summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjaseg <git@jaseg.de>2021-07-09 17:33:47 +0200
committerjaseg <git@jaseg.de>2021-07-09 17:33:47 +0200
commita13fd9f969e7adf4b3ab874556f642da2b2972fb (patch)
tree6e048e5fd2c75e6edf2f467b669c4184379a7054
parent83e8ccd65d1ed9c4a0892da3fecf92a83b21234d (diff)
downloadihsm-a13fd9f969e7adf4b3ab874556f642da2b2972fb.tar.gz
ihsm-a13fd9f969e7adf4b3ab874556f642da2b2972fb.tar.bz2
ihsm-a13fd9f969e7adf4b3ab874556f642da2b2972fb.zip
More detail on attacks, future work
-rw-r--r--paper/attack-robot.pdfbin0 -> 6266 bytes
-rw-r--r--paper/attack-robot.svg463
-rw-r--r--paper/ihsm_paper.tex94
3 files changed, 542 insertions, 15 deletions
diff --git a/paper/attack-robot.pdf b/paper/attack-robot.pdf
new file mode 100644
index 0000000..543fe66
--- /dev/null
+++ b/paper/attack-robot.pdf
Binary files differ
diff --git a/paper/attack-robot.svg b/paper/attack-robot.svg
new file mode 100644
index 0000000..a491edd
--- /dev/null
+++ b/paper/attack-robot.svg
@@ -0,0 +1,463 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ width="118.6135mm"
+ height="85.444748mm"
+ viewBox="0 0 118.6135 85.444748"
+ version="1.1"
+ id="svg5"
+ sodipodi:docname="attack-robot.svg"
+ inkscape:version="1.1 (c4e8f9ed74, 2021-05-24)"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:svg="http://www.w3.org/2000/svg">
+ <sodipodi:namedview
+ id="namedview7"
+ pagecolor="#ffffff"
+ bordercolor="#666666"
+ borderopacity="1.0"
+ inkscape:pageshadow="2"
+ inkscape:pageopacity="0.0"
+ inkscape:pagecheckerboard="0"
+ inkscape:document-units="mm"
+ showgrid="false"
+ inkscape:snap-global="false"
+ inkscape:zoom="1.4142136"
+ inkscape:cx="225.21351"
+ inkscape:cy="54.093669"
+ inkscape:window-width="1920"
+ inkscape:window-height="1024"
+ inkscape:window-x="0"
+ inkscape:window-y="0"
+ inkscape:window-maximized="1"
+ inkscape:current-layer="layer1"
+ fit-margin-top="5"
+ fit-margin-left="5"
+ fit-margin-right="5"
+ fit-margin-bottom="5" />
+ <defs
+ id="defs2">
+ <rect
+ x="359.98044"
+ y="69.053543"
+ width="194.04721"
+ height="135.26814"
+ id="rect25216" />
+ <rect
+ x="401.33646"
+ y="59.548355"
+ width="139.31168"
+ height="98.362732"
+ id="rect22864" />
+ <rect
+ x="368.71024"
+ y="74.453217"
+ width="98.056488"
+ height="82.006744"
+ id="rect21370" />
+ <pattern
+ inkscape:collect="always"
+ xlink:href="#Strips1_3"
+ id="pattern17674"
+ patternTransform="matrix(0.20997628,0.12451448,-0.41802153,0.70493516,99.831237,39.867125)" />
+ <pattern
+ inkscape:collect="always"
+ patternUnits="userSpaceOnUse"
+ width="4"
+ height="1"
+ patternTransform="translate(0,0) scale(10,10)"
+ id="Strips1_3"
+ inkscape:stockid="Stripes 1:3">
+ <rect
+ style="fill:#cc0000;stroke:none"
+ x="0"
+ y="-0.5"
+ width="1"
+ height="2"
+ id="rect16592" />
+ </pattern>
+ <rect
+ x="359.98044"
+ y="69.053543"
+ width="194.04721"
+ height="135.26814"
+ id="rect27445" />
+ <rect
+ x="359.98044"
+ y="69.053543"
+ width="194.04721"
+ height="135.26814"
+ id="rect27859" />
+ <rect
+ x="359.98044"
+ y="69.053543"
+ width="194.04721"
+ height="135.26814"
+ id="rect27859-2" />
+ <rect
+ x="359.98044"
+ y="69.053543"
+ width="194.04721"
+ height="135.26814"
+ id="rect27859-7" />
+ <rect
+ x="359.98044"
+ y="69.053543"
+ width="194.04721"
+ height="135.26814"
+ id="rect27859-6" />
+ <rect
+ x="359.98044"
+ y="69.053543"
+ width="194.04721"
+ height="135.26814"
+ id="rect27859-1" />
+ </defs>
+ <g
+ inkscape:label="Layer 1"
+ inkscape:groupmode="layer"
