Introduction to Tamper Evident Devices
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Title of Series | ||
| Number of Parts | 122 | |
| Author | ||
| License | CC Attribution 3.0 Unported: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/40554 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
00:00
Computer forensicsSoftware testingInformation securityComputerProof theoryAuthorizationSystem programmingIntegrated development environmentTransportation theory (mathematics)InformationNuclear spaceKey (cryptography)Term (mathematics)Real numberRight angleCuboidNeuroinformatikWeb pageFunctional (mathematics)Solid geometryInformation securitySocial classLevel (video gaming)Nuclear spacePattern languageArmWater vaporProper mapGame controllerDigitizingPairwise comparisonCASE <Informatik>Representation (politics)Software maintenancePhysical systemEmailFormal languageProduct (business)TelecommunicationFrequencyMultiplication signMaterialization (paranormal)Different (Kate Ryan album)Type theoryTable (information)Open setRoutingFlagNatural numberComputer forensicsRing (mathematics)WikiProof theoryPhysicalismRow (database)WebsiteIntegrated development environmentFerry CorstenMUDNormal (geometry)GodAuthorizationRevision controlComputer animation
09:56
Similarity (geometry)CuboidMultiplication signType theoryDifferent (Kate Ryan album)Incidence algebraCAN busSoftware testingYouTubeResidual (numerical analysis)VideoconferencingOvalPoint (geometry)1 (number)Digital photographyProduct (business)Dependent and independent variablesDiameterCryptographyData storage deviceSoftware protection dongleTelecommunicationCovering spaceComputer programmingWater vaporCombinational logicElectric generatorFactory (trading post)Information securityBusiness reportingIntrusion detection systemChainAdhesionDigital rights managementNumberNeuroinformatikMetreFamilyNormal (geometry)Tape driveEmailForcing (mathematics)Right angleWebsiteReverse engineeringBlack boxSensitivity analysisBootingNuclear spaceLevel (video gaming)MereologyBitPhysical systemSpring (hydrology)Firewall (computing)Projective planePattern languagePosition operatorPower (physics)GodRevision controlAddress spaceTransportation theory (mathematics)Group actionRadical (chemistry)LiquidSlide rulePlanning
19:53
Data modelInformation securityStress (mechanics)Mechanism designPairwise comparisonDisassemblerData storage deviceInformation securitySoftware protection dongleElement (mathematics)TheorySoftware testingDifferent (Kate Ryan album)Envelope (mathematics)Computer cluster2 (number)Materialization (paranormal)WordIdentifiabilityType theoryRight angleFingerprintMereologyVulnerability (computing)Water vaporDampingData storage deviceMechanism designProduct (business)QuicksortControl flowProof theoryHoaxFiber (mathematics)Computer animation
25:53
Bounded variationMereologyElectronic mailing list1 (number)Utility softwareDifferent (Kate Ryan album)File formatGraph coloringRight angleType theorySlide ruleEndliche ModelltheorieSpherical capNumberDivisorFitness functionMultiplication signRow (database)Shape (magazine)CuboidWater vaporDigital photographySerial portInheritance (object-oriented programming)
30:48
Digital photographyGame theoryMathematicsSerial portMereologyScherbeanspruchungDrill commandsDisk read-and-write headProcess (computing)Ring (mathematics)BitConfidence intervalCurvatureEndliche ModelltheorieDegree (graph theory)Type theoryMereologyHard disk driveSheaf (mathematics)Spring (hydrology)Slide ruleNumberProof theoryVariety (linguistics)Forcing (mathematics)Drill commandsSoftware testingThumbnailHidden Markov modelWater vaporTangentDifferent (Kate Ryan album)AreaLength1 (number)ArmBraidAngleView (database)Digital photographyPower (physics)
37:59
Drill commandsDrill commandsYouTubeFrictionVideoconferencingType theoryOpen setWiki
39:01
Euler anglesDifferent (Kate Ryan album)Moving averageEmailDigital photographyType theorySerial portMultiplication signFlagDegree (graph theory)Sound effectGoodness of fitImage resolution
40:54
MereologyThread (computing)1 (number)Right anglePhysical lawBitPerturbation theoryProduct (business)Digital photographyFitness functionPattern languageReal numberWater vaporSound effectComputer animation
43:44
Water vaporInformation securityTape driveSerial portResidue (complex analysis)Type theoryOvalOpen setPartial derivativeQuicksortEnvelope (mathematics)AdhesionTape driveWater vaporResidual (numerical analysis)Combinational logicType theoryOrder (biology)Entire functionCuboidRight angleClique-widthMoving averageInformationLocal ringMultiplication signSoftware testingStandard deviationPhysical systemForm (programming)Partial derivativeInformation securityOvalGreatest elementRippingComputer animation
47:43
Orientation (vector space)Position operatorShape (magazine)Texture mappingDistortion (mathematics)Bookmark (World Wide Web)AdhesionInformation securityFilm editingWave packetDistortion (mathematics)MereologyTexture mappingSoftware development kitEnvelope (mathematics)State of matterLimit (category theory)Pattern languageTape driveResidual (numerical analysis)Computer animation
49:52
Sound effectTexture mappingResidue (complex analysis)AdhesionTape driveRight angleDigital photographyCombinational logicParticle system
51:19
DisintegrationInformationMereologyType theoryWikiInternetworkingData storage deviceComputer animation
Transcript: English(auto-generated)
00:00
Welcome to Introduction to Tamper-Evident Devices. I'm Dana Graham, and you're probably going, who's this asshole? So I have a pretty solid background in tamper-evident technologies. I just gave a two-day class earlier this week at Black Hat on this very subject. I also do a lot of non-destructive entry stuff, so think lock-picking, safe-cracking,
00:22
making friends with guards, and so on and so forth. I also do forensics, particularly forensic locksmithing, so determining if locks have been picked or bumped or opened with things other than a key. And like many of you, I also do computer security, and like many of you, it's also a bullshit term
00:40
that I use, so we don't have to talk about it so much. I run a couple websites, such as LockWiki, lock-picking forensics, and eventually, TamperWiki will have something more than a cool splash page that I got bored and made. I'm also the leader, am I the leader? Am I the leader? I'm the leader of a Tamper team called the Motherfucking Professionals.
