INTERNAL CONSTRUCTION OF THE MAGNETIC TRIP AND HOW THEY CAN BE EASILY DEFEATED
Magnetic trips are based upon simple reed switch technology, are not secure, and can be easily defeated by magnets, as shown in the video.
Kids and burglars have figured out how to circumvent the system by placing a small magnet next to the trip, which blocks the detection of the absence or the removal of the normal magnetic field that occurs when the door is opened.
Parents in Florida have found that after setting the alarm at night, their kids figured out the way to defeat the system and sneak out at night without setting off the alarm. Likewise, burglars can place very small magnets next to the door trip during business hours within a commercial facility, and then enter after hours. If no other detectors are in place for the protected area, then the door trips will not trigger an alarm.
The magnet that we used in the demonstration cost about $.25 at Home Depot.
Lock manufacturers can be liable for designs that have serious security vulnerabilities. Several class action lawsuits have been filed against lock makers for such design issues. Especially in the United States, liability can attach, especially is someone is hurt or killed, or significant property damage occurs. Essentially the rule is that if the lock has a state-of-the-art design and the attack is also complex or sophisticated, then the manufacturer will not be liable. However, if the design defect is simple and should have been anticipated, and the attack is also simple, then the lock make will be held responsible.
We have reduced this premise to our 3T2R rule, which states that the criteria is Time, Tools, and Training. If training to learn the attack is minimal, required tools are simple, and the time to bypass the mechanism is minimal, then liability will generally attach. However, if the reverse is true, then the lock maker should not be held liable. The other component to the test is Repeatability and Reliability of the attack. Just because there is an exploit does not mean the lock is not secure. However, if the exploit is both reliable and repeatable, then obviously there is a problem. Remember, all security is about time delay, and all Standards are also based upon the time it takes to defeat the lock.
Many lock makers have argued that they are not liable or anything because the locks were not used in their normal anticipated state. This is not correct, because locks are designed to be attacked. That is also why we have standards to assess their resistance to forced and covert entry.
There are several cases in this area that are instructive.
Kryptonite bike locks were attacked in 2004 by Marc Tobias, Matt Fiddler, and others, through the use of a ballpoint pen. The design engineers failed to “connect the dots” between the design of a tubular pin tumbler lock, impressioning technique, the diameter of the keyway and its correlation to the diameter of common plastic ballpoint pens. The defect was disclosed by Marc Tobias in 2004 and led to the recall of 350,000 locks, at a cost to the company of $10,000,000. The design issue also affected Kensington and its computer cable locks, and Harley Davidson motorcycles, as well as elevator control companies and others that utilized tubular lock designs in vending machines and alarm panels.
The Kaba Simplex 1000 push button lock was the subject of a class action lawsuit in 2010 because the locks had a fatal design defect that allowed them to be opened with a strong rare-earth magnet in seconds. These locks can be found in millions of installations including airports, banks, universities, hospitals and other areas that require some level of access control. The problem with the design was a critical component that was subject to magnetic fields. While the lock was designed in 1965 when the first patent was issued, it was still being sold in 2010, so 1965 standards did not apply with regard to security.
One of the best deadbolt locks made by Medeco was knocked-off and produced in Canada. The company copied a design defect that was corrected by Medeco in 2007. The engineers that developed this lock failed to understand that the entire security of the system was based upon two tiny screws that retained the plug within the cylinder.
HP is a trusted company, and consumers believed they knew what they were doing when they designed their laptop lock to compete with Kensington, which is the leader and innovator in the industry. HP introduced a lock that was subject to attack within a couple of seconds and offered essentially no protection against theft.
Stack-On is one of the largest gun safe and vault manufacturers in the United States. They produced a series of safes that were deemed defective in design and one of their safes caused the death of a three year old, which was examined by KENS-TV in Austin, Texas. That video report can be found on this site.
A class action lawsuit was filed by Marc Tobias and Larry Drury in 2012 and ultimately settled by the company without admitting liability. It cost them several million dollars.
