1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
\documentclass[a4paper]{scrartcl}
\usepackage[T1]{fontenc}
\usepackage{amssymb,amsmath}
\usepackage{eurosym}
\usepackage{wasysym}
\usepackage{amsthm}
\usepackage{censor}
\usepackage[
backend=biber,
style=numeric,
natbib=true,
url=false,
doi=true,
eprint=false
]{biblatex}
\addbibresource{ihsm.bib}
\makeatletter
\@ifclasswith{iacrtrans}{submission}{
\newcommand{\censorIfSubmission}[1]{\censor{#1}{\scriptsize[Author information removed for double-blind peer review]}}
}{
\newcommand{\censorIfSubmission}[1]{#1}
}
\makeatother
\usepackage[binary-units]{siunitx}
\DeclareSIUnit{\baud}{Bd}
\DeclareSIUnit{\year}{a}
\usepackage{commath}
\usepackage{graphicx,color}
\usepackage{subcaption}
\usepackage{array}
\usepackage{hyperref}
\renewcommand{\floatpagefraction}{.8}
\newcommand{\degree}{\ensuremath{^\circ}}
\newcolumntype{P}[1]{>{\centering\arraybackslash}p{#1}}
\newcommand{\partnum}[1]{\texttt{#1}}
\begin{document}
\title{Can't Touch This: Inertial HSMs Thwart Advanced Physical Attacks}
\subtitle{Changes of Major Revision compared to version submitted to TCHES 21/4}
\maketitle
We again wish to express our deep gratitude for the reviewers' profound insights and valuable feedback in the TCHES 21/4
review round. After the program committee's ``major revision'' decision we have reflected upon our submission with the
new insights we have gained from the reviewers' comments. In the remainder of this document, we will list the requested
changes that we have identified from the reviewers' helpful comments and explain how we adressed these requests in the
enclosed major revision of our submission. We hope that by extensively reworking our initial submission we have improved
it to the satisfaction of the reviewers and program committee. We are grateful for the chance to improve upon our
original submission and we truly appreciate the reviewers and the program committee devoting their valuable time to
consider our major revision.
\paragraph{Lack of discussion of operational constraints.}
As pointed out by Reviewers~A and~B, our initial submission lacked a detailed discussion of the operational constraints of
Inertial Hardware Security Modules. We thank the reveiwer for this helpful observation. We have adressed this with more
than two pages of new content on the operation of IHSMs in the new Sections~3.5 ``Long-Term Operation'' and~3.6
``Transportation''. In these sections we address the reviewers' points on the continuous power supply requirement and go
into detail on the likelihood of spurious tamper alarms triggered by external vibrations. Section~3.5 also addresses
Reviewer~B's insightful comments on failover, backup and replication of cryptographic secrets.
\paragraph{Lack of discussion of improved cooling capabilities of IHSMs compared to traditional HSMs.}
As Reviewer~D pointed out, our initial submission alluded to the possibility of facilitating cooling airflow through an
IHSM's security mesh and noted that this would allow for greater processing capabilities, but did not go into detail on
the extent of this effect. To address this valid remark, in our revised paper, we have extended Section~3.4 ``Mechanical
Layout'' with an order-of-magnitude estimation of this effect based on real-world benchmarks and information available
from vendors of traditional HSMs.
\paragraph{Mechanical Rotating Stage Attacks.}
As pointed out by Reviewer~D, in our original submission our discussion of the Swivel Chair Attack discusses attacks by
by a rotating human attacker in depth and mentions the possibility of a fully mechanized attack robot. However, our
initial submission did not go into detail on the constraints of such a fully mechanized attack. We are grateful to the
reviewer for pointing out the lack of detail in this regard. In our revised paper we have completed our discussion in
this section with one half page of new content and one new diagram discussing fully mechanized attack robots.
\paragraph{Comparison of IHSM attacks to those on traditional HSMs.}
In addition to the previous point, Reviewer~D pointed out that the discussion of attacks on IHSMs in our initial
submission would have benefited from a more thorough contextualization of the attacks possible on traditional HSMs. We
wish to thank the reviewer for their thorough and thoughtful comments. In response to this suggestion, we have
significantly extended Section~4 ``Attacks'' with one page of new content in two new Subsections~4.2 ``Attacks that
don't work'' and~4.3 ``Attacks that work on any HSM'' that provide this missing context to guide the reader.
\paragraph{Notes on future work.}
Reviewer~D stated that they would find an outlook on the next design steps towards a practically usable design
interesting. We appreciate this helpful comment. We have adressed future work at the end of Section~7 ``Conclusion'' to
the extent of our current plans.
\paragraph{Design Artifact Availability.}
Reviewer~D stated that access to design artifacts would be useful for readers of the paper. We are thankful for their
interest in the results of our work. While we cannot make our design artifacts available as part of the peer review
process as they contain a multitude of references to the identities of the authors and their employer, we have added a
brief appendix that the publication version of our paper will contain with a link to the open-source repository
containing all hardware, software and paper sources relating to our research project.
\paragraph{Detailed discussion of contactless attacks.}
Reviewer~C noted that like a traditional HSM an IHSM cannot prevent contactless attacks such as electromagnetic
sidechannel attacks or laser fault injection. We wish to express our gratitude for the insightful comment. While our
initial submission acknowledged this property of our design, our original submission did not provide a detailed
discussion of its extent. In our revised paper, we have added a new Section~4.2 ``Attacks that work on any HSM'' that
provides more detail on contactless attacks. In this section we observe that the IHSM design allows for some mitigations
against contactless attacks due to the physically larger space it can provide to its payload.
\paragraph{Justification of mesh monitor power consumption estimates.}
A point noted by Reviewers~A and~B is that in our initial submission we provided an estimate on the current consumption
of an IHSM monitoring circuit without providing a detailed justification of our estimate. We wish to thank the reviewers
for thoughtfully pointing out this oversight. In response, we have extended Section~5.3 ``Power transmission from stator
to rotor'' with a more detailed justification of this estimate.
\end{document}
|
