Defeating Existing Tamper-Indicating Seals

back to Projects List | back to VAT Home

Seals Vulnerability Assessment

We studied 244 different seals in detail: this includes government and commercial seals, from low-tech mechanical seals through high-tech electronic seals.  The unit cost of these seals varies by a factor of 10,000. Over half are in use for critical applications, and ~19% play a role in nuclear safeguards.

Figure 1 shows the percent of the 244 seals that can be defeated in less than a given amount of time by one person, well practiced in the attack, working alone, and using only low-tech methods.

High tech isn't automatically better!

Expensive high tech seals are not automatically better than inexpensive low tech seals as demonstrated for 393 attacks (see plots below). More information about "Defeating Existing Tamper-Indicating Seals" can be found in the Seals Overview section of this website.

Figure 2 demonstrates that expensive high-tech electronic seals are not substantially better than low-cost mechanical seals—at least the way the seals are currently designed and used.  Defeat time is plotted vs. seal cost.  The correlation between defeat time and cost is very weak (linear correlation coefficient r=0.10).  Moreover, adding an extra dollar per seal to the unit cost only adds 0.3 seconds to the defeat time on average. Figure 3 confirms this thesis showing a log-log plot of defeat time vs. level of high tech.

Countermeasures:

60% of the attacks have simple and inexpensive countermeasures (see Figure 4). These may involve minor modifications to the seal, but more often involve changes to the seal installation and inspection procedures. 27% of the attacks have countermeasures that are feasible, but not particularly simple or inexpensive.

Simple countermeasures usually exist, but require:

• understanding the seal vulnerabilities
• looking for likely attacks
• having seen examples

Better seals are possible!
We believe that much better seals are possible.  In our view, there is a much better approach than conventional seals: “anti-evidence” seals. Here is why.

Conventional Seals
Conventional seals have a fundamental design flaw. They must store the fact that tampering has been detected until the seal can be inspected. But this ‘alarm condition’ can be easily hidden or erased, or eliminated by making a fresh counterfeit seal.

“Anti-evidence” seals
At the start, when the seal is first installed, we store information that tampering hasn’t yet been detected. When tampering is later detected, this “anti-evidence” information is instantly erased. This leaves nothing for an adversary to hide, erase, or counterfeit!
To learn more about our “Anti-evidence” seals read "Developing Novel Approaches to Tamper & Intrusion Detection".

ADDITIONAL INFORMATION

For more information about seals visit the Seals section of this website.

For copies of the VAT papers and presentations on a wide variety of physical security issues (tags, seals, product counterfeiting, vulnerability assessments, RFIDs, GPS, nuclear safeguards):