01:04
And for the record, if anybody's wondering why we picked that name, it's because John used to ask me, like, can we do this? And I'm like, John, please, I'm a fucking professional. So that's that. We won the Tamper contest last year, which was the first ever Tamper-evident contest ran by DT, and I'm proud to say
01:21
that this year we've won all four levels. So what the hell are Tamper-evident, there's a cord here, and I'm not, Jesus. I thought this was a professional conference.
01:44
Okay, so what's the difference? We have terms, we all work in security, we all have retarded things that we wonder, why do people say that, and why is that on every box I buy for security products? So these three terms, tamper-resistant, tamper-proof, and tamper-evident,
02:01
as a fourth kind of pseudo-term is anti-tampering. So what do those mean? So a product that's tamper-resistant is actively made to deter tampering. Now what tampering is may vary depending on the product, but generally it's anything other than normal use. So for our water bottle, if we take off, thanks, I didn't realize I needed this prop, but thanks.
02:23
The fuck? So the water bottle has this little seal, so if we take the seal off and put something in the water, that'd be tampering, as long as we put it back and it looks right. Something that's tamper-proof doesn't exist, but a lot of companies use the term to denote,
02:43
oh my God, to denote something that cannot be tampered with, and that by definition means every definition that you can think of for tampering would be protected against. So it's the same like saying this computer's hack-proof or whatever, so we all think that's retarded,
03:00
and that's retarded. And then our last term is tamper-evident, so that's something that doesn't necessarily resist tampering, much like our water bottle, but it is determined to leave evidence of whatever methods of tampering that you did to the product. So tamper-evident itself, anything that leaves evidence,
03:22
usually in a general sense we say tampering is unauthorized access, alteration, or replacement. You can also use counterfeiting and so on and so forth. So why don't we just use locks, where we would use these tamper-evident products, because locks actively prevent entry, that's their goal. Some locks are tamper-evident, they're meant to show
03:43
that the lock has been opened with something other than the key, but that's not always the case. So the main thing is, is it better to prevent an attack or detect an attack, right? So think about that, think about shipment of nuclear materials, is it better to prevent someone messing with it, or better to detect
04:00
when someone has messed with it? Because by attempting to prevent, we assume that we'll be able to detect all of these methods by default, or that they would not happen. Tamper devices, by their very nature, that's the Jäger kicking in, they enforce you to inspect them, because again, they're not locks, they're not resistant to tampering or physical abuse.
04:23
And locks are pretty expensive by comparison. These tamper seals are just little metal or plastic things that look a lot like locks, they're essentially one-way locks, but they cost a lot less. And think of also the cost of maintaining key maintenance and key control and distributing keys and disposing of keys
04:41
and all that kind of stuff. And then you also have to consider environmental considerations. Will a lock function in this environment? Will it get jammed up? Will I have to replace the keys? Will I have to repin the lock? So on and so forth. So who uses tamper-evident devices? The answer is all of us. We just may not think of them as such.
05:01
So food and drug packaging, again, our friend the water bottle. At Blackout, I took the fire extinguisher from the room and I put it on stage and I got really mad about it, but those all have tamper seals on them. They inspect them or do whatever they do for the US Fire Marshal, and then they reseal them to show that it's been inspected and so on and so forth.
05:21
A lot of drugs, pharmaceuticals, Tylenol, everything, that kind of stuff all have little tamper seals on them, so that when you buy the bottle, you open the box, you take off the shrink grab, you open the bottle, all that kind of stuff. All are little tamper-indicating devices, so we can tell if our pills have been screwed with. Pretty much everything, warranty protection,
05:41
all of our DVD players and electronics like that usually have a little tamper sticker to determine when we've opened the case. The customs, Border Patrol use these a lot to secure cargo shipments and other kind of stuff. And then also think about confidentiality. So how do you determine, if I send a letter to you, how do you know I sent it or it wasn't modified en route?
