diff options
author | jaseg <git@jaseg.de> | 2021-09-24 20:43:10 +0200 |
---|---|---|
committer | jaseg <git@jaseg.de> | 2021-09-24 20:43:10 +0200 |
commit | fc588530eb7354d0099615d830c989a172d51f4a (patch) | |
tree | c2c51264b364996ca245b66cfb27aa44e465b652 | |
parent | 6d978908e3a16619b562d2cdd2a4de600e0b1f3e (diff) | |
download | ihsm-fc588530eb7354d0099615d830c989a172d51f4a.tar.gz ihsm-fc588530eb7354d0099615d830c989a172d51f4a.tar.bz2 ihsm-fc588530eb7354d0099615d830c989a172d51f4a.zip |
Condensed.
-rw-r--r-- | paper/ihsm_paper.tex | 87 |
1 files changed, 35 insertions, 52 deletions
diff --git a/paper/ihsm_paper.tex b/paper/ihsm_paper.tex index 78b7d5e..dc018cb 100644 --- a/paper/ihsm_paper.tex +++ b/paper/ihsm_paper.tex @@ -247,18 +247,15 @@ adversary such as a secret service or organized cyber-crime. First, there are several ways how we can approach motion. Periodic, aperiodic and continuous motion could serve the purpose. There is also linear motion as well as rotation. We can also vary the degree of electronic control in this -motion. The main constraints we have on the HSM's motion pattern are that it needs to be (almost) continuous so as to -not expose any weak spots during instantaneous standstill of the HSM. Additionally, for space efficiency, the HSM has to -stay within a confined space. This means that linear motion would have to be periodic, like that of a pendulum. Such -periodic linear motion will have to quickly reverse direction at its apex so the device is not stationary long enough -for this to become a weak spot. +motion. The main constraints on the HSM's motion pattern are that it needs to be (almost) continuous to not expose any +weak spots. Additionally, it has to stay within a confined space: Linear motion would have to be periodic, like that of +a pendulum. Such periodic linear motion will have to quickly reverse direction at its apex so the device is not +stationary long enough for this to become a weak spot. In contrast to linear motion, rotation is space-efficient and can be continuous if the axis of rotation is inside the -device. In case it has a fixed axis, rotation will expose a weak spot at the axis of rotation where the surface's -tangential velocity is low. Faster rotation can lessen the security impact of this fact at the expense of power -consumption and mechanical stress, but it can never eliminate it. This effect can be alleviated in two ways: Either by -adding additional tamper protection at the axis, or by having the HSM perform a compound rotation that has no fixed -axis. +device. When the axis is fixed, rotation will expose a weak spot close to the axis where tangential velocity is low. +Possible mitigations are faster rotation to lessen the impact, additional tamper protection at the axis, and having the +HSM perform a compound rotation that has no fixed axis. Large centrifugal acceleration at high speeds poses the engineering challenge of preventing rapid unscheduled disassembly of the device, but it also creates an obstacle to any attacker trying to manipulate the device in what we @@ -284,62 +281,50 @@ fabricate enclosures that embed characteristics of a Physically Unclonable Funct the enclosure material to form a PUF, such academic designs effectively leverage signal processing techniques to improve the system's security level by a significant margin. -In our research, we focus on security meshes as our IHSM's tamper sensors. Most of the cost in commercial security mesh -implementations lies in the advanced manufacturing techniques and special materials necessary to achieve a sensitive -mesh at fine structure sizes. The foundation of an IHSM security is that by moving the mesh even a primitive, coarse -mesh made e.g.\ from mesh traces on a PCB becomes very hard to attack in practice. This allows us to use a simple -construction made up of low-cost components. Additionally, the use of a mesh allows us to only spin the mesh itself and -its monitoring circuit and keep the payload inside the mesh stationary. Tamper sensing technologies that use the entire -volume of the HSM such as RF-based systems do not allow for this degree of freedom in their design: They would require -the entire IHSM to spin, including its payload, which would entail costly and complex systems for data and power -transfer from the outside to the payload. +In our research, we focus on security meshes as our IHSM's tamper sensors. The cost of advanced manufacturing +techniques and special materials used in commercial meshes poses an obstacle. The foundation of an IHSM security is +that by moving the mesh even a primitive, coarse mesh made e.g.\ from mesh traces on a PCB becomes very hard to attack +in practice. This allows us to use a simple construction made up of low-cost components. Additionally, the use of a +mesh allows us to only spin the mesh itself and its monitoring circuit and keep the payload inside the mesh stationary +for reduced design complexity. RF-based tamper sensing systems do not allow for this degree of freedom. \subsection{Braking detection} The security mesh is a critical component in the IHSM's defense against physical attacks, but its monitoring is only one half of this defense. The other half consists of a reliable and sensitive braking detection system. This system must be -able to quickly detect any slowdown of the IHSM's rotation. Ideally, a sufficiently sensitive sensor is able to measure -any external force applied to the IHSM's rotor and should already trigger a response at the first signs of a -manipulation attempt. +able to quickly detect any slowdown of the IHSM's rotation. While the obvious choice to monitor rotation would be a magnetic or optical tachometer sensor attached to the IHSM's shaft, this would be a poor choice for our purposes since optical and magnetic sensors are susceptible to contact-less -interference from outside. A different option would be to use feedback from the motor driver electronics. When using a -BLDC motor, the driver electronics precisely know the rotor's position at all times. The issue with this approach is -that depending on construction, it might allow for attacks at the mechanical interface between the mesh and the motor's -shaft. If an attacker can decouple the mesh from the motor e.g.