+ id="layer1"
+ transform="translate(-30.254311,-7.5139967)">
+ <path
+ style="fill:none;stroke:#000000;stroke-width:0.965;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:0.965, 0.965;stroke-dashoffset:0;stroke-opacity:1"
+ d="M 133.31448,52.882625 V 46.614226 H 120.54082"
+ id="path12713"
+ sodipodi:nodetypes="ccc" />
+ <rect
+ style="fill:#003399;stroke-width:1;stroke-linejoin:round;stroke-dasharray:4, 4;stop-color:#000000"
+ id="rect31"
+ width="10.662453"
+ height="17.252211"
+ x="73.817886"
+ y="29.329372" />
+ <ellipse
+ style="fill:#6699ff;stroke-width:1;stroke-linejoin:round;stroke-dasharray:4, 4;stop-color:#000000"
+ id="path55"
+ cx="79.149109"
+ cy="53.069786"
+ rx="13.855765"
+ ry="4.6185884" />
+ <ellipse
+ style="fill:#6699ff;stroke-width:1;stroke-linejoin:round;stroke-dasharray:4, 4;stop-color:#000000"
+ id="path55-7"
+ cx="79.149109"
+ cy="21.26178"
+ rx="13.855765"
+ ry="4.6185884" />
+ <path
+ style="color:#000000;fill:url(#pattern17674);stroke-linejoin:round;stroke-dasharray:4, 4;-inkscape-stroke:none"
+ d="m 93.004874,43.359661 c 10e-7,2.550776 -6.203437,4.618589 -13.855765,4.618589 -7.652328,0 -13.855766,-2.067813 -13.855765,-4.618589 v -9.279067 c 10e-7,2.550776 6.203438,4.618588 13.855765,4.618588 7.652327,0 13.855764,-2.067812 13.855765,-4.618588 z"
+ id="path55-7-6" />
+ <ellipse
+ style="fill:#ffcc00;stroke-width:1;stroke-linejoin:round;stroke-dasharray:3.99999, 3.99999;stop-color:#000000"
+ id="path55-3"
+ cx="79.149109"
+ cy="77.363274"
+ rx="26.374798"
+ ry="8.7915993" />
+ <path
+ style="fill:none;stroke:#cc0000;stroke-width:1.265;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="M 54.952027,75.847393 36.961772,54.454551 51.587497,39.828827 52.837643,35.163215 h 5.459365"
+ id="path262"
+ sodipodi:nodetypes="ccccc" />
+ <path
+ style="fill:none;stroke:#cc0000;stroke-width:1.265;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="m 51.587497,39.828827 4.016952,2.188162 3.087632,-3.875926"
+ id="path264" />
+ <path
+ style="fill:none;stroke:#cc0000;stroke-width:0.264583px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+ d="m 51.331833,33.239445 c -2.68657,-0.969769 -4.582535,-0.902044 -6.182511,1.460654 -1.618086,2.389441 0.340442,4.649205 1.464189,7.307178 0.903228,2.136383 1.41266,4.435217 0.388035,6.009975 -1.05617,1.623241 -2.695367,2.1185 -5.274308,2.442718 -1.630479,0.20498 -2.862181,0.360967 -3.879118,1.651826 -0.589968,0.748883 -0.897981,2.318141 -0.897981,2.318141"
+ id="path3622"
+ sodipodi:nodetypes="csssssc" />
+ <circle
+ style="fill:#cc0000;stroke:none;stroke-width:1.265;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stop-color:#000000"
+ id="path5297"
+ cx="51.488754"
+ cy="40.025257"
+ r="2.0969195" />
+ <circle
+ style="fill:#cc0000;stroke:none;stroke-width:1.265;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stop-color:#000000"
+ id="circle5381"
+ cx="37.351231"
+ cy="54.811962"
+ r="2.0969195" />
+ <g
+ id="g7210"
+ transform="matrix(0,1.1922409,-1.1922409,0,248.33096,-8.4206447)"
+ style="fill:#ffcc00;stroke-width:0.838757">
+ <path
+ id="rect5641"
+ style="fill:#ffcc00;stroke-width:4.01018;stroke-linecap:round;stroke-linejoin:round;stop-color:#000000"
+ d="m 429.97266,227.56055 c -5.96767,-0.0295 -12.48274,0.88665 -19.7793,3.15429 v 61.97461 c 15.01758,4.60846 27.15999,3.02819 38.30273,0 v -61.97461 c -5.69943,-1.87261 -11.76007,-3.12082 -18.52343,-3.15429 z m -1.75,10.37109 h 2.24414 v 25.41797 h -2.24414 z m -5.81055,1.04492 h 2.24414 v 25.41797 h -2.24414 z m 11.62305,0 h 2.24218 v 25.41797 h -2.24218 z m -17.43555,2.33399 h 2.24414 v 25.41797 h -2.24414 z m 23.24609,0 h 2.24414 v 25.41797 h -2.24414 z"