06:02
It's easy with digital stuff, easier, but it's a lot harder with physical things, because we have to inspect them, and then how far are you willing to go to inspect them to ensure that that's the real deal? We also use them a lot for international stuff and government-level, three-letter agency-level stuff. So for example, nuclear safeguards,
06:22
when we transport or, I actually don't know what we do with nuclear materials, but whatever we do with them, we seal them, all these little containers that have the plutonium or whatever. And we also use these heavily for treaty enforcement between countries. So agencies like the IAEA and the United Nations,
06:40
they'll say, hey, you know, country A, we're not gonna make bombs, and country B agrees. So how do you enforce this idea of two countries agreeing to something when you can't just have representatives of each government watching everything they do? So think in terms of Pakistan and India and North Korea, China,
07:01
all these nuclear arms treaties we have to say, okay, we're not gonna make bombs. How do we enforce that? A lot of that comes back to tamper seals. We seal them and then determine if they've been tampered with when the inspectors come, however routinely it is. So we're gonna go over a little history, and then we're gonna talk about two basic types of seals.
07:23
So this will just give you a brief overview of all the kind of stuff they use in modern day. So the original idea was that we used a lot of clay or mud, and we'd dry it over something. So think of a box. We're gonna cover it in clay and then put this pattern. So for you to gain access to the box, you have to figure out how to remove that clay and then put it back when you're done. So that may or may not be difficult,
07:40
especially when it's, you know, 1800 or 800 BC, you don't know what the fuck you're doing. This is another example from long, long ago. So we would, let's say we have our box again. We'd tie rope around it, right? So this is called a boule, and it's a little piece of clay that fits over the rope,
08:02
and then you stamp it in, and it squishes into the rope and dries. So again, like our box covered in clay, you'd have to remove that to access the rope to open the box. The pope is awesome, and he has a ring, which he's kind of baller in that sense, right? He has a ring. So there's a guy, there's two guys.
08:22
There's two guys. One guy, when the new pope, well, when the old pope exits, he has to melt his ring, right? When the new guy comes in, some other guy makes him a new ring, and then they use that for stamping papal insignia. And so you can see, here's a real old version, but tradition still continues to this day, and usually they do wax nowadays.
08:43
In mid-1800s, we started combining locks with seals, and it's pretty cool because, you know, again, we think, why not use locks? Why use seals? Why not use both? Have the best of both worlds. So this is an example of a real old padlock, and you can see on the right here,
09:00
there's this little piece that kind of swings open, and that allows you access to the keyway. So they figured, well, why don't we just put the stamp over that, and then close that up, and then to get access to the keyway, you'd have to remove the stamp, right? Now, we'll ignore any, you know, well, what if you don't need to use the keyway to open the lock? There's also a lot of locks from this time period that have little glass plates, so when you lock it, a little glass plate
09:21
slides over the keyway, and you'd have to shatter that to get access to it. During World War I, World War II, we started doing mail censorship, and probably before that. So essentially what it is is you send some piece of mail. Somewhere along the way, the censor says, okay, flag that. So they cut it open, right?
09:42
Then they see, they read what it is, they determine if it's okay to go through. They tape it back up, and then they put a stamp over it, and you can see over in the top left here, they even write what language the letter was in. And then again, we also use this kind of similar stamping stuff to make sure that our mail has gone through the mail system properly.
10:00
A very cool story is, beginnings of the Cold War, beginnings of the CIA, they had a lot of difficulty with communicating back and forth, excuse me, the CIA had a lot of difficulty communicating with agents in Moscow. So what they did was they did this elaborate program where they bought, you know, thousands of different postcards, and they sent them to and from different addresses,
10:21
different recipients, and they put different things on them, like, you know, in Moscow, from Russia with love, so on and so forth. And then when they reached their destination, the CIA would go back and look at them, determine which ones had been tampered with by the Russians, and then determine which methods they used to try and detect tampering,
10:41
and then which postcards weren't, didn't qualify for whatever censorship or tampering that the Russians did. So through all this, they look at the pattern and say, well, if we send it to, you know, Ohio, and it's in this rural area, maybe it doesn't get flagged, and so on and so forth. So it's a very, very cool project,
11:02
and I think it's, a lot of it's in Family Jewels, if you wanna look that up to read more about it. I don't remember the name of the project, but it's also documented a lot in the book Spycraft. I just think it's a really cool thing that, you know, 70 years ago, we were thinking, well, how do we detect mail tampering, and how can we prevent it? And how can we get around people doing it?
11:21
Because obviously, you can't tamper everything that goes through the mail system. It's just not logistically possible. So you gotta pick and choose. In the 1980s in Chicago, there was a lot of scares where Tylenol pills were replaced with cyanide pills, and so you can see on the left is Tylenol, on the right is cyanide Tylenol.
11:40
So people started dying from this, and there was this huge scare where Tylenol was rushed off the shelves, and Johnson & Johnson, owner of Tylenol, said we can't detect tampering at the factory level, so it must be further down the chain. And to this day, it hasn't been determined how this happened. There were a lot of copycat kind of things, like a woman fed her husband a cyanide Tylenol,
12:01
and then went to her local store and put like, you know, a dozen cyanide boxes mixed up in there so that other people would die, and they'd think it's just another freak occurrence, you know, all the boxes have been tampered with, kind of thing. Obviously, it didn't kill Tylenol, but similar incidents killed a number of other aspirin or pain medication type companies.
