diff options
author | jaseg <git-bigdata-wsl-arch@jaseg.de> | 2021-04-16 11:25:06 +0200 |
---|---|---|
committer | jaseg <git-bigdata-wsl-arch@jaseg.de> | 2021-04-16 11:25:06 +0200 |
commit | af41cb2a27daf512702a59f3b7d2e65352a2fc5c (patch) | |
tree | 1e366ab5782e1747581152b87b56fec61124bc08 | |
parent | 7a3bcc54894a5ac24aa1557991e6099f5dd6b460 (diff) | |
download | ihsm-af41cb2a27daf512702a59f3b7d2e65352a2fc5c.tar.gz ihsm-af41cb2a27daf512702a59f3b7d2e65352a2fc5c.tar.bz2 ihsm-af41cb2a27daf512702a59f3b7d2e65352a2fc5c.zip |
paper: Minor corrections for submission
-rw-r--r-- | paper/ihsm.bib | 2 | ||||
-rw-r--r-- | paper/ihsm_paper.tex | 35 |
2 files changed, 18 insertions, 19 deletions
diff --git a/paper/ihsm.bib b/paper/ihsm.bib index 80dfc9e..de4c755 100644 --- a/paper/ihsm.bib +++ b/paper/ihsm.bib @@ -250,7 +250,7 @@ @Book{iaea2011,
author = {{{International Atomic Energy Agency}}},
date = {2011},
- title = {Safeguards, techniques and equipmen.},
+ title = {Safeguards, techniques and equipment},
isbn = {978-92-0-118910-3},
series = {International Nuclear Verification Series},
url = {https://www-pub.iaea.org/MTCD/Publications/PDF/nvs1_web.pdf},
diff --git a/paper/ihsm_paper.tex b/paper/ihsm_paper.tex index c5bf291..0188b48 100644 --- a/paper/ihsm_paper.tex +++ b/paper/ihsm_paper.tex @@ -47,8 +47,8 @@ \maketitle \begin{abstract} - In this paper, we introduce a novel countermeasure against physical attacks: Inertial hardware security modules - (iHSMs). Conventional systems have in common that their security requires the crafting of fine sensor structures + In this paper, we introduce a novel countermeasure against physical attacks: Inertial Hardware Security Modules + (IHSMs). Conventional systems have in common that their security requires the crafting of fine sensor structures that respond to minute manipulations of the monitored security boundary or volume. Our approach is novel in that we reduce the sensitivity requirement of security meshes and other sensors and increase the complexity of any manipulations by rotating the security mesh or sensor at high speed---thereby presenting a moving target to an @@ -136,7 +136,7 @@ detection. HSMs are an old technology that traces back decades in its electronic realization. Today's common approach of monitoring meandering electrical traces on a fragile foil that is wrapped around the HSM essentially transforms the security problem into the challenge to manufacture very fine electrical traces on a flexible foil~\cite{isaacs2013, immler2019, -anderson2020}. There has been some research on monitoring the HSM's inside using e.g.\ electromagnetic +anderson2020}. There has been some research on monitoring the HSM's interior using e.g.\ electromagnetic radiation~\cite{tobisch2020, kreft2012} or ultrasound~\cite{vrijaldenhoven2004} but none of this research has found widespread adoption yet. @@ -161,15 +161,14 @@ reading, similar to an HSM. They are constructed from two components: A cable th monitoring device. The monitoring device itself is in effect an HSM and uses a security mesh foil such as it is used in commercial HSMs. -In~\cite{anderson2020}, Anderson gives a comprehensive overview on physical security. An example HSM that they cite is -the IBM 4758 HSM whose details are laid out in depth in~\cite{smith1998}. This HSM is an example of an industry-standard -construction. Although its turn of the century design is now a bit dated, the construction techniques of the physical -security mechanisms have not evolved much in the last two decades. Besides some auxiliary temperature and radiation -sensors to guard against attacks on the built-in SRAM memory, the module's main security barrier uses the traditional -construction of a flexible mesh foil wrapped around the module's core. In~\cite{smith1998}, the authors state that the -module monitors this mesh for short circuits, open circuits and conductivity. The fundamental approach to tamper -detection and construction is similar to other commercial -offerings~\cite{obermaier2018,drimer2008,anderson2020,isaacs2013}. +In~\cite{anderson2020}, Anderson gives a comprehensive overview on physical security. An example HSM that he cites is +the IBM 4758, the details of which are laid out in depth in~\cite{smith1998}. This HSM is an example of an +industry-standard construction. Although its turn of the century design is now a bit dated, the construction techniques +of the physical security mechanisms have not evolved much in the last two decades. Besides some auxiliary temperature +and radiation sensors to guard against attacks on the built-in SRAM memory, the module's main security barrier uses the +common construction of a flexible mesh foil wrapped around the module's core. In~\cite{smith1998}, the authors state +that the module monitors this mesh for short circuits, open circuits and conductivity. Other commercial offerings use a +fundamentally similar approach to tamper detection~\cite{obermaier2018,drimer2008,anderson2020,isaacs2013}. Shifting our focus from industry use to the academic state of the art, in~\cite{immler2019}, Immler et al. describe an HSM based on precise capacitance measurements of a security mesh, creating a PUF from the mesh. In contrast to @@ -388,9 +387,9 @@ rotation, at the point where the shaft penetrates the mesh. The mesh's tangentia and the shaft itself may allow an attacker to insert tools such as probes into the device through the opening it creates. This issue is related to the issue conventional HSMs also face with their power and data connections. In conventional HSMs, power and data are routed into the enclosure through the PCB or flat flex cables sandwiched in -between security mesh foil layers~\cite{smith1998}. In traditional HSMs this interface rarely is a mechanical weak spot -since they use a thin mesh substrate and create a meandering path by folding the interconnect substrate/security mesh -layers several times. In inertial HSMs, careful engineering is necessary to achieve the same effect. +between security mesh foil layers~\cite{smith1998}. In conventional HSMs this interface rarely is a mechanical weak +spot since they use a thin mesh substrate and create a meandering path by folding the interconnect substrate/security +mesh layers several times. In inertial HSMs, careful engineering is necessary to achieve the same effect. Figure~\ref{shaft_cm} shows variations of the shaft interface with increasing complexity. \begin{figure} @@ -669,8 +668,8 @@ Figure~\ref{fig-acc-theory} shows a plot of our measurement results against freq blue, and theoretical behavior is shown in orange. From our measurements we can conclude that an accelerometer is a good choice for an IHSM's braking sensor. A simple threshold set according to the sensor's calculated expected centrifugal force should be sufficient to reliably detect manipulation attempts without resulting in false positives. Periodic -controlled changes in the IHSM's speed of rotation allow an offset and scale calibration of the accelerometer on the -fly, without stopping the rotor. +controlled changes in the IHSM's speed of rotation allow offset and scale calibration of the accelerometer on the fly, +without stopping the rotor. \begin{figure} \center @@ -707,7 +706,7 @@ fly, without stopping the rotor. \section{Conclusion} \label{sec_conclusion} -In this paper we introduced Inertial Hardware Security Modules (iHSMs), a novel concept for the construction of advanced +In this paper we introduced Inertial Hardware Security Modules (IHSMs), a novel concept for the construction of advanced hardware security modules from simple components. We analyzed the concept for its security properties and highlighted its ability to significantly strengthen otherwise weak tamper detection barriers. We validated our design by creating a proof of concept hardware prototype. In this prototype we have demonstrated practical solutions to the major electronics |