+ transform="matrix(0,-0.26458333,0.26458333,0,-10.403218,210.05896)" />
+ <path
+ id="rect6111"
+ style="fill:#ffcc00;stroke-width:1.06103;stroke-linecap:round;stroke-linejoin:round;stop-color:#000000"
+ d="m 70.069991,94.02773 h 0.710689 c 0.177412,2.636457 1.474716,2.084634 1.554899,0 h 0.796942 v 5.595253 h -0.695153 c -0.208773,-3.101954 -1.589566,-1.8514 -1.519101,0 h -0.848276 z"
+ sodipodi:nodetypes="ccccccccc" />
+ <rect
+ style="fill:#ffcc00;stroke:none;stroke-width:1.06103;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stop-color:#000000"
+ id="rect7045"
+ width="8.5858679"
+ height="1.0710945"
+ x="63.572243"
+ y="96.139145" />
+ </g>
+ <g
+ id="g8590"
+ transform="matrix(1.6227793,0,0,1.6227793,-48.776549,-55.42076)"
+ style="fill:#ff6600;stroke-width:0.616227">
+ <rect
+ style="fill:#ff6600;stroke:none;stroke-width:0.779527;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stop-color:#000000"
+ id="rect7234"
+ width="12.868855"
+ height="6.3858981"
+ x="92.149086"
+ y="59.305691"
+ rx="0.7708323"
+ ry="0.7708323" />
+ <g
+ id="g8386"
+ transform="translate(0,0.07592982)"
+ style="fill:#ff6600;stroke-width:0.616227">
+ <path
+ style="fill:#ff6600;stroke:none;stroke-width:0.163043px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+ d="m 92.728216,62.858935 h -3.78272 v -3.33134 h 0.709639 l 1.547135,1.547138 h 1.53894 z"
+ id="path7954"
+ sodipodi:nodetypes="ccccccc" />
+ <use
+ x="0"
+ y="0"
+ xlink:href="#path7954"
+ id="use8302"
+ transform="matrix(1,0,0,-1,0,124.84542)"
+ width="100%"
+ height="100%"
+ style="fill:#ff6600;stroke-width:0.616227" />
+ </g>
+ </g>
+ <path
+ style="fill:none;stroke:#6699ff;stroke-width:0.665;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="M 65.625844,52.96581 V 21.058565"
+ id="path9384" />
+ <path
+ style="fill:none;stroke:#6699ff;stroke-width:0.665;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="M 92.672374,52.96581 V 21.058565"
+ id="path9384-6" />
+ <g
+ id="g2844"
+ transform="matrix(0.87583294,0.42434778,-0.42434778,0.87583294,24.703823,-3.7780156)"
+ style="fill:#cc0000;stroke-width:1.02752">
+ <g
+ id="g2249"
+ transform="translate(-10.957802,-4.8495503)"
+ style="fill:#cc0000;stroke-width:1.02752">
+ <path
+ style="fill:#cc0000;stroke:none;stroke-width:0.271864px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+ d="m 51.802698,27.189339 c 0.0038,-0.358372 0.08447,-0.300802 0.310004,-0.331827 0.494104,-0.06797 1.117564,-0.07823 1.480174,-0.163994 0.328415,-0.07768 0.329328,-0.264077 0.44198,-0.446063 l 8.372187,-0.146866 c 0.813022,-0.166145 0.764656,-0.644617 1.071405,-0.863087 0,0 0.184585,-0.224681 0.312419,-0.222508 0.10223,0.0017 0.230806,0.0849 0.243652,0.186331 0.07299,0.576371 0.08562,1.976868 0.08562,1.976868 z"
+ id="path266"
+ sodipodi:nodetypes="cssccssscc" />
+ <use
+ x="0"
+ y="0"
+ xlink:href="#path266"
+ id="use793"
+ transform="matrix(1,0,0,-1,0,54.356394)"
+ width="100%"
+ height="100%"
+ style="fill:#cc0000;stroke-width:1.02752" />
+ </g>
+ <path
+ style="fill:#cc0000;stroke:none;stroke-width:0.271864px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+ d="m 51.074672,22.328651 h 11.293803 l -0.35065,-0.228818 h -1.302856 v -0.40726 H 59.84365 v 0.135882 h -8.813018 z"
+ id="path2369"
+ sodipodi:nodetypes="ccccccccc" />
