For certain high-security devices, such as card readers, ATMs and hardware security modules, normal physical security is not sufficient; they need to erase their sensitive data if anyone starts drilling into the business. Such devices therefore often integrate switching networks into their housing and regularly monitor them for changes that could indicate damage. To improve the sensitivity and accuracy of such countermeasures, [Jan Sebastian Götte] And [Björn Scheuermann] recently designed a time domain reflectometer monitor meshes (preprinted paper).
Many meshes are made of flexible circuit boards with winding tracks in the housing, so that cutting or drilling in the housing breaks a track. The problem is that the most common ways to detect broken traces, such as through resistance or capacitance measurements, are not easy to implement with both high sensitivity and low error rate. Instead, this system uses time-domain reflectometry: it sends a sharp pulse into the mesh and then grinds the returning echoes to create a mesh fingerprint. When the circuit becomes damaged, an additional echo is created, which is detected by classification software. If a significant change in the fingerprint is detected with sufficient subsequent measurements, a data wipe is activated.
The most novel aspect of this design is its affordability. An STM32G4 series microcontroller manages the timing, pulsation generation and measurement, thanks to its two fast ADCs and a high-resolution timer with a resolution of less than 200 picoseconds. For a pulse shaping amplifier, [Jan] And [Björn] used the high-speed amplifiers in an HDMI redriver chip, which would normally compensate for cable and connector losses. Despite its low-cost design, the circuit was sensitive enough to detect when oscilloscope probes made contact with the track, pick up temperature changes, and even distinguish the small variations between different copies of the same mesh.
It is not absolutely impossible for an attacker to bypass this system, nor was it intended, but overcoming it would require a great deal of skill and custom equipment, such as a non-conductive drill. If you’re interested in seeing such a system in the real world, check out this teardown of a payment terminal. One of the same authors previously also wrote a KiCad plugin to generate anti-tamper meshes.
Thanks [mark999] for the tip!
#Tamper #detection #time #domain #reflectometry