Security Laboratories did an extensive analysis of prescription drug containers produced by several different manufacturers in the United States. Watch the introduction and overview by Marc Tobias and Tobias Bluzmanis
I interviewed Dr. Bud LaTeef in Pittsburgh, Pennsylvania. He is a pain management specialist and developed a supposedly secure drug container several years ago and has sold many of these to clinics and individuals. I interviewed him about his design and philosophy. Unfortunately the team that developed his container knew little, if anything about secure product designs. Watch my interview with him, then how we compromised his container in seconds.
We analyzed another container called the PillPod. This is actually a neat design, but can be relatively easily decoded by a teenager. Watch our analysis.
SaferLock was invented by two college students and is a good idea, but defective in its design. We developed several methods to compromise the container.
Finally, we analyzed several containers made by Vaultz in Cleveland, Ohio. While these containers are secure, the locks are not. Watch how we instantly opened these containers.
Read the full article in Forbes and watch the other relevant videos about this topic.
Theft of packages is on the rise, especially with the heavy reliance on deliveries by Amazon, FedEx and the postal service. We analyzed two approaches to protection for containers that are left outside of residences or buildings. These are produced by a company called CleverMade, and by BoxLock.
Read the article in Forbes and watch the video segments.
A company called CleverMade produces a product to protect against the theft of packages from a secure container that can be opened by delivery people from UPS, USPS, and FedEx. The CEO, in an article in Forbes, said the container was a good deterrent. That may be, but it is definitely not secure. Read the article in Forbes and watch the video segment that we produced.
In Europe, secure doors and glass meet higher standards than in the United States for forced entry. Doors can cost up to seven thousand dollars.
Watch Addi Wendt demonstrate attacks on glass, and describe the construction of doors. Addi was the president of the Lockmasters European Security Group and developed a global reputation for innovation in the design and manufacture and sale of covert and forced entry tools. He died in 2019, and his two sons, Sascha and Enrico are now running the company from Bergheim, German. They maintain a training and security center and serve locksmiths and government agencies worldwide.
Professor Ross Anderson is one of the leading experts in the world on computer network systems and their attack. He has written one of the best references on “what can go wrong” with system design in his classic book “Security Engineering.” The book is in its third edition and I highly recommend it to every software and hardware engineer.
Watch my interview with Ross Anderson at Cambridge.
Lasershield alarm systems were heavily advertised a few yeas ago as an easy-to-install alarm system for apartments, dormitories, and residences. The systems is abased upon a totally wireless approach, operating at 433 MHz. We analysed this system and met with their design engineers and determined that the systems could be easily compromised with a handheld two way radio transmitting on the operating frequency for the alarm receiver.
Watch my demonstration. This should be a wake up call for other alarm systems, some of which can be easily defeated.
I interviewed one of the most clever and well-known covert entry tool designers in the world, from China, Mr. Li. he has designed many tools to open different vehicle locks rapidly. These tools are sold by Wendt in Germany as well as other vendors.
Read the article in Forbes and watch the video of Mr. Li opening a new lock design for the VAG Group.
Read the Homeland Security Newswire that discussed our presentation at a cyber security conference and how easy it was to defeat the security of some locks by paper clips, screwdrivers and other simple implements.
Lock bumping was introduced in the media in Europe in 2005, first in Germany on national television. In 2006, Marc Tobias met with several lock manufacturers to discuss the threats to security and in 2006 he went public in the United States at Def Con and on many television networks. The Association of Locksmiths of America attacked him as both irresponsible and that the problem really did not exist.
The technique of lock bumping was actually first discovered and patented in England around 1925, and was used by our intelligence services during WWII. it was largely forgotten until the 1980s when a series of burglaries occurred in Denmark, using the technique.
It became a major security issue in the U.S. and Europe after 2005 and lock manufacturers scrambled to deal with the issue. As a result of disclosures by Marc Tobias, Tobias Bluzmanis, Barry Wels, ToooL in the Netherlands, and other groups, it was demonstrated and understood that even high security locks could be bumped open. Today it is one of the primary tests to determine the security of locks, and is part of the ANSI and UL standards.
Read the articles that Marc Tobias published for the industry regarding lock bumping and how it worked, and why it was a threat. The subject was also treated extensively in “Open in Thirty Seconds: Cracking one of the most secure locks in America.”