+ <use
+ x="0"
+ y="0"
+ xlink:href="#path2369"
+ id="use2617"
+ transform="matrix(1,0,0,-1,1.785403e-8,44.657302)"
+ width="100%"
+ height="100%"
+ style="fill:#cc0000;stroke-width:1.02752" />
+ <g
+ id="g2834"
+ transform="translate(-2.1557979,0.20827974)"
+ style="fill:#cc0000;stroke-width:1.02752">
+ <rect
+ style="fill:#cc0000;stroke:none;stroke-width:1.02752;stroke-linejoin:round;stroke-dasharray:4.11007, 4.11007;stop-color:#000000"
+ id="rect2748"
+ width="0.22969821"
+ height="0.6890946"
+ x="62.32338"
+ y="21.225693" />
+ <rect
+ style="fill:#cc0000;stroke:none;stroke-width:1.02752;stroke-linejoin:round;stroke-dasharray:4.11007, 4.11007;stop-color:#000000"
+ id="rect2750"
+ width="0.6350857"
+ height="0.30754745"
+ x="62.120686"
+ y="21.037823" />
+ </g>
+ </g>
+ <path
+ style="font-variation-settings:normal;opacity:1;vector-effect:none;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.965;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:0.965, 0.965;stroke-dashoffset:0;stroke-opacity:1;-inkscape-stroke:none;stop-color:#000000;stop-opacity:1"
+ d="M 132.95752,76.859499 H 79.367469"
+ id="path12828"
+ sodipodi:nodetypes="cc" />
+ <text
+ xml:space="preserve"
+ transform="scale(0.26458333)"
+ id="text21368"
+ style="font-size:26.6667px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect21370)" />
+ <text
+ xml:space="preserve"
+ transform="scale(0.26458333)"
+ id="text22862"
+ style="font-size:26.6667px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect22864)" />
+ <g
+ id="g27435"
+ transform="translate(6.7098762,1.0448544)">
+ <circle
+ style="font-variation-settings:normal;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:0.665;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000;stop-opacity:1"
+ id="path20362"
+ cx="114.19244"
+ cy="39.213848"
+ r="3.9914834" />
+ <text
+ xml:space="preserve"
+ transform="matrix(0.26458333,0,0,0.26458333,17.624612,16.964555)"
+ id="text25214"
+ style="font-size:26.6667px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect25216)"><tspan
+ x="359.98047"
+ y="93.557974"
+ id="tspan31831"><tspan
+ style="font-family:Bahnschrift;-inkscape-font-specification:Bahnschrift"
+ id="tspan31829">1</tspan></tspan></text>
+ </g>
+ <g
+ id="g27443"
+ transform="translate(25.351394,12.342086)">
+ <circle
+ style="font-variation-settings:normal;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:0.665;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000;stop-opacity:1"
+ id="circle27437"
+ cx="114.19244"
+ cy="39.213848"
+ r="3.9914834" />
+ <text
+ xml:space="preserve"
+ transform="matrix(0.26458333,0,0,0.26458333,17.095445,16.964555)"
+ id="text27441"
+ style="font-size:26.6667px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect27445)"><tspan
+ x="359.98047"
+ y="93.557974"
+ id="tspan31835"><tspan
+ style="font-family:Bahnschrift;-inkscape-font-specification:Bahnschrift"
+ id="tspan31833">2</tspan></tspan></text>
+ </g>
+ <g
+ id="g27857"
+ transform="translate(-17.130934,44.420913)">
+ <circle
+ style="font-variation-settings:normal;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:0.665;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000;stop-opacity:1"
+ id="circle27851"
+ cx="114.19244"
+ cy="39.213848"
+ r="3.9914834" />
+ <text
+ xml:space="preserve"
+ transform="matrix(0.26458333,0,0,0.26458333,17.095445,16.964555)"
+ id="text27855"
+ style="font-size:26.6667px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect27859)"><tspan
