment
+acquire a nuclear weapon for our research, we limited our survey to commercial devices. While we analyzed devices across
-terminals, which represent the most varied class of device incorporating such meshes.
+a broad spectrum of applications, our survey includes a large variety of card payment terminals, which represent the
+most varied class of device incorporating such meshes.
 
 \subsection{Specimen Selection}
 
 Given their niche applications and high cost, devices incorporating tamper sensing meshes tend to be hard to find. For
 this survey, we chose 30 total devices including 23 different models of card payment terminals, and 7 other devices.
-Some devices were procured by dumpster diving, while most were sourced from ebay. The majority of these were sold by
+Some devices were procured by intercepting electronic waste, while most were sourced from ebay in Februrary and March
-electronic waste recycling companies. A complete list of our specimens can be found in
+2025. The majority of these were sold by electronic waste recycling companies. A complete list of our specimens can be
-Table~\ref{tab_hsm_survey_sample_list}. External photos of each device are shown in
+found in Table~\ref{tab_hsm_survey_sample_list}. External photos of each device are shown in
 Figure~\ref{fig_hsm_survey_sample_pics} and internal photos are shown in
 Figure~\ref{fig_hsm_survey_sample_internal_pics}.  In the following sections, we will go into detail on the classes of
 devices we selected for this study.
@@ -353,12 +360,11 @@ skimming that aim to exfiltrate card data and PINs entered by the customer. The
 Council (PCI SSC), an association of all major western credit card network operators assumes the role of the de-facto
 standardization organization in the card payment space. Due to the international scale of the large credit card
 networks, almost all payment terminals on the market irrespective of their country of origin are certified under PCI SSC
-standards. Adding on to PCI's ecosystem impact, its security standards are thought out well and provide a higher level
+standards. Adding on to PCI's ecosystem impact, its security standards are thought out well.
-of security than one might expect from an industry association.
 
 One reason for the high level of physical security standards in card payment applications both on the client side
 (payment terminals) and on the server side (HSM appliances) is that the finance industry has been reluctant to adopt
-modern cryptography. Not only are modern cryptographic protocols like Secure Multiparty Computation (SMPC) or
+modern cryptography. Not only are modern cryptographic protocols like secure Multiparty Computation (MPC) or
 Zero-Knowledge Proofs (ZKPs) not commonly used. Even asymmetric cryptography has only been adopted reluctantly, and
 ancient ciphers such as Triple DES are still commonly referenced in industry
 standards~\cite{pcisecuritystandardscouncilPaymentCardIndustry2025}. As a result, increased hardware security is
@@ -373,19 +379,19 @@ terminals are cost-sensitive devices, which is reflected in the construction of
 When credit card payments are handled on the web as opposed to in a physical store, HSMs are used in data centers to
 handle plaintext payment data such as credit card numbers. Such HSM appliances are usually standalone rackmount devices
 and are used across application domains. Depending on the application, these HSMs can be programmed with custom code, or
-can be used as coprocessors through an API. In practice, the standalone appliances are just low-end computers in a
+can be used as coprocessors through an API~\cite{LunaNetworkHSM}. In practice, the standalone appliances are just
-rackmount enclosure that expose the API of an internal HSM add-in card to the network. In this survey, we obtained two
+low-end computers in a rackmount enclosure that expose the API of an internal HSM add-in card to the network. In this
-devices labelled as HSMs. We were only able to procure two such devices since they are expensive, and even used
+survey, we obtained two devices labelled as HSMs. We were only able to procure two such devices since they are
-specimens of older models are usually listed for several hundreds to several thousands of EUR. Unfortunately, one of the
+expensive, and we found that even used specimens of older models are usually listed for several hundreds to several
-devices we obtained did not contain any security meshes in its case, and thus would not provide adequate protection
+thousands of Euro. Unfortunately, one of the devices we obtained did not contain any security meshes in its case, and
-against advanced attacks. The other specimen we procured was a 2011 model Utimaco CryptoServer LAN. Our unit was a
+thus would not provide adequate protection against advanced attacks. The other specimen we procured was a 2011 model
-white-label variant procured by premium TV encryption technology provider Irdeto, presumably used in Germany to produce
+Utimaco CryptoServer LAN. Our unit was a white-label variant procured by premium TV encryption technology provider
-cryptographic key streams for TV signal encryption. We bought the device from a recycling company specialized on
+Irdeto, presumably used in Germany to produce cryptographic key streams for TV signal encryption. We bought the device
-datacenter components. The device was sold with any HDDs removed. The device consisted of an older mainboard for
+from a recycling company specialized on datacenter components. The device was sold with any HDDs removed. The device
-embedded applications containing an Intel Core 2 Duo-brand processor and 2 GiB of DDR2 RAM, which was connected to the
+consisted of an older mainboard for embedded applications containing an Intel Core 2 Duo-brand processor and 2 GiB of
-HSM add-in card through PCI. The device contained a small Lithium backup battery on the add-in card, and another, larger
+DDR2 RAM, which was connected to the HSM add-in card through PCI. The device contained a small Lithium backup battery on
-battery in an enclosure at the front of the device that was connected to the card through a cable. The device did not
+the add-in card, and another, larger battery in an enclosure at the front of the device that was connected to the card
-contain any obvious case intrusion sensors.
+through a cable. The device did not contain any obvious case intrusion sensors.
 
 \subsubsection{ATM Encrypting Pin Pads}
 
@@ -607,6 +613,7 @@ list, we will address several common structural features that we observed across
     \label{hsm_fig_materials}
 \end{figure}
 
+\todo{FIXME: Add scale / structure size to photos?}
 Regular Printed Circuit Boards are frequently used to implement tamper sensing meshes as shown in
 Figure~\ref{hsm_fig_materials_pcb_rigid}. PCB production is a highly advanced, large-scale industry and PCBs are
 inexpensive, commodity products. PCBs can be manufactured with many layers, at almost arbitrary total thickness, and
@@ -700,11 +707,11 @@ across the contact as shown in Figure~\ref{hsm_fig_connector_elastomeric}, but t
 soldering. Hand soldering increases unit cost over mechanized soldering techniques such as wave soldering or reflow
 soldering.
 
-FPCs are suitable for use with standard Zero Insertion Force (ZIF) FPC connectors as shown in
+FPCs are suitable for use with standard FPC connectors as shown in Figure~\ref{hsm_fig_connector_fpc}. These connectors
-Figure~\ref{hsm_fig_connector_fpc} that directly mate to a contact area, called \emph{gold fingers} in industry terms,
+mate directly to a contact area on the FPC, called \emph{gold fingers} in industry terms. Both FPCs and rigid PCBs can
-on the FPC. Both FPCs and rigid PCBs can be used with standard board-to-board stacking connectors such as the one
+be used with standard board-to-board stacking connectors such as the one visible in the center of
-visible in the center of Figure~\ref{hsm_fig_connector_stack}, but their use on FPCs requires a stiffener on the FPC's
+Figure~\ref{hsm_fig_connector_stack}, but their use on FPCs requires a stiffener on the FPC's back side to ensure the
-back side to ensure the solder joints don't break from mechanical stress when connecting or disconnecting.
+solder joints don't break from mechanical stress when connecting or disconnecting.
 
 In our survey, we frequently found elastomeric connectors used to connect to both flexible and rigid tamper sensing mesh
 assemblies. Elastomeric connectors such as the one shown in the center of Figure~\ref{hsm_fig_connector_elastomeric} are
@@ -802,7 +809,7 @@ Thermoforming is a cheap industry standard process, but applied to flexible circ
 only 2.5-dimensional structures can be created since the starting product is always a planar sheet. Second, the sheet
 cannot be cut or contain slots or large holes before forming since it needs to be kept under a constant tension from all
 sides to ensure it evenly stretches into the mold. Finally, the depth achievable in such a process is rather limited,
-with no sample in our survey exceeding \qty{2}{\milli\meter}\todo{Get proper number}. Higher depths would require
+with no sample in our survey exceeding \qty{2}{\milli\meter}.\todo{Get proper number} Higher depths would require
 extensive deformation of the mesh circuit's plastic substrate, which could lead to tears in the mesh traces since the
 particle-based conductive inks used for screen-printed electronics are inelastic. Among our samples, we saw two
 instances of thermoformed meshes. First, all recent Ingenico terminals (\sampleno{H06,H13,H23,H24}) integrated an ink
@@ -840,7 +847,7 @@ access by probes.
     \label{fig_ingenico_forming}
 \end{figure}
 
-specimen~\sampleno{H12}, shown in Figure~\ref{hsm_fig_3d_struct_vacuum_form}, displays one further design defect. The mesh
+Specimen~\sampleno{H12}, shown in Figure~\ref{hsm_fig_3d_struct_vacuum_form}, displays one further design defect. The mesh
 shown does not extend to the edges of the plastic cover it has been molded into. When this cover is placed on top of a
 PCB to protect components on the PCB from tampering, this leaves a large gap between the bottom edge of the mesh and the
 PCB surface, through which probes can be inserted to access either the payload circuit or the mesh monitoring circuitry.
@@ -928,15 +935,69 @@ terminal. While a similar result could also be achieved by milling a slot into t
 PCB, the economics of PCB manufacturing are such that it may be more cost-effective to bond two standard-thickness PCBs
 on top of one another instead.
 
-Figure~\ref{hsm_fig_3d_sandwich_lid} finally shows an advanced construction technique that uses a custom PCB with a
+Figure~\ref{hsm_fig_3d_sandwich_lid} shows an advanced construction technique that uses a custom PCB with a large indent
-large indent milled into its underside soldered on top of a base PCB to create a protected cavity on top of the base
+milled into its underside soldered on top of a base PCB to create a protected cavity on top of the base PCB. This PCB
-PCB. This PCB lid shows a complex internal structure. It is built up in a custom stackup with a total of six layers: A
+lid shows a complex internal structure. It is built up in a custom stackup with a total of six layers: A ground plane
-ground plane filling the top layer, then two orthogonal planar mesh layers covering the inside of the lid above the
+filling the top layer, then two orthogonal planar mesh layers covering the inside of the lid above the cavity. Below
-cavity. Below this standard mesh stackup are two that are used to create a via fence structure similar to that shown in
+this standard mesh stackup are two that are used to create a via fence structure similar to that shown in
 Figure~\ref{hsm_fig_3d_sandwich_via_fence} in an attempt to protect the sides around the central cavity. Below these two
 via fence layers, at the bottom of the PCB is one more layer containing the pads connecting it to the base PCB.
 
-\subsubsection{Tabular results}
+\subsubsection{CT Imaging}
+
+\begin{figure}
+    \centering
+    \begin{subfigure}[t]{0.45\textwidth}
+        \centering
+        \includegraphics[width=\linewidth]{mesh_contact_joint.pdf}
+        \caption{CT section cut with part of a mesh layer and the crimped metal mesh contacts visible.}
+        \label{hsm_fig_ingenico_potted_ct_cut}
+    \end{subfigure}
+    \quad
+    \begin{subfigure}[t]{0.45\textwidth}
+        \centering
+        \includegraphics[width=\linewidth]{mesh_geom.pdf}
+        \caption{CT 3D reconstruction of the mesh's trace geometry.}
+        \label{hsm_fig_ingenico_potted_ct_3d}
+    \end{subfigure}
+    \quad
+    \begin{subfigure}[t]{0.45\textwidth}
+        \centering
+        \includegraphics[width=\linewidth]{ingenico_hsm_module.jpg}
+        \caption{Photo of the HSM module seated on the payment terminal's main PCB.}
+        \label{hsm_fig_ingenico_potted_seated}
+    \end{subfigure}
+    \caption[Potted module CT images]{Optical photograph and CT pictures of a potted HSM module
+        (specimen~\sampleno{H18}).}
+    \label{hsm_fig_ingenico_potted}
+\end{figure}
+
+% FIXME put the CT people in the acknowledgements! Also the microwave people!
+Hardware manufacturers implementing security meshes often attempt to keep the meshes' layouts hidden as a way of
+security by obscurity. In practice, this can take the form of opaque potting compounds (cf.
+Figure~\ref{hsm_fig_ingenico_potted_seated}), opaque cover layers (cf. Figure~\ref{hsm_fig_materials_gold_lds}), and
+burying the mesh beneath other features such as PCB ground planes (cf. Figure~\ref{hsm_fig_3d_sandwich_lid}, e.g.\
+specimens~\sampleno{H03}, \sampleno{H17} and \sampleno{H32}). To circumvent such attempts, an obvious attack vector is
+to use radiographical imaging techniques such as X-ray or CT imaging. To evaluate CT imaging as an attack method, we
+experimentally imaged the potted HSM module of specimen~\sampleno{H18}, an Ingenico payment terminal, using an
+industrial CT. Figure~\ref{hsm_fig_ingenico_potted} shows the module we analyzed and two images exported from the
+resulting CT scan data. Figure~\ref{hsm_fig_ingenico_potted_ct_cut} shows a horizontal cut across part of the module. In
+this cut, we can clearly identify a mesh layer with multiple traces, four solid metal contacts crimped to the mesh foil,
+and two unused contact pads and mesh traces in the lower part of the picture. An attacker would be able to use this
+information to target the metal contacts with a tool like a needle probe. From the CT scan we were able to measure that
+the mesh of the device has a pitch of \qty{1.0}{\milli\meter}. Thus, even inserting a thin needle probe right through
+one of the mesh's traces should be possible without breaking the trace.
+
+Figure~\ref{hsm_fig_ingenico_potted_ct_3d} shows a 3D reconstruction of the mesh's conductor layout. While the
+reconstruction is slightly noisy due to the limited scan time available, it contains ample detail to reconstruct the
+mesh's layout and conductor count, and even to derive conductor dimensions in order to calculate resistance and other
+electronic parameters. The mesh's foil is wrapped around the circuit board forming a pillow shape, which is clearly
+reflected in the reconstructed 3D mesh geometry. This information could be used to guide a CNC milling machine to
+selectively ablate the device's potting precisely down to the mesh's conductors to enable direct patching attacks on the
+mesh.
+
+
+\subsubsection{Results summary}
 
 Below is a table representing which features discussed in the sections above we found in which of our samples. Overall,
 we commonly found a combination of a rigid PCB mesh in the specimen's main PCB and and flexible meshes formed into a lid
@@ -969,7 +1030,7 @@ reverse engineering.
 \newcolumntype{M}{>{\centering\arraybackslash}p{4mm}}
 \setlength{\tabcolsep}{0pt}
     \begin{tabular}{ll|MMMMM|MMMM|MMMMM|MMMMM|MMMMM|MMM|MM}
-        &&\multicolumn{29}{c}{\textbf{Mesh}}\\
+        &&\multicolumn{29}{c}{\textbf{Specimen}}\\
 \textbf{Feature} & \textbf{Figures} &
 1 & 2 & 3 & 4 & 5 & 6 & 8 & 9 & 10 & 11 & 12 & 13 & 14 & 15 & 16 & 17 & 18 & 19 & 20 & 21 & 22 & 23 & 24 & 25 & 27 & 28 & 30 & 31 & 32
         \\\hline
@@ -1135,64 +1196,12 @@ Integrated contact pads & \ref{hsm_fig_connector_fpc}
         &   &   &  \\                             % 30 - 32
 
     \end{tabular}
-    \caption{Feature matrix of all specimens analyzed.}
+    \caption[Feature matrix of all specimens analyzed.]{Feature matrix of all specimens analyzed. Dots indicate presence
+        of a feature. The figures column lists which figures above contain examples of a particular feature.}
     \label{tab_hsm_survey_sample_results}
 \end{table}
 \end{landscape}
 
-\subsubsection{CT Imaging}
-
-\begin{figure}
-    \centering
-    \begin{subfigure}[t]{0.45\textwidth}
-        \centering
-        \includegraphics[width=\linewidth]{mesh_contact_joint.pdf}
-        \caption{CT section cut with part of a mesh layer and the crimped metal mesh contacts visible.}
-        \label{hsm_fig_ingenico_potted_ct_cut}
-    \end{subfigure}
-    \quad
-    \begin{subfigure}[t]{0.45\textwidth}
-        \centering
-        \includegraphics[width=\linewidth]{mesh_geom.pdf}
-        \caption{CT 3D reconstruction of the mesh's trace geometry.}
-        \label{hsm_fig_ingenico_potted_ct_3d}
-    \end{subfigure}
-    \quad
-    \begin{subfigure}[t]{0.45\textwidth}
-        \centering
-        \includegraphics[width=\linewidth]{ingenico_hsm_module.jpg}
-        \caption{Photo of the HSM module seated on the payment terminal's main PCB.}
-        \label{hsm_fig_ingenico_potted_seated}
-    \end{subfigure}
-    \caption[Potted module CT images]{Optical photograph and CT pictures of a potted HSM module
-        (specimen~\sampleno{H18}).}
-    \label{hsm_fig_ingenico_potted}
-\end{figure}
-
-% FIXME put the CT people in the acknowledgements! Also the microwave people!
-Hardware manufacturers implementing security meshes often attempt to keep the meshes' layouts hidden as a way of
-security by obscurity. In practice, this can take the form of opaque potting compounds (cf.
-Figure~\ref{hsm_fig_ingenico_potted_seated}), opaque cover layers (cf. Figure~\ref{hsm_fig_materials_gold_lds}), and
-burying the mesh beneath other features such as PCB ground planes (cf. Figure~\ref{hsm_fig_3d_sandwich_lid}, e.g.\
-specimens~\sampleno{H03}, \sampleno{H17} and \sampleno{H32}). To circumvent such attempts, an obvious attack vector is
-to use radiographical imaging techniques such as X-ray or CT imaging. To evaluate CT imaging as an attack method, we
-experimentally imaged the potted HSM module of specimen~\sampleno{H18}, an Ingenico payment terminal, using an
-industrial CT. Figure~\ref{hsm_fig_ingenico_potted} shows the module we analyzed and two images exported from the
-resulting CT scan data. Figure~\ref{hsm_fig_ingenico_potted_ct_cut} shows a horizontal cut across part of the module. In
-this cut, we can clearly identify a mesh layer with multiple traces, four solid metal contacts crimped to the mesh foil,
-and two unused contact pads and mesh traces in the lower part of the picture. An attacker would be able to use this
-information to target the metal contacts with a tool like a needle probe. From the CT scan we were able to measure that
-the mesh of the device has a pitch of \qty{1.0}{\milli\meter}. Thus, even inserting a thin needle probe right through
-one of the mesh's traces should be possible without breaking the trace.
-
-Figure~\ref{hsm_fig_ingenico_potted_ct_3d} shows a 3D reconstruction of the mesh's conductor layout. While the
-reconstruction is slightly noisy due to the limited scan time available, it contains ample detail to reconstruct the
-mesh's layout and conductor count, and even to derive conductor dimensions in order to calculate resistance and other
-electronic parameters. The mesh's foil is wrapped around the circuit board forming a pillow shape, which is clearly
-reflected in the reconstructed 3D mesh geometry. This information could be used to guide a CNC milling machine to
-selectively ablate the device's potting precisely down to the mesh's conductors to enable direct patching attacks on the
-mesh.
-
 \section{Discussion}
 