In its Federal class action lawsuit, Marc Tobias and Larry Drury alleged that certain designs of Stack-On gun safes were defective. It is the opinion of Marc Tobias that Stack-On lacked competence in security engineering to understand the issues involved to make their safes secure. There have been several recalls by the CPSC regarding their safes, and there is significant evidence that the design of one of their safes led to the death of three-year-old Ryan Owens in Vancouver, Washington.
Stack-On has never admitted any liability, nor that there designs were in any way unsafe. As a lawyer and physical security expert, i would highly recommend that no consumer purchase any Stack-On product to protect weapons.
Watch our videos of the analysis of different Stack-On designs.
The Magnetic Ring Attack on Electronic Locks – Schneier on Security is a round aluminum enclosure about four inches in diameter that contains several magnets in a concentric circle. When spun around some of the earlier designs of electronic cylinders, it would cause them to open. This was a significant security issue for lock manufacturers. Watch the video with Marc Tobias and Addi Wendt, President of the Lockmasters Security Group in Europe.[/vc_column_text][/vc_column][/vc_row]
Magnetic Ring with four magnets positioned with opposite poles
The photograph shows the Devils Ring, with metallic rings that are attracted to the internal magnets to show their position. There are four magnets within the ring.
A 2003 article by the New York Times examined the security vulnerabilities of master key systems, especially in apartment complexes. Matt Blaze first reported on the issue, and Marc Tobias was also quoted in the article.
In the research paper, Mr. Blaze applies the principles of cryptanalysis, ordinarily used to break secret codes, to the analysis of mechanical lock designs. He describes a logical, deductive approach to learning the shape of a master key by building on clues provided by the key in hand — an approach that cryptanalysts call an oracle attack. The technique narrows the number of tries that would be necessary to discover a master-key configuration to only
dozens of attempts, not the thousands of blind tries that would otherwise be necessary.
A detailed report in 2004 was published by Marc Tobias and Investigative Law Offices, P.C. to warn consumers about the dangers in relying upon the security of many different gun locks. Read the report, which detailed an eleven-year boy in Toronto who was able to remove gun locks from weapons in seconds.
ALOA, the Associated Locksmiths of America, attacked Marc Tobias and others for demonstrating the ability to bump open pin tumbler locks, and also disputed the information published about Medeco High Security locks. Marc Tobias has been a member of ALOA since 1991. Marc posted an editorial, Part I and Part II to state his opinion with regard to the position taken by ALOA and its Board.
The death of Ryan Owens likely could have been prevented if Stack-On Corporation had designed their safe properly so it could not be jiggled open. In our opinion, they had no idea what they were doing and the consequences in using a solenoid design to keep their safes locked. Ed Owens, the father, filed a lawsuit against the sheriffs department in Vancouver, Washington and one that suit. The media reported on the death and the lawsuit. Watch the TV reports where Marc Tobias demonstrated how to open the suspect safe model from Stack-On. The safe was provided by the Sheriffs Office for testing.
Many safe manufacturers utilize solenoids to accomplish locking and prevention of the bolt works from moving. Typically a keypad or biometric authentication such as fingerprint is utilized to trigger the solenoid and retract the locking pin.
A solenoid is actually a coil with a ferrous pin in the center. When the coil is energized with a voltage, the pin will retract. The problem with using solenoids as the primary locking system is that they can be vibrated to the open position, often quite easily. This was the case with the Stack-On safe that was the subject of a Class Action lawsuit by Tobias and Drury in 2012, and also the subject of the Def Con lecture in 2012.
Security Laboratories was retained by Ed Owens, the father of the three-year-old victim, to determine why the safe could be opened by jiggling. We utilized a high speed camera to photograph the actual movement of the pin in the lock position.
This was also part of the problem with the Sentry fire safe that we analyzed in Vancouver, Washington. In that case, we were able to retract the magnetic pin from outside of the safe and allow it to open.
Disk locks are very popular for different security applications, including bike locks. Kryptonite faced serious legal and security issues in 2003 because the locks could be impressioned in seconds with a ball point pen. As a result, manufacturers moved away from pin tumbler locks in favor of disk locks, first invented by Abloy in 1907. Abloy is the largest lock manufacturer in Finland and produces high security cylinders that use rotating disks.