12:23
So now we get to more modern day seals. After the whole fiasco in Chicago, we instituted the Federal Anti-Tampering Act, and so all pharmaceuticals now have to have, you know, these different layers of protection, so I think it'll be just like computer security where we have defense in depth, you know.
12:41
We don't just have a firewall or a, what the hell do we use in computer security these days? We don't have an IDS or all that kind of crap. So now you have to open the box, and inside the box, you take your little shrink wrap off, you attempt to take the childproof container off and then despair, usually,
13:00
and then there's this little wax adhesive combination seal that's over the actual pills themselves. On a lot of electronics, we use these little warranty stickers, right? So this is the first generation of this particular Xbox tamper seal, and it's just this little silver seal that says Microsoft. If you try and pull it up, it leaves a little residue that says void or opened
13:21
or whatever it is, and so there started to be videos of people taking these off on YouTube, and Microsoft, I believe their official response is that, well, that's cool, and we're always looking to make our product better, so they instituted a new seal, and now there's videos of this being removed with a hairdryer on YouTube.
13:40
It's essentially a sticker, so I think you're all comfortable removing stickers at one point or another. We use these a lot. One thing I found out recently was that the duty-free bags at airports, you could actually take different kinds of chemicals on board planes, as long as they're sealed in the duty-free bag. Now, depending on where, yeah, right?
14:00
Well, holy shit. And it's funny for me, because I actually, it's not legal for me to fly, because I have all these dangerous chemicals that I use for the tamper stuff, and I can't be like, hey, can I bring this gallon of acetone on board? I paint my nails a lot.
14:23
So I found out that you can actually take these on with certain size, certain chemicals, as long as they're sealed. Now, depending on your airport, depending on where you're going, domestic, international, you may be stopped, and they may remove these from your purses before you get to the terminal, and you can only buy them after you check in and crap like that, but I think it's very interesting
14:41
that we rely on these. On the right is a check and deposit bag that is used by a lot of banks. The one in the picture is actually a Bank of America bag, but there's a lot that are almost extremely similar, and you just throw your cash in, then seal it up, and then, obviously, if someone wants to steal it, they're just gonna steal the whole damn thing,
15:00
and it's not gonna matter, but if somebody tries to take a portion of it, they have to figure out how to get that out and then reseal it without leaving evidence. Now, obviously, the missing cash may be evidence, but think of if we want to transport sensitive documents or company secrets and so on and so forth in these. I gotta stop saying so on and so forth, don't I? We also use these to seal evidence bags.
15:20
Similar to the plastic bag here on the right, there's a lot of evidence bags that look the same. This is just a manila folder with some evidence tape over the edges, but we use these pretty heavily for this kind of stuff. We started using these not too long ago in electronics, so all these sites like Hackaday
15:40
that people are like, oh my god, I got the latest new iPhone awesome version, holy shit, and I took it all apart, and then I reprogrammed it so that titties appear when I boot up or whatever, and so companies are actively trying to stop that,
16:01
stop reverse engineering of their products, stop modification. Again, we could go back to Xboxes and stuff where they don't want you to mod it or do anything against what they want you to do with it. So they started making both tamper-evident and tamper-resistant electronics. So in the photo is just this little chip and all the leads are coated in a thin layer of epoxy.
16:20
So if you wanted to remove this chip or get access to the leads, you'd have to remove that and then figure out how to repair it. You could go hardcore and become the government where you just coat the whole damn thing in epoxy, the entire PCB, so you just have, it's essentially just a little black box at that point where you don't really know what it does, but it just plugs in somewhere
16:42
and then hopefully it works. It's used a lot on little DRM chips too and military crypto electronics. A lot of these are also tamper-resistant where they destroy themselves if they detect tampering and so on. How many of you have a Blackberry or an iPhone? If you take off the back right now, you could see a little white seals
17:01
and some of them are water sensors and some of them are little covers for the screws so that if you wanted to take your device apart, you'd have to remove all those little stickers or break them when you put the screwdriver in. So all these are little warranty protection type things. The water sensors don't really evidence tampering so much since the only thing they do is detect water, right?
17:24
Or other types of liquids, but for the most part, just water. So a lot of people ask me, well, what about like tilt sensors on packaging? Like you send a crate and you put a tilt sensor in. That's kind of a tamper-evident device, but that's more of a cover-your-ass device. So if something happens in transit, then you could say, well, the tilt sensor went off,
17:40
so this must have happened. How many of you have to take a piss test for work? Funny story, in the contest this year, there was a medicine bottle that looked pretty similar and I filled it with apple juice and there's a picture of me drinking it like that. Yeah, and another team used Jack and water
18:01
that looked a lot like pee too. I don't know what's with us and pee, but let's stop talking about pee. Anyways, we use these for a lot of medical-type stuff, so specimen containers and you can see the blood vials in the center and then even some more expensive medicine bottles will actually have a tamper-evident seal
18:20
so that you have to physically break it and it's not like the normal seals like the one on the left here or the normal kind of water bottle seal. It's meant to not be able to go back to the way it was. You all have gas, water, and power, all of your little meters have little tamper seals on them and they're just these little tiny plastic things and again, tamper-evident things don't resist force.