 In our survey, we have seen the technological state of the art to which tamper-sensing meshes have evolved since the

chapter-hsms/pres-harris.tex

@@ -0,0 +1,493 @@
+\documentclass[aspectratio=169]{beamer}
+\usetheme{default}
+\usepackage[T1]{fontenc}
+\usepackage{textcomp}
+\usepackage{graphicx}
+\usepackage{subcaption}
+\usepackage{siunitx}
+\usepackage{booktabs}
+\usepackage{array}
+\usepackage{ragged2e}
+\usepackage{colortbl}
+\usepackage{pdflscape}
+\usepackage[percent]{overpic}
+\usepackage[backend=biber,style=numeric,sorting=none]{biblatex}
+\addbibresource{../main.bib}
+
+\graphicspath{{figures}}
+
+% Define custom commands if not already defined
+\newcommand{\surveypic}[2]{
+    \begingroup
+        \setlength{\fboxsep}{0.2mm}
+        \begin{overpic}[percent,height=10mm]{#2}
+            \put(100,85){\makebox[0pt][r]{\colorbox{white}{\footnotesize H#1}}}
+        \end{overpic}
+    \endgroup
+    }
+\newcommand{\sampleno}[1]{#1}
+
+\title{Tamper-Sensing Meshes in the Wild}
+\author{\textbf{Jan Sebastian Götte} \& Björn Scheuermann\\TU Darmstadt\\contact: \texttt{research@jaseg.de}}
+\date{2026-03-24}
+
+\begin{document}
+
+\begin{frame}
+\titlepage
+\end{frame}
+
+\begin{frame}{What is a Tamper Sensing Mesh?}
+\begin{itemize}
+\item Embedded looped conductor covering a surface
+\item Detects physical intrusion
+  \begin{itemize}
+    \item Drills, saws, lasers etc.
+  \end{itemize}
+\item Triggers some tamper response
+  \begin{itemize}
+    \item Deleting keys
+    \item Raising alarms
+    \item Explosions?
+  \end{itemize}
+\item Widely used in HSMs, payment terminals, ATMs, nuclear weapons
+\end{itemize}
+\end{frame}
+
+\begin{frame}{The History of Tamper-Sensing Meshes}
+\begin{itemize}
+\item \textbf{1870}: First patents using literal wire meshes to protect bank vaults~\cite{ImprovementProtectingSafes1870,ImprovementElectromagneticEnvelopes1870}
+\item \textbf{1902}: Multi-layer, orthogonal meshes documented~\cite{suttonElectricallyprotectedStructure1902}
+\item \textbf{1971}: Printed circuit technology adopted~\cite{hamPrintedcircuitTypeSecurity1971}
+\item \textbf{1990s}: Widespread commercial adoption with cryptographic applications
+\end{itemize}
+
+Other, hard to date examples: NSA use for protecting ciphering machines~\cite{boakHistoryUSCommunications1973,boakHistoryUSCommunications1981}, US use in nuclear weapons~\cite{carterManagingNuclearOperations1987}
+\end{frame}
+
+\begin{frame}{Commercial Applications Today}
+\begin{itemize}
+\item Datacenter HSMs (Key management, payment processing)
+\item Card Payment Terminals (PIN encryption)
+\item ATM Encrypting Pin Pads (PIN encryption)
+\item Key Safes for Emergency services access (Germany only?)
+\item Mail Franking Machines (credit counter)
+\item Slot Machines (likely for DRM)
+\end{itemize}
+\end{frame}
+
+
+\begin{frame}{Our Survey}
+\textbf{Sample Size}: 30 devices
+
+\textbf{Device Types}:
+\begin{itemize}
+    \item 23 Card payment terminals (Verifone, Ingenico, SumUp, etc.)
+    \item 3 ATM Encrypting Pin Pads (NCR, Sagem)
+    \item 2 HSM modules (SafeNet, Utimaco)
+    \item 1 Franking machine
+    \item 1 German slot machine CPU
+\end{itemize}
+\end{frame}
+
+\begin{frame}{Mesh Materials and Structure Sizes Observed}
+\begin{itemize}
+    \item \textbf{Rigid PCB (FR-4):} Photolithographic etching, \SIrange{100}{200}{\micro\meter}
+    \item \textbf{Polyimide/Copper FPC:} Photolithographic etching, \SIrange{100}{200}{\micro\meter}
+    \item \textbf{Silver ink FPC:} Screen printing, \SIrange{500}{3000}{\micro\meter}
+    \item \textbf{Carbon ink FPC:} Screen printing, \SIrange{500}{3000}{\micro\meter}
+    \item \textbf{Gold laser direct structuring:} Laser Direct Structuring, \SIrange{50}{200}{\micro\meter}
+    \item \textbf{IBM/Gore mesh:} Printed, \SIrange{200}{1500}{\micro\meter}
+\end{itemize}
+\end{frame}
+
+\begin{frame}{Survey Specimens - External Photos}
+\begin{figure}
+    \centering
+    \footnotesize
+    \begin{tabular}[c]{cccccc}
+        \surveypic{02}{survey_diag_S02.jpg}&
+        \surveypic{03}{survey_diag_S03.jpg}&
+        \surveypic{04}{survey_diag_S04.jpg}&
+        \surveypic{05}{survey_diag_S05.jpg}&
+        \surveypic{06}{survey_diag_S06.jpg}&
+        \surveypic{08}{survey_diag_S08.jpg}\\
+        \surveypic{09}{survey_diag_S09.jpg}&
+        \surveypic{10}{survey_diag_S10.jpg}&
+        \surveypic{11}{survey_diag_S11.jpg}&
+        \surveypic{12}{survey_diag_S12.jpg}&
+        \surveypic{13}{survey_diag_S13.jpg}&
+        \surveypic{14}{survey_diag_S14.jpg}\\
+        \surveypic{15}{survey_diag_S15.jpg}&
+        \surveypic{16}{survey_diag_S16.jpg}&
+        \surveypic{17}{survey_diag_S17.jpg}&
+        \surveypic{18}{survey_diag_S18.jpg}&
+        \surveypic{19}{survey_diag_S19.jpg}&
+        \surveypic{20}{survey_diag_S20.jpg}\\
+        \surveypic{21}{survey_diag_S21.jpg}&
+        \surveypic{22}{survey_diag_S22.jpg}&
+        \surveypic{23}{survey_diag_S23.jpg}&
+        \surveypic{24}{survey_diag_S24.jpg}&
+        \surveypic{25}{survey_diag_S25.jpg}&
+        \surveypic{27}{survey_diag_S27.jpg}\\
+        \surveypic{28}{survey_diag_S28.jpg}&
+        \surveypic{29}{survey_diag_S29.jpg}&
+        \surveypic{30}{survey_diag_S30.jpg}&
+        \surveypic{31}{survey_diag_S31.jpg}&
+        \surveypic{32}{survey_diag_S32.jpg}&
+        \\
+    \end{tabular}
+\end{figure}
+\end{frame}
+
+\begin{frame}{Survey Specimens - Internal Photos}
+\begin{figure}
+    \centering
+    \footnotesize
+    \begin{tabular}[c]{cccccc}
+        \surveypic{01}{survey_internal_09_S01.jpg}&
+        \surveypic{02}{survey_internal_20_S02.jpg}&
+        \surveypic{03}{survey_internal_11_S03.jpg}&
+        \surveypic{04}{survey_internal_03_S04.jpg}&
+        \surveypic{05}{survey_internal_10_S05.jpg}&
+        \surveypic{06}{survey_internal_08_S06.jpg}\\
+        \surveypic{08}{survey_internal_24_S08.jpg}&
+        \surveypic{09}{survey_internal_13_S09.jpg}&
+        \surveypic{10}{survey_internal_23_S10.jpg}&
+        \surveypic{11}{survey_internal_17_S11.jpg}&
+        \surveypic{12}{survey_internal_19_S12.jpg}&
+        \surveypic{13}{survey_internal_02_S13.jpg}\\
+        \surveypic{14}{survey_internal_00_S14.jpg}&
+        \surveypic{15}{survey_internal_04_S15.jpg}&
+        \surveypic{16}{survey_internal_05_S16.jpg}&
+        \surveypic{17}{survey_internal_22_S17.jpg}&
+        \surveypic{18}{survey_internal_21_S18.jpg}&
+        \surveypic{19}{survey_internal_26_S19.jpg}\\
+        \surveypic{20}{survey_internal_12_S20.jpg}&
+        \surveypic{21}{survey_internal_15_S21.jpg}&
+        \surveypic{22}{survey_internal_16_S22.jpg}&
+        \surveypic{23}{survey_internal_07_S23.jpg}&
+        \surveypic{24}{survey_internal_06_S24.jpg}&
+        \surveypic{25}{survey_internal_25_S25.jpg}\\
+        \surveypic{27}{survey_internal_18_S27.jpg}&
+        \surveypic{28}{survey_internal_14_S28.jpg}&
+        \surveypic{30}{survey_internal_29_S30.jpg}&
+        \surveypic{31}{survey_internal_27_S31.jpg}&
+        \surveypic{32}{survey_internal_28_S32.jpg}&
+        \\
+    \end{tabular}
+\end{figure}
+\end{frame}
+
+\begin{frame}{Mesh Trace Layouts}
+\begin{columns}[T]
+\begin{column}{0.5\textwidth}
+    \centering
+    \begin{overpic}[width=.45\textwidth]{hsm_mesh_offset.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries A}}
+    \end{overpic}
+    \hspace{1mm}
+    \begin{overpic}[width=.45\textwidth]{hsm_mesh_orthogonal.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries B}}
+    \end{overpic}
+
+    \vspace{5mm}
+
+    \begin{overpic}[width=.45\textwidth]{hsm_utimaco_mesh_gore.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries C}}
+    \end{overpic}
+    \hspace{1mm}
+    \begin{overpic}[width=.45\textwidth]{hsm_mesh_stack_epp.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries D}}
+    \end{overpic}
+\end{column}
+\begin{column}{0.45\textwidth}
+    \raggedright
+    \textbf{A:} Offset layers (H12)
+
+    \textbf{B:} Orthogonal patterns (H14)
+
+    \textbf{C:} Orthogonal + area pattern (H30)
+
+    \textbf{D:} Spaced layers (H28)
+\end{column}
+\end{columns}
+\end{frame}
+
+\begin{frame}{Mesh Materials and Manufacturing}
+\centering
+\begin{tabular}{lll}
+    \begin{overpic}[width=.22\textwidth]{trace_material_copper_pcb.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries A}}
+    \end{overpic}
+    &
+    \begin{overpic}[width=.22\textwidth]{trace_material_copper_flex.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries B}}
+    \end{overpic}
+    &
+    \begin{overpic}[width=.22\textwidth]{trace_material_silver.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries C}}
+    \end{overpic}
+    \\[3mm]
+    \begin{overpic}[width=.22\textwidth]{trace_material_contact_gold_lds.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries D}}
+    \end{overpic}
+    &
+    \begin{overpic}[width=.22\textwidth]{trace_material_carbon.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries E}}
+    \end{overpic}
+    &
+    \begin{tabular}[b]{@{}l@{}}
+        \textbf{A:} Rigid PCB (H10) \\
+        \textbf{B:} Flexible PCB (H15) \\
+        \textbf{C:} Silver ink (H14) \\
+        \textbf{D:} Laser Direct Structuring (H32) \\
+        \textbf{E:} Carbon ink (H30)
+    \end{tabular}
+\end{tabular}
+\end{frame}
+
+\begin{frame}{Mesh Connection Methods}
+\centering
+\begin{tabular}{ccc}
+    \begin{overpic}[width=.20\textwidth]{connector_castellated_edge.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries A}}
+    \end{overpic}
+    &
+    \begin{overpic}[width=.20\textwidth]{connector_elastomeric.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries B}}
+    \end{overpic}
+    &
+    \begin{overpic}[width=.20\textwidth]{connector_rf_gasket.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries C}}
+    \end{overpic}
+    \\[2mm]
+    \begin{overpic}[width=.20\textwidth]{connector_zif_fpc_2.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries D}}
+    \end{overpic}
+    &
+    \begin{overpic}[width=.20\textwidth]{connector_stacking.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries E}}
+    \end{overpic}
+    &
+    \begin{overpic}[width=.20\textwidth]{connector_metal_dome.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries F}}
+    \end{overpic}
+\end{tabular}
+
+\vspace{3mm}
+
+\small
+\textbf{A:} Direct soldering (H05) \quad
+\textbf{B:} Elastomeric connector (H31) \quad
+\textbf{C:} EMI gasket (H14) \\
+\textbf{D:} FPC connector (H20) \quad
+\textbf{E:} Stacking connector (H17) \quad
+\textbf{F:} Tactile dome (H06)
+\end{frame}
+
+\begin{frame}{3D Mesh Construction Styles}
+\centering
+\begin{tabular}{lll}
+    \begin{overpic}[width=.22\textwidth]{hsm_3d_style_fold_overlap.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries A}}
+    \end{overpic}
+    &
+    \begin{overpic}[width=.22\textwidth]{hsm_3d_style_fold_no_overlap.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries B}}
+    \end{overpic}
+    &
+    \begin{overpic}[width=.22\textwidth]{3d_construction_lds_top.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries C}}
+    \end{overpic}
+    \\[3mm]
+    \begin{overpic}[width=.22\textwidth]{hsm_3d_style_vacform.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries D}}
+    \end{overpic}
+    &
+    \begin{overpic}[width=.22\textwidth]{3d_construction_cards_standalone.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries E}}
+    \end{overpic}
+    &
+    \begin{tabular}[b]{@{}l@{}}
+        \textbf{A:} Folded with overlap (H03) \\
+        \textbf{B:} Folded without overlap (H14) \\
+        \textbf{C:} Laser Direct Structuring (H32) \\
+        \textbf{D:} Thermoformed (H12) \\
+        \textbf{E:} House-of-Cards (H08)
+    \end{tabular}
+\end{tabular}
+\end{frame}
+
+\begin{frame}{Thermoforming Example}
+\begin{columns}[T]
+\begin{column}{0.48\textwidth}
+    \centering
+    \includegraphics[width=.6\textwidth]{survey_formed_mesh_before.jpg}\\
+    \small Before removing lacquer
+\end{column}
+\begin{column}{0.48\textwidth}
+    \centering
+    \includegraphics[width=.6\textwidth]{survey_formed_mesh_after.jpg}\\
+    \small After removing lacquer
+\end{column}
+\end{columns}
+\vspace{3mm}
+\centering
+\small Formed cavities in printed foil mesh specimen H24
+\end{frame}
+
+\begin{frame}{Sandwich-Style Construction}
+\begin{columns}[T]
+\begin{column}{0.5\textwidth}
+    \centering
+    \begin{overpic}[width=.45\textwidth]{3d_construction_offset_mesh_delayered_contrast_improved.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries A}}
+    \end{overpic}
+    \hspace{1mm}
+    \begin{overpic}[width=.45\textwidth]{3d_construction_via_stitch_mesh_delayer_2.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries B}}
+    \end{overpic}
+
+    \vspace{3mm}
+
+    \begin{overpic}[width=.45\textwidth]{3d_construction_planar_stack.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries C}}
+    \end{overpic}
+    \hspace{1mm}
+    \begin{overpic}[width=.45\textwidth]{3d_construction_cavity_2.jpg}
+        \put(5,92){\colorbox{white}{\footnotesize\bfseries D}}
+    \end{overpic}
+\end{column}
+\begin{column}{0.45\textwidth}
+    \raggedright
+    \textbf{A:} Obstacle mesh coupons (H17)
+
+    \textbf{B:} Via-fence meshes (H24)
+
+    \textbf{C:} Planar sandwich stack (H24)
+
+    \textbf{D:} PCB lid with cavity (H14)
+\end{column}
+\end{columns}
+\end{frame}
+
+\begin{frame}{Security Issues Observed}
+\begin{itemize}
+    \item Incomplete mesh coverage
+    \item Meshes not overlapping at edges leaving gaps for probe insertion
+    \item Gaps at mesh-PCB interfaces
+    \item Thermoformed cavities with enlarged structure size at corners
+    \item In one case, an opaque lacquer was easily removed with acetone (without damaging the mesh!)
+    \item Trace patterns visible through cover layers due to surface unevenness
+\end{itemize}
+\end{frame}
+
+\begin{frame}{Design Recommendations (1/2)}
+    \begin{itemize}
+        \item Commodity PCB manufacturing process design rules in the \SIrange{100}{200}{\micro\meter} range are better than the state of the art in mesh structure size
+        \item Avoid ink printing processes or thermoforming because of their large structure size
+        \item Carefully think about your literal corner cases (and edges)!
+        \begin{itemize}
+            \item Overlap meshes where possible.
+        \end{itemize}
+        \item Use potting and cover layers, but verify that they work
+        \begin{itemize}
+            \item Check that you \emph{actually} can't see what's below
+            \item Test their chemical resistance (and that of your mesh)
+        \end{itemize}
+    \end{itemize}
+\end{frame}
+
+\begin{frame}{Design Recommendations (2/2)}
+    \begin{itemize}
+        \item Mixing tough potting or enclosure materials and fragile mesh materials makes life harder for an attacker
+        \begin{itemize}
+            \item Consider using steel instead of plastic (also helps against X-ray inspection!)
+            \item Use thin substrates and thin conductive layers for the mesh
+            \item Balance adhesion so removing potting / cover layers tears away traces below
+        \end{itemize}
+        \item Overlap mesh layers at a 50\% structure size offset
+        \item Space (some) mesh layers apart in Z direction to constrain attack tools
+        \item Use a pressure-sensitive connection method like tactile domes or elastomeric conncetors
+    \end{itemize}
+\end{frame}
+
+\begin{frame}
+\centering
+\Huge Thank you!
+
+\vspace{1cm}
+
+\Large Questions?
+
+\texttt{research@jaseg.de}
+\end{frame}
+
+\begin{frame}
+\centering
+Long-form version of this presentation in my thesis (pre-release, to be published this summer):
+
+\url{https://jaseg.de/thesis-final-web.pdf}
+
+\includegraphics{thesis_qr.png}
+\end{frame}
+
+\begin{frame}{Specimen List (1/2)}
+\footnotesize
+\begin{tabular}{c>{\RaggedRight\arraybackslash}p{25mm}>{\RaggedRight\arraybackslash}p{35mm}ll}
+\toprule
+\textbf{ID} & \textbf{Device} & \textbf{Manufacturer} &  \textbf{Type} & \textbf{Year} \\
+\midrule
+H01 & PED & Verifone & VX 570 & ca. 2010 \\
+H02 & Slot machine & Merkur / ADP & Sam 12 EC2 & ca. 2012 \\
+H03 & EPP & Sagem & USA1315-4240 & 2014 \\
+H04 & EPP & Sagem & USA1316-5120 & 2007 \\
+H05 & PED & Xac & xAPT-103 & 2014 \\
+H06 & PED & Ingenico & iCT250-11T1860A & 2016-17 \\
+H08 & PED & Sagem & NOR4100-4220 & 2012 \\
+H09 & PED & Hypercom & M4230 & 2010 \\
+H10 & PED & Worldline & YOMANI XR & 2016 \\
+H11 & PED & Banksys & C-ZAM Smash & 2004 \\
+H12 & PED & Hypercom & Optimum P2100 & 2010 \\
+H13 & PED & Ingenico & iCT 220-11T2938A & 2016 \\
+H14 & PED & Verifone & H5000 & 2016 \\
+H15 & PED & Verifone & MX 925 & 2018 \\
+H16 & PED & Verifone & V200c CTLS & 2021 \\
+H17 & PED & Verifone & VX 680 & 2014 \\
+\bottomrule
+\end{tabular}
+\end{frame}
+
+\begin{frame}{Specimen List (2/2)}
+\footnotesize
+\begin{tabular}{c>{\RaggedRight\arraybackslash}p{25mm}>{\RaggedRight\arraybackslash}p{35mm}ll}
+\toprule
+\textbf{ID} & \textbf{Device} & \textbf{Manufacturer} &  \textbf{Type} & \textbf{Year} \\
+\midrule
+H18 & PED & Ingenico & i7910 & 2010 \\
+H19 & PED & Banksys & XENTA & 2004-2011 \\
+H20 & PED & Verifone & VX 520 3G & 2017 \\
+H21 & PED & Verifone & V400m Plus 4G & 2018 \\
+H22 & PED & Ingenico & Move 3500 & 2020 \\
+H23 & PED & Ingenico & iPP 350-11T1718A & 2015 \\
+H24 & PED & Ingenico & iWL255-01T2117A & 2016 \\
+H25 & Franking Mach. & Neopost & IJ-25 & ca. 2001 \\
+H27 & PED & Sumup & AIR1E205 & 2021 \\
+H28 & EPP & NCR & 5814 UEPP & 2019 \\
+H29 & HSM & SafeNet & VBD-05 & 2018 \\
+H30 & HSM & Irdeto & Mayflower & 2011 \\
+H31 & PED & SumUp & SumUp 3G & 2019 \\
+H32 & PED & SumUp & SumUp Air & 2022 \\
+\bottomrule
+\end{tabular}
+\vspace{3mm}
+
+\tiny PED: Pin Entry Device; EPP: Encrypting Pin Pad; HSM: Hardware Security Module
+\end{frame}
+
+\begin{frame}[allowframebreaks]{References}
+\printbibliography[heading=none]
+\end{frame}
+
+\end{document}

chapter-ihsm/chapter.tex

@@ -16,8 +16,8 @@
 
 \section{Introduction}
 
-\sourceattrib{This part is adapted from a paper written by me and presented by me at CHES
+\sourceattrib{This part is adapted from a paper written by Jan Sebastian Götte and Prof.\ Dr.\ Björn Scheuermann and
-2022~\cite{gotteCantTouchThis2022}.}
+presented by Jan Sebastian Götte at CHES 2022~\cite{gotteCantTouchThis2022}.}
 While information security technology has matured a great deal in the last half-century, physical security did not keep
 up with the pace of the remainder of this industry. Given the right skills, physical access to a computer still often
 allows full compromise. The physical security of modern server hardware hinges on what lock you put on the room it is
@@ -74,8 +74,7 @@ This chapter contains the following contributions:
     \label{prototype_picture}
 \end{figure}
 
-In Section~\ref{sec_related_work}, we will give an overview of the state of the art in HSM physical security. On this
+In Section~\ref{sec_ihsm_construction} we will elaborate the principles of our Inertial HSM approach. We will
-basis, in Section~\ref{sec_ihsm_construction} we will elaborate the principles of our Inertial HSM approach. We will
 analyze its weaknesses in Section~\ref{sec_attacks}. Based on these results we have built a proof-of-concept hardware
 prototype. In Section~\ref{sec_proto} we will elaborate on the design of this prototype. In Section~\ref{sec_accel_meas}
 we present our characterization of an automotive MEMS accelerometer IC as a rotation sensor in this proof-of-concept
@@ -86,12 +85,9 @@ prototype. We conclude this chapter with a general evaluation of our design in S
 % summaries of research papers on HSMs.  I have not found any actual prior art on anything involving mechanical motion
 % beyond ultrasound.
 
-In this section, we will briefly explore the history of HSMs and the state of academic research on active tamper
+As we elaborated in Chapter~\ref{chapter-survey}, HSMs are an old technology that traces back decades in its electronic
-detection.
+realization. Today's common approach of monitoring meandering electrical traces on a fragile foil that is wrapped around
-
+the HSM essentially transforms the security problem into the challenge to
-HSMs are an old technology that traces back decades in its electronic realization, initially being conceived by the US
-NSA during the second world war~\cite{boak1973}. Today's common approach of monitoring meandering electrical traces on a
-fragile foil that is wrapped around the HSM essentially transforms the security problem into the challenge to
 manufacture very fine electrical traces on a flexible foil~\cite{isaacs2013, immler2019,
 andersonSecurityEngineeringGuide2020}.  There has been some research on monitoring the HSM's interior using e.g.\
 electromagnetic radiation~\cite{tobisch2020, kreft2012} or ultrasound~\cite{vrijaldenhoven2004} but none of this
@@ -102,22 +98,6 @@ difference is that an HSM continuously monitors itself whereas a physical seal o
 requires someone to examine it. This examination can be done by eye in the field, but it can also be carried out in a
 laboratory using complex equipment.  An HSM in principle has to have this examination equipment built-in.
 
-Physical seals are used in a wide variety of applications. The most interesting ones from a research point of view that
-are recorded in public literature are those used for the monitoring of nuclear material under the International Atomic
-Energy Authority (IAEA). Most of these seals use the same approach that is used in Physically Unclonable Functions
-(PUFs), though their development predates that of PUFs by several decades.  The seal is created in a way that
-intentionally causes large, random device-to-device variations. These variations are precisely recorded at deployment.
-At the end of the seal's lifetime, the seal is returned to a lab and closely examined to check for any deviations from
-the seal's prior recorded state. The type of variation used in these seals includes random scratches in metal parts and
-random blobs of solder (IAEA metal cap seal), randomly cut optical fibers (COBRA seal), the uncontrollably random
-distribution of glitter particles in a polymer matrix (COBRA seal prototypes) as well as the precise three-dimensional
-surface structure of metal parts at microscopic scales (LMCV)~\cite{iaea2011}.
-
-The IAEA's equipment portfolio does include electronic seals such as the EOSS. These devices are intended for remote
-reading, similar to an HSM. They are constructed from two components: A cable that is surveilled for tampering, and a
-monitoring device. The monitoring device itself is in effect an HSM and uses a security mesh foil like it is used in
-commercial HSMs. 
-
 The self-destruct built into an HSM serves as a strong tamper deterrent.  For illustration, compare an HSM to a computer
 inside a locked safe when opposing a well-funded attacker with plenty of time.  In~\cite{boak1973}, Boak asserts that
 absent an HSM's capability to self-destruct, the best safes can only withstand brute force attacks by an expert for
@@ -261,9 +241,9 @@ security barrier.  In industry, mesh membranes are commonly used for tamper dete
 systems for a variety of use cases ranging from low-security payment processing to high-security certificate management.
 From this, we can conclude that a properly implemented mesh \emph{can} provide a practical level of security.  In
 contrast to this industry focus, academic research has largely focused on ways to fabricate enclosures that embed
-characteristics of a Physically Unclonable Function as a means of tamper detection~\cite{tobisch2020,immler2019}. By
+characteristics of a PUF as a means of tamper detection~\cite{tobisch2020,immler2019}. By using stochastic properties of
-using stochastic properties of the enclosure material to form a PUF, such academic designs leverage signal processing
+the enclosure material to form a PUF, such academic designs leverage signal processing techniques to improve the
-techniques to improve the system's security level by a significant margin.
+system's security level by a significant margin.
 