+ x="359.98047"
+ y="93.557974"
+ id="tspan31839"><tspan
+ style="font-family:Bahnschrift;-inkscape-font-specification:Bahnschrift"
+ id="tspan31837">3</tspan></tspan></text>
+ </g>
+ <g
+ id="g27857-9"
+ transform="translate(-70.974954,23.273767)">
+ <circle
+ style="font-variation-settings:normal;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:0.665;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000;stop-opacity:1"
+ id="circle27851-1"
+ cx="114.19244"
+ cy="39.213848"
+ r="3.9914834" />
+ <text
+ xml:space="preserve"
+ transform="matrix(0.26458333,0,0,0.26458333,16.70906,16.964555)"
+ id="text27855-2"
+ style="font-size:26.6667px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect27859-2)"><tspan
+ x="359.98047"
+ y="93.557974"
+ id="tspan31843"><tspan
+ style="font-family:Bahnschrift;-inkscape-font-specification:Bahnschrift"
+ id="tspan31841">4</tspan></tspan></text>
+ </g>
+ <g
+ id="g27857-0"
+ transform="translate(-26.822028,-22.375868)">
+ <circle
+ style="font-variation-settings:normal;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:0.665;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000;stop-opacity:1"
+ id="circle27851-9"
+ cx="114.19244"
+ cy="39.213848"
+ r="3.9914834" />
+ <text
+ xml:space="preserve"
+ transform="matrix(0.26458333,0,0,0.26458333,17.095445,16.964555)"
+ id="text27855-3"
+ style="font-size:26.6667px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect27859-7)"><tspan
+ x="359.98047"
+ y="93.557974"
+ id="tspan31847"><tspan
+ style="font-family:Bahnschrift;-inkscape-font-specification:Bahnschrift"
+ id="tspan31845">7</tspan></tspan></text>
+ </g>
+ <g
+ id="g27857-06"
+ transform="translate(-39.731146,-8.157129)">
+ <circle
+ style="font-variation-settings:normal;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:0.665;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000;stop-opacity:1"
+ id="circle27851-2"
+ cx="114.19244"
+ cy="39.213848"
+ r="3.9914834" />
+ <text
+ xml:space="preserve"
+ transform="matrix(0.26458333,0,0,0.26458333,17.095445,16.964555)"
+ id="text27855-6"
+ style="font-size:26.6667px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect27859-6)"><tspan
+ x="359.98047"
+ y="93.557974"
+ id="tspan31851"><tspan
+ style="font-family:Bahnschrift;-inkscape-font-specification:Bahnschrift"
+ id="tspan31849">6</tspan></tspan></text>
+ </g>
+ <g
+ id="g27857-8"
+ transform="translate(-43.852246,9.3261724)">
+ <circle
+ style="font-variation-settings:normal;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:0.665;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;stop-color:#000000;stop-opacity:1"
+ id="circle27851-7"
+ cx="114.19244"
+ cy="39.213848"
+ r="3.9914834" />
+ <text
+ xml:space="preserve"
+ transform="matrix(0.26458333,0,0,0.26458333,17.095445,16.964555)"
+ id="text27855-9"
+ style="font-size:26.6667px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect27859-1)"><tspan
+ x="359.98047"
+ y="93.557974"
+ id="tspan31855"><tspan
+ style="font-family:Bahnschrift;-inkscape-font-specification:Bahnschrift"
+ id="tspan31853">5</tspan></tspan></text>
+ </g>
+ </g>
+</svg>
diff --git a/paper/ihsm_paper.tex b/paper/ihsm_paper.tex
index 6b6109f..e426306 100644
--- a/paper/ihsm_paper.tex
+++ b/paper/ihsm_paper.tex
@@ -488,19 +488,44 @@ In the sections below, we will go into detail on such attacks on IHSMs. To put t
we will start with a brief overview on attacks on conventional HSMs that the IHSM is defended against.