18:41
You can just snap these off with your fingers. It's just a little piece of plastic, but if it's gone, the next time the guy comes to check your meter, he files a report saying something may have been tampered with and then they choose to investigate or not. For cargo transportation, we use more heavy-duty seals for the most part. We'll talk about different types of seals in a bit, but these are called bolt seals
19:01
and they're essentially just a one-way lock that snaps through the hasp of a truck. The IAEA does a treaty monitoring for North Korea and this is an example of a cup seal that they use. This half of the cup seal is actually not unique, so you could technically replace it with one of the same size and the same hole diameter
19:21
and the same hole position, but what they do is they take a little knife and they scratch it up in here and they add little dabs of solder and then they take a picture of it. They seal it up, the next time they come, they inspect the outside and when they're ready to remove the seal, they cut it open and look at this and compare it with the picture to determine if it's been tampered with.
19:41
This is a photo of Marines sealing a can of nuclear material with just a little tamper seal and if you remember back to our evidence slide, this is essentially that same little red adhesive just being applied to the nuclear container. So as with most security products, there's a lot of bullshit
20:02
and so one thing I found really funny is that everyone who sells zip ties markets them as tamper-proof and I thought that was pretty funny. Now, how many of you are uncomfortable opening a zip tie? Did not think so. What if it's a pulled tight zip tie?
20:23
Little more tricky, huh? Step it up. There's also dedicated tamper companies and most of them represent their products as being more secure than they really are and that was one of the motivations for DT starting the contest last year and continuing it on this year and next year. So you'll see it's just a little sticker
20:41
similar to our Microsoft warranty sticker. When you pull it up, it just says void and the wording to the right says impossible to reseal or reuse. Another one is these little metal padlock security seals which sounds very intimidating but it's essentially just this little frang, frangible, is that a word? We'll find out later. It's just this little shackle that fits through the body
21:01
and it snaps into place and it says positively tamper-proof. We'll get back to him later. So what makes something tamper-evident, right? Is a water bottle tamper-evident? Is an envelope tamper-evident? You know, all these things. Yeah, but are they designed to be such? So something that's tamper-evident should be durable to everything.
21:22
I'm gonna try walking around. We'll see how it works. Something that's tamper-evident should be durable but it should be weak. It should not resist physical attacks, right? It should be a one-way lock mechanism. There's extremely few seals that are actually resealable because you know, think if it's resealable, it's essentially a lock that you can lock and unlock
21:40
at will given the right tools and skill and all that sort of stuff. Tamper seals usually have unique identifiers to prevent you from just swapping one out and counterfeiting it. And they're sensitive to basically everything other than a tug test. And so what a tug test is is where you seal your seal and we'll talk about this particular seal in a second.
22:01
You seal it up and then you just pull it, right? So we know it's locked. So what if I pulled it and it snapped, right? If I'm just pulling lightly, then that may evidence tampering, right? And there also should be very weak to things like temperature or different chemicals and so on and so forth. So how do we inspect tamper seals? And this is a talk all on its own,
22:21
but we can think, we just look at them casually. I go, oh, do, do, do, do. And then you can look at them closely and see if there's any little scratches or missing pieces. You can also disassemble them. If they are disassemblable. And then you can get to serious science where you're saying what trace evidence is in on the seal or are there fingerprints there? Are there hair and fiber? That kind of stuff.
22:40
And then there's also seals that have traps or alarms. So think of an example of a trap would be, the fuck was that? An example of a trap would be like the little ink things when you go to the department store and all the clothes you wanna buy are the ink things. So if you try and remove that, it sprays ink everywhere.
23:01
And so that's considered a trap. An alarm's more like when you're in the same department store and you just try to walk out and the siren goes off. So what does defeating a seal mean? So this is kind of ambiguous. Defeating a seal doesn't mean just pulling it apart because it's pretty easy just to pull most of these apart. So by defeating it, we mean that we open it
23:21
and we reseal it, which sometimes is the harder part, and we leave little to no evidence of tampering, as little as possible. So there's vulnerabilities kind of everywhere. So we can think of, there's problems with the design, something that the end user just can't fix. There's problems with procuring seals. So what if I start a malicious tamper seal company
23:41
that sells flawed seals, and you buy seals from me? What about storage of your seals? If somebody has access to your seals before you install them can they be tampered with and then made vulnerable to different attacks? What about installation? You can definitely install a lot of these wrong to reduce the security they offer.
24:00
And then of course, the biggest thing is the human element. To identify tampering, you need to have somebody actually look at it. There's no good automated way to do it. Now you can say, of course, we have electronic tamper seals that will alarm and do that kind of stuff, but that kind of stuff tends to make us lazy. So we just need to say, when the guy pushes the button to see if it's been tampered with, it tells him no.
24:20
And there's a lot of ways we can fake that. And then think about also how you remove or dispose of the old seals when you pull them off the container when they get to their destination. If you just kind of throw them in the dumpster out back, can somebody go through them and get parts or get materials from that that would allow them to better tamper the seals that you're using still? So the first thing we're gonna talk about
24:41
is called mechanical seals. And these are a little plastic and metal type seals that physically prevent you from doing what you want. So think of it like a little hasp on a door. And we have this little tiny tamper seal around it. To open the door, you need to break this seal in theory. So zip ties, seriously, zip ties. We're not joking when I say zip ties
25:01
are a basic tamper-evident seal. Again, show of hands, how many people are worried about a zip tie? Fully sealed zip tie? Those are tricky. Okay, so the first thing we're gonna talk about is the beaded cable seal, and I have one here. You want to pass it around? Wow, that was off.