 In our research, we focus on security meshes as our IHSM's tamper sensors.  The cost of advanced manufacturing
 techniques and special materials used in fine commercial meshes poses an obstacle to small-scale manufacturing and
@@ -343,12 +323,16 @@ shaft penetrates the mesh to simplify mechanical construction.
 The spinning mesh must be designed to cover the entire surface of the payload, but it suffices if it sweeps over every
 part of the payload once per rotation. This means we can design longitudinal gaps into the mesh that allow outside air
 to flow through to the payload.  In traditional boundary-sensing HSMs, cooling of the payload processor is a serious
-issue since any air duct or heat pipe would have to penetrate the HSM's security boundary. This problem can only be
+issue since any air duct or heat pipe would have to penetrate the HSM's security boundary~\cite{
-solved with complex and costly siphon-style constructions, so in commercial systems, heat conduction is used
+    petriePartIITechnical,
-exclusively~\cite{isaacs2013}. This limits the maximum power dissipation of the payload and thus its processing power.
+    curetHardwareSecurityModule2025,
-Using longitudinal gaps in the mesh, our setup allows direct air cooling of regular heatsinks. This unlocks much more
+    zhangTamperrespondentAssembliesPorous2023,
-powerful processing capabilities that greatly increase the maximum possible power dissipation of the payload.  In an
+    dragoneVentedTamperrespondentAssemblies2020}.
-evolution of our design, the spinning mesh could even be designed to \emph{be} a cooling fan.
+This problem can only be solved with complex and costly siphon-style constructions, so in commercial systems, heat
+conduction is used exclusively~\cite{isaacs2013}. This limits the maximum power dissipation of the payload and thus its
+processing power. Using longitudinal gaps in the mesh, our setup allows direct air cooling of regular heatsinks. This
+unlocks much more powerful processing capabilities that greatly increase the maximum possible power dissipation of the
+payload.  In an evolution of our design, the spinning mesh could even be designed to \emph{be} a cooling fan.
 
 Conventional HSMs are limited by the construction of their security meshes which rely on plastics as their main
 structural material. The security mesh has to fit the highest components inside the HSM. Since creating a security mesh
@@ -581,7 +565,8 @@ acceleration is $a=\omega^2 r$. In our example, this results in a minimum angula
 \frac{1}{2\pi}\sqrt{\frac{a}{r}} = \frac{1}{2\pi}\sqrt{\frac{\SI{1000}{\meter\per\second^2}}{\SI{100}{\milli\meter}}}
 \approx \SI{16}{\hertz} \approx \SI{1000}{rpm}$. From this, we can conclude that even at moderate speeds of
 $\SI{1000}{rpm}$ and above, a manual attack is no longer possible and any attack would have to be carried out using some
-kind of mechanical tool.
+kind of mechanical tool. Literature supports this conclusion, with loss of orientation reported as early as at
+\SI{70}{rpm} in an observer located on the axis of rotation~\cite{fowlerInvestigationFlowProcesses1966}.
 
 \begin{figure}
     \center
@@ -976,7 +961,7 @@ the fly, without stopping the rotor.
 \section{Conclusion}
 \label{sec_conclusion} 
 
-In this chapter, we introduced Inertial Hardware Security Modules (IHSMs), a novel concept for the construction of
+In this chapter, we introduce Inertial Hardware Security Modules (IHSMs), a novel concept for the construction of
 advanced hardware security modules from simple components.  We analyzed the concept for its security properties and
 highlighted its ability to significantly strengthen otherwise weak tamper detection barriers.  We validated our design
 by creating a proof-of-concept hardware prototype. In this prototype, we have demonstrated practical solutions to the
@@ -1001,5 +986,6 @@ Chapter~\ref{chapter_sampling_mesh_mon}, we will introduce a low-cost tamper sen
 Time Domain Reflectometry. Using this approach, we can further strengthen the security of meshes created using simple
 manufacturing processes in an IHSM. In Chapter~\ref{chapter-nice-coils}, we approach the question of a
 rotation-invariant wireless inductive power supply for an IHSM and provide a planar inductor layout that minimizes
-voltage ripple with IHSM rotation.
+voltage ripple with IHSM rotation. In Chapters~\ref{chapter-qkd} and \ref{chapter-smpc}, we will analyze two use cases
+benefitting from IHSMs and tailor the IHSM concept to their requirements.
 

chapter-introduction/chapter.tex

@@ -8,49 +8,12 @@
 \chaptertitle{Introduction}
 \label{chapter-intro}
 
-% New draft:
-%
-% Passionate statement about democracy and academic freedom
-% 
-% We live in times of rising fascist and authoritarian sentiment worldwide. While computer science and cryptography are
-% often portrayed as politically neutral technologies, their practice is a political act and can have grave real-world
-% consequences.
-% maybe: Within mathematics and computer science, the field of cryptography is unique in that it smainstream views
-% link to cypherpunks, hackers
-% Hardware Security Modules (HSMs) are an example of such a political technology. The core function of HSMs is to
-% protect cryptographic secrets against \emph{any} physical attack. Even though they are widely used in finance and
-% business applications, in their design, they curiously embody the radical idiology of the cypherpunk and hacker
-% movements.
-%
-% We believe physically secure devices like HSMs can be a keystone technology in the creation of secure systems for
-% communication and computation in a free, democratic society. However, while current state-of-the art commercial
-% devices can be expected to resist a fascist police force or even some authoritarian states' secret services, their
-% physical security is still lacking due to misaligned ecosystem incentices. As Anderson put it,
-% todo cite: betrusted
-% 
-%
-% Meanwhile in academia, 
-% In this thesis, we aim to significantly advance the field of hardware security module construction. We publish all
-% designs, code and data as open source to create the groundwork for future research, and sow the seeds for a new
-% generation of secure hardware that will be able to resist a rising tide of fascist and authoritarian movements.
-%
-% 
-% 
-% Research questions:
-% 1. can hsm w/o proprietary mesh?
-% 2. how do meshes look like in practice?
-% 3. can we improve monitoring?
-% 4. can we solve power transfer issue 
-% 5. applications
-%
-
 \emph{No Gods, No Masters} is an anarchist slogan originating in the 19\textsuperscript{th} century that expresses a
-rejection of authorities~\cite{broussaisOriginesDeviseAnarchiste2022,guerinNoGodsNo2005,blomNoGodsNo2025}. In modern
+rejection of authorities~\cite{broussaisOriginesDeviseAnarchiste2022,guerinNoGodsNo2005,blomNoGodsNo2025}. Despite its
-cryptography, it is generally seen as best practice to have the least amount of parties possible involved in any
+origin in a different era, it encapsulates an approach that is commonly followed in modern cryptography. In
-computation.
+cryptography, it is considered best practice to have the least amount of parties possible involved in any computation.
-Most cryptographic problems are easily solved by involving a trusted third party (TTP).
+Most cryptographic problems are easily solved by involving a trusted third party (TTP). Yet, cryptographers have time
-Yet, cryptographers have time and again vocally rejected attempts to involve third parties in cryptographic
+and again vocally rejected attempts to involve third parties in cryptographic protocols~\cite{
-protocols~\cite{
     abelsonRisksKeyRecovery1997,
     abelsonKeysDoormats2015,
     andersonSecurityEngineeringGuide2020,
@@ -72,8 +35,8 @@ and even general computation~\cite{
     aumannSecurityCovertAdversaries2010,
     chorPrivateInformationRetrieval}
 in a decentralized way that avoids trusted authorities.
-While politically, this blanket rejection of authority represents a fringe viewpoint, in cryptography it has a long
+While politically, the anarchist blanket rejection of authority represents a fringe viewpoint, in cryptography it has a
-tradition originating with the Cypherpunk and Hacker movements~\cite{
+long tradition originating with the Cypherpunk and Hacker movements~\cite{
     andersonCypherpunkEthicsRadical2022,
     hughesCypherpunksManifesto,
     jarvisCryptoWarsFight2020,
@@ -86,7 +49,9 @@ systems are still routinely compromised~\cite{
     goldmanUnrestrainedChineseCyberattackers2025,
     scott-railtonWhoseAuthorityPegasus2024,
     quintinSomethingRememberUs2024,
-    marczakGraphiteCaughtFirst2025}.
+    marczakGraphiteCaughtFirst2025,
+    PredatorFilesTechnical2023,
+    PakistanMassSurveillance2025}.
 A fundamental flaw of any practical cryptographic system is that secure algorithms have to run on hardware, and even
 today, average computing hardware provides little physical security~\cite{
     gotzfriedCacheAttacksIntel2017,
@@ -95,11 +60,11 @@ today, average computing hardware provides little physical security~\cite{
     moghimiTPMFAILTPMMeets2020}.
 \emph{Hardware Security Modules} are a class of devices specifically designed to execute cryptographic algorithms while
 providing strict physical security guarantees, but these systems are expensive,
-and their physical security is often questionable (cf.~Chapter~\ref{chapter-survey})~\cite{
+and their physical security is often questionable~\cite{
     obermaier2018,
-    andersonSecurityEngineeringGuide2020}.
+    andersonSecurityEngineeringGuide2020},
-As \textcite{andersonSecurityEngineeringGuide2020} writes on HSMs and their security standards:
+which we will elaborate further in Chapter~\ref{chapter-survey}. \textcite{andersonSecurityEngineeringGuide2020} writes
-% FIXME page numbers
+on HSM security:
 
 \begin{quote}
     Security economics remains a big soft spot, with security chips being in many ways a market for lemons. A banker
@@ -110,7 +75,6 @@ As \textcite{andersonSecurityEngineeringGuide2020} writes on HSMs and their secu
     understand that level 3 can sometimes be defeated with a Swiss army knife. The buying incentive there is compliance,
     and where real security clashes with operations it’s not surprising to see weaker standards designed to make
     compliance easier.
-
     \begin{flushright}
         \textit{\textcite{andersonSecurityEngineeringGuide2020} p. 629}
     \end{flushright}
@@ -128,74 +92,101 @@ cryptographic engineering is Kerckhoffs' principle\footnote{
     as well as a translation of the cited part from French. The original source is
     \textcite{kerckhoffsCryptographieMilitaire1883}.
 }, named after Dutch military cryptographer Auguste Kerckhoffs. Kerckhoffs' principle expresses that the security of a
-cryptographic system should only depend on the secrecy of its keys, not on the secrecy of its design. In this way,
+cryptographic system should only depend on the secrecy of its keys, not on the secrecy of its design. Existing
-Kerckhoff's principle states the opposite of the widespread industry practice of \emph{Security by Obscurity}, which
+commercial designs routinely contravene Kerckhoff's principle by applying the widespread industry practice of
-aims to achieve security by making it sufficiently costly to cryptoanalyze a system that the attempt becomes
+\emph{Security by Obscurity}. Even in academic related work, the principle is sometimes violated by omitting
-unattractive. All existing commercial HSM designs as well as some existing academic related work violate this principle
+implementation and methodological details in the interest of patents and commercial exploitation. By publishing all
-by keeping details of their implementation such as the precise mesh dimensions and manufacturing methods secret. By
+details of our research into HSMs and their components, we provide the foundation for future independent research.
-publishing all details of our research into HSMs and their components, we provide the foundation for future independent
-research.
 
-Complementary to Kerckhoff's principle is the principle of least authority, which describes that in a secure system each
+Beyond applying Kerckhoffs' principle, publishing our design also enables independent replication. Our design is
-component should only have access to the smallest set of capabilities necessary to fulfill its purpose. Applying both to
+based entirely on standard components and does not require bespoke manufacturing processes. Both commercial and academic
-a cryptographic system means that the system's design should be transparent and not include any hidden components or
+existing HSM tamper sensing designs require bespoke manufacturing methods or custom integrated circuits
-opaque parts that cannot be inspected, and that the system's keys should be scoped to place the least amount of trust
+(ICs)~\cite{
-possible in each participating party. Existing HSMs are an example of a violation of the principle of least authority
+    obermaierPUFfilmMethodProducing2023,
-since they elevate the HSM manufacturer to a single point of failure. The tamper sensing mesh foils used in conventional
+    immler2019,
-HSMs are made in proprietary, bespoke processes, and cannot be manufactured independently. Our proposed design can be
+    garbTamperSensitiveDesignPUFBased,
-replicated from standard components and eliminates this issue.
+    immlerBTREPIDBatterylessTamperresistant2018}. Custom ICs require a large up-front financial commitment to produce.
+Bespoke manufacturing methods may require custom machines, training, and specialty materials, also incurring a high
+startup cost. This creates a single point of failure in the manufacturer, and opens up an opportunity for a hardware
+supply-chain attack~\cite{harrisonSoKSecurityArchitects2025}. Such supply chain attacks can be mitigated by
+independently manufacturing our design.
 
-\section{Research Questions and Contributions}
+%%%
+\section{A Note on Hardware Security Module Terminology}
 
-Based on the current state of the field of hardware security, we deduce three overarching research questions for this
+In this thesis, we use the term \emph{Hardware Security Module (HSM)} to refer to a security device that has the
-thesis that progress from theory to practical deployment.
+following three properties.
 
 \begin{enumerate}
-    \item Can we achieve physical security without relying on conventional tamper-sensing meshes?
+\item A HSM targets the prevention of any conceivable physical attack. In particular, this includes intrusion attempts
-    \item Can we monitor tamper-sensing meshes at a higher detail level than the state of the art of a single, scalar
+        such as careful drilling or cutting into the device from any direction.
-        measurement?
+\item A HSM includes tamper sensors that when triggered result in an active tamper response, usually deleting all
-    \item Can we create the support components necessary to integrate a system that provides a practical security
+        cryptographic secrets and rendering the device inoperable.
-        guarantee?
+\item A HSM's tamper sensing and response subsystem is continuously powered from a backup power supply, usually a
+        battery. Loss of power triggers the tamper response.
 \end{enumerate}
 
-To answer our first research question, we propose the Inertial Hardware Security Module (IHSM), a new type of HSM that
+This use of the term \emph{HSM} aligns with common usage of the term both in the academic literature and in everyday
-extends the high level of protection offered by the modern cryptographic software stack down to the hardware level,
+conversation. Particularly the requirement of active tamper detection and response is crucial to distinguish a HSM from
-enabling secure computation in insecure places.
+simpler devices such as TPMs, smart cards or secure enclaves in SoCs. Note that our use of the term HSM is slightly
+different from its use in government standards, from its use in the PCI SSC (Payment Card Industry Security Standards
+Council) standards, and from its industry use.
 
-To answer our second question, we propose improvements to the state of the art in HSM tamper sensors such as the use of
+In industry, the term HSM is often used for solutions that are only logically segregated and that do not include any
-low-cost, embeddable Time-Domain Reflectometry (TDR) that not only improve the security of IHSMs, but that can even be
+particular defense against hardware attacks. Our conjecture is that this is a consequence of the standardization
-applied to conventional HSMs.
+landscape, where for applications outside of card payment processing the US FIPS
+140-22~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2002} standard was central to
+the industry. Despite encompassing both devices that include active tamper detection and response, FIPS 140-2 did not
+draw a distinction in its terminology between the two classes.
 
-Finally, we answer our last research question by showing in two case studies how an end-to-end design of an IHSM-secured
+\subsection{Use in government standards}
-data processing system could look like. Both case studies concern scenarios that IHSMs unlock that were previously
-infeasible using conventional HSMs: Datacenter-scale Secure Multiparty Computation (SMPC) and long-range Quantum Key
-Distribution (QKD) networks. As part of this effort we provide a solution adapting and improving upon the state of the
-art in wireless power transfer to supply a rotating inertial HSM with a clean, stable power supply.
 
-We chose to publish all of our research as open source and unencumbered by patents to enable widespread adoption. IHSMs
+Under the still widely used US national standard FIPS 140 in in its 2002 version
-can be custom built with only basic manufacturing capabilities at small scale and enable the deployment of secure
+2~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2002}, a HSM would be called a
-computation in insecure places even to small organizations such as university research departments, NGOs and small
+\emph{Multiple-Chip Cryptographic Module} that conforms to the standard's \emph{Security Level} 4 out of 4. Interesting
-businesses.
+to note are that only level 4 requires any active tamper detection and response, so devices compliant only up to levels
+3 and below do not align with our HSM definition. Futher of note is that according to the standard, a single-chip
+solution does not require any tamper detection and response either to meet the standard's security level 4, which is in
+misalignment with our definition. The standard's 2019 updated version FIPS
+140-3~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2019} defers to the
+international standards ISO/IEC 19790 and 24759.
 
-%\section{Cryptographic Principles and Physical Reality}
+ISO/IEC 19790~\cite{ISOIEC19790} and ISO/IEC 24759~\cite{ISOIEC24759} call what we call a HSM a \emph{Hardware
+Cryptographic Module} corresponding with the standards \emph{Security Level 4}. However, these standards only require
+active tamper detection and response when cryptographic secrets are transmitted in plaintext between chips.
 
-%Let's take a basic videoconferencing system as an example. In our example system's deployment, users log on to a central
+\subsection{Use in card payment processing (PCI SSC) standards}
-%conference server, which receives and distributes the users' video streams. Allowing backdoor access to the video
-%streams to some third party like a datacenter operator or a state would violate Kerckhoffs' principle since it would
-%have to be hidden from the systems' participants, who would therefore not have a complete view of the systems' deployed
-%architecture. The principle of least authority would also be violated since in almost all cases, such a backdoor access
-%system would not see legitimate use. As a result, it would possess capabilities that almost never would be essential to
-%the proper function of the videoconference system.
 
-%In their design, almost all modern software -- especially open source -- cleanly applies these principles. However, the
+The Payment Card Industry Security Standards Council (PCI SSC) is an association of credit card network operators that
-%practical reality after deployment almost always deviates from them. While backdoors are vanishingly rare in modern
+defines standards for all layers of card payment processing, from card payment terminals in stores to the handling of
-%open-source software, practical deployments usually are vulnerable to physical attacks. Computer hardware generally is
+payment data in online shop backend systems.
-%not designed with a local attacker with advanced physical attack capabilities in mind since no mitigation can fully
+
-%prevent them---such attacks usually can only be detected, or at best slowed down. As a result, commonplace attacks
+PCI SSC terminology aligns with our definition and with common everyday use of the term HSM. In PCI SSC terminology, a
-%against modern software often involve taking over the hardware at some point in the chain. Even End-to-End-Encrypted
+HSM is a crytographic device that has active tamper detecion and response circuitry. However, PCI SSC terminology
-%(E2EE) communication systems can be compromised if one of the encrypted channel's endpoints can be physically
+differs from our use of the term HSM in one nuance: In PCI SSC terminology, a HSM is specifically a datacenter device
-%compromised. Corresponding \emph{digital forensics} capabilities are commonplace among state actors, and are available
+used for backend processing of payment data. The general class of ``hardware devices performing some security function
-%as a turnkey solution on the market.
+with or without particular physical security requirements'' that ISO/IEC 19790 and other standards call a \emph{Hardware
+Cryptographic Module}, in PCI SSC terminology is termed \emph{Secure Cryptographic Device (SCD)} in more recent standard
+versions, which was updated from the previous term \emph{Tamper-Resistant Security Module (TRSM)}. Other than HSMs, PCI
+SSC includes smartcards and card payment terminals in this category. Card payment terminals, referred to as
+\emph{Pin-Entry Device (PED)} in PCI SSC standards, have to include a surprising amount of active tamper detection and
+response functionality including partial coverage of areas like their main cryptographic processor and smart card reader
+by battery-backed tamper-sensing meshes. Under our definition, these devices can be classified as a type of HSM. 
+
+\subsection{Tamper-Sensing Meshes}
+
+In this thesis, we use the terms \emph{Tamper-Sensing Mesh} and \emph{Security Mesh} synonymous. We use both terms to
+refer to any electrical circuit whose path is laid out to cover a surface with the intent of detecting attempts at
+drilling, cutting or otherwise manipulating this surface. While the term \emph{Security Mesh} is more concise, it is
+less clear to people unfamiliar with the matter. It is also polysemous, and depending on context can also refer to woven
+or stamped metal meshes used as fences or as screens in front of windows to prevent break-ins. As a result, it is harder
+to use in online searches, and when using Large Language Models (LLMs), it frequently leads to amusing hallucinations.
+
+% FIXME note leo: Das ganze wirkt wie ein guter baustein für eine Einleitung. Für einen Terminologie übersicht ist es
+% ansonsten auch eigentlich zu lang.
+% Splitte das vielleicht auf, ein paar mehr details in den Abstract um die HSM definition etwas zu präzisieren, den rest
+% in die Intro?
+%%%
 
 \section{Inertial Hardware Security Modules}
 
@@ -218,26 +209,110 @@ IHSMs are a new design approach that utilizes mechanical motion to create secure
 components. IHSMs solve the issue of creating an impenetrable tamper-sensing envelope by replacing the bespoke
 tamper-sensing mesh foil with a set of simple, rigid meshes made from commodity Printed Circuit Boards (PCBs) that are
 rotating at high speed. In motion, these simple PCB tamper-sensing meshes are as secure as the much more sophisticated
-bespoke foils used in conventional HSMs, yet they are simpler and less expensive to manufacture. To verify that the mesh
+bespoke foils used in conventional HSMs against an attacker with access to commercially available tools, yet they are
-is rotating correctly, an accelerometer is placed on the rotating mesh, and its centrifugal force reading is used to
+simpler and less expensive to manufacture. To verify that the mesh is rotating correctly, an accelerometer is placed on
-validate its path of motion.
+the rotating mesh, and its centrifugal force reading is used to validate its path of motion.
 