Some of the less expensive locks have poor tolerances and fewer disks. They can be impressioned rapidly with several techniques. Two of them are shown in the video. One is by John Falls with his foil impressioning system. The other is demonstrated by Marc Tobias. Watch the video.
This is an interesting Research Paper on physical key security, published by Benjamin Laxton, Kai Wang and Stefan Savage, Department of Computer Science & Engineering University of California, San Diego La Jolla, California, USA. It examines physical key control and the ability to duplicate, replicate, and simulate keys through various means.
The access control provided by a physical lock is based on the assumption
that the information content of the corresponding key is private — that duplication should require either possession of the key or a priori knowledge of how it was cut. However, the everincreasing capabilities and prevalence of digital imaging technologies present a fundamental challenge to this privacy assumption.
Using modest imaging equipment and standard computer vision algorithms,
we demonstrate the effectiveness of physical key teleduplication—
extracting a key’s complete and precise bitting code at a distance via optical decoding and then cutting precise duplicates. We describe our prototype system, Sneakey, and evaluate its effectiveness, in both laboratory and real-world settings, using the most popular residential key types in the U.S. SNEAKEY
In 2007, Security Labs gave a Def Con lecture about the design flaws in the Medeco Maxum deadbolt lock. The issue allowed a small screwdriver to be utilized to open the lock in a few seconds. Medeco quickly remedied the problem, but the underlying lessons remain.
Read the White Paper that was published by Marc Tobias on this issue. it is also the subject of the Def Con lecture on this site.
In 2007 Marc Tobias interviewed the engineering team and CEO of Lasershield to discuss the design of their wireless alarm system. It operated at 433 MHz and could easily defeated. The company heavily advertised nationally the security of its products. it was not true.
Detailed information about forced entry tools and techniques are disclosed in Locks, Safes, and Security, and in the Multimedia edition. The following material is from LSS+ as a primer. Many videos are shown in LSS+ and in DAME regarding forced entry techniques for locks and safes.
Post office box locks are standard five pin tumbler cylinders that can be easily bumped open, even though they have a restricted and protected keyway. Unfortunately the keys and locks can be purchased on eBay because they are surplussed out at closed military bases. Marc Tobias conducted an in-depth analysis of locks by USPS and by UPS Mail Boxes. These locks are not secure and as demonstrated in the video, can be quickly opened by bumping with an easy-to-produce blank.
Watch the special report on KELO-TV Sioux Falls about security and post office boxes.
Security Labs analyzed the BioLock 333, produced in Hong Kong and was being sold by Brickhouse Security in New York. Our lab was asked to evaluate its design. We found it could be opened in seconds with the insertion of a paperclip into the keyway. We would not recommended that anyone purchase this lock, even though it looks secure. it is not.
The Amsec 1014 small consumer safe is not secure and can be opened in seconds by jiggling, as shown in the video by a child. This safe relies upon a solenoid to accomplish locking, but solenoids are not secure at all and can be vibrated open. See the reports on Stack-On Safes to learn what can happen. Their safe was opened by a child, which resulted in the death of a three-year old in Vancouver, Washington.
“We’ve never seen what we would consider effective tamper-detection for a drug product,” says Dr. Roger Johnston, head of the Vulnerability Assessment Team as Los Alamos National Laboratories. In this exclusive interview,
Johnston gives us the ten top failings of anti-tampering efforts, and solutions for improvement. Also, click the “Download Now” button at the end of the
article to obtain Johnston’s PowerPoint presentation on improving tamper detection systems.
Security in Depth is a good thing: 4 layers of security trumps 1 layer of security every time, right? Well, not so fast! Layered security can be a useful tool, but it also holds lots of hidden dangers.
Almost every vulnerability assessor is familiar with the following scenario, which the author has personally witnesses at least 2 dozen times (including at nuclear facilities): A security manager is shown a simple, successful attack on a security device or system, or a portion of the overall security program. Then he/she is shown an inexpensive counter-measure, or at least a partial fix that is relatively painless. The instant response: “Well, yes, that is all very interesting, but we have multiple layers of security, so a failure in one layer does not mean that our overall security has failed. Thus, we don’t need to be concerned with this vulnerability, nor do we need to implement the recommended countermeasure(s).”