25:23
I'll seal it for you. And just pull on it lightly, see how it feels. Don't tighten it too much, but play with them. See how they feel. And essentially, it's just this little cable that fits through the body, and once you push it through enough, it locks into place. So it's basically a fancy zip tie.
25:42
How confident are you that you could beat this now? One guy, geez. I thought you guys were pros. You had like the whole fully locked zip tie thing down. So I tried to do this earlier when I was drunk and I ripped the shim, but you can essentially just put a little coke can through there and get it around the cable,
26:00
and you push in, and then once you get it through, you're essentially doing the same thing with a zip tie where you're separating the teeth from the cable, and then you can just pull it back out. And there's a lot of these seals, and they look different now and then, but they're essentially the same thing, right? They're just these little plastic or metal pieces, and you snap them together, and they're glorified zip ties.
26:20
Some are two-sided, some are four-sided. Some have two rows with a divider in the middle, so you gotta shim both of them. And again, shimming's not the only defeat. Think of, a lot of these don't have serial numbers. Can we just swap in another one of the same color, of the same model? Lots and lots of different defeats. So again, go back to our list of different places we can attack them,
26:40
and just think of all the different things we could do to these basic little seals. Next type of seal we're gonna talk about is called the plunger seal. Now, one thing I should mention is that all the companies that sell these have really tarted names for them, so they all call them truck seal. It makes it really hard to talk to somebody and say, hey, you know that truck seal? And they're like, oh, which of the 5,000 are we talking about? So I call them just kinda how they interlock,
27:02
because it's easier for me. And hopefully I'll just give enough talks that everybody else starts using the terminology. But it's essentially just this little piece that snaps in. So it's similar to our little cable seal, but it covers the piece that we would wanna manipulate. And you can see the little flanges here kinda prevent you from sticking something in
27:22
and pushing those little legs back. But on most of these, they're capped. So the way that they seal this is that they form the body, they put the little white piece in, the detainer, and then they cap it, right? And then whenever you're ready, you just snap it into place. So I don't know why that slide's there, but okay. So you can actually take caps from other ones,
27:42
and you could just pull the caps from existing ones, just using a little screw. You just screw it in there and pull it out. Sometimes you could use heat or boiling water to make it easier, but you could just pop that out. And then put a new one in there, and no one's the wiser. And once you have the cap out, you have full access to the internals, so it becomes a zip tie again.
28:03
And so you can see here in the photo, for our team, we have a big box of different little caps ready to go, so it saves us time when we wanna do defeats. We just pop the existing one out and then pick the right color. And if we damage the white part in any way, it's hard to see if it's right here. If we damage that, we just pop a new one in,
28:21
because they're all the same too. And none of these little pieces are serialized or unique. So there's other little plunger seals that are pretty common as well. Again, these are used a lot by the utility companies, and they're essentially just the same thing. They're just a different little format. And you can see the one on the left doesn't even have a serial number. So if we find the same type of seal
28:41
with a serial number, think, can we print a new one on it, because we have blank ones? Sure, why not? The padlock seals are called so, because they resemble padlocks. And they're kinda nifty. The one on the left just uses little spring-loaded detainers that shoot out when you push the shackle in. So you could think, can I shim that?
29:00
Can I just put a little piece of wire and get around that? You can actually just remove the shackle. You can cut it and take the pieces out and then put a new one in, if you have it. And you know, all these other kinds of defeats we talk about. The one on the right is funny, because it sucks. So this is our tamper-proof seal, right? And so it's just this little piece that clips in,
29:21
and it's similar to our plunger seal. So we have it here, and you try and pull it, it doesn't work. So you could, of course, just go in there with a lockpick and push those little legs back and pull it out. But what I thought was a really funny attack, is you could take another shackle, which is funny, because you see, they have these little tabs, so it's supposed to be where you could put a serial number so you can't just replace the shackle. So we'll assume that they're serialized. But you just take another one,
29:42
and you kinda fit it down here. You see, somebody knows where I'm going with this. Oh, wait for it. And you take them out. And it reseals, super. You guys wanna play with this?
30:01
Should I pass it around? Don't fuck it up for all the people in the back. Come here. I'm not throwing it. So have fun with that. At the Tamper Evident Contest, if they're still set up after the talk, they have some practice seals if you wanna just take one home to play with. I unfortunately don't have, well, I do have a million seals,
30:20
but I didn't bring them. But I'll have a couple extras up here afterwards. The next seal we're gonna talk about is also called a padlock seal, but for different reasons. So you see they have different designs, different places they put the cereal, different little shapes up here, and different shapes of the clip. But essentially, they're all the same thing. It starts open, right? And then you affix it to whatever you wanna put it on,
30:42
and you snap it closed. And the little legs dig into this middle piece, and the barbs prevent you from pulling it out. And it's actually a tough little seal. Whoa, I didn't push anything. We skipped several slides for no reason. Okay. So one cool attack is you could just clip it off whatever it's on, and then you dunk it in salt water,
31:01
or anything that's conductive. And you can use a battery or a power supply, and you attach the leads to each side, and you could just, essentially, you rust it really fast. And because the main part of the seal is plastic, it's not affected, so you just rust these little metal pieces until they're gone.