 IHSMs enable the protection of much larger payloads compared to conventional mesh designs, and they can support larger
 power dissipation. Combined with their low cost, this enables the implementation of high-level hardware security in
 applications that previously would not have been possible to secure.
 
-IHSMs are the first fully open source HSM with advanced tamper sensing features. Across application domains, IHSMs can
+To the best of our knowledge, IHSMs are the first fully open source, replicable HSM with advanced tamper sensing
-be applied to gain resistance to physical attacks in scenarios where conventional HSMs were not used because of cost,
+features. Across application domains, IHSMs can be applied to gain resistance to physical attacks in scenarios where
-computing power or implementation effort. Where conventional HSMs come as fully integrated devices that only expose
+conventional HSMs were not used because of cost, computing power or implementation effort. Where conventional HSMs come
-limited APIs to their users, IHSMs at their core are just an enclosure that the user can put whatever hardware they need
+as fully integrated devices that only expose limited APIs to their users, IHSMs at their core are just an enclosure that
-into, adapting the tamper response to their application's needs. Since the simpler tamper-sensing mesh construction of
+the user can put whatever hardware they need into, adapting the tamper response to their application's needs. Since the
-IHSMs scales to larger payload volumes, entire servers can be protected---something that is impossible with conventional
+simpler tamper-sensing mesh construction of IHSMs scales to larger payload volumes, entire servers can be
-HSMs. Since the mesh in an IHSM is constantly moving, unlike a mesh in a conventional HSM, it does not have to entirely
+protected---something that is impossible with conventional HSMs. Since the mesh in an IHSM is constantly moving, unlike
-cover the payload. Instead, it can have gaps that allow for air flow between outside and inside, enabling active cooling
+a mesh in a conventional HSM, it does not have to entirely cover the payload. Instead, it can have gaps that allow for
-of the IHSM's payload. This cooling capability sharply increases computing power by increasing feasible payload power
+air flow between outside and inside, enabling active cooling of the IHSM's payload. This cooling capability increases
-dissipation by two orders of magnitude.
+computing power by increasing feasible payload power dissipation by orders of magnitude~\cite{kordyban1998}.
 
-\section{Conclusion}
+\section{Research Questions and Contributions}
+
+Based on the current state of the field of hardware security, we deduce six overarching research questions for this
+thesis that progress from theory to practical deployment.
+
+\begin{enumerate}
+    \item What is the state of the art in commercial tamper sensing mesh implementations?
+    \item What are criteria and approaches for the design of secure tamper sensing meshes?
+    \item Can we achieve physical security without relying on a conventional tamper-sensing meshes that requires a
+        bespoke manufacturing process?
+    \item Can we monitor tamper-sensing meshes at a higher detail level than the state of the art of a single, scalar
+        measurement?
+    \item Can we improve the ripple voltage performance of Wireless Power Transfer (WPT) through rotating joints to
+        adapt it to IHSM applications?
+    \item What applications does our IHSM technology open up through its increase in power dissipation and size
+        capabilities?
+\end{enumerate}
+
+We answer our first research question in two parts. In Chapter~\ref{chapter-epa}, we analyze the hardware security
+design of Germany's new national electronic health record system. Our analysis unveils a combination of problematic
+choices resulting from conflicting constraints and lack of awareness. In Chapter~\ref{chapter-survey}, we present the
+results of a survey across approximately 30 real world tamper sensing mesh implementations, analyzing common design
+features.
+
+The second half of our survey in Chapter~\ref{chapter-survey} answers our second research question. From our analysis of
+a large corpus of devices, we deduce a list of design criteria that can be applied to increase the security of any
+tamper sensing mesh implementation. To answer our third research question, in Chapter~\ref{chapter-ihsm} we propose the
+Inertial Hardware Security Module (IHSM), a new type of HSM that extends the high level of protection offered by the
+modern cryptographic software stack down to the hardware level, enabling secure computation in insecure places. IHSMs
+can be built from basic, off-the-shelf components and do not require bespoke manufacturing processes. To answer our
+fourth research question, in Chapter~\ref{chapter_sampling_mesh_mon} we propose improvements to the state of the art in
+HSM tamper sensors based on the use of low-cost, embeddable Time-Domain Reflectometry (TDR). Our improvements can be
+applied to both IHSMs and to conventional HSMs. IHSMs come with unique power supply constraints since their rotating
+mesh must be continuously powered. A straightforward solution utilizes Wireless Power Transfer using planar inductors,
+but existing WPT designs exhbit a ripple voltage due to an asymmetry of conventional planar inductors. This leads to our
+fifth research question, which we solve in Chapter~\ref{chapter-nice-coils} with the design and experimental evaluation
+of a new, generalized class of \emph{twisted} planar inductors that reduces voltage ripple in rotating shaft setups.
+A finding of independent interest is that compared to conventional two-layer planar inductors, in our experiments our
+proposed inductor design improved self-resonant frequency by up to \qty{50}{\percent} and increased inductance by up to
+\qty{6.5}{\percent}. Finally, we answer our last research question by showing in two case studies how an end-to-end
+design of an IHSM-secured data processing system could look like. Both case studies concern scenarios that IHSMs unlock
+that were previously infeasible using conventional HSMs: In Chapter~\ref{chapter-qkd}, we explore how IHSMs enable
+long-range Quantum Key Distribution (QKD) networks using trustable physically secured relay nodes and in
+Chapter~\ref{chapter-smpc} we elaborate how datacenter-scale Secure Multiparty Computation (SMPC) clusters can be
+created using IHSM enclosures with commercial server hardware.
+
+\section{Contributions}
+
+Through this thesis, we make contributions advancing the state of hardware securty across several related sub-fields.
+Our contributions include:
+
+\begin{enumerate}
+    \item We conduct the first large-scale survey of tamper sensing measures in the real world, analyzing approximately
+        30 devices.
+    \item From our real world observations, we systematize tamper sensing mesh construction techniques and we provide a
+        list of criteria improving mesh security.
+    \item We experimentally analyze the impact of Computed Tomography (CT) imaging on mesh security.
+    \item We propose the IHSM, a new concept for HSM design based on a rotating mesh that increases payload size and
+        power dissipation capacity while simultaneously allowing for simpler meshes constructed from standard
+        components.
+    \item We show experimental results on IHSM mesh performance obtained with a prototype IHSM.
+    \item We introduce an algorithm for the automatic layout of tamper-sensing meshes and its implementation on top of a
+        popular, open-source Electronic Design Automation (EDA) tool.
+    \item We introduce a high-fidelity mesh monitoring approach that uses Time-Domain Reflectometry (TDR).
+    \item We show a low-cost implementation of our TDR monitoring approach.
+    \item We evaluate the performance of our TDR monitoring implementation and demonstrate its response to a large
+        set of attacks. We show that it reliably distinguishes identical copies of the same mesh specimen, suggesting
+        PUF-like behavior.
+    \item We introduce a generalized design approach for low-loss planar inductors that out-peform prior approaches in
+        parasitic capacitance, self-resonant frequency and rotational symmetry. 
+    \item We apply our design approach to the problem of Wireless Power Transfer to the rotating mesh of an IHSM.
+    \item We conduct an exhaustive experimental evaluation of the rotational symmetry of a large set of planar WPT
+        inductors created using our approach.
+    \item We analyze physically secure Quantum Key Distribution relays as an IHSM use case and develop a low-loss fiber
+        optic passthrough that supports an additional, secondary, independently rotating mesh shielding the shaft
+        passthrough of the IHSM's primary mesh.
+    \item We explore IHSMs for co-located high performance Multiparty Computation (MPC) setups. We demonstrate a
+        fan-driven IHSM mesh concept for high-availability scenarios that removes motors as a single point of failure
+        while providing sufficient airflow for cooling high-power server components.
+\end{enumerate}
+
+We chose to publish all of our research as open source and unencumbered by patents to enable widespread adoption. IHSMs
+can be custom built with only basic manufacturing capabilities at small scale and enable the deployment of secure
+computation in insecure places even to small organizations such as university research departments, NGOs and small
+businesses.
 
 Looking at the practice of applied hardware security, we observe that despite ample availability of commercial solutions
 promising easy hardware security, clearly there is still a lack of solutions that provide the adaptability necessary for

chapter-nice-coils/chapter.tex

@@ -22,8 +22,9 @@ any misalignment or contamination by dust can increase wear and cause intermitta
 An IHSM's data link can easily be realized using optical communication. Although power transfer using light is also
 possible---and we have in fact demonstrated it in our first prototype IHSM---it comes at the disadvantage of a heavy
 rotating assembly since large solar cells are needed, and it has poor end-to-end efficiency. For the large-scale meshes
-needed in a high-performance IHSM tailored to SMPC applications, we engineered a better solution: A rotation-invariant
+needed in a high-performance IHSM such as one tailored to SMPC applications as we will propose later in
-inductive Wireless Power Transfer link.
+Chapter~\ref{chapter-smpc}, we engineered a better solution: A rotation-invariant inductive Wireless Power Transfer
+link.
 
 While Wireless Power Transfer (WPT) is widely used and can be implemented in many different ways~\cite{
     awuahNovelCoilDesign2023,
@@ -120,15 +121,16 @@ rotation ripple at low turn counts.
 
 \subsection{Twisted inductors}
 
-To solve these issues, we propose a layout for circular PCB inductors that uses a number of series-connected interleaved
+To solve these issues, in this chapter we propose a layout for circular PCB inductors that uses a number of
-spirals to achieve a topological equivalent to a torus knot from mathematical knot theory. Our layout twists the
+series-connected interleaved spirals to achieve a topological equivalent to a torus knot from mathematical knot theory.
-inductor's windings around one another by connecting the interleaved spiral segments with a ring of vias each on the
+Our layout twists the inductor's windings around one another by connecting the interleaved spiral segments with a ring
-inside and outside of the inductor's windings. Our approach provides better performance beyond our particular use case,
+of vias each on the inside and outside of the inductor's windings. Our approach provides better performance beyond our
-and improves over conventional contemporary planar inductors applying similar principles to those which inspired  the
+particular use case, and improves over conventional contemporary planar inductors applying similar principles to those
-polygonal basket-woven air coils used in early radio sets. We show that we can layout a twisted inductor for any number
+which inspired  the polygonal basket-woven air coils used in early radio sets. We show that we can layout a twisted
-of layer inversions that is co-prime to the inductor's turn count. Our approach opens up a design space for inductor
+inductor for any number of layer inversions that is co-prime to the inductor's turn count. Our approach opens up a
-layouts that interpolate between planar spiral inductors on one end, and planar toroidal inductors on the other end. Our
+design space for inductor layouts that interpolate between planar spiral inductors on one end, and planar toroidal
-approach thus generalizes a super-set to a number of previous approaches to the design of planar inductors.
+inductors on the other end. Our approach thus generalizes a super-set to a number of previous approaches to the design
+of planar inductors.
 
 We observe that in high-frequency applications, a moderate number of layer inversions increases the spacing between the
 beginning and end of the inductor's conductor, where the majority of the inductor's AC current flows. This decreases the
@@ -154,6 +156,10 @@ Our contributions on this matter include:
 
 \section{Related Work}
 
+In this section we will give an overview on related work from two primary angles. First, we will approach our question
+from the application side, examining literature on Wireless Power Transfer. To conclude, we will then consider our
+inductor design question from the fundamentals of inductor design.
+
 \subsection{Inductive WPT in Practice}
 
 Inductive WPT has been proposed in a large number of
@@ -271,11 +277,11 @@ voltage differential.
 The connecting order of turns was optimized at the assembly level by stacking coils in a particular
 way~\cite{flemingPrinciplesElectricWave1910} and at the component level by winding coils in a particular way to minimize
 the voltage differential between adjacent turns---a technique that is still used to this
-day~\cite{lopeFirstSelfResonant2021}. The main winding optimization in the first category concerns winding the
+day~\cite{lopeFirstSelfresonantFrequency2021}. The main winding optimization in the first category concerns winding the
 turns of a cylindrical multilayer inductor not layer by layer, but instead layering them diagonally, effectively
 connecting adjacent turns in a diagonal zigzag pattern. Then as now, wound inductors applying this technique were not
 feasible to manufacture reliably by machine, but the technique can be closely replicated in PCB inductors as shown in
-\textcite{leePrintedSpiralWinding2011a}. The main limiting factors in a PCB implementation are the requirement for a
+\textcite{leePrintedSpiralWinding2011}. The main limiting factors in a PCB implementation are the requirement for a
 large number of vias inside the inductor's turns limiting the achievable turn count\footnote{In PCBs, as opposed to
 integrated circuits (ICs), vias limit the achievable turn count when they need to be placed in-line inside the turns as
 opposed to on the inside or outside because a PCB's minimum trace/space widths are usually much smaller than the
@@ -373,7 +379,7 @@ two core observations:
 \end{description}
 
 Setting the inversion count to $k=1$ in our proposed scheme yields the conventional two-layer counterwound
-scheme~\cite{lopeFirstSelfResonant2021,sproHighVoltageInsulationDesign2021,leePrintedSpiralWinding2011a}.
+scheme~\cite{lopeFirstSelfresonantFrequency2021,sproHighVoltageInsulationDesign2021,leePrintedSpiralWinding2011}.
 
 \begin{figure}
     \begin{center}

chapter-qkd/chapter.tex

@@ -57,7 +57,7 @@ requirements of a QKD system.
 \end{figure}
 
 In this chapter, we present several designs and a mechanical prototype adapting the Inertial Hardware Security Module
-(IHSM) concept first proposed by \textcite{gotteCantTouchThis2022} to a QKD relay node. IHSMs replace the tamper sensing
+(IHSM) concept that we developed in Chapter~\ref{chapter-ihsm} to a QKD relay node. IHSMs replace the tamper sensing
 security mesh foil that is wrapped around the payload in conventional HSMs by a tamper-sensing cage made from
 conventional circuit board material by spinning this cage at a high speed. On its own, circuit board material provides
 lower tamper security than the tamper sensing foils made using bespoke manufacturing processes that are used in
@@ -242,14 +242,15 @@ common fibers is usually in the range of
 
 \subsection{Multi-fiber passthrough design}
 
-To approach the security of the data and power connections passing through the IHSM's unprotected shaft,
+To approach the security of the data and power connections passing through the IHSM's unprotected shaft, in our
-\textcite{gotteCantTouchThis2022} list some shielding methods that use an independently rotating secondary tamper
+introduction of the IHSM concept in Chapter~\ref{chapter-ihsm} we listed some shielding methods that use an
-sensing mesh on the inside of the primary mesh, located right next to the primary mesh's axis opening. This secondary
+independently rotating secondary tamper sensing mesh on the inside of the primary mesh, located right next to the
-mesh makes accessing the payload using probes inserted through the shaft much more difficult.
+primary mesh's axis opening. This secondary mesh makes accessing the payload using probes inserted through the shaft
-\textcite{gotteCantTouchThis2022} only present conceptual drawings of these schemes, and focus on electrical signals. In
+much more difficult. In our introduction in Chapter~\ref{chapter-ihsm}, we only presented conceptual drawings of these
-this chapter, building on these concepts, we present mechanical designs of three variations of a fiber passthrough for
+schemes, and focused on electrical signals. In this chapter, building on these concepts, we present mechanical designs
-IHSMs that are adapted to the limited bending radius of optical fiber: A simple disc cover, offset labyrinth meshes, and
+of three variations of a fiber passthrough for IHSMs that are adapted to the limited bending radius of optical fiber: A
-interlocking gear meshes. We present a mechanical prototype of our offset labyrinth mesh design.
+simple disc cover, offset labyrinth meshes, and interlocking gear meshes. We present a mechanical prototype of our
+offset labyrinth mesh design.
 
 \subsection{Simple disc cover}
 
@@ -461,11 +462,11 @@ the amount of inter-mesh space necessary for power and data feedthroughs as well
 meshes, on the other hand, this pitch increases by the offset distance. Even for a small offset this quickly adds up to
 an unwieldy total mesh size.
 
-In this section, we conceptually introduce a solution to this problem that allows for larger offsets using a design
+We conceptually introduce a solution to this problem that allows for larger offsets using a design where the two meshes
-where the two meshes interlock like gears. This does mean that the two meshes' rotation must be synchronized, but it
+interlock like gears. This does mean that the two meshes' rotation must be synchronized, but it increases the design
-increases the design space of offset labyrinth meshes. For instance, in a gear setup, the wide sides of the inter-mesh
+space of offset labyrinth meshes. For instance, in a gear setup, the wide sides of the inter-mesh zones can be aligned
-zones can be aligned to lie on the same side, so fiber passthrough can be realized more easily even without the need to
+to lie on the same side, so fiber passthrough can be realized more easily even without the need to spiral the fiber
-spiral the fiber around the axes of rotation.
+around the axes of rotation.
 
 \subsection{Mesh synchronization}
 
@@ -474,78 +475,33 @@ In this setup, the mesh tabs act like gear teeth. Depending on the ratio between
 meshes do not have to rotate at the same rate of rotation and harmonic ratios are possible. Additionally, unlike actual
 gears which need to constantly maintain an area of contact, both co-rotating and counter-rotating setups are possible.
 
-\section{Physical attacks and countermeasures}
-\label{sec_attacks}
-In this section we will consider possible ways to attack an IHSM-secured QKD relay, as well as potential
-countermeasures.
-
-\subsection{Attacks on the IHSM mesh}
-
-There are two ways an attacker could attack the mesh itself if an adequate speed of rotation such as \qty{1000}{\rpm} is
-used~\cite{gotteCantTouchThis2022}: Either, an attacker would have to slow down the mesh so they can perform a manual
-attack, or they would have to use a robot. The first class of attack would require the attacker to falsify the readings
-of the centrifugal accelerometer. MEMS accelerometers are complex devices, and the simplest way to falsify its readings
-would be to attach a circuit to the accelrometer's data bus that overrides the measurement result data. Creating such a
-circuit is easy, the challenge the attacker would have to overcome would be to access this bus and attach this circuit
-to the mesh in motion without stopping or disturbing it. At high speeds, this would necessarily require a custom attack
-robot.
-
-\subsection{Contactless attacks on the payload}
-
-Contactless attacks such as electromagnetic (EM) side-channel attacks or optical fault injection attacks on the payload
-could conceivably be conducted from the outside of the mesh. The efficacy of EM side-channel as well as fault injection
-attacks decays quickly with increased distance between probe and target, and they can be counteracted by simply placing
-the QKD relay's components such that they are spaced apart from the mesh. Optical attacks, on the other hand can be
-carried out even at a distance using appropriate focusing optics. The easiest way to prevent such attacks would be to
-place the payload into an opaque enclosure inside the mesh.
-
-An additional variant of optical attacks would be using a laser to cut or drill into the payload. Such attacks can be
-impeded through several defense-in-depth measures. First, the payload QKD relay should be designed such that destroying
-any part of it such as connecting wires or fibers causes it to fail secure. Irrespective of attacks, this is a
-reasonable design objective anyway given that components could fail, and a component failure should never put the device
-in an insecure state. Further, similar to other optical attacks, a shield can be used to prevent laser cutting or
-drilling attacks as well with the only difference being the kind of shield. To prevent laser cutting or drilling, a
-thick metal shield can be used. The large thermal mass, high thermal conductivity and reflective surface of such a
-shield makes it difficult to cut. There are lasers such as pulsed Nd:YAG lasers that can cut even thick steel, but these
-this cutting produces a large amount of metal plasma and debris, which would likely destroy the payload in the process.
-
-To make sure any active laser attack is quickly detected, as a final line of defense, both mesh and payload should
-include wideband optical sensors in their array of environmental tamper sensors. For instace, high-power pulsed lasers
-do not deposit much heat into their target because the surface of the target is vaporized by the laser pulse too
-quickly, and thus might not trigger a simple temperature alarm inside the payload. In contrast, optical sensors even
-outside of the laser's wavelength range would have no trouble detecting the light emitted from the metal plasma created
-by the laser's pulses on impact with the payload.
-
-\subsection{Fast, mechanical attacks on the payload}
-
-A final class of attacks are mechanical attacks where an attacker mechanically compromises the IHSM QKD relay so quickly
-that the tamper alarm mechanism has no time to act. An instance of such an attack would be using a gun to fire a bullet
-at the payload, aiming to selectively destroy parts of it that are involved in tamper alarm response before they can
-act. This class of attack can be counteracted in similar ways as the previously mentioned optical attacks. Destruction
-of parts of the payload should never let it fall into an insecure state, meaning that such an attack alone should never
-be enough to compromise the QKD relay. There is little one can do to prevent destruction of the payload by projectile or
-by explosive, but a thick metal shield around the payload would make it more difficult to selectively target part of it
-using a projectile.
-
 \section{Outlook}
 \label{sec_outlook}
 
 \subsection{Achievable security guarantees}
 
-Like conventional HSMs, Inertial HSMs are only ever an engeineering answer to a security question. In contrast with
+Like conventional HSMs, Inertial HSMs are only ever an engineering answer to a security question. In contrast with
-cryptographic solutions that can achieve provable, information-theoretic security in some cases, an IHSM's security
+cryptographic solutions that in some cases can achieve provable, information-theoretic security, an IHSM's security
 rests upon an assumption on the engineering capabilities of an attacker. In contrast to conventional HSMs, which
 achieve this engineering assumption through the manufacture of hard-to-manipulate tamper sensing meshes, Inertial HSMs
 achieve it by rotating their tamper sensing mesh. In a conventional HSM, increasing the security of the tamper sensing
 mesh requires fine-tuning a bespoke manufacturing process. In contrast, increasing the security of an IHSMs simply
 requires making the rotor faster.
 
