2 HSM Technology Today Tamper response: This is the maximum level of physical protection in the commercial sector nowadays. The aim is to detect attacks during operation and during the service life of an HSM. A proven method for detecting mechanical attacks on the CPU unit of an HSM is to fit a protective shield made up of a network of tracks inside the epoxy-resin socketing. Monitoring the current flow within the conductive network made up of tracks makes it possible to detect an attack on the protective shield. Potential countermeasures are then active erasing of the HSM hardware memory and resetting of the CPU data. Figure 2.3: Cross-section of an HSM with tamper-responsive technology HSMs also deploy advanced physical monitoring in today’s commercial HSMs. Firstly, this is stipulated as part of certifications. (Section 4 addresses this topic in more detail). Secondly, these measures are required to fend off other attack scenarios. These are the most common actions to take: Temperature monitoring: The HSM monitors the ambient temperature to prevent attacks from a drop in ambient temperature. (Also referred to as cold boot attack: see http://en.wikipedia.org/wiki/Cold_boot_attack.) Voltage monitoring: The HSM monitors adherence of the operating voltage to the voltage ranges. If the voltage exceeds or falls below the operating voltage defined, the electronic circuitry may transition to a non-defined state and then an attacker can access the restricted data. 19
HSM_for_Dummies
To see the actual publication please follow the link above