Defeating Existing Tamper-Indicating Seals
Seals Vulnerability Assessment
We studied 244 different seals in detail: this includes government and commercial seals, from low-tech mechanical seals through high-tech electronic seals. The unit cost of these seals varies by a factor of 10,000. Over half are in use for critical applications, and ~19% play a role in nuclear safeguards.
Figure 1 shows the percent of the 244 seals that can be defeated in less than a given amount of time by one person, well practiced in the attack, working alone, and using only low-tech methods.
Figure 1 - Percent of seals that can be defeated in less than a given amount of time by 1 person (well practiced in the attack, working alone, using only low-tech methods). For some seals, an assistant would decrease the defeat times plotted here, but for others, an assistant just gets in the way. Click on image to view larger image.
High tech isn't automatically better!
Expensive high tech seals are not automatically better than inexpensive low tech seals as demonstrated for 393 attacks (see plots below). More information about "Defeating Existing Tamper-Indicating Seals" can be found in the Seals Overview section of this website.
Figure 2 demonstrates that expensive high-tech electronic seals are not substantially better than low-cost mechanical seals—at least the way the seals are currently designed and used. Defeat time is plotted vs. seal cost. The correlation between defeat time and cost is very weak (linear correlation coefficient r=0.10). Moreover, adding an extra dollar per seal to the unit cost only adds 0.3 seconds to the defeat time on average. Figure 3 confirms this thesis showing a log-log plot of defeat time vs. level of high tech.
Figure 2 - Log-log plot of defeat time vs. seal cost (in quantities of 1000) for 393 different attacks on 244 seals, 1 to 8 distinct successful attacks per seal. Linear LS fit, r = 0.10, Slope = 270 msec/$. Click on image to view larger image.
Figure 3 - Log-log plot showing that high tech seals are not automatically superior to low tech seals. Attack time at container (mins) as a function of level of high tech (Seal + Reader) for 393 different attacks on 244 seals. Linear LS fit, r = 0.19, Slope = 170 msec/tech level. Click on image to view larger image.
60% of the attacks have simple and inexpensive countermeasures (see Figure 4). These may involve minor modifications to the seal, but more often involve changes to the seal installation and inspection procedures. 27% of the attacks have countermeasures that are feasible, but not particularly simple or inexpensive.
Simple countermeasures usually exist, but require:
- understanding the seal vulnerabilities
- looking for likely attacks
- having seen examples
Better seals are possible!
We believe that much better seals are possible. In our view, there is a much better approach than conventional seals: “anti-evidence” seals. Here is why.
Conventional seals have a fundamental design flaw. They must store the fact that tampering has been detected until the seal can be inspected. But this “alarm condition” can be easily hidden or erased, or eliminated by making a fresh counterfeit seal.
At the start, when the seal is first installed, we store information that tampering hasn’t yet been detected. When tampering is later detected, this “anti-evidence” information is instantly erased. This leaves nothing for an adversary to hide, erase, or counterfeit!
To learn more about our “Anti-evidence” seals read "Developing Novel Approaches to Tamper & Intrusion Detection".
For more information about seals visit the Seals section of this website.
For copies of the VAT papers and presentations on a wide variety of physical security issues (tags, seals, product counterfeiting, vulnerability assessments, RFIDs, GPS, nuclear safeguards) contact Roger G. Johnston.
Last Modified: Thu, December 6, 2012 2:55 PM