This is an excellent paper on many facets of cargo security, written by the team at the Los Alamos National Laboratory. It covers seals, RFID, GPS, terminology, tags, and overall security considerations and vulnerabilities.
Security in Depth is a good thing: 4 layers of security trumps 1 layer of security every time, right? Well, not so fast! Layered security can be a useful tool, but it also holds lots of hidden dangers.
Almost every vulnerability assessor is familiar with the following scenario, which the author has personally witnesses at least 2 dozen times (including at nuclear facilities): A security manager is shown a simple, successful attack on a security device or system, or a portion of the overall security program. Then he/she is shown an inexpensive countermeasure, or at least a partial fix that is relatively painless. The instant response: “Well, yes, that is all very interesting, but we have multiple layers of security, so a failure in one layer does not mean that our overall security has failed. Thus, we don’t need to be concerned with this vulnerability, nor do we need to implement the recommended countermeasure(s).”
Is this the correct decision? Ultimately, maybe it is and maybe it isn’t. But to knee-jerk the decision not to explore the possibility of improving a given layer or portion of a security program based solely on the idea that there are additional layers is certainly not the right response.
The VAT analyzes the most common security blunders. Here are their Top Ten:
1 Lack of Critical/Creative Reviews & AVAs
2 No countermeasures for Cognitive Dissonance
3 Compliance-Based Security
4 Confusing Inventory with Security
5 Confusing Control with Security
6 Thinking that finding vulnerabilities is bad
news & means that somebody has been
7 Mindless faith in “Security in Depth”
8 Thinking that all vulnerabilities can be found
9 Focusing on threats instead of vulnerabilities
10 Mindless faith in Technology & Snake Oil
Read the article by Jon S. Warner, Ph.D., Roger G. Johnston, Ph.D., CPP and the Vulnerability Assessment Team Argonne National Laboratory. 287 security blunders (2009)
A lecture by Roger Johnston, Ph.D. at Argonne National Labs. He discusses the following myths:
security maxims (there’s no free lunch)
high tech ≠ high security
inventory ≠ security
RFIDs & CMBs
tamper-indicating seals & cargo security
biometrics & access control systems
counterfeiting security devices
“security in depth”
effective vulnerability assessments
Read about the common security maxims:
1. Infinity Maxim: There are an unlimited number
of vulnerabilities, most of which will never be
discovered (by the good guys or bad guys).
2. Arrogance Maxim: The ease of defeating a security
device is inversely proportional to how confident the
designer, manufacturer, or user is about it, and to how
often they use words like “impossible” or “tamper-proof”.
3. High-Tech Maxim: The amount of careful thinking that
has gone into a given security device is inversely
proportional to the amount of high-technology it uses
4. Low-Tech Maxim: Low-tech attacks work
(even against high-tech devices).
5. Yipee Maxim: There are effective, simple, & low-cost
countermeasures to most vulnerabilities.
6. Arg Maxim: But users, manufacturers, and
bureaucrats will be reluctant to implement them.
7. Insider Risk Maxim: Most organizations will ignored
or seriously underestimate the threat from insiders.
Watch the Powerpoint Presentation by the Team at LANL.
defeating a seal: opening a seal, then resealing (using the original seal or a counterfeit) without being detected. Defeating seals is mostly about fooling people, not beating hardware (unlike defeating locks, safes, or vaults)!
attacking a seal: undertaking a sequence of actions designed to defeat it.
This presentation is by the Vulnerability Assessment Team at LANL (Los Alamos National Labboratory).
In this Powerpoint presentation, the LANL Team discusses new approaches regarding tamper intrusion and detection. Definitions are presented, including:
tamper detection: delayed (after the fact) detection of unauthorized access.
intrusion detection: immediate (real-time) detection of unauthorized access.
lock: a device to delay, complicate, and/or discourage unauthorized entry.
seal : a tamper-indicating device (TID) designed to leave non-erasable, unambiguous evidence of unauthorized entry or tampering. Unlike locks, seals are not necessarily meant to resist access, just record that it took place.
tag: a device or intrinsic feature (“fingerprint”) for uniquely identifying an object or container.
defeating a seal: opening a seal, then resealing (using the original seal or a counterfeit) without being detected.
attacking a seal: undertaking a sequence of actions designed to defeat it.
