Tamper-evident
From Wikipedia, the free encyclopedia
Tamper-evident describes a device or process that makes unauthorised access to the protected object easily detected. This may take the form of seals, markings or other techniques.
Contents |
[edit] Seals and signatures
Tamper-evident design has been a feature of letters since ancient times, often using wax seals to signify that the letter had not been opened since it was written. Roman signet rings for example, were unique to the person who owned them, and the ring was pressed into the hot wax seal forming a signature which could not be easily duplicated by somebody attempting to re-seal the letter.
Similar practices continue today, from examples such as envelopes to carefully-designed packaging for payslips. In modern contract law, it is common to see each page of a contract individually initialled and numbered, so that any addition or removal of pages can be detected. Meanwhile, most checks have a variety of features to defeat both tampering and duplication (these are often listed on the back of the check).
[edit] Product packaging
Tamper-evident design is perhaps most visible in the area of product Packaging and labelling, where it can be vital to know that the product has not been altered since it left the manufacturer.
Cans of baby-food were among the first high-profile cases, where manufacturers were blackmailed by persons claiming to have added various poisons to baby-food, and replaced them on supermarket shelves. The amount of stock which needed to be destroyed (because it was impossible to tell if a given item had been tampered with) and the threat of public fear, meant that tamper-evident design principles had the potential to save a lot of money in future.
Jars of food items soon started appearing with metal bubble-top lids which popped out if the jar had ever been opened, and stayed flat if the jar was in pristine condition. Customers were advised to never buy a product with a popped lid. (These lids would also pop out if the jar was contaminated by gas-producing bacteria, which was an additional safety feature). Presumably the seal was achieved by packaging the jars in a low-pressure atmosphere, although companies were reluctant to divulge details. Soon after, the BBC demonstrated that such tamper-resistant jars could indeed be reclosed with their seals intact, and this spurred more robust designs.
Newer jars of food tend to come with a plastic wrap around the edge of the lid, which is removed when opening, although the springy-cap designs are still in common use.
Due to FDA regulations many manufacturers of food and medicine (as well as other products) now use induction sealing for tamper evidence.
Some joke that the Tetra Pak milk cartons may have been the ultimate in tamper-evident packaging, as they often require destruction of much of the carton before they can be used.
[edit] Credit cards, money, stamps, coupons
In financial terms, tamper-evident design overlaps a lot with anti-forgery techniques, as ways to detect monetary tokens which are not what they seem.
Postage stamps for example, may contain a layer of ultraviolet-reflective ink which changes state under pressure. The impact from a postmarking machine then leaves a UV-visible mark as well as an ink mark which identifies attempts to reuse stamps.
In a similar vein, asset-numbering labels on corporate equipment (PCs and the like) are often designed to leave an imprint of either the serial number, or the word "VOID" if the label is peeled off. However, this can easily be defeated by warming up the label using a blow dryer so it will be more flexible and forgiving to removal (and reapplication). [1]
Road tax vignettes and price tags are often tamper-evident in the sense that they cannot be removed in one piece. This makes it difficult to move a vignette from one car to another, or to peel off a price tag from a cheaper article and reapply it to a more expensive one.
Money is tamper-evident in the sense that it should be difficult to produce a financial token without authorisation, even if starting from a token of lower value. For example, forgers may attempt to clean the ink from a banknote and print the image of a higher-denomination note on it, giving them the carefully-guarded "banknote paper" which is otherwise very difficult to obtain. This may be one of the reasons why many countries use banknotes of different size in ascending order of value. A British £5 note is much smaller than a £50 note, and therefore can't be used to create a £50 note.
[edit] Physical security
Tamper-evident physical devices are common in sensitive computer installations, for example network cabling is often run down transparent conduit in plain view and switches located in glass-fronted cabinets, where any unusual device attached to the network can easily be seen.
Despite the easy availability of miniature key loggers, tamper-evident design is not often used in personal computers. While transparent computer cases and keyboards are common, they are mainly used for decorative effect rather than security. Many PCs do have a switch to detect opening of the case, and this provides a visual notification when the computer is next turned-on that the case has recently been opened.
Fire alarm and other emergency switches are typically non-reversible, using a piece of glass which must be broken to activate the alarm. For example, Panic buttons in burglar alarm systems might require a plastic key to reset the switch.
In police work, tamper-evident techniques must often be used to guard access to evidence, providing means of storing items and samples in a way which can be used to prove that they were not altered after their collection. It could be argued that CCTV systems perform a similar function in the handling of suspects. Video systems of course, can be given tamper-evident features by the use of timestamps generated by a suitably-trusted clock.
[edit] Computer systems
In cryptographic terminology, Cryptographic hash functions and cryptographic signatures are used to add a tamper-evident layer of protection to document, often referred to as an electronic signature.
The document, email, or file to be protected is used to generate a signed hash, a number generated from the contents of the document. Any change to the document, no matter how trivial, will cause it to have a different hash, which will make the signature invalid.