31:20
You pull the old clip out and put a new one in, and it works like a charm. So here's a picture of it, once it's been through the electrolysis process, and now it's ready to take a new clip. Now it's a little difficult to do. Sometimes you have to scrape out whatever little bits of the old clip might be in there. But it's a really cool attack, and it only takes about half an hour. And again, this doesn't need to be
31:40
on the thing that you're attacking. You just clip it off, and then put it in your solution and go. The other seal we're gonna talk about is called metal cable seals. And this is the first of three seals, this type of seal, not necessarily the models that we're gonna demo. These, this is the first of three that's approved by Customs and Border Patrol for their sealing needs,
32:02
for all their tamper stuff. So they use the heavier duty cable seals, but it's essentially the same idea. And there was one that they used in this year's tamper contest, and I think all the teams defeated it, or at least the majority of them. So essentially what it is is you put the cable through one side. Have another one here.
32:21
So you put the cable through one side, and then it should lock into place, just like our little beaded cable seal. And there's a little spring in there that pushes a little gear. So when you try and pull back, the teeth of the gear and the braiding of the cable make it so you can't pull out. So what we could do is just shim it, right? So I have one prepared. You can see it passes tug test.
32:40
You wanna, you, come here. So just tug on that cable a little bit to make sure it's locked. Give them a thumbs up if it's locked. All right. People think I'm bullshitting them sometimes, so we gotta, audience participation and all that. So I have my shim kind of just inserted, but you know, you see it's still locked. So what we're gonna do is we're gonna do the same
33:01
we did for the other one, where we just kinda put it through, oh, but I scrunched it. Oh, I broke it. Oh, I'm tarted. Okay, it's done. I'm tarted. Shut up.
33:22
Yeah, this one's locked. Ooh. Oh, it's tarted. I ruined it, sorry. Too much Jaeger. You can thank Dark Tangent for that. What you can also do is just put a little magnet on it, and it'll pull the gear away, and then you can pull the cable out.
33:40
So hard drive magnets work. Obviously, you need a different magnet depending on the size of the gear, the strength of the spring, and the size of the cable, but definitely doable. The next seal we're gonna talk about is called the metal ball seal, and these are, every company I could find that sells these sells them as tamper-proof. No tamper-resistant, no, maybe, maybe you can tamper it. Tamper-proof, every company I can find.
34:03
And so what it is is on the top is unsealed, and so you pull the strap through, and then normally there's obviously the ball over this section, but there's rings clipped around each side. They don't go through, right? There's a ring like this, and it snaps together under the force. And when you push the strap through, it pushes the rings through,
34:21
and they snap together when both sides can fit through the holes, and then you can't pull your strap out. So let's talk about how can we defeat this, because this is a pretty complicated lock. It's very simple in design, but how do we defeat it, right? So to defeat it by so-called picking, we'd have to rotate the rings back and spread each of them to get the strap out.
34:42
So that's pretty hard, and there's some in the contest area you can look at. It's a very small little area that you have to work with, and trying to rotate and spread in that area is very difficult. We could always try cutting the strap somewhere that they might not look at in repairing it. It'll probably fail the tug test, but maybe that's a basic defeat you could try.
35:03
And then what about, can we counterfeit it? Can we change the serial number? Can we take another one and re-serialize it? Can we make our own strap and then serialize that? These are all varying degrees of difficulty, but just think about that. What else can we do? Anybody?
35:21
Ideas? Thoughts, comments, concerns? You guys are quiet. I'm sorry? You can manufacture the rings, but how do you get the rings in there apart? And how do you get new ones on? Because that bolt, or the ball doesn't come off
35:41
even if you cut the rings. Ah. I'm sorry? Vibratory, no, that will not work because you need to actually spread the rings. Nice try though. Okay, so the defeat we came up with for this year's tamper contest is we made dyes to re-crimp metal balls. So we get our target metal ball seal.
36:02
We cut the ball off. We take two halves from other seals. We put them back on after we separate the rings and take it apart, put it on wherever it's supposed to go and then we just re-crimp it, right? So can you tell which of those photos has a tampered seal? Any of them? One, two, three of them?
36:24
Well I didn't tell the people at Black Hat so I guess I can't tell you, but there's at least one of them that's been tampered with. It's difficult and it's kind of a contrived thing obviously because you only see one view of the seals, but it's very difficult to tell. So think of this from arm's length. Very difficult to spot.
36:42
The next seal we're gonna talk about is a bolt seal and we talked about this a little bit earlier. There's lots of different varieties and do they serialize both the bolt and the body? Is the bolt all metal or is it covered in plastic? And then they have various little anti-spin techniques. So here's what most of the insides look of them and there's two varieties.
37:00
One uses a little clip and one uses a ring. So this is an example of the clip one. It's just you put your bolt through and then the clip snaps around the head of the bolt and then you can't pull it out. You can also see on the left it has these flats to prevent you from twisting the bolt while it's in. You could twist it if you turn hard enough but you'll chew up the plastic. And again, that'll leave evidence of tampering.