+While QKD systems provide theroetically impervious security guarantees based on fundamental laws of physics, they too
+are engineered systems embedded into a macroscopic world. As such, while the physics at their core might be sound
+similar to how the cryptography at the heart of a HSM might be provable, like HSMs they also cannot side-step requiring
+engineering solutions to security questions at the system level. As such, IHSMs complement QKD implementations, and
+provide the system-level security barrier necessary for the protection of a QKD node's quantum components.
+
 \subsection{Trust bootstrapping}
 
-A key question in any trusted hardware deployment is how to bootstrap trust in a new device when faced with the
+When considering the security of a system, we often assume a steady state, where the system is already secure at the
-possibility of supply-chain attacks. Conventional HSMs are only manufactured by a single manufacturer, and the common
+start and then needs to resist some attack. A key question in any practical trusted hardware deployment is how to
-solution is to just trust that manufacturer. The HSM's manufacturer can factory-provision an identity key to the HSM
+bootstrap this initial trust in a new device when faced with the possibility of supply-chain attacks. Conventional HSMs
-that can be used to ascertain the HSM's integrity during shipping to the customer.
+are only manufactured by a single manufacturer, and the common solution is to just trust that manufacturer. The HSM's
+manufacturer can factory-provision an identity key to the HSM that can be used to ascertain the HSM's integrity during
+shipping to the customer.
 
 One of the key components of IHSM technology is that it does not require specialized components, or potting of the
 payload. While an IHSM could be manufactured and sold as a complete unit like a conventional HSM, their more modular

chapter-sampling-mesh-monitor/chapter.tex

@@ -6,8 +6,8 @@ it.}
 
 \section{Introduction}
 
-\sourceattrib{This chapter is adapted from a paper written by me that will be presented by me at CHES
+\sourceattrib{This part is adapted from a paper written by Jan Sebastian Götte and Prof.\ Dr.\ Björn Scheuermann that
-2026~\cite{gotteHighFidelitySecurity2026}.}
+will be presented by Jan Sebastian Götte at CHES 2026~\cite{gotteHighFidelitySecurity2026}.}
 Security meshes continue to be the state of the art for tamper sensing in applications where sophisticated physical
 attacks such as attempts at drilling or sawing through the device's enclosure to place probes must be prevented. Common
 applications for such meshes include Hardware Security Modules (HSMs) used to store and process cryptographic keys
@@ -19,15 +19,18 @@ two or more conductive traces that are laid out in a meandering pattern to cover
 electrically monitors these traces to detect attempts at penetrating this surface.
 
 As is often the case with security technologies, in practice a tension exists between the level of security offered by a
-particular security mesh implementation and its implementation cost. Commercial designs often only coarsely monitor the
+particular security mesh implementation and its implementation cost. In Chapter~\ref{chapter-survey}, we have examined a
-conductivity of the mesh traces and are incapable of detecting attacks that manipulate small parts of the mesh. The most
+broad range of real-world security meshes. We found that the majority of implementations use simple construction
+approaches and coarse structure sizes, which results in limited security when only monitoring macroscopic parameters of
+the mesh such as electrical continuity or resistance. The coarse monitoring approaches based on trace continuity that
+are used in many commercial designs are incapable of detecting attacks that manipulate small parts of the mesh. The most
 secure meshes are made in custom manufacturing processes. Materials such as polymer substrates are specifically chosen
 such that the mesh is difficult to manipulate without breaking it. A drawback of this approach is that the specialized
-manufacturing processes are difficult to replicate and that the resulting cost of the mesh is high. In some
+manufacturing processes are difficult to replicate and that the resulting cost of the mesh is high~\cite{isaacs2013}. In
-lower-security applications such as card payment terminals, simpler approaches are still commonly used for their ease of
+some lower-security applications such as card payment terminals, simpler approaches are still commonly used for their
-implementation. Often, standard copper/polyimide Flexible Printed Circuits (FPCs) or even standard Printed Circuit
+ease of implementation. Often, standard copper/polyimide Flexible Printed Circuits (FPCs) or even standard Printed
-Boards (PCBs) are used because of the wide availability of manufacturing services.
+Circuit Boards (PCBs) are used because of the wide availability of
-\todo{Integrate new scope plots!}
+manufacturing services.
 
 Inertial HSMs are one approach that enables the use of less expensive, commodity materials in high-security
 applications. Several other academic approaches exist that target low-cost~\cite{
@@ -45,7 +48,7 @@ applications. Several other academic approaches exist that target low-cost~\cite
 High-performance mesh monitoring approaches try to characterize the mesh's physical properties with high accuracy, but
 often come at the cost of specialized, expensive circuitry. Low-cost approaches utilize advanced analog techniques in
 their circuitry to extract precise measurements using few components. They trade off measurement precision for lower
-component cost. Besides simple monitoring, detecting tamper attempts by replacing the mesh with a macro-scale Physically
+component cost. Besides simple monitoring, detecting tamper attempts by replacing the mesh with a macro-scale Physical
 Unclonable Function (PUF) has also been researched~\cite{
     immlerBTREPIDBatterylessTamperresistant2018,
     staatAntiTamperRadioSystemLevel2022,
@@ -148,8 +151,8 @@ blind spots.
     obermaierMeasurementSystemCapacitive2018,
     garbTamperSensitiveDesignPUFBased}
 propose one of the most advanced security mesh designs in the current academic state of the art. They use a specialized
-security mesh as a Physically Unclonable Function (PUF), combining tamper sensing with cryptographic key storage. In
+security mesh as a Physical Unclonable Function (PUF), combining tamper sensing with cryptographic key storage. In their
-their design, the mesh consists of a cross-hatch pattern made from several dozen individually addressable capacitive
+design, the mesh consists of a cross-hatch pattern made from several dozen individually addressable capacitive
 electrodes. They manufacture their meshes in a specialized process that results in unpredictable, random variations in
 capacitance between electrodes. They propose an analog frontend that measures the precise mutual capacitance of each
 pair of electrodes~\cite{obermaierMeasurementSystemCapacitive2018} using an approach similar to
@@ -753,7 +756,47 @@ its switching happens in the short period between its input differential voltage
 combined forward voltage of the Schottky diodes. Thus, while the \partno{74LVC} might produce slow edges overall, its
 large output swing results in a high slew rate in the critical region around the zero crossing.
 
-We observed the best result overall with the \partno{PI3HDX12211} redriver, resulting in a rise time of
+\begin{figure}
+    \begin{center}
+        \begin{subfigure}{0.45\textwidth}
+            \centering
+            \includegraphics[width=\textwidth]{edge_sampling_pulse_scope.pdf}
+            \vspace*{-5mm}
+            \caption{Sampling pulse}
+            \label{fig_osc_risetime_samp}
+        \end{subfigure}
+        \unskip\begin{subfigure}{0.45\textwidth}
+            \centering
+            \includegraphics[width=\textwidth]{edge_stimulus_pulse_scope_normalized.pdf}
+            \vspace*{-5mm}
+            \caption{Stimulus pulse}
+            \label{fig_osc_risetime_stim}
+        \end{subfigure}
+    \end{center}
+    \vspace*{-5mm}
+    \caption[Pulse risetime oscilloscope measurements]{Oscilloscope measurements of the sampling pulse probed
+        differentially (left) and of the stimulus pulse probed single-ended and normalized (right). The 74LVC pulse is
+        plotted on the right Y axis in the left plot due to its large amplitude. In the right plot, it is not shown
+        since our measurement setup did not allow for a measurement of this amplitude.}
+    \label{fig_osc_risetime}
+\end{figure}
+
+Figure~\ref{fig_osc_risetime} shows the sampling and stimulus pulse edges measured using a Siglent SDS7404A
+\qty{4}{\giga\hertz} oscilloscope. The stimulus pulse was directly measured single-ended, and the sampaling pulse was
+measured differentially through a Siglent SAP2500D \qty{2.5}{\giga\hertz} active differential probe. These measurements
+support the conclusion from Figure~\ref{fig_spec_risetime} that in raw edge risetime, \partno{MAX3748} and
+\partno{TDP0604} perform fastest, with \partno{PI3HDX12211} being slightly slower. They also exhibit the large
+differences in amplitude that we expect cause the differences in actual measurement performance as shwon in
+Figure~\ref{fig_edge_risetime}. Note that due to the differences in measurement methodology, a direct comparison of the
+rise times is not possible between these plots. The spectrum measurements do not convey amplitude information and
+discard low-frequency content, but due to the very large bandwidth of the spectrum analyzer used, they will represent
+the true risetime the closest. In both the self-characterization and the oscilloscope measurements, the displayed
+risetime is contaminated by the measurement system. In case of the self-characterization, the stimmulus rise time is
+folded into the measurement result, leading in the displayed risetime being slower by a factor of $\sqrt{2}$. Similarly,
+in the oscilloscope measurements, the combined risetime of the oscilloscope frontend and active probe contaminate the
+results.
+
+We observed the best overall performance with the \partno{PI3HDX12211} redriver, resulting in a rise time of
 \qty{264}{\pico\second}. In this test specimen, we fed the pulse through the amplifier twice since we had two unused
 channels, and we used \qty{200}{\pico\second} clip lines on the amplifier's output for pulse shaping. We only used clip
 lines here and for \partno{TDP0604} since the other amplifiers' output did not contain sufficient harmonic content.
@@ -805,7 +848,7 @@ lines here and for \partno{TDP0604} since the other amplifiers' output did not c
             \qty{2.86}{\meter}&
             \qty{3.86}{\meter}\\
 
-            \textbf{Approximate Delay}&
+            \textbf{Approx. Delay}&
             \qty{7.1}{\nano\second}&
             \qty{13}{\nano\second}&
             \qty{19}{\nano\second}&
@@ -819,13 +862,13 @@ lines here and for \partno{TDP0604} since the other amplifiers' output did not c
     \label{tab_mesh_spec}
 \end{table}
 
-To measure the practical performance of our prototype, we created a set of tamper sensing mesh test specimens. Each
+To measure the practical performance of our prototype, we created a set of tamper sensing mesh test specimens using the
-specimen contains four separate meshes with the same area. Table~\ref{tab_mesh_spec} shows the design specifications.
+algorithm described in Chapter~\ref{chapter-ihsm}. Each specimen contains four separate meshes with the same area.
-Each specimen contains four separate meshes on the outer layers of a four-layer, \qty{1.0}{\milli\meter} thickness PCB,
+Table~\ref{tab_mesh_spec} shows the design specifications. Each specimen contains four separate meshes on the outer
-two equal-size meshes on each side. The inner layers were used as ground. Figure\ \ref{fig_mesh_length} shows the
+layers of a four-layer, \qty{1.0}{\milli\meter} thickness PCB, two equal-size meshes on each side. The inner layers were
-results of a baseline measurement of each mesh using each design variant. The step response resulting from an edge
+used as ground. Figure\ \ref{fig_mesh_length} shows the results of a baseline measurement of each mesh using each design
-entering the mesh and its reflection arriving back at the start after traversing the mesh back and forth is clearly
+variant. The step response resulting from an edge entering the mesh and its reflection arriving back at the start after
-visible.
+traversing the mesh back and forth is clearly visible.
 
 We validated the results from Figure\ \ref{fig_mesh_length} by calculating speed of light in our mesh specimen's
 substrate based on them. The resulting measurements are shown in Table\ \ref{tab_speed_of_light}. All amplifier
@@ -865,7 +908,7 @@ switching.
             2&
             3&
             4&
-            Calculated speed of light $c$
+            Calculated $c$
             \\\hline
 
             \partno{PI3HDX12211}&
@@ -897,8 +940,8 @@ switching.
             $\qty{1.59d8}{\meter\per\second}$\\
         \end{tabular}
     \end{center}
-    \caption[Speed of light calculations]{Speed of light and time offset calculated from delays read from the graphs in
+    \caption[Speed of light calculations]{Speed of light $c$ and time offset calculated from delays read from the graphs
-        Figure\ \ref{fig_mesh_length}. $c$ is the speed of light determined by linear fit.}
+    in Figure\ \ref{fig_mesh_length}. $c$ is the speed of light determined by linear fit.}
     \label{tab_speed_of_light}
 \end{table}
 

chapter-sampling-mesh-monitor/figures/sampling-mesh-monitor

@@ -1 +1 @@
-Subproject commit b4dc58286d039b1d0f70ea86f9e1f2cc538d8fbb
+Subproject commit cd33cff0e8b3284f26a4b87c9c9d40ae226dceed

chapter-smpc/chapter.tex

@@ -5,34 +5,39 @@
     were a necessary precondition for the legalization of same sex marriage. This is also why those maintaining
     positions of power will always encourage the freedom to talk about ideas, but never to act.}
 \chaptertitle{Case Study: Multiparty Computation in Scalable Hardware Security Modules}
+\label{chapter-smpc}
 
 Inertial Hardware Security Modules do not only support much larger payloads compared to conventional HSMs, they also
-support much higher power dissipation since they allow for direct air cooling of their payload. Because they rotate at
+support much higher power dissipation since they allow for direct air cooling of their payload. The tamper-sensing
-high speed, IHSM meshes do not need to be contiguous to provide adequate security. While a non-contiuous rotating mesh
+membrane of a conventional HSM must be continuous to provide security, so any heat dissipated by the payload must pass
-might theoretically allow a stationary attack tool to quickly penetrate, then retract through one of the mesh's gaps
+through it. Since the polymers used in tamper sensing membranes are poor conductors of heat, and since security benefits
-while the mesh is rotating, the time available for such an attack would be too short for a practical attack. For a mesh
+from a thicker tamper sensing assembly (cf.\ Chapter~\ref{chapter-survey}), power dissipation in conventional HSMs is
-with three vertical connecting segments (cf.\ Figure~\ref{fig_proto_mesh} in Chapter~\ref{chapter-ihsm}) rotating at
+limited~\cite{
-\qty{1000}{\rpm}, this time would be in the order of \qty{20}{\milli\second}. Conventional HSM monitoring circuits often
+    petriePartIITechnical,
-require a similar amount of time to react to an attack~\cite{obermaier2018}.
+    curetHardwareSecurityModule2025,
+    zhangTamperrespondentAssembliesPorous2023,
+    dragoneVentedTamperrespondentAssemblies2020}.
 
-Similar to how the increase in payload \emph{size} unlocks new applications such as the Quantum Key Distribution relay
+Because IHSMs rotate at high speed, IHSM meshes do not need to be contiguous to provide adequate security. While a
-use case we presented in Chapter~\ref{chapter-qkd}, this increase in sustainable power dissipation by a factor of
+non-contiguous rotating mesh might theoretically allow a stationary attack tool to quickly penetrate, then retract
-several hundred also unlocks a number of new applications. Especially applications that require large amounts of
+through one of the mesh's gaps while the mesh is rotating, the time available for such an attack would be too short for
-computing power benefit from IHSM technology, as their needs fundamentally cannot be met by conventional HSMs.
+a practical attack (cf.\ Chapter~\ref{chapter-ihsm}). For a mesh with three vertical connecting segments (cf.\
+Figure~\ref{fig_proto_mesh} in Chapter~\ref{chapter-ihsm}) rotating at \qty{1000}{\rpm}, this time would be in the order
+of \qty{20}{\milli\second}. Conventional HSM monitoring circuits would likely require a similar amount of time to react
+to an attack~\cite{obermaier2018}.
+
+Similar to how the increase in payload \emph{size} of IHSMs compared to conventional HSMs unlocks new applications such
+as the Quantum Key Distribution relay use case we presented in Chapter~\ref{chapter-qkd}, the increase in sustainable
+power dissipation enabled by air cooling also unlocks a number of new applications. Especially applications that require
+large amounts of computing power benefit from IHSM technology, as their needs fundamentally cannot be met by
+conventional HSMs.
 
 One such application that does not translate to conventional HSMs due to its need for large amounts of computing power
 is Multiparty Computation (MPC). MPC is a cryptographic construct that allows several networked parties to jointly
 perform a computation in such a way that the inputs to the computation remain private to the parties providing them, and
 no single party must be trusted for the computation to produce the correct result. Conceptually, MPC is similar to a
 secret sharing scheme that shares not just data, but computation between untrusted parties. The computation primitive
-MPC offers is a cryptographic answer to the question of how to bootstrap trust in a computing system.
+MPC offers is a cryptographic tool for bootstrapping trust in a distributed computing system.
-\todo{In this chapter, cite academic publications and patents on HSM cooling!}
-
-%The most challenging scenarios in computing arise when multiple 
-%parties such as manufacturers and operators, servers and clients, or sellers and buyers need to interact through
-%computation. In many practical situations, it is impossible to create a single computer that can be trusted by every
-%participant. MPC is a generic solution to a multitude of such scenarios reducing the problem of creating a single,
-%shared computer everyone can trust simultaneously to everyone creating their own computer that they only can trust.
 
 We can deconstruct the problem of trust in computing into two largely disjunct parts: Establishing trust in a computing
 system during its creation is one, and maintaining this trust throughout its life is the other. For the second part of
@@ -46,41 +51,43 @@ they cannot target all systems simultaneously and we give them too little time t
 
 A limitation of both approaches is that in either case, while the party creating or acquiring the system can trust it,
 they cannot prove its trustworthiness to other parties. MPC solves this issue by allowing every party to contribute
-their trusted system to the protocol, cryptographically bootstrapping common trust in the computation and its
+their own trusted system to the protocol, cryptographically bootstrapping common trust in the computation and its
 output\footnote{
     In fact, MPC does more than just bootstrapping from each participant trusting their own system to a trusted shared
     computation. In an MPC protocol providing semi-honest or better security, MPC even \emph{relaxes} each party's trust
-    requirement from trusting their own system to trusting that any $n$-of-$k$ out of all systems contributing to the
+    requirement from trusting their own system to trusting any $n$-of-$k$ out of all systems contributing to the
     protocol.
 }.
 
 \section{Fast MPC and Slow HSMs}
 
-MPC is a uniquely powerful cryptographic primitive, yet it has still not found widespread practical adoption. This is
+MPC is a uniquely powerful cryptographic primitive, yet it has still not found widespread practical adoption. To a large
-because MPC is extremely resource-intensive to run. MPC protocols exist on a continuum trading off between extreme
+extent, this is because MPC is extremely resource-intensive to run. MPC protocols exist on a continuum trading off
-memory and bandwidth requirements on one end and intense computational requirements on the other end. At a first glance,
+between extreme memory and bandwidth requirements on one end and intense computational requirements on the other end. At
-MPC and Hardware Security Modules look like they would complement each other well, but HSMs cannot keep up with the
+a first glance, MPC and Hardware Security Modules look like they would complement each other well, but HSMs cannot keep
-intense computational requirements posed by MPC.
+up with the computational requirements posed by MPC.
 
-Using P-256 curve ECC key generation as a benchmark, commercially available HSMs are quoted to perform between 3500 and
+Using P-256 curve ECC key generation as a benchmark, commercially available HSMs are quoted to perform between 3,500 and
-22000 cryptographic operations per second~\cite{
+22,000 cryptographic operations per second~\cite{
     kumarIBMZ16Performance2025,
     ThalesLunaNetwork2024,
     Utrust_GP_HSM_Se_Series_Datasheet_ENpdf,
-}. Meanwhile, an MPC protocol doing something as simple as a single AES encryption, corresponding to 7000 logic
+}. Meanwhile, an MPC protocol doing something as simple as a single AES encryption, corresponding to 7,000 logic
 gates~\cite{wangGlobalScaleSecureMultiparty2017}, requires tens of thousands of cryptographic operations when performed
 in MPC. As a result, applying conventional HSMs to MPC at any practical scale is infeasible by multiple orders of
-magnitude. Literature on MPC commonly uses server hardware as a platform for benchmarks.
+magnitude. Literature on MPC commonly uses server hardware as a platform for benchmarks, which has power dissipation and
+processing speeds well beyond that of conventional HSMs.
 
 HSMs are slow compared to contemporary computers because they are limited in their power dissipation, and power
 dissipation is largely proportional to processing speed. In the limited fields where HSMs have found commercial
-application, this limitation was never considered important and market forces pushing towards faster HSMs remain
+application, this limitation was never considered important and market forces pushing towards faster HSMs appear to
-light\todo{Can we find a citation here?}. Fundamentally, conventional HSMs must envelope the entire payload in a tamper
+remain light with the issue receiving little attention in either academic or manufacturer publications on the topic.
-sensing mesh to detect drilling attacks, but a tamper sensing mesh that is impermeable to a drill is also impermeable to
+Fundamentally, conventional HSMs must envelope the entire payload in a tamper sensing mesh to detect drilling attacks,
-air. As a result, any heat conducted from the HSMs processor to the outside world must pass through the mesh. At the
+but a tamper sensing mesh that is impermeable to a drill is also impermeable to air. As a result, any heat conducted
-same time, the mesh cannot be thinned either because thinning it would enable micro-drilling attacks. The result of
+from the HSMs processor to the outside world must pass through the mesh. At the same time, the mesh cannot be thinned
-these constraints is a high thermal resistance between the HSM's processor and an external heat sink, which limits
+either because thinning it would enable micro-drilling attacks. The result of these constraints is a high thermal
-maximum power dissipation to a fraction of what is achieved in modern CPUs or even GPUs.
+resistance between the HSM's processor and an external heat sink, which limits maximum power dissipation to a fraction
+of that of modern CPUs or even GPUs.
 
 A secondary limitation of conventional HSMs is that the highly specialized tamper sensing foils used in their
 construction often cannot be scaled to arbitray sizes without incurring unsustainable process yields due to the
@@ -92,10 +99,9 @@ components such as memory, power supplies and any internal heat spreading compon
 Inertial HSMs solve this issue since they allow their payload to be air cooled without compromising security, and they
 expand the feasible security boundary size from the several hundred milliliters offered by conventional HSMs to several
 liters and more, enabling the integration of standard, off-the-shelf server components such as mainboards, CPUs, CPU
-coolers, and power supplies. In this chapter, we will first provide a short overview of the theory of MPC before
+coolers, and power supplies. In this chapter, we will first provide a short overview illustrating a basic MPC protocol
-elaborating a design of an IHSM tailored to MPC tasks including performance calculations and unique design aspects. We
+for context before elaborating a design of an IHSM tailored to MPC tasks. We will conclude with an outlook of
-will conclude with an outlook of applications unlocked by our design as well as promising areas for future improvements
+applications unlocked by our design as well as promising areas for future improvements of our design. 
-of our design. 
 
 \section{The Fundamentals of Multiparty Computation}
 
@@ -122,7 +128,8 @@ real-world settings where parties do not have stable identities such as peer-to-
 mostly interesting as a research tool since protocols assuming a semi-honest adversary can often be upgraded to covert
 or malicious security at some performance tradeoff. In a practical setting, a semi-honest secure MPC protocol would not
 provide additional security over just having one party run the computation except in some situations where inadvertent
-side-channel leakage is a concern.
+side-channel leakage is a concern. Using HSMs to secure protocol participants' cryptographic computations complements
+both the covert and malicious security models.
 