%FIXME \paragraph{...}
-\subsection{Contactless probing of the payload}
-
-Irrespective of the HSM's technology (conventional or IHSM), there are some types of attack bypassing the HSM's security
-mesh that in principle cannot be prevented. One such type are contactless attacks such as electromagnetic (EM)
-sidechannel attacks, but attacks through the HSM's application interface such as Ethernet also follow this theme. While
-IHSMs allow for the use of off-the-shelf server hardware as their payload, the combination of payload hardware and the
-software running on top of this hardware still has to be evaluated for fitness in this particular application. EM
-sidechannel attacks can be mitigated by shielding and by designing the IHSM's payload such that critical components such
-as CPUs are physically distant to the security mesh, preventing EM probes from being brought close. Conducted EMI
-sidechannels that could be used for power analysis can be mitigated by placing filters on the inside of the security
-mesh at the point where the power and network connections penetrate the mesh. Attacks through the network interface must
-be prevented as in any other networked system by only exposing the minimum necessary amount of API surface to the
-outside world, and by carefully vetting this remaining attack surface.
+In principle, there are three ways to attack a conventional HSM. The hard way is to find a way to go through the
+security mesh without triggering the alarm, e.g.\ by using a probe that is finer than the mesh's structure size. An
+attacker willing to invest some effort can also try to uncover the mesh traces buried in plastic to then hot-wire the
+mesh, bridging over a part that will subsequently be removed. HSMs attempt to detect such attacks by measuring the mesh
+traces' resistance instead of only checking their continuity~\cite{obermaier2019}. However, if an attacker only wishes
+to disable a small section of the mesh to insert a handful of fine probes into the device, this hardening approach
+becomes challenging. Consider a mesh is covering an area of $\SI{100}{\milli\meter}$ by $\SI{100}{\milli\meter}$. An
+attacker who circumvents a $\SI{5}{\milli\meter}$ by $\SI{5}{\milli\meter}$ section of this mesh using wires with a low
+resistance will change the mesh trace's resistance by approximately
+$\frac{\SI{5}{\milli\meter}\cdot\SI{5}{\milli\meter}}{\SI{100}{\milli\meter}\cdot\SI{100}{\milli\meter}} = 0.25
+\%$. Detecting this change would require a resistance measurement of at least $\SI{9}{bit}$ of precision and
+corresponding temperature stability of the mesh material.
+
+The second way to attack a HSM is to go \emph{around} the mesh. Many commercial HSMs sandwich the payload PCB between
+two mesh-equipped enclosure halves. This design in particular is vulnerable to attempts to stick a fine needle through
+the interface between mesh lid and PCB. Conventional HSMs mitigate this weak spot by wrapping a patterned conductive
+foil that forms the security mesh around the HSM, leaving only the foil's corners and the payload's power and data
+feed-through as potential weak spots.
+
+The third and last way to attack a conventional HSM is to disable the mesh monitoring circuit~\cite{dexter2015}. An
+attacker may need to insert several probes to wiretap the payload processor's secrets, but depending on its
+implementation they may be able to disable the mesh alarm circuit with only one. To harden a conventional HSM against
+this type of attack, the mesh monitoring circuit must be carefully designed to avoid single points of failure as well as
+any fail-open failure modes.
+
+\subsection{Attacks that work on any HSM}
+
+While an IHSM provides an effective mitigation against direct attacks on the security mesh as described in the previous
+paragraphs, certain attacks are generic against any HSM technology, conventional or IHSM. One type of such attacks are
+contactless attacks such as electromagnetic (EM) sidechannel attacks. EM sidechannel attacks can be mitigated by
+shielding and by designing the IHSM's payload such that critical components such as CPUs are physically distant to the
+security mesh, preventing EM probes from being brought close. Conducted EMI sidechannels that could be used for power
+analysis can be mitigated by placing filters on the inside of the security mesh at the point where the power and network
+connections penetrate the
+mesh~\cite{anderson2020}.
+Finally, the API between the HSM's payload and the outside world provides attack surface. Attacks through the network
+interface must be prevented as in any other networked system by only exposing the minimum necessary amount of API
+surface to the outside world, and by carefully vetting this remaining attack surface~\cite{anderson2020}.