\ by drilling, laser ablation, or electrical discharge -machining (EDM) on the motor's shaft, the motor could keep spinning at its nominal frequency while the mesh is already -standing still. - -Instead of a stator-side sensor like a magnetic tachometer or feedback from the BLDC controller, an inertial sensor such -as an accelerometer or gyroscope placed inside the spinning mesh monitoring circuit would be a good component to serve -as an IHSM's tamper sensor. A gyroscope would need to be placed close to the IHSM's shaft where centrifugal force is -low, and would directly measure changes in angular velocity. An accelerometer could be placed anywhere on the rotor and -would measure centrifugal acceleration. +interference from outside. We could use feedback from the motor driver electronics to determine the speed, but this +might allow for attacks at the mechanical interface between the mesh and the motor's shaft that decouple the mesh from +the motor. + +Instead of a stator-side sensor, a rotor-side inertial sensor such as an accelerometer or gyroscope would be a good +component to serve as an IHSM's tamper sensor. A gyroscope would need to be placed close to the IHSM's shaft where +centrifugal force is low, and would directly measure changes in angular velocity. An accelerometer could be placed +anywhere on the rotor and would measure centrifugal acceleration. Modern, fully integrated MEMS accelerometers are very precise. By comparing acceleration measurements against a model of the device's mechanical motion, deviations can quickly be detected. This limits an attacker's ability to tamper with the -device's motion. It may also allow remote monitoring of the device's mechanical components such as bearings: MEMS -accelerometers are fast enough to capture vibrations, which can be used as an early warning sign of failing mechanical -components~\cite{kvk2019,sh2016,adc2019,e2013}. +device's motion. It may also allow remote monitoring of wear of the device's mechanical components such as +bearings~\cite{kvk2019,sh2016,adc2019,e2013}. In a spinning IHSM, an accelerometer mounted at a known radius with its axis pointing radially will measure centrifugal acceleration. Centrifugal acceleration rises linearly with radius, and with the square of frequency: $a=\omega^2 r$. For -a given target speed of rotation, the accelerometer's location has to be carefully chosen to maximize dynamic range. A -key point here is that for rotation speeds between $500$ and $\SI{1000}{rpm}$, centrifugal acceleration already becomes +a given accelerometer and target speed of rotation, the accelerometer's location should be chosen to maximize dynamic +range. A key point here is that for speeds between $500$ and $\SI{1000}{rpm}$, centrifugal acceleration already becomes very large at a radius of just a few $\si{\centi\meter}$. At $\SI{1000}{rpm}\approx\SI{17}{\hertz}$ and at a -$\SI{10}{\centi\meter}$ radius, acceleration already is above $\SI{1000}{\meter\per\second}$ or $100\,g$. While -beneficial for security, this large acceleration leads to two practical constraints. First, off-axis performance of -commercial accelerometers is usually in the order of $\SI{1}{\percent}$ so this large acceleration will feed through -into all accelerometer axes, even those that are tangential to the rotation. Second, we either have to place the -accelerometer close to the axis or we are limited to a small selection of high-$g$ accelerometers mostly used in +$\SI{10}{\centi\meter}$ radius, centrifugal acceleration already is above $\SI{1000}{\meter\per\second}$ or $100\,g$. +Due to this large acceleration, off-axis performance of the accelerometer has to be considered. Suitable high-$g$ +accelerometers for the large accelerations found on the circumference of an IHSM's rotor are ones mostly used in automotive applications. To evaluate the feasibility of accelerometers as tamper sensors we can use a simple benchmark. Let us assume an IHSM spinning at $\SI{1000}{rpm}$. To detect any attempt to brake it below $\SI{500}{rpm}$, we have to detect a difference in -acceleration of a factor of $\frac{\omega_2^2}{\omega_1^2}=4$. Even should sub-optimal placement compromise dynamic -range, any commercial MEMS accelerometer will provide this degree of accuracy. The only caveat is that to detect very -slow deceleration, we have to take into account the accelerometer's drift characteristics. +acceleration of a factor of $\frac{\omega_2^2}{\omega_1^2}=4$. Even in case of sub-optimal placement, any commercial +MEMS accelerometer will provide this degree of dynamic range and accuracy. To detect slow deceleration drift +characteristics have to be taken into account. In Section~\ref{sec_accel_meas} below, we conduct an empirical evaluation of a commercial automotive high-$g$ MEMS accelerometer for braking detection in our prototype IHSM. @@ -349,11 +334,9 @@ accelerometer for braking detection in our prototype IHSM. With our IHSM's components taken care of, what remains to be decided is how to put together these individual components into a complete device. A basic spinning HSM might look as shown in Figure~\ref{fig_schema_one_axis}. Visible are the axis of rotation, an accelerometer on the rotating part that is used to detect braking, the protected payload, and the -area covered by the rotating tamper detection mesh. A key observation is that we only have to move the tamper -protection mesh, not the entire contents of the HSM. The HSM's payload and with it most of the HSM's mass can be -stationary. This reduces the moment of inertia of the moving part. This basic schema accepts a weak spot at the point -where the shaft penetrates the spinning mesh. This trade-off makes for a simple mechanical construction and allows -power and data connections to the stationary payload through a hollow shaft. +area covered by the rotating tamper detection mesh. Note that we only have to move the tamper protection mesh, not the +entire contents of the HSM, keeping most of the HSM's mass stationary. In our proof-of-concept prototype, we accept a +weak spot at the point where the shaft penetrates the mesh to simplify mechanical construction. \begin{figure} \center |