 \subsection{Oblivious Transfer}
 
@@ -141,19 +148,17 @@ Transfer Extensions (OTe)\cite{ishaiExtendingObliviousTransfers2003}. Using OTe,
 base Oblivious Transfer instances can be extended into an arbitrarily large number of Oblivious Transfer instances using
 only invocations of a pseudo-random function (PRF) such as a cryptographic hash function.
 
-\subsection{Boolean MPC with Yao's Garbled Circuits}
+\subsection{A basic MPC protocol: Boolean MPC with Yao's Garbled Circuits}
-% Yao's Garbled Circuits
+
-Yao's Garbled Circuits (GC) protocol is one of the oldest Multiparty Computation protocols, dating back to the 1980ies.
+As a basic example of the approach taken by MPC protocols, we will give a brief overview of Yao's Garbled Circuits (GC)
-In Yao's GC, two parties jointly compute a function that is represented as a circuit of binary logic gates by evaluating
+protocol. Yao's GC is one of the oldest Multiparty Computation protocols, dating back to the 1980ies. In Yao's GC, two
-the circuit gate by gate. In Yao's GC, one party, generator, creates a random \emph{garbled} representation of the
+parties jointly compute a function that is represented as a circuit of binary logic gates by evaluating the circuit gate
-circuit and sends it to the other party, the evaluator, who computes its output. The core idea in Yao's GC is that every
+by gate. In Yao's GC, one party, generator, creates a random \emph{garbled} representation of the circuit and sends it
-wire $w_i$ in the circuit is assigned two random cryptographic secret keys $w_i^b$, called wire labels, one $w_i^0$ for
+to the other party, the evaluator, who computes its output. The core idea in Yao's GC is that every wire $w_i$ in the
-the logical value $0$ and one $w_i^1$ for the value $1$. The mapping from logic values to these keys is assigned
+circuit is assigned two random cryptographic secret keys $w_i^b$, called wire labels, one $w_i^0$ for the logical value
-randomly by the generator, and unknown to the evaluator~\cite{
+$0$ and one $w_i^1$ for the value $1$. The mapping from logic values to these keys is assigned randomly by the
-    yaoHowGenerateExchange1986,
+generator, and unknown to the
-    beaverComplexitySecureProtocols1990,
+evaluator~\cite{yaoHowGenerateExchange1986,beaverComplexitySecureProtocols1990,evansPragmaticIntroductionSecure}.
-    evansPragmaticIntroductionSecure,
-}.
 
 Gates are represented in Yao's GC as truth tables with one row for every combination of input wire values. Each row of
 these truth tables contains the output wire label (i.e. secret key) corresponding to the gate's logical output value for
@@ -188,28 +193,8 @@ evaluations of a pseudorandom function such as a cryptographic hash or a cipher.
 Garbled Circuit is many times slower than performing it in the clear. Intuitively, each single-bit gate in the garbled
 circuit results in several cryptographic operations with input and output sizes of dozens or hundreds of bits.
 Practically useful functions such as AES encryption have circuit implementations measuring thousands or tens of
-thousands of gates, meaning these costs quickly escalate for practical problem sizes~\cite{
+thousands of gates, meaning these costs quickly escalate for practical problem
-    boyarNewCombinationalLogic2010,
+sizes~\cite{boyarNewCombinationalLogic2010, songhoriTinyGarbleHighlyCompressed2015}.
-    songhoriTinyGarbleHighlyCompressed2015,
-}.
-
-% FIXME This entire connecting section 
-
-%\subsection{Practical Application}
-%\subsubsection{Preprocessing and Online Phases}
-%\subsubsection{Constant-Round MPC}
-
-% \subsection{Performance}
-
-% zahurTwoHalvesMake2015,wangGlobalScaleSecureMultiparty2017,kellerMPSPDZVersatileFramework2020,dalskovFantasticFourHonestMajority
-
-% \subsection{Practical Deployments}
-
-% \subsection{Solutions}
-
-% \subsection{Hardware Security Applied to MPC}
-
-% Hardware security primitives can be applied in several roles in an MPC protocol.  
 
 \section{A High-Performance IHSM for MPC Applications}
 
@@ -219,24 +204,17 @@ implemented using CPU processing. The technology comes with an unavoidable incre
 each single plaintext computation or gate results in several cryptographic operations.
 
 A naive implementation might attempt to implement MPC using an HSM by simply offloading all cryptographic operations to
-the HSM. In practice, this is not a workable solution due to the slow processing speed of conventional HSMs.
+the HSM. In practice, this is not a workable solution due to the slow processing speed of conventional HSMs. In the near
-Conventional HSMs use low-power embedded processors since their encapsulation using potting and security meshes impedes
+term, absent radical developments in either MPC theory or in the speed and power efficiency of processing hardware, the
-heat transfer, limiting power dissipation.
+only feasible solution for HSM-protected MPC at any practical scale is to find a way to protect an entire server-class
-
+computer. IHSMs are a natural fit for this requirement since they allow for large, air-cooled payloads.
-In the near term, absent radical developments in either MPC theory or in the speed and power efficiency of processing
-hardware, the only feasible solution for HSM-protected MPC at any practical scale is to find a way to protect an entire
-server-class computer. As elaborated above, IHSMs are a natural fit for this requirement since they allow for large,
-air-cooled payloads.
-
-%\subsection{Hardware Requirements}
 
 As a baseline performance target, we consider a commodity server mainboard in CEB or ATX form factor, populated with a
 high-end server CPU and a large amount of RAM. As MPC systems do not usually require a great amount of storage, we can
-largely ignore storage for our size and power calculations.\todo{Refer to performance numbers from research above here}
+largely ignore storage for our size and power calculations. As a result, we end up with a total maximum power
-
+dissipation of approximately \qty{420}{\watt} as shown in Table~\ref{tab_power_budget}. Dissipating this amount of power
-As a result, we end up with a total maximum power dissipation of approximately \qty{420}{\watt} as shown in
+using air cooling is within the capabilities of commodity server cooling
-Table~\ref{tab_power_budget}. Dissipating this amount of power using air cooling is within the capabilities of commodity
+components~\cite{coroamaPossibleFutureTrends2025}.
-server cooling components~\cite{coroamaPossibleFutureTrends2025}.
 
 \begin{table}
     \centering
@@ -255,16 +233,16 @@ server cooling components~\cite{coroamaPossibleFutureTrends2025}.
 A common type of side-channel attack on cryptographic systems are power analysis attacks. In such attacks, the supply
 current of the target processing system is measured at high speed while the target is performing cryptographic
 computations. By aggregating the results of a large number of the resulting power traces, it is often possible to infer
-the value of secret data such as cryptographic keys. To mitigate this type of attack, not only do we have to place the
+the value of secret data such as cryptographic keys. To mitigate this type of attack, we propose placing the system's
-CPU, mainboard, and memory inside of the HSM's tamper-sensing barrier, but also the power supply. A secondary benefit of
+power supply inside the IHSM envelope. A secondary benefit of placing the power supply inside the tamper-sensing barrier
-placing the power supply inside the tamper-sensing barrier is that it simplifies the power wiring between the outside of
+is that it simplifies the power wiring between the outside of the IHSM cage and the payload. Supplying the
-the IHSM cage and the payload. Supplying the \qty{12}{\volt} power rails that commodity mainboard commonly use requires
+\qty{12}{\volt} power rails that commodity mainboard commonly use requires tens of Ampere. To carry such high current,
-tens of Ampere. To carrie such high current, the wiring has to be sized accordingly. In an IHSM, even thick wires can
+the wiring has to be sized accordingly. In an IHSM, even thick wires can easily be passed through the mesh cage, but
-easily be passed through the mesh cage, but such wiring requires a large opening at the shaft on one end of the cage,
+such wiring requires a large opening at the shaft on one end of the cage, which creates a literal security gap. Placing
-which creates a literal security gap. Placing the power supply inside of the cage reduces the size of the wires needed
+the power supply inside of the cage reduces the size of the wires needed since the power supply steps down a lower
-since the power supply steps down a lower current \qty{240}{\volt} input to the system's high-current \qty{12}{\volt}
+current \qty{240}{\volt} input to the system's high-current \qty{12}{\volt} rails. Using DIN VDE 0298-4\todo{Citation?}
-rails. According to DIN VDE 0298-4\todo{Citation?}, a pair of \qty{1.5}{\milli\meter^2} conductors is sufficient for
+as a reference, a pair of \qty{1.5}{\milli\meter^2} conductors is sufficient for more than \qty{3}{\kilo\watt} of load
-more than \qty{3}{\kilo\watt} of load under worst-case conditions.
+under worst-case conditions.
 
 \subsection{Software Considerations}
 
@@ -286,31 +264,61 @@ software without effectively running a system emulation and incurring a massive
 Intel and AMD contain hardware features that provide transparent DRAM encryption. These hardware features would be
 necessary when securing an entire sever in an MPC setup with IHSMS technology.
 
-% \subsection{Fast Zeroization of Non-Customizable Memories}
-% Thermite experiements and paper
-
 \subsection{A Joint Cooling and IHSM Envelope Powertrain}
 
 In this section, we will present a sketch of a design for an IHSM envelope large enough to fit a small server mainboard,
 and that provides air cooling to the payload. Our sketch solves the engineering issue of moving such an IHSM envelope
 while simultaneously providing cooling to the payload.
 
-% FIXME picture!
+\begin{figure}
-Our proposed design is based on the idea of using the cooling fans' airflow to power the rotation of the IHSM envelope.
+    \centering
-Using the basic cylindrical design, the IHSM envelope consists of two discs above and below the payload that are
+    \begin{subfigure}{0.45\textwidth}
-connected through vertical struts containing part of the tamper-sensing mesh on the outside of the payload. We propose
+        \centering
-widening these vertical connecting struts, and angling them such that the entire envelope becomes a centrifugal
+        \includegraphics[width=\textwidth]{setup_0001.jpg}
-impeller. By letting air flow into the envelope from the side, and back out through its top and bottom, the envelope
+        \caption{}
-assumes the same configuration used in centrifugal cooling fans. A secondary advantage of this concept is that we do not
+        \label{fig_setup_left}
-need a motor on the envelope's shaft, saving vertical space and one difficult to source part. Furthermore, the cooling
+    \end{subfigure}
-fans can be located on the outside of the envelope in an easily accessible location, and can be set up in a redundant
+    \hspace*{5mm}
-way such that a failed cooling fan can be replaced while the system continues operation. The only disadvantage of this
+    \begin{subfigure}{0.45\textwidth}
-solution over a direct motor drive is noise. To achieve the speed necessary for sufficient security at the large
+        \centering
-envelope diameter of an MPC accelerator application, high-airflow fans must be used, which are very noisy when at full
+        \includegraphics[width=\textwidth]{setup_0002.jpg}
-speed. We consider this a valid tradeoff since such a system would be deployed in a datacenter where high noise levels
+        \caption{}
-are acceptable.
+        \label{fig_setup_right}
+    \end{subfigure}
+    \caption{Conceptual demonstrator of the fan-driven IHSM primary mesh approach.}
+    \label{fig_setup}
+\end{figure}
 
-\todo{Finish sketch!}
+Our proposed design is based on the idea of using the cooling fans' airflow to power the rotation of the IHSM envelope.
+Figure~\ref{fig_setup} shows a conceptual demonstration of this approach. Using a basic cylindrical design, the IHSM
+envelope consists of two discs above and below the payload that are connected through vertical struts on the outside of
+the payload. We propose widening these vertical connecting struts, and angling them such that the entire envelope
+becomes a centrifugal impeller. By letting air flow into the envelope from the side, and back out through its top and
+bottom, the envelope assumes the same configuration used in centrifugal cooling fans. Tamper sensing meshes are placed
+inside the vertical struts as well as along the horizontal discs at the top and at the bottom.
+
+Laying out an IHSM this way has several advantages. First, we save some vertical space by removing the motor from the
+shaft of the mesh. Second, on top of driving the mesh, the airflow also serves to cool the payload. Finally, this
+approach eliminates the motor driving the mesh as a single point of failure. In a basic IHSM design as we introduced it
+in Chapter~\ref{chapter-ihsm}, this motor is a critical component as its failure would lead to the mesh accelerometer
+triggering the deceleration tamper alarm. Using a brushless motor type the number of wear components in this motor can
+be reduced to the motor's shaft bearings. A complication in the practical manufacturing of IHSMs at a small scale is
+that small-scale production does not allow for a custom-made motor. Limiting the selection to off-the-shelf brushless
+motors leads to an unpredictability of bearing life due to the cost of precision bearings. Complicating things, bearing
+specifications are not usually included in motor datasheets.
+
+Compared to the market for off-the-shelf small brushless motors, cooling fans are easier to shop for. A large selection
+of products with various form factors and specifications is available, and manufacturers usually give detailed
+information on both performance and lifetime. Industrial and server cooling fans are commonly rated for uninterrupted
+24/7 operation. The cooling fans can be located on the outside of the envelope in an easily accessible location. Like in
+many servers, they can be set up in a redundant way such that a failed cooling fan can be replaced while the system
+continues to operate.
+
+The main drawback of a fan-driven IHSM is the amount of airflow necessary. To maximize payload volume, the fan blades
+must be kept as narrow as possible. Narrow fan blades work best at high air speed, but high air speed requires the fan
+to have high airflow. Besides limiting fan selection and increasing power consumption, high airflow fans also are noisy.
+Despite these limitations, we consider fan-driven IHSMs a valid tradeoff since such a system would most likely be
+deployed in a datacenter where high noise levels are acceptable.
 
 \section{Outlook}
 

common-defs.tex

@@ -7,11 +7,13 @@
 \usepackage[
     backend=biber,
     style=numeric,
+    backref=true,
     natbib=true,
     url=false, 
     doi=true,
     eprint=false,
     refsegment=chapter,
+    date=iso,
     ]{biblatex}
 \addbibresource{main.bib}
 \DeclareSourcemap{
@@ -52,12 +54,20 @@
     \ifdefined\thesispreviewmode %
         (draft \texttt{\input{version.tex}\unskip}) %
     \fi %
-\leftmark}
+    \leftmark}
-\fancyhead[OL]{\footnotesize\rightmark}
+\fancyhead[OL]{\footnotesize%
+    \ifdefined\thesisoneside %
+        \leftmark%
+        \ifdefined\thesispreviewmode %
+            \\(draft \texttt{\input{version.tex}\unskip}) %
+        \fi %
+    \else%
+        \rightmark%
+    \fi}
 \fancyhead[EL,OR]{\thepage}
-
 \fancyfoot[LCR]{}
 
+\setlength{\headheight}{13.6pt}
 \fancypagestyle{plain}{%
     \fancyhf{}%
     \renewcommand{\headrulewidth}{0pt}%
@@ -165,12 +175,45 @@
     \printbibliography[nottype={online},nottype={patent},heading=subbibliography,resetnumbers=false,segment=\therefsegment]
 }
 
+% Fix for random mixed date formats, generated with claude.ai
+% Redefine the date printing macro
+\renewbibmacro*{date}{%
+  \iffieldundef{year}
+    {}
+    {\printtext{%
+       \thefield{year}%
+       \iffieldundef{month}
+         {}
+         {-\mkdatezeros{\thefield{month}}%
+          \iffieldundef{day}
+            {}
+            {-\mkdatezeros{\thefield{day}}}}%
+     }}%
+}
+
+% Redefine urldate printing
+\renewbibmacro*{urldate}{%
+  \iffieldundef{urlyear}
+    {}
+    {\printtext[urldate]{%
+       \thefield{urlyear}%
+       \iffieldundef{urlmonth}
+         {}
+         {-\mkdatezeros{\thefield{urlmonth}}%
+          \iffieldundef{urlday}
+            {}
+            {-\mkdatezeros{\thefield{urlday}}}}%
+     }}%
+}
+% end fix
+
 \newrefcontext{defref}
 
 \hyphenation{a-me-na-ble}
 \hyphenation{da-ta-cen-ter}
 \hyphenation{Si-cher-heits-mo-du-l}
 \hyphenation{Si-cher-heits-mo-du-le}
+\babelhyphenation[ngerman]{Si-cher-heits-mo-dul}
 
 \setstretch{1.3}
 

defence/pearson-corr-sample.tex

@@ -0,0 +1,21 @@
+\documentclass[convert={density=500}, border=2pt, varwidth=3in]{standalone}
+
+\usepackage{amsmath}
+\usepackage{amssymb}
+
+\begin{document}
+
+\begin{align*}
+r_{X, Y} &= \frac{
+\sum_{i=1}^n(x_i - \overline{x})(y_i - \overline{y})
+}{
+\sqrt{
+\sum_{i=1}^n(x_i-\overline{x})^2
+}
+\sqrt{
+\sum_{i=1}^n(y_i-\overline{y})^2
+}
+}
+\end{align*}
+
+\end{document}

defence/pearson-corr.tex

@@ -0,0 +1,12 @@
+\documentclass[convert={density=500}, border=2pt, varwidth=2in]{standalone}
+
+\usepackage{amsmath}
+\usepackage{amssymb}
+
+\begin{document}
+
+\begin{align*}
+\rho_{X,Y} &= \frac{\mathrm{cov}\left(X, Y\right)}{\sigma_X \sigma_Y}
+\end{align*}
+
+\end{document}