This is a presentation by Roger G. Johnston and Jon S. Warner, Vulnerability Assessment Team, Nuclear Engineering Division, LANL.
“Security Theater” (also known as “Ceremonial Security”) involves procedures, policies, and technologies that give the superficial appearance of providing security without actually countering malicious adversaries to any significant degree. As vulnerability assessors, we frequently find Security Theater across a wide range of different physical security devices, systems, and programs,
as well as in domestic and international nuclear safeguards. Security Theater is not automatically a bad thing; it can have its uses. The real problem occurs when Security Theater is not recognized as such, or when it stands in the way of good security or is preferred over real security. In this paper, we present a vulnerability assessor’s view of where future arms control verification regimes are likely to be plagued by Security Theater, based partially on our understanding of current security vulnerabilities and our experience with Security Theater. We also offer suggestions for spotting Security Theater, and for preventing it. Future nuclear safeguards measures that are particularly at
risk for becoming merely Security Theater include tamper-indicating seals and information barriers.
The author begins the article by stating: The following ideas are common, but I think quite wrong and thus myths:
A Threat without a mitigation is a Vulnerability.
A Threat Assessment (TA) is a Vulnerability Assessment (VA).
Threats are more important to understand than Vulnerabilities.
Many of the most common tools used for “Vulnerability Assessments”
(whether true VAs or actually TAs) are good at finding Vulnerabilities.
Perceptual Blindness, also called Inattentional Blindness, is the common phenomenon of a person failing to perceive objects or actions that are in plain sight. Causes beyond just basic human psychology can include not having a mental framework prepared in advance to perceive the objects or actions (that is, not being ready for the unexpected); wishful thinking or denial (due to cognitive dissonance) that prevents someone from seeing what he or she would like not to exist; intense mental focus on certain features which can cause mental distraction in regards to others; or deliberate misdirection by another person.
Fortunately there are potential—though largely untested—
countermeasures to perceptual blindness. These include choosing one or more inspectors or security guards to be the generalist to examine the general scene without specific assigned detailed observational responsibilities; conducting training to improve observational skills; making relevant personnel aware of perceptual blindness issues and demonstrating perceptual blindness to them; using magicians to demonstrate misdirection and sleight-of-hand techniques; engaging in frequent mental “what if” exercises to better mentally prepare observers for the unexpected; and implementing countermeasures to groupthink, denial, cognitive dissonance, and wishful thinking.
There are serious implications for security guards
& safeguards inspectors, especially those who:
check security badges
watch video monitors
make daily rounds
operate safeguards equipment
The Vulnerability Assessment Team at LANL has worked hundreds of security problems, including:
Seals & Tamper/Intrusion Detection
First to show how easy it is to spoof, not just jam GPS. First to
Defeats of a number of different biometric and other access control
devices (many different ways).
Attacks on RFIDs & contact memory buttons
Sticky bomb detection
Demonstrated attacks on an electronic voting machine from the voters’ end.
Product authenticity (especially wine & pharmaceuticals)
Questioning the security of urine drug tests
Better ways to protect logged/monitoring/surveillance data
Special Field Tools
Consulting & Security Training
Human Factors in Security / Security Culture & Climate
This is a paper by Roger G. Johnston Ph.D., Jim Vetrone, and Jon S. Warner from LANL.
A “sticky bomb” is a type of improvised explosive device (IED) placed on a
motor vehicle by (for example) a terrorist. The bomb is typically attached with
adhesive (“duct”) tape, or with magnets. This paper reports some preliminary
results for a very rudimentary demonstration of two techniques for detecting the placement of a sticky bomb on a motor vehicle. There are other possible security applications for these techniques as well.
This is a presentation by Roger G. Johnston, Ph.D., CPP and Jon S. Warner, Ph.D., from LANL Vulnerability Assessment Team.
They present a history of snake oil:
Ancient World: medicines made from snakes are believed to have curative powers.
1880: John Greer’s snake oil cure-all.
1893: Clark Stanley (“The Rattlesnake King”) sells his Snake Oil Liniment at the World’s Columbian Exhibition in Chicago. A big hit. Contained mineral oil, camphor, turpentine, beef fat, and chile powder…but no snake extract!