\subsection{The Swivel Chair Attack}
\label{sec_swivel_chair_attack}
@@ -520,6 +545,41 @@ acceleration is $a=\omega^2 r$. In our example this results in a minimum angular
$\SI{1000}{rpm}$ and above, a manual attack is no longer possible and any attack would have to be carried out using some
kind of mechanical tool.
+\begin{figure}
+ \center
+ \includegraphics[width=6cm]{attack-robot.pdf}
+ \caption{Schematic overview of a robotic rotating-stage attack. An optical sensor (1) observes the IHSM's rotation
+ and adjusts the setpoint of a servo motor (2) that rotates the attack stage (3). On the rotating attack stage, a
+ remote controlled manipulator (4) is mounted that deactivates the security mesh (7) and creates an opening (5).
+ Through this opening, a human operator can then insert tools such as probes to read out sensitive information from
+ the actual payload (6).}
+ \label{fig_attack_robot}
+\end{figure}
+
+
+While it is certainly possible to create a mechanical tool to attack an IHSM in motion, we also consider this attack
+method reasonably remote. Figure~\ref{fig_attack_robot} shows a schematic overview of what such an attack tool would
+have to look like. Most fundamentally, the tool itself has to rotate at the IHSM's speed, and cannot simply rotate the
+IHSM. If the tool were to counter-rotate the IHSM such that relative to a stationary observer the rotor would be slowed
+down, the accelerometer on the rotor would measure lower centrifugal acceleration and detect this attempt. Instead, the
+attack tool has to follow the rotation of the IHSM. At the high speeds an IHSM would be rotating at, following the
+rotation closely enough that a manipulator mounted on the attack tool is stationary w.r.t.\ the IHSM is not easy. To
+stay within $\pm\SI{5}{\milli\meter}$ of a target over a period of $\SI{10}{\second}$ on an IHSM mesh with radius
+$r=\SI{100}{\milli\meter}$ requires both speeds to be matched to better than
+$\frac{\SI{5}{\milli\meter}}{\SI{10}{\second}} \cdot \frac{1}{2\pi r} = \SI{8.0}{\milli\hertz} = \SI{0.048}{rpm}$.
+Relative to a realsistic IHSM's speed of $\SI{1000}{rpm}$ this corresponds to approximately $\SI{50}{ppm}$. Active servo
+control of the attack tool's rotation locked against optical tracking of the IHSM's rotor would likely be the most
+realistic option to achieve this precision. This strict accuracy requirement leads to a complex attack setup.
+
+If an attacker were to solve the tracking issue, the remaining issue is that they still need to construct a
+remote-controlled manipulator that can be mounted on the attack tool's rotating stage and that is able to actually
+disable the IHSM's mesh. Consider that simply bypassing the mesh e.g. by drilling an undetected hole does not gain an
+attacker much in this scenario, as the payload is stationary and an attack tool rotating at $\SI{1000}{rpm}$ is useless
+against it. Instead, the attacker would have to disable the mesh using the rotating tool, in order to then cut an
+opening into it through which they could insert a stationary tool to attack the payload with. Given the degree of manual
+skill necessary even for normal soldering work, we estimate that creating a remote-controllable manipulator that can be
+used to successfully attack a security mesh is infeasible.
+
\subsection{Mechanical weak spots}
The tamper defense of an IHSM rests on the security mesh moving too fast to tamper. Depending on the type of motion
@@ -864,12 +924,16 @@ allow the construction of devices secure against a wide range of practical attac
specialized tools. The rotating mesh allows longitudinal gaps, which enables new applications that are impossible with
traditional HSMs. Such gaps can be used to integrate a fan for air cooling into the HSM, allowing the use of powerful
computing hardware inside the HSM. We hope that this simple construction will stimulate academic research into (more)
-secure hardware.
+secure hardware. We have published all design artifacts of our PoC online, see Appendix~\ref{sec_repo}. The next steps
+towards a practical application of our design will be to design a manufacturable stator/rotor interface with inductive
+power and data transfer integrated into the motor's magnetics and a custom motor driver tuned for the application that
+is able to precisely measure both angular velocity and winding current for an added degree of tamper detection.
\printbibliography[heading=bibintoc]
\appendix
-\section{Source code and Design artifacts}
+\section{Source code and design artifacts}
+\label{sec_repo}
During our research on this paper, we have created a number of digital design artifacts including a 3D mechanical CAD
model of our prototype IHSM, schematics and PCB layouts for all of its PCBs including the prototype security mesh