defence/phd defence pulse shaping.svg

@@ -0,0 +1,957 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   width="370mm"
+   height="130mm"
+   viewBox="0 0 370 130"
+   version="1.1"
+   id="svg1"
+   inkscape:version="1.4.3 (0d15f75042, 2025-12-25)"
+   sodipodi:docname="phd defence pulse shaping.svg"
+   inkscape:export-filename="phd defence pulse shaping.png"
+   inkscape:export-xdpi="96"
+   inkscape:export-ydpi="96"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:xlink="http://www.w3.org/1999/xlink"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg">
+  <sodipodi:namedview
+     id="namedview1"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:showpageshadow="2"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:document-units="mm"
+     showguides="true"
+     inkscape:zoom="0.76530729"
+     inkscape:cx="755.90551"
+     inkscape:cy="186.19972"
+     inkscape:window-width="1920"
+     inkscape:window-height="1011"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="1"
+     inkscape:current-layer="layer1">
+    <sodipodi:guide
+       position="248.21932,98.214501"
+       orientation="1,0"
+       id="guide87"
+       inkscape:locked="false" />
+  </sodipodi:namedview>
+  <defs
+     id="defs1">
+    <rect
+       x="953.65973"
+       y="610.6676"
+       width="100.02054"
+       height="89.777473"
+       id="rect80" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect19" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect21" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="227.89349"
+       height="103.19007"
+       id="rect52" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="208.64201"
+       height="116.03049"
+       id="rect53" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="208.64201"
+       height="116.03049"
+       id="rect60" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="208.64201"
+       height="116.03049"
+       id="rect61" />
+    <rect
+       x="953.65973"
+       y="610.6676"
+       width="100.02054"
+       height="89.777473"
+       id="rect81" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="208.64201"
+       height="116.03049"
+       id="rect101" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect19-0" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect121" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect122" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect121-3" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect122-8" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="171.10724"
+       height="119.79226"
+       id="rect127" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect121-1" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect122-9" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="129.1076"
+       height="122.65836"
+       id="rect52-1" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="129.1076"
+       height="122.65836"
+       id="rect150" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="129.1076"
+       height="122.65836"
+       id="rect174" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="237.56361"
+       height="114.82543"
+       id="rect174-6" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect19-7" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect21-6" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="446.81161"
+       height="78.359024"
+       id="rect203" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="237.56361"
+       height="114.82543"
+       id="rect255" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="129.1076"
+       height="122.65836"
+       id="rect52-1-6" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect121-3-4" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect256" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect257" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect258" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect259" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect260" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect262" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect263" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect264" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="208.64201"
+       height="116.03049"
+       id="rect60-2" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="208.64201"
+       height="116.03049"
+       id="rect266" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="208.64201"
+       height="116.03049"
+       id="rect267" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="322.63501"
+       height="112.18803"
+       id="rect271" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="262.04547"
+       height="116.59021"
+       id="rect21-8" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="322.63501"
+       height="112.18803"
+       id="rect271-3" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect121-3-5" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect121-3-5-5" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="262.04547"
+       height="116.59021"
+       id="rect21-8-1" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="206.97021"
+       height="116.59021"
+       id="rect89" />
+    <rect
+       x="746.53888"
+       y="302.1705"
+       width="262.04547"
+       height="116.59021"
+       id="rect90" />
+  </defs>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(-52.874035,-113.01615)">
+    <rect
+       style="fill:#fff6d5;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:3, 3;stroke-dashoffset:0"
+       id="rect268"
+       width="42.333237"
+       height="66.035202"
+       x="342.47104"
+       y="145.78185" />
+    <rect
+       style="fill:#ffd5d5;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:3, 3;stroke-dashoffset:0"
+       id="rect18"
+       width="70.229004"
+       height="28.407305"
+       x="-272.7662"
+       y="162.84944"
+       transform="scale(-1,1)" />
+    <path
+       style="fill:#ffffff;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+       d="m 251.1584,167.71079 v 19.77278 l 17.12372,-9.88639 -17.12372,-9.88639"
+       id="path10"
+       sodipodi:nodetypes="cccc" />
+    <path
+       style="fill:#ffffff;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+       d="m 209.28026,167.71079 v 19.77278 l 17.12372,-9.88639 -17.12372,-9.88639"
+       id="path12"
+       sodipodi:nodetypes="cccc" />
+    <path
+       style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+       d="M 251.1584,174.2632 H 220.62936"
+       id="path13" />
+    <path
+       style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+       d="M 251.1584,180.93116 H 220.62936"
+       id="path14" />
+    <path
+       style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+       d="M 209.28026,174.2632 H 178.75122"
+       id="path15" />
+    <path
+       style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+       d="M 209.28026,180.93116 H 178.75122"
+       id="path16" />
+    <path
+       style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+       d="M 311.97135,174.2632 H 262.5075"
+       id="path17"
+       sodipodi:nodetypes="cc" />
+    <path
+       style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+       d="M 311.97135,180.93116 H 262.5075"
+       id="path18"
+       sodipodi:nodetypes="cc" />
+    <g
+       id="g39"
+       transform="translate(-13.828868,-2.4200519)" />
+    <g
+       id="g270"
+       transform="translate(86.653142,-178.07344)">
+      <text
+         xml:space="preserve"
+         transform="matrix(0.26458333,0,0,0.26458333,51.585057,220.89179)"
+         id="text60"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:26.6667px;line-height:1.25;font-family:'Source Sans Pro';-inkscape-font-specification:'Source Sans Pro';text-align:center;white-space:pre;shape-inside:url(#rect60);display:inline"><tspan
+           x="779.99356"
+           y="326.43329"
+           id="tspan3">BAT17-04W</tspan></text>
+      <text
+         xml:space="preserve"
+         transform="matrix(0.26458333,0,0,0.26458333,50.646671,229.58019)"
+         id="text61"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:26.6667px;line-height:1.25;font-family:'Source Sans Pro';-inkscape-font-specification:'Source Sans Pro';text-align:center;white-space:pre;shape-inside:url(#rect61);display:inline"><tspan
+           x="778.60694"
+           y="326.43329"
+           id="tspan4">RF Schottky</tspan></text>
+    </g>
+    <g
+       id="g68"
+       transform="translate(155.9321,-23.998135)">
+      <g
+         id="g59"
+         transform="rotate(-135,217.33697,188.46118)">
+        <rect
+           style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-dashoffset:0"
+           id="rect54"
+           width="20.126814"
+           height="20.126814"
+           x="202.02536"
+           y="163.96376" />
+        <g
+           id="use56"
+           transform="matrix(1,0,0,-1,2.73499,327.96666)"
+           style="stroke-linecap:round;stroke-linejoin:round">
+          <path
+             style="fill:#ffffff;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+             d="m 212.74389,161.19528 v 5.53995 l -4.79585,-2.76997 4.79585,-2.76998"
+             id="path90"
+             sodipodi:nodetypes="cccc" />
+          <path
+             style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+             d="m 209.09885,165.96187 v 0.85302 h -1.15081 v -2.84963"
+             id="path91"
+             sodipodi:nodetypes="cccc" />
+          <path
+             style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+             d="m 206.79721,161.96865 v -0.85302 h 1.15081 v 2.84963"
+             id="use91"
+             sodipodi:nodetypes="cccc" />
+        </g>
+        <g
+           id="use57"
+           transform="matrix(1,0,0,-1,2.735,348.06531)"
+           style="stroke-linecap:round;stroke-linejoin:round">
+          <path
+             style="fill:#ffffff;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+             d="m 212.74389,161.19528 v 5.53995 l -4.79585,-2.76997 4.79585,-2.76998"
+             id="path92"
+             sodipodi:nodetypes="cccc" />
+          <path
+             style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+             d="m 209.09885,165.96187 v 0.85302 h -1.15081 v -2.84963"
+             id="path93"
+             sodipodi:nodetypes="cccc" />
+          <path
+             style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+             d="m 206.79721,161.96865 v -0.85302 h 1.15081 v 2.84963"
+             id="use93"
+             sodipodi:nodetypes="cccc" />
+        </g>
+        <g
+           id="use58"
+           transform="rotate(90,200.68751,165.3609)"
+           style="stroke-linecap:round;stroke-linejoin:round">
+          <path
+             style="fill:#ffffff;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+             d="m 212.74389,161.19528 v 5.53995 l -4.79585,-2.76997 4.79585,-2.76998"
+             id="path94"
+             sodipodi:nodetypes="cccc" />
+          <path
+             style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+             d="m 209.09885,165.96187 v 0.85302 h -1.15081 v -2.84963"
+             id="path97"
+             sodipodi:nodetypes="cccc" />
+          <path
+             style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+             d="m 206.79721,161.96865 v -0.85302 h 1.15081 v 2.84963"
+             id="use97"
+             sodipodi:nodetypes="cccc" />
+        </g>
+        <g
+           id="use59"
+           transform="rotate(90,210.75092,175.42431)"
+           style="stroke-linecap:round;stroke-linejoin:round">
+          <path
+             style="fill:#ffffff;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+             d="m 212.74389,161.19528 v 5.53995 l -4.79585,-2.76997 4.79585,-2.76998"
+             id="path98"
+             sodipodi:nodetypes="cccc" />
+          <path
+             style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+             d="m 209.09885,165.96187 v 0.85302 h -1.15081 v -2.84963"
+             id="path99"
+             sodipodi:nodetypes="cccc" />
+          <path
+             style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+             d="m 206.79721,161.96865 v -0.85302 h 1.15081 v 2.84963"
+             id="use99"
+             sodipodi:nodetypes="cccc" />
+        </g>
+      </g>
+      <g
+         id="use67">
+        <rect
+           style="fill:#ffffff;stroke:#000000;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-dashoffset:0"
+           id="rect100"
+           width="2.7993064"
+           height="6.9347825"
+           x="209.44197"
+           y="178.0285" />
+        <path
+           style="font-variation-settings:normal;opacity:1;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000;stop-opacity:1"
+           d="m 210.84162,188.1468 v -3.18352"
+           id="path100"
+           sodipodi:nodetypes="cc" />
+        <path
+           style="font-variation-settings:normal;opacity:1;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000;stop-opacity:1"
+           d="m 210.84162,178.0285 v -3.18352"
+           id="path101"
+           sodipodi:nodetypes="cc" />
+      </g>
+      <use
+         x="0"
+         y="0"
+         xlink:href="#use67"
+         id="use68"
+         transform="translate(1.6482057e-6,41.765435)" />
+    </g>
+    <path
+       style="font-variation-settings:normal;opacity:1;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000;stop-opacity:1"
+       d="m 381.00554,178.32411 h 9.08403"
+       id="path76"
+       sodipodi:nodetypes="cc" />
+    <path
+       style="font-variation-settings:normal;opacity:1;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000;stop-opacity:1"
+       d="m 338.42306,178.38047 h 14.11886"
+       id="path79"
+       sodipodi:nodetypes="cc" />
+    <g
+       id="g117"
+       transform="matrix(0,1,1,0,86.037856,-9.6307419)">
+      <g
+         id="use116"
+         transform="translate(215.79323,-70.783667)">
+        <rect
+           style="font-variation-settings:normal;fill:#ffffff;fill-opacity:1;stroke:#f9f9f9;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+           id="rect102"
+           width="4.5996766"
+           height="1.8177247"
+           x="-34.179646"
+           y="178.76157" />
+        <path
+           style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+           d="m -31.879804,183.76281 v -3.18352"
+           id="path102"
+           sodipodi:nodetypes="cc" />
+        <path
+           style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+           d="m -31.879804,178.76156 v -3.18352"
+           id="path103"
+           sodipodi:nodetypes="cc" />
+        <path
+           style="font-variation-settings:normal;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000"
+           d="m -34.179644,178.76156 h 4.599677"
+           id="path110"
+           sodipodi:nodetypes="cc" />
+        <path
+           style="font-variation-settings:normal;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000"
+           d="m -34.179644,180.57929 h 4.599677"
+           id="path112"
+           sodipodi:nodetypes="cc" />
+      </g>
+      <g
+         id="use117"
+         transform="translate(222.46119,-70.859177)">
+        <rect
+           style="font-variation-settings:normal;fill:#ffffff;fill-opacity:1;stroke:#f9f9f9;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+           id="rect112"
+           width="4.5996766"
+           height="1.8177247"
+           x="-34.179646"
+           y="178.76157" />
+        <path
+           style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+           d="m -31.879804,183.76281 v -3.18352"
+           id="path113"
+           sodipodi:nodetypes="cc" />
+        <path
+           style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+           d="m -31.879804,178.76156 v -3.18352"
+           id="path114"
+           sodipodi:nodetypes="cc" />
+        <path
+           style="font-variation-settings:normal;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000"
+           d="m -34.179644,178.76156 h 4.599677"
+           id="path115"
+           sodipodi:nodetypes="cc" />
+        <path
+           style="font-variation-settings:normal;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000"
+           d="m -34.179644,180.57929 h 4.599677"
+           id="path116"
+           sodipodi:nodetypes="cc" />
+      </g>
+    </g>
+    <rect
+       style="font-variation-settings:normal;opacity:1;fill:#e3d7f4;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="rect119"
+       width="68.967163"
+       height="41.859745"
+       x="64.002045"
+       y="156.69553" />
+    <text
+       xml:space="preserve"
+       transform="matrix(0.26458333,0,0,0.26458333,5.2759552,144.60139)"
+       id="text20"
+       style="font-style:normal;font-variant:normal;font-weight:600;font-stretch:normal;font-size:29.3333px;line-height:1.25;font-family:'Inter 24pt';-inkscape-font-specification:'Inter 24pt Semi-Bold';text-align:center;white-space:pre;shape-inside:url(#rect21-8);display:inline"><tspan
+         x="774.22896"
+         y="329.32216"
+         id="tspan5">Pulse Amplifier</tspan></text>
+    <text
+       xml:space="preserve"
+       transform="matrix(0.26458333,0,0,0.26458333,-126.52602,93.775442)"
+       id="text18-2"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:26.6667px;line-height:1.25;font-family:'Inter 24pt';-inkscape-font-specification:'Inter 24pt';text-align:center;white-space:pre;shape-inside:url(#rect19-0);display:inline"><tspan
+         x="773.14281"
+         y="326.85384"
+         id="tspan6">STM32G474</tspan></text>
+    <path
+       style="fill:#ffffff;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+       d="m 167.35324,167.73901 v 19.77279 l 17.12372,-9.8864 -17.12372,-9.88639"
+       id="path120-5"
+       sodipodi:nodetypes="cccc" />
+    <path
+       style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+       d="M 167.35324,177.62541 H 132.96921"
+       id="path16-0"
+       sodipodi:nodetypes="cc" />
+    <text
+       xml:space="preserve"
+       transform="matrix(0.26458333,0,0,0.26458333,-48.680475,116.45311)"
+       id="text121"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:26.6667px;line-height:1.25;font-family:'Inter 24pt';-inkscape-font-specification:'Inter 24pt';text-align:center;white-space:pre;shape-inside:url(#rect121-3);display:inline"><tspan
+         x="772.99958"
+         y="326.85384"
+         id="tspan7">74LVC2G157</tspan></text>
+    <text
+       xml:space="preserve"
+       transform="matrix(0.26458333,0,0,0.26458333,12.7494,69.082544)"
+       id="text121-3"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:26.6667px;line-height:1.25;font-family:'Inter 24pt';-inkscape-font-specification:'Inter 24pt';text-align:center;white-space:pre;shape-inside:url(#rect121-3-5);display:inline"><tspan
+         x="772.28343"
+         y="326.85384"
+         id="tspan8">PI3HDX12211</tspan></text>
+    <text
+       xml:space="preserve"
+       transform="matrix(0.26458333,0,0,0.26458333,-49.475329,125.14987)"
+       id="text122"
+       style="font-style:normal;font-variant:normal;font-weight:600;font-stretch:normal;font-size:29.3333px;line-height:1.25;font-family:'Inter 24pt';-inkscape-font-specification:'Inter 24pt Semi-Bold';text-align:center;white-space:pre;shape-inside:url(#rect122-8);display:inline"><tspan
+         x="757.34809"
+         y="329.32216"
+         id="tspan9">Single-Ended
+</tspan><tspan
+         x="757.87804"
+         y="365.98879"
+         id="tspan10">to Differential </tspan><tspan
+         x="771.97893"
+         y="402.65542"
+         id="tspan11">Conversion</tspan></text>
+    <g
+       id="g271"
+       transform="translate(-345.1311,41.371294)">
+      <rect
+         style="font-variation-settings:normal;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+         id="rect123"
+         width="43.775135"
+         height="27.05452"
+         x="499.15863"
+         y="79.648224" />
+      <text
+         xml:space="preserve"
+         transform="matrix(0.26458333,0,0,0.26458333,300.87774,-0.17833149)"
+         id="text127"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:26.6667px;line-height:1.25;font-family:'Inter 24pt';-inkscape-font-specification:'Inter 24pt';text-align:center;white-space:pre;shape-inside:url(#rect127);display:inline"><tspan
+           x="768.51196"
+           y="326.85384"
+           id="tspan12">Adjustable </tspan><tspan
+           x="786.47423"
+           y="360.18721"
+           id="tspan13">Voltage </tspan><tspan
+           x="774.55364"
+           y="393.52059"
+           id="tspan14">Regulator</tspan></text>
+    </g>
+    <g
+       id="use132"
+       transform="rotate(90,157.72608,367.98634)">
+      <rect
+         style="font-variation-settings:normal;fill:#ffffff;fill-opacity:1;stroke:#f9f9f9;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+         id="rect116"
+         width="4.5996766"
+         height="1.8177247"
+         x="-34.179646"
+         y="178.76157" />
+      <path
+         style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+         d="m -31.879804,183.76281 v -3.18352"
+         id="path117"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+         d="m -31.879804,178.76156 v -3.18352"
+         id="path118"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="font-variation-settings:normal;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000"
+         d="m -34.179644,178.76156 h 4.599677"
+         id="path119"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="font-variation-settings:normal;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000"
+         d="m -34.179644,180.57929 h 4.599677"
+         id="path120"
+         sodipodi:nodetypes="cc" />
+    </g>
+    <g
+       id="g143"
+       transform="matrix(0,1,1,0,170.92142,-9.6502219)">
+      <g
+         id="use142"
+         transform="translate(215.79323,-70.783667)">
+        <rect
+           style="font-variation-settings:normal;fill:#ffffff;fill-opacity:1;stroke:#f9f9f9;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+           id="rect120"
+           width="4.5996766"
+           height="1.8177247"
+           x="-34.179646"
+           y="178.76157" />
+        <path
+           style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+           d="m -31.879804,183.76281 v -3.18352"
+           id="path121"
+           sodipodi:nodetypes="cc" />
+        <path
+           style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+           d="m -31.879804,178.76156 v -3.18352"
+           id="path122"
+           sodipodi:nodetypes="cc" />
+        <path
+           style="font-variation-settings:normal;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000"
+           d="m -34.179644,178.76156 h 4.599677"
+           id="path123"
+           sodipodi:nodetypes="cc" />
+        <path
+           style="font-variation-settings:normal;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000"
+           d="m -34.179644,180.57929 h 4.599677"
+           id="path124"
+           sodipodi:nodetypes="cc" />
+      </g>
+      <g
+         id="use143"
+         transform="translate(222.46119,-70.859177)">
+        <rect
+           style="font-variation-settings:normal;fill:#ffffff;fill-opacity:1;stroke:#f9f9f9;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+           id="rect124"
+           width="4.5996766"
+           height="1.8177247"
+           x="-34.179646"
+           y="178.76157" />
+        <path
+           style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+           d="m -31.879804,183.76281 v -3.18352"
+           id="path125"
+           sodipodi:nodetypes="cc" />
+        <path
+           style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+           d="m -31.879804,178.76156 v -3.18352"
+           id="path126"
+           sodipodi:nodetypes="cc" />
+        <path
+           style="font-variation-settings:normal;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000"
+           d="m -34.179644,178.76156 h 4.599677"
+           id="path127"
+           sodipodi:nodetypes="cc" />
+        <path
+           style="font-variation-settings:normal;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000"
+           d="m -34.179644,180.57929 h 4.599677"
+           id="path128"
+           sodipodi:nodetypes="cc" />
+      </g>
+    </g>
+    <text
+       xml:space="preserve"
+       transform="matrix(0.26458333,0,0,0.26458333,-142.04825,144.60139)"
+       id="text270"
+       style="font-style:normal;font-variant:normal;font-weight:600;font-stretch:normal;font-size:29.3333px;line-height:1.25;font-family:'Inter 24pt';-inkscape-font-specification:'Inter 24pt Semi-Bold';text-align:center;white-space:pre;shape-inside:url(#rect271);display:inline"><tspan
+         x="803.32076"
+         y="329.32216"
+         id="tspan15">Microcontroller</tspan></text>
+    <path
+       style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round"
+       d="M 175.9151,172.6822 V 148.07404"
+       id="path73" />
+    <path
+       style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round"
+       d="M 154.02753,134.54678 H 98.485632 v 22.14876"
+       id="path77"
+       sodipodi:nodetypes="ccc" />
+    <text
+       xml:space="preserve"
+       transform="matrix(0.26458333,0,0,0.26458333,103.29647,93.921487)"
+       id="text121-3-4"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:26.6667px;line-height:1.25;font-family:'Inter 24pt';-inkscape-font-specification:'Inter 24pt';text-align:center;white-space:pre;shape-inside:url(#rect121-3-5-5);display:inline"><tspan
+         x="819.5426"
+         y="326.85384"
+         id="tspan16">Input</tspan></text>
+    <g
+       id="g87"
+       style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round"
+       transform="translate(10.878009,7.7533681)">
+      <path
+         id="path104"
+         style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+         d="m 284.21784,205.97009 c -1e-5,0.70399 1.16966,1.27468 2.61252,1.27468 1.44285,0 2.61252,-0.57069 2.61251,-1.27468"
+         sodipodi:nodetypes="csc" />
+      <ellipse
+         style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+         id="ellipse104"
+         cx="-286.83035"
+         cy="179.00661"
+         rx="2.6125116"
+         ry="1.274675"
+         transform="scale(-1,1)" />
+      <path
+         style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="m 289.44287,179.00661 v 26.96348"
+         id="path105"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="m 284.21784,179.00661 v 26.96348"
+         id="path106"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="m 286.83035,207.24477 v 4.57746"
+         id="path107" />
+      <path
+         style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="M 284.21784,205.97009 H 279.4833"
+         id="path108"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="m 286.83035,178.98444 v -5.79542"
+         id="path109"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="m 281.60398,211.82223 h -4.24137"
+         id="path78"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="m 288.95104,211.82223 h -4.24137"
+         id="path111"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round"
+         d="m 279.48329,205.97009 v 5.85214"
+         id="path87" />
+    </g>
+    <g
+       id="g87-2"
+       transform="matrix(1,0,0,-1,10.877997,347.45222)">
+      <path
+         id="path104-2"
+         style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+         d="m 284.21784,205.97009 c -1e-5,0.70399 1.16966,1.27468 2.61252,1.27468 1.44285,0 2.61252,-0.57069 2.61251,-1.27468"
+         sodipodi:nodetypes="csc" />
+      <ellipse
+         style="font-variation-settings:normal;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000"
+         id="ellipse104-6"
+         cx="-286.83035"
+         cy="179.00661"
+         rx="2.6125116"
+         ry="1.274675"
+         transform="scale(-1,1)" />
+      <path
+         style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="m 289.44287,179.00661 v 26.96348"
+         id="path105-1"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="m 284.21784,179.00661 v 26.96348"
+         id="path106-0"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="m 286.83035,207.24477 v 4.57746"
+         id="path107-6" />
+      <path
+         style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="M 284.21784,205.97009 H 279.4833"
+         id="path108-1"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="m 286.83035,178.98444 v -5.79542"
+         id="path109-5"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="m 281.60398,211.82223 h -4.24137"
+         id="path78-9"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:none;stroke:#000000;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+         d="m 288.95104,211.82223 h -4.24137"
+         id="path111-4"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round"
+         d="m 279.48329,205.97009 v 5.85214"
+         id="path87-9" />
+    </g>
+    <text
+       xml:space="preserve"
+       transform="matrix(0.26458333,0,0,0.26458333,61.195785,144.60139)"
+       id="text20-1"
+       style="font-style:normal;font-variant:normal;font-weight:600;font-stretch:normal;font-size:29.3333px;line-height:1.25;font-family:'Inter 24pt';-inkscape-font-specification:'Inter 24pt Semi-Bold';text-align:center;white-space:pre;shape-inside:url(#rect21-8-1);display:inline"><tspan
+         x="818.55834"
+         y="329.32216"
+         id="tspan17">Clip Line</tspan></text>
+    <path
+       style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round"
+       d="m 366.7737,150.84685 h -54.80235 v 0 23.41635"
+       id="path88" />
+    <path
+       style="fill:none;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round"
+       d="M 366.77373,205.9141 H 311.97135 V 180.93116"
+       id="path89"
+       sodipodi:nodetypes="ccc" />
+    <text
+       xml:space="preserve"
+       transform="matrix(0.26458333,0,0,0.26458333,177.7178,93.921487)"
+       id="text89"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:26.6667px;line-height:1.25;font-family:'Inter 24pt';-inkscape-font-specification:'Inter 24pt';text-align:center;white-space:pre;shape-inside:url(#rect89);display:inline"><tspan
+         x="808.53348"
+         y="326.85384"
+         id="tspan18">Output</tspan></text>
+    <text
+       xml:space="preserve"
+       transform="matrix(0.26458333,0,0,0.26458333,130.52701,144.60139)"
+       id="text90"
+       style="font-style:normal;font-variant:normal;font-weight:600;font-stretch:normal;font-size:29.3333px;line-height:1.25;font-family:'Inter 24pt';-inkscape-font-specification:'Inter 24pt Semi-Bold';text-align:center;white-space:pre;shape-inside:url(#rect90);display:inline"><tspan
+         x="777.58052"
+         y="329.32216"
+         id="tspan19">Sampling Gate</tspan></text>
+  </g>
+</svg>