Today: A product is called “snake oil” if it is fake, shoddy, or severely over-hyped.
This is an article by Roger G. Johnston, Ph.D., CPP*, Jon S. Warner, Ph.D., Sonia J. Trujillo, Anthony R.E. Garcia, Ron K. Martinez, Leon N. Lopez, and Adam N. Pacheco of the Vulnerability Assessment Team Los Alamos National Laboratory.
Product tampering is a serious product safety issue. Unfortunately,
neither tamper-evident packaging used on consumer products, nor
tamper-indicating seals used for cargo, warehouse, and factory security
provide reliable tamper detection. We believe there is a better approach
to tamper detection, at least for tamper-indicating seals: anti-evidence
seals. Conventional seals must store evidence of tampering until such
time as the seal can be inspected. But adversaries can too easily hide or
erase the evidence, or replace the seal with a counterfeit seal.
With anti-evidence seals, in contrast, we store information when the seal is first installed that tampering has NOT yet been detected. This information
(the “anti-evidence”) gets instantly erased once tampering is detected.
There is thus nothing for an adversary to hide, erase, or counterfeit. This
paper discusses 5 new prototype electronic seals based on the anti-evidence
The Vulnerability Assessment Team (VAT) at Los Alamos National Laboratory
(LANL) has studied tamper detection for 13 years. We have conducted vulnerability assessments (VAs) on hundreds of seals and cargo security programs, and undertaken research and consulting for over two dozen government agencies and private companies. This article discusses how we conduct VAs and what we have learned about seals.
An analysis of election security issues by Roger G. Johnston, Ph.D., CPP and Jon S. Warner, Ph.D.
So Why So Much Bad Physical Security?
Security Theater is easy, thinking and Real Security is hard
Committees, bureaucrats, & knuckleheads are in charge
People & organizations aren’t used to thinking critically about it
Physical Security as a “Taking Out the Garbage” slam dunk thing
“If it’s important, somebody must have thought it through” Myth
Lots of hype, snake oil, & bad products
Blind faith in precedence and “authorities”
Physical security is not a well developed field
Usually we can defeat security devices (including high-tech ones) without attacking the computer/microprocessor, reverse engineering the software, or having an owner’s manual! Might this also be true for electronic voting machines?
Bruce Schneier coined the term “Security Theater” to describe the situation where phony security measures provide a feeling of improved security, but in reality provide little or no actual security.[1,2] Another name for Security Theater is “Ceremonial Security”.
As a vulnerability assessor, I frequently find Security Theater across a wide range of different physical security devices, systems, and programs, as well as in domestic and international nuclear safeguards. It’s important to realize, however, that Security Theater is not automatically a bad thing. It can present the appearance (false though it may be) of a hardened target to potential adversaries, thus potentially discouraging an attack (at least for a while). Security Theater can reassure the public while more effective measures are under development, and help encourage employees and the public to take security seriously.
Protecting valuable tangible assets from harm, or using
physical methods to protect intangible assets. Tangible assets can include, for example, people, equipment, buildings, cargo, money, weapons, museum artifacts, consumer products, food and drugs, medical supplies and equipment, chemicals, hazardous materials, etc.
Intangible can include, for example, computer data, software code,
communications, trade secrets, intellectual property, medical histories and
other sensitive personnel data, instrument calibration, sterility of medical
The “harm” we wish to avoid can include theft, sabotage, tampering, destruction, vandalism, espionage, or counterfeiting. Physical methods for protection can include guards, guns, fences, access control, biometrics, closed-circuit TV cameras, intrusion detectors, locks, safes, vaults, and tamper-indicating seals…plus a lot of other things. Cyber security, cryptography, forensics, and background investigations are
Any field is molded and constrained by its paradigms. A “paradigm” can be defined as:
(1) a pattern, example, or model;
(2) a mode of thought or practice; or
(3) an overall concept or strategy accepted by most people in a given field.
The field of security relies on a number of paradigms, both stated and unstated. Many of these are in the process of changing—or at least should change—in order to adapt to a rapidly changing world and to improve security effectiveness.
There are many widespread mistakes & myths about cargo security and physical security that should be avoided. Current tamper-indicating seals, tamper-indicating packaging, and product anti-counterfeiting tags aren’t very effective.