defence/phd defence tdr principle.svg

@@ -0,0 +1,376 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   width="100mm"
+   height="60mm"
+   viewBox="0 0 100 60"
+   version="1.1"
+   id="svg1"
+   inkscape:version="1.4.3 (0d15f75042, 2025-12-25)"
+   sodipodi:docname="phd defence tdr principle.svg"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg">
+  <sodipodi:namedview
+     id="namedview1"
+     pagecolor="#ffffff"
+     bordercolor="#000000"
+     borderopacity="0.25"
+     inkscape:showpageshadow="2"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:document-units="mm"
+     inkscape:zoom="1.6739708"
+     inkscape:cx="150.83896"
+     inkscape:cy="138.29393"
+     inkscape:window-width="1920"
+     inkscape:window-height="1011"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="1"
+     inkscape:current-layer="layer1" />
+  <defs
+     id="defs1">
+    <rect
+       x="551.65271"
+       y="309.45667"
+       width="62.353214"
+       height="50.517651"
+       id="rect11" />
+    <rect
+       x="551.65271"
+       y="309.45667"
+       width="62.353214"
+       height="50.517651"
+       id="rect12" />
+    <rect
+       x="551.65271"
+       y="309.45667"
+       width="62.353214"
+       height="50.517651"
+       id="rect11-0" />
+    <rect
+       x="551.65271"
+       y="309.45667"
+       width="62.353214"
+       height="50.517651"
+       id="rect11-0-9" />
+    <rect
+       x="551.65271"
+       y="309.45667"
+       width="62.353214"
+       height="50.517651"
+       id="rect11-0-0" />
+    <rect
+       x="551.65271"
+       y="309.45667"
+       width="62.353214"
+       height="50.517651"
+       id="rect25" />
+  </defs>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(-63.811274,-50.604338)">
+    <g
+       id="g3"
+       transform="matrix(0.24012329,0,0,0.23457606,81.922797,65.216881)"
+       style="stroke-width:2.10674;stroke-dasharray:none">
+      <rect
+         style="fill:#ffffff;stroke:#1a1612;stroke-width:2.10674;stroke-linejoin:round;stroke-dasharray:none"
+         id="rect1"
+         width="52.476543"
+         height="40.305092"
+         x="74.212349"
+         y="54.643913" />
+      <g
+         id="g2"
+         transform="translate(-3.7859123,-1.9406318)"
+         style="stroke-width:2.10674;stroke-dasharray:none">
+        <path
+           style="fill:#ffffff;stroke:#1a1612;stroke-width:2.10674;stroke-linejoin:round;stroke-dasharray:none"
+           d="M 123.31803,65.720385 85.155036,87.753797"
+           id="path1" />
+        <path
+           style="fill:#ffffff;stroke:#1a1612;stroke-width:2.10674;stroke-linejoin:round;stroke-dasharray:none"
+           d="M 123.31803,87.753797 85.155036,65.720385"
+           id="path2" />
+      </g>
+    </g>
+    <g
+       id="g4"
+       transform="translate(31.446729,-5.2641985)">
+      <rect
+         style="fill:#ffffff;stroke:#1a1612;stroke-width:0.5;stroke-linejoin:round;stroke-dasharray:none"
+         id="rect1-3"
+         width="12.600841"
+         height="9.4546099"
+         x="42.850857"
+         y="71.155426" />
+      <path
+         style="fill:#ffffff;stroke:#1a1612;stroke-width:0.499999;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 44.314411,78.24975 h 3.904353 v -5.010587 h 4.229716 v 5.010587 h 2.082322"
+         id="path3"
+         sodipodi:nodetypes="cccccc" />
+    </g>
+    <circle
+       style="fill:#ffffff;stroke:#1a1612;stroke-width:0.499999;stroke-linejoin:round;stroke-dasharray:none"
+       id="path4"
+       cx="80.598007"
+       cy="91.641884"
+       r="6.5220127" />
+    <path
+       style="fill:#ffffff;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       d="m 112.40881,80.178084 h 9.96623"
+       id="path5"
+       sodipodi:nodetypes="cc" />
+    <path
+       style="fill:#ffffff;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       d="m 122.37504,80.178084 v -4.030459 h 3.4442 v 4.030459 h 3.44421"
+       id="path6"
+       sodipodi:nodetypes="ccccc" />
+    <path
+       style="fill:#ffffff;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       d="m 129.26345,80.178084 v -4.030459 h 3.4442 v 4.030459 h 3.44421"
+       id="path7"
+       sodipodi:nodetypes="ccccc" />
+    <path
+       style="fill:#ffffff;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       d="m 136.15186,80.178084 v -4.030459 h 3.4442 v 4.030459 h 3.44421"
+       id="path8"
+       sodipodi:nodetypes="ccccc" />
+    <path
+       style="fill:#ffffff;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       d="m 143.04027,80.178084 v -4.030459 h 3.4442 v 4.030459 h 3.44421"
+       id="path9"
+       sodipodi:nodetypes="ccccc" />
+    <path
+       style="fill:none;stroke:#1a1612;stroke-width:0.3;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       d="m 118.71556,72.618668 h 1.69044 c 0.8343,-0.02487 0.96416,-3.389326 1.59899,-3.225756 0.48905,0.126012 -0.0471,3.225756 0.82615,3.225756 h 1.84447"
+       id="path11"
+       sodipodi:nodetypes="ccscc" />
+    <g
+       id="g12"
+       transform="matrix(1.1890548,0,0,1.1890548,-20.775141,-10.295906)"
+       style="stroke-width:0.841004">
+      <text
+         xml:space="preserve"
+         transform="scale(0.26458333)"
+         id="text11"
+         style="font-size:10.6667px;line-height:10.5322px;font-family:Lemon;-inkscape-font-specification:Lemon;text-decoration-color:#000000;writing-mode:lr-tb;direction:ltr;white-space:pre;shape-inside:url(#rect11);display:inline;fill:none;stroke:#1a1612;stroke-width:1.5893;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"><tspan
+           x="551.65234"
+           y="317.93003"
+           id="tspan6"><tspan
+             style="font-family:'Inter 24pt SemiBold';-inkscape-font-specification:'Inter 24pt SemiBold, ';fill:#000000;stroke:none"
+             id="tspan5">Z</tspan></tspan></text>
+      <text
+         xml:space="preserve"
+         transform="matrix(0.16085311,0,0,0.16085311,59.294945,33.617914)"
+         id="text12"
+         style="font-size:10.6667px;line-height:10.5322px;font-family:Lemon;-inkscape-font-specification:Lemon;text-decoration-color:#000000;writing-mode:lr-tb;direction:ltr;white-space:pre;shape-inside:url(#rect12);display:inline;fill:none;stroke:#1a1612;stroke-width:2.61419;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"><tspan
+           x="551.65234"
+           y="317.93003"
+           id="tspan8"><tspan
+             style="font-family:'Inter 24pt SemiBold';-inkscape-font-specification:'Inter 24pt SemiBold, ';fill:#000000;stroke:none"
+             id="tspan7">term</tspan></tspan></text>
+    </g>
+    <path
+       style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       d="m 149.92868,80.178084 v 4.324963"
+       id="path12" />
+    <g
+       id="g16"
+       transform="translate(9.0092604,4.3073374)">
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 140.91941,88.369128 v 4.324963"
+         id="path13" />
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 142.94854,92.694091 h -4.05827"
+         id="path14"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 142.17512,93.79642 h -2.51145"
+         id="path15"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 141.45505,94.86319 h -1.0713"
+         id="path16"
+         sodipodi:nodetypes="cc" />
+    </g>
+    <rect
+       style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       id="rect16"
+       width="3.2248845"
+       height="8.1734142"
+       x="148.31622"
+       y="84.503052" />
+    <text
+       xml:space="preserve"
+       transform="matrix(0.31460408,0,0,0.31460408,-38.393695,-27.642884)"
+       id="text11-6"
+       style="font-size:10.6667px;line-height:10.5322px;font-family:Lemon;-inkscape-font-specification:Lemon;text-decoration-color:#000000;writing-mode:lr-tb;direction:ltr;white-space:pre;shape-inside:url(#rect11-0);display:inline;fill:none;stroke:#1a1612;stroke-width:1.5893;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"><tspan
+         x="551.65234"
+         y="317.93003"
+         id="tspan10"><tspan
+           style="font-family:'Inter 24pt SemiBold';-inkscape-font-specification:'Inter 24pt SemiBold, ';fill:#000000;stroke:none"
+           id="tspan9">Mesh</tspan></tspan></text>
+    <g
+       id="g18"
+       transform="matrix(0.54818411,0,0,0.52713488,61.970729,38.534926)"
+       style="stroke-width:0.558081;stroke-dasharray:none">
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.558081;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 113.89313,61.654747 h 4.62411 l -2.04582,0.616548 0.5605,-0.616548"
+         id="path17" />
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.558081;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 113.89313,61.654747 h 4.62411 l -2.04582,-0.616548 0.5605,0.616548"
+         id="path18" />
+    </g>
+    <path
+       style="fill:none;stroke:#1a1612;stroke-width:0.3;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       d="m 145.10975,83.740846 h -1.69044 c -0.8343,0.0249 -0.96416,3.38932 -1.59899,3.22575 -0.48905,-0.12601 0.0471,-3.22575 -0.82615,-3.22575 h -1.84447"
+       id="path19"
+       sodipodi:nodetypes="ccscc" />
+    <g
+       id="g21"
+       transform="matrix(-0.54818411,0,0,-0.52713488,201.85459,117.82459)"
+       style="stroke-width:0.558081;stroke-dasharray:none">
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.558081;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 113.89313,61.654747 h 4.62411 l -2.04582,0.616548 0.5605,-0.616548"
+         id="path20" />
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.558081;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 113.89313,61.654747 h 4.62411 l -2.04582,-0.616548 0.5605,0.616548"
+         id="path21" />
+    </g>
+    <g
+       id="g18-1"
+       transform="matrix(0.54818411,0,0,0.52713488,32.981996,45.838032)"
+       style="stroke-width:0.558081;stroke-dasharray:none">
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.558081;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 113.89313,61.654747 h 4.62411 l -2.04582,0.616548 0.5605,-0.616548"
+         id="path17-8" />
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.558081;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 113.89313,61.654747 h 4.62411 l -2.04582,-0.616548 0.5605,0.616548"
+         id="path18-7" />
+    </g>
+    <g
+       id="g18-3"
+       transform="matrix(-0.54818411,0,0,0.52713488,160.38558,54.563203)"
+       style="stroke-width:0.558081;stroke-dasharray:none">
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.558081;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 113.89313,61.654747 h 4.62411 l -2.04582,0.616548 0.5605,-0.616548"
+         id="path17-7" />
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.558081;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 113.89313,61.654747 h 4.62411 l -2.04582,-0.616548 0.5605,0.616548"
+         id="path18-5" />
+    </g>
+    <path
+       style="fill:none;fill-opacity:1;stroke:#1a1612;stroke-width:0.5;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       d="m 86.898427,70.618534 h 4.170574 v 9.558567 h 8.673909"
+       id="path22"
+       sodipodi:nodetypes="cccc" />
+    <path
+       style="fill:none;fill-opacity:1;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       d="m 99.74291,85.428682 h -8.780343 v 6.400233 h -3.845234"
+       id="path23" />
+    <path
+       style="fill:none;fill-opacity:1;stroke:#1a1612;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       d="m 74.315839,91.552506 c 1.162887,-0.268434 1.677432,3.187804 2.134029,3.292669 0.844521,0.193958 1.315889,-6.385784 2.13403,-6.385784 1.183523,0 1.021225,6.385784 2.134029,6.385784 0.759208,0 1.363034,-6.385784 2.134029,-6.385784 1.018512,0 1.296598,6.890369 2.13403,6.385784 0.468664,-0.282388 0.82304,-4.114815 2.134029,-3.292669"
+       id="path24"
+       sodipodi:nodetypes="csssssc" />
+    <g
+       id="layer1-7"
+       transform="translate(-25.02147,9.3303218)">
+      <text
+         xml:space="preserve"
+         transform="matrix(0.31460408,0,0,0.31460408,-48.737596,-33.80712)"
+         id="text11-6-8"
+         style="font-size:10.6667px;line-height:10.5322px;font-family:Lemon;-inkscape-font-specification:Lemon;text-decoration-color:#000000;writing-mode:lr-tb;direction:ltr;white-space:pre;shape-inside:url(#rect11-0-9);display:inline;fill:none;stroke:#1a1612;stroke-width:1.5893;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"><tspan
+           x="551.65234"
+           y="317.93003"
+           id="tspan12"><tspan
+             style="font-family:'Inter 24pt SemiBold';-inkscape-font-specification:'Inter 24pt SemiBold, ';fill:#000000;stroke:none"
+             id="tspan11">Coupler</tspan></tspan></text>
+    </g>
+    <text
+       xml:space="preserve"
+       transform="matrix(0.31460408,0,0,0.31460408,-102.80337,-40.812044)"
+       id="text11-6-1"
+       style="font-size:10.6667px;line-height:10.5322px;font-family:Lemon;-inkscape-font-specification:Lemon;text-align:center;text-decoration-color:#000000;writing-mode:lr-tb;direction:ltr;white-space:pre;shape-inside:url(#rect11-0-0);display:inline;fill:none;stroke:#1a1612;stroke-width:1.5893;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       x="31.176607"
+       y="0"><tspan
+         x="569.15198"
+         y="317.93003"
+         id="tspan14"><tspan
+           style="font-family:'Inter 24pt SemiBold';-inkscape-font-specification:'Inter 24pt SemiBold, ';fill:#000000;stroke:none"
+           id="tspan13">Pulse </tspan></tspan><tspan
+         x="557.78996"
+         y="328.67985"
+         id="tspan16"><tspan
+           style="font-family:'Inter 24pt SemiBold';-inkscape-font-specification:'Inter 24pt SemiBold, ';fill:#000000;stroke:none"
+           id="tspan15">Generator</tspan></tspan></text>
+    <text
+       xml:space="preserve"
+       transform="matrix(0.31460408,0,0,0.31460408,-102.80337,3.0114252)"
+       id="text25"
+       style="font-size:10.6667px;line-height:10.5322px;font-family:Lemon;-inkscape-font-specification:Lemon;text-align:center;text-decoration-color:#000000;writing-mode:lr-tb;direction:ltr;white-space:pre;shape-inside:url(#rect25);display:inline;fill:none;stroke:#1a1612;stroke-width:1.5893;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       x="31.176607"
+       y="0"><tspan
+         x="562.15716"
+         y="317.93003"
+         id="tspan18"><tspan
+           style="font-family:'Inter 24pt SemiBold';-inkscape-font-specification:'Inter 24pt SemiBold, ';fill:#000000;stroke:none"
+           id="tspan17">Sampler</tspan></tspan></text>
+    <path
+       style="fill:none;stroke:#1a1612;stroke-width:0.3;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       d="m 89.5926,68.72123 h 1.69044 c 0.8343,-0.02487 0.96416,-3.389326 1.59899,-3.225756 0.48905,0.126012 -0.0471,3.225756 0.82615,3.225756 h 1.84447"
+       id="path11-1"
+       sodipodi:nodetypes="ccscc" />
+    <g
+       id="g18-5"
+       transform="matrix(0.54818411,0,0,0.52713488,32.847772,34.637488)"
+       style="stroke-width:0.558081;stroke-dasharray:none">
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.558081;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 113.89313,61.654747 h 4.62411 l -2.04582,0.616548 0.5605,-0.616548"
+         id="path17-5" />
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.558081;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 113.89313,61.654747 h 4.62411 l -2.04582,-0.616548 0.5605,0.616548"
+         id="path18-4" />
+    </g>
+    <path
+       style="fill:none;stroke:#1a1612;stroke-width:0.3;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+       d="m 95.74733,94.005475 h -1.69044 c -0.8343,0.02487 -0.96416,3.389326 -1.59899,3.225756 -0.48905,-0.126012 0.0471,-3.225756 -0.82615,-3.225756 h -1.84447"
+       id="path25"
+       sodipodi:nodetypes="ccscc" />
+    <g
+       id="g27"
+       transform="matrix(-0.54818411,0,0,-0.52713488,152.49216,128.08922)"
+       style="stroke-width:0.558081;stroke-dasharray:none">
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.558081;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 113.89313,61.654747 h 4.62411 l -2.04582,0.616548 0.5605,-0.616548"
+         id="path26" />
+      <path
+         style="fill:#ffffff;fill-opacity:1;stroke:#1a1612;stroke-width:0.558081;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none"
+         d="m 113.89313,61.654747 h 4.62411 l -2.04582,-0.616548 0.5605,0.616548"
+         id="path27" />
+    </g>
+  </g>
+</svg>

hsm-terminology-notes.tex

@@ -1,74 +0,0 @@
-\chapter*{A Note on Hardware Security Module Terminology}
-\adjustmtc
-\addcontentsline{toc}{chapter}{A Note on Hardware Security Module Terminology}
-
-In this thesis, we use the term \emph{Hardware Security Module (HSM)} to refer to a security device that has the
-following three properties.
-
-\begin{enumerate}
-\item A HSM targets the prevention of any conceivable physical attack. In particular, this includes intrusion attempts
-        such as careful drilling or cutting into the device from any direction.
-\item A HSM includes tamper sensors that when triggered result in an active tamper response, usually deleting all
-        cryptographic secrets and rendering the device inoperable.
-\item A HSM's tamper sensing and response subsystem is continuously powered from a backup power supply, usually a
-        battery. Loss of power triggers the tamper response.
-\end{enumerate}
-
-This use of the term \emph{HSM} aligns with common usage of the term both in the academic literature and in everyday
-conversation. Particularly the requirement of active tamper detection and response is crucial to distinguish a HSM from
-simpler devices such as TPMs, smart cards or secure enclaves in SoCs. Note that our use of the term HSM is slightly
-different from its use in government standards, from its use in the PCI SSC (Payment Card Industry Security Standards
-Council) standards, and from its industry use.
-
-In industry, the term HSM is often used for solutions that are only logically segregated and that do not include any
-particular defense against hardware attacks. Our conjecture is that this is a consequence of the standardization
-landscape, where for applications outside of card payment processing the US FIPS
-140-22~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2002} standard was central to
-the industry. Despite encompassing both devices that include active tamper detection and response, FIPS 140-2 did not
-draw a distinction in its terminology between the two classes.
-
-\section{Use in government standards}
-
-Under US national standard FIPS 140 in in its 2002 version
-2~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2002}, a HSM would be called a
-\emph{Multiple-Chip Cryptographic Module} that conforms to the standard's \emph{Security Level 4}. Interesting to note
-are that only security level 4 requires any active tamper detection and response, so its security levels 3 and below do
-not align with our HSM definition. Futher of note is that according to the standard, a single-chip solution does not
-require any tamper detection and response either to meet the standard's security level 4, which is in misalignment with
-our definition. The standard's 2019 updated version FIPS
-140-3~\cite{usnationalinstituteofstandardsandtechnologySecurityRequirementsCryptographic2019} defers to the
-international standards ISO/IEC 19790 and 24759.
-
-ISO/IEC 19790~\cite{ISOIEC19790} and ISO/IEC 24759~\cite{ISOIEC24759} call what we call a HSM a \emph{Hardware
-Cryptographic Module} corresponding with the standards \emph{Security Level 4}. However, these standards only require
-active tamper detection and response when cryptographic secrets are transmitted in plaintext between chips.
-
-\section{Use in card payment processing (PCI SSC) standards}
-
-The Payment Card Industry Security Standards Council (PCI SSC) is an association of credit card network operators that
-defines standards for all layers of card payment processing, from card payment terminals in stores to the handling of
-payment data in online shop backend systems.
-
-PCI SSC terminology aligns with our use and with common everyday use of the term HSM. In PCI SSC terminology, a HSM is a
-crytographic device that has active tamper detecion and response circuitry. However, PCI SSC terminology differs from
-our use of the term HSM in one nuance: In PCI SSC terminology, a HSM is specifically a datacenter device used for
-backend processing of payment data. The general class of ``hardware devices performing some security function with or
-without particular physical security requirements'' that ISO/IEC 19790 and other standards call a \emph{Hardware
-Cryptographic Module}, in PCI SSC terminology is termed \emph{Secure Cryptographic Device (SCD)} in more recent standard
-versions, which was updated from the previous term \emph{Tamper-Resistant Security Module (TRSM)}. Other than HSMs, PCI
-SSC includes smartcards and card payment terminals in this category. Card payment terminals, referred to as
-\emph{Pin-Entry Device (PED)} in PCI SSC standards, have to include a surprising amount of active tamper detection and
-response functionality including partial coverage of areas like they system's main cryptographic processor and smart
-card reader by battery-backed tamper-sensing meshes.
-
-\section*{Tamper-Sensing Meshes}
-\addcontentsline{toc}{subsection}{Tamper-Sensing Meshes}
-
-In this thesis, we use the terms \emph{Tamper-Sensing Mesh} and \emph{Security Mesh} synonymous. We use both terms to
-refer to any electrical circuit whose path is laid out to cover a surface with the intent of detecting attempts at
-drilling, cutting or otherwise manipulating this surface. While the term \emph{Security Mesh} is more concise, it is
-less clear to people unfamiliar with the matter. It is also polysemous, and depending on context can also refer to woven
-or stamped metal meshes used as fences or as screens in front of windows to prevent break-ins. As a result, it is harder
-to use in online searches, and when using Large Language Models (LLMs), it frequently leads to amusing hallucinations.
-
-

thesis.tex

@@ -1,5 +1,10 @@
-\documentclass[11pt,a4paper,notitlepage,twoside]{book}
+\ifdefined\thesisoneside %
-\usepackage[a4paper, top=3cm, bottom=3.5cm, inner=3.5cm, outer=5cm, marginpar=3.8cm]{geometry}
+    \documentclass[11pt,a4paper,notitlepage,oneside]{book}
+    \usepackage[a4paper, top=3cm, bottom=3.5cm, inner=3.5cm, outer=5cm, marginpar=3.5cm]{geometry}
+\else %
+    \documentclass[11pt,a4paper,notitlepage,twoside]{book}
+    \usepackage[a4paper, top=3cm, bottom=3.5cm, inner=3.5cm, outer=5cm, marginpar=3.5cm]{geometry}
+\fi %
 
 \input{common-packages}
 \input{common-defs}
@@ -8,6 +13,7 @@
 \newcommand{\chaptertitle}[1]{
     \chapter{#1}
     \printchapterquote
+    %FIXME note leo: remove minitocs?
     \begin{spacing}{1.1}
         \minitoc
     \end{spacing}
@@ -27,15 +33,16 @@
 \input{titlepage.tex}
 
 \frontmatter
+%\chapter*{Akademischer Werdegang}
+%\includepdf[pages=-]{lebenslauf-en-akademischer-werdegang-diss.pdf}
 \input{abstract-de.tex}
 \input{abstract.tex}
 \input{ai-llm-use-disclosure.tex}
-\input{hsm-terminology-notes.tex}
 
 \clearpage
 \tableofcontents
-\listoffigures
+%\listoffigures
-\listoftables
+%\listoftables
 
 \mainmatter
 \dochapter{chapter-introduction} % Status: In pretty good shape

titlepage.tex

@@ -55,10 +55,16 @@
     Darmstadt, Technische Universität Darmstadt, 2025
 
     \noindent
-    URN: TBD FIXME
+    URN: https://nbn-resolving.de/urn:nbn:de:tuda-tuda-150469
 
     \noindent
-    Tag der mündlichen Prüfung: TBD FIXME
+    DOI: https://doi.org/10.26083/tuda-7720
+
+    \noindent
+    Document revision: \input{version}
+
+    \noindent
+    Tag der mündlichen Prüfung: TBD
 
     \noindent
     Veröffentlicht unter CC-BY-SA 4.0 International