There’s little sophisticated R&D underway—mostly people and companies
are pushing pet technologies, not trying to solve the problem holistically.
Product counterfeiting and (especially) product tampering are going to get
a lot worse, including terrorist acts.
For many pharma manufacturers, there is a Due Diligence problem for:
Tamper-indicating seals have been used for over 7,000 years. Today, seals are widely used to help counter cargo theft, smuggling, sabotage, vandalism, tampering, terrorism, and espionage. Despite their antiquity and modern widespread use, however, there remains considerable confusion about
seals, as well as a lot of misconceptions, wishful thinking, sloppy terminology, and poor practice.
The Vulnerability Assessment Team (VAT) at Los Alamos National Laboratory has intensively studied tamper-indicating seals for the last 12 years. We have provided consulting, vulnerability assessments, and security solutions for over two dozen government agencies and private companies. This article summarizes some of our recommendations for using seals more effectively and with greater sophistication.
The counterfeiting of pharmaceuticals continues to be a major worldwide problem, with serious public health and economic consequences. In theory, anti-counterfeiting tags could help to solve this problem. Unfortunately, there are currently no practical, effective tags that significantly resist counterfeiting. This paper discusses a different, relatively low-tech and low-cost approach called the “Call-in the Numeric Token” (CNT) technique. It relies on participation by pharmaceutical customers (possibly including consumers). They check, via phone or Internet, on the validity of the unique, random, unpredictable identity (ID) number assigned to each pharmaceutical container they possess. The numerical container ID is a virtual tag or token, rather than a physical one that is susceptible to counterfeiting.
Counterfeiters are hampered by being unable to guess valid IDs, by being unable to easily acquire large numbers of existing valid IDs, and by being detected when multiple customers report the same IDs. At least some counterfeits can be detected even if only a small percentage of customers participate. The technique is particularly well suited for single-dose (“unit of use”) packaging, but can otherwise be adapted and automated for resellers, wholesalers, re-packagers, and other high-volume customers. While it will not absolutely end counterfeiting, CNT can make pharmaceutical counterfeiting easier to detect and study, and more difficult for counterfeiters. The technique is also applicable to other kinds of products.
Some Comments on Choosing Seals & on PSA Label Seals
Maxims for Choosing Seals!•
There is no best seal. The optimal seal
depends on details of your application
– Consequences of Failure!
– Ergonomics !
– Hasps & Doors!
– Time & Money Constraints
You can’t (for the most part) get a degree in it from a major 4-year research university.
– Not widely attracting young people, the best & the brightest.
– Few peer-review, scholarly journals or R&D conferences.
– Lots of Snake Oil & Security Theater.
– Shortage of models, fundamental principles, metrics, rigor,
R&D, standards, guidelines, critical thinking, & creativity.
– Often dominated by bureaucrats, committees, groupthink,
linear/concrete/wishful thinkers, cognitive dissonance.
The Global Position System (GPS) is being increasingly used for a variety of critical applications. These include public safety services (police, fire, rescue and ambulance), marine and aircraft navigation, cargo security, vehicle tracking, and time synchronization for utility, telecommunications, banking, and computer industries.
While people tend to think about GPS as being high-tech and thus high security, the fact is that the satellite signals used in most GPS applications are not secure. The civilian GPS signals—the only ones available to private industry and the vast majority of the federal government—are neither encrypted nor authenticated. They are thus easy to counterfeit, unlike the military GPS signals.
When the Roman historian Pliny the Elder wrote “in vino veritas” – in wine, there is truth – he must not have been drinking from a counterfeit bottle. Argonne researchers Roger Johnston and Jon Warner have created a device
to ensure that modern wine connoisseurs can have faith that they are drinking what they pay for.
This is another example of one of the videos in the Defenses Against Methods of Entry series, called DAME, by Harry Sher and produced by Marc Weber Tobias. The series is being updated and placed online.
Motor Vehicle bypass technology and tools Addi Wendt demonstrates the Electronic Pick by Wendt security Many locks can be easily opened by a variety of simple to complex covert entry tools, produced and sold by Lockmasters and Wendt. Read my article in Forbes that discusses some of these at the LockFest meeting in the Czech[...]