37:23
So let's talk about some basic defeats for these. We could just cut part of it off and then try and reseal it and see how it works. Potentially difficult, it's easier on the all metal or all metal bolts but varying degrees of success. We could also drill and repair or replace the bolt.
37:43
So think is that hard? It's pretty hard depending on the bolt. Some, the ones that actually don't spin, probably a little easier because you don't have to worry about the bolt moving around. But you just put a drill at an angle which is a difficult thing in the first place and you just go down there and hit the little ring or the clip. Well, I'll tell you about something we did this year.
38:02
We had a tamper O'Day. What we did was we made a custom little drill piece and it just fit around the body of the bolt and we put it on our drill and it'd spin it. So we'd spin it and while spinning it we'd pull both sides. And doing so causes friction between the little clip and the bolt and it slowly chews away the bolt
38:22
and the clip until it can pop open. And on tamperevidentwiki.com after the conference you guys can see all of our documentation. There's some videos of us doing this on YouTube. I think you just search DEFCON 19 tampering. Yeah, DEFCON 19 tampering and you can see the video. And it works really quick and it's pretty easy.
38:42
And depending on the design of the bolt, you know, it will leave no marks or a little marks. And it's kind of a beta thing. We need to work on the design of the tool. But for now it works really well even though it leaves some marks on the body from just having to grab it. But we're working on it. So the next thing we're gonna talk about are called crimps and wraps.
39:01
So the first type are crimps that are similar to our mechanical seals but essentially they're little pieces of lead or aluminum that we squish. And usually we squish them around a wire or something. So it's just a little frangible wire and then you squish this piece over it and then you can't separate the wire. So in this example this little flag just gets rolled up over a wire and it's very tight and it's hard to pull the wire out.
39:23
Most of these basic types of crimps aren't serialized. So they're very easy to counterfeit. If you have the same, in this picture it has a USLC type thing. They're very easy to defeat if you have the same type of crimp or if you can replicate that type of effect. And there was a bunch of little crimps in this year's contest that everybody defeated.
39:42
So here's an example of a squeeze crimp. So instead of the roll that just rolls that little flag up, you physically squeeze a little piece of lead or aluminum and then you leave an imprint if your die has a little imprint. And these are kind of cool because if you actually take the time to inspect them very thoroughly, then you could get a pretty good degree
40:01
of anti-tampering out of them because I think every time you crimp one of these little pieces, it's gonna deform in its own unique way. So if you take a really high resolution photograph of it and then you inspect it in that same manner, then you could potentially detect alterations to it or replacement. There's a lot of lead seals in the contest this year. They're all defeated. I think we all basically use the same thing
40:21
where we clip the cable and then we put it back in and crimped over it so that it stuck again. But there's lots of different things you could do. And again, so think about how far are you willing to go to detect tampering? Because it's obviously expensive the more you do and the farther you go. But are you willing to go that far? Think back to our example of Russia and the US
40:41
with the postcards. How much mail are you willing to censor or pass through this tampering to detect spies and all that kind of stuff? This is a photo of the seal crimping tool. It's just a basic little hand tool. There's these self-crimping seals that are pretty cool. And essentially they're the same thing. You thread a wire through the back,
41:00
but you could just snap them together with your fingers. They suck pretty hard, actually. The ones that I found, at least. You can see on the right, that one's actually a fully locked thing. And you could just essentially put a little lockpick in there and push out the parts that need to be pushed out and reopen it. So this is something that's more familiar to you guys.
41:25
And these are just little plastic wraps that fit around a lot of pharmaceuticals or food packages and that kind of stuff. And they kind of have mixed effectiveness. A lot of people put these on their products just to say I have a tamper seal on my product with no eye to how good it is or how valuable it is to quality assurance
41:42
and that kind of stuff. But the real question with this kind of stuff on food and pharmaceuticals is what's your real goal? Right? So is your goal to prevent replacement of the pills, replacement of the bottle? Is your goal to prevent people opening it and doing whatever they're gonna do with full access? What if we just take a needle and inject some kind of doping agent onto the pills?
42:02
Would that be detected? Because obviously, for the most part, you can bypass this little seal. Now again, we talk about defense and depth. For our normal bottles, we have all these layers of things that we have to go through to open it. But think of these things. Is that the right thing to do? A lot of these that are used aren't very good.
42:20
And usually it's the design of the bottle. Like this kind of seal is similar. And if you just put this in boiling water or just very hot water, it'll loosen up the plastic and you can just go pry it open. And depending on the container, what's inside of it, you can just get one off full and then just put it back on at your leisure. And the same is somewhat true for these.
42:40
Although these little plastic ones are a bit more, the heat affects them a lot more than these bigger plastic seals. But a lot of them, how many of you have ever bought a product where you just kind of wiggled it off and you got it off intact, right? Oh, he was just raising his hand. He didn't have a question. I'm tarted, sorry.
43:01
How many of you think of the ones you couldn't take off? How far do you have to cut up this little seam to get it off? Probably not all the way, right? Usually very little, if any at all. So think how can we cut and repair that? And think, a lot of these are pretty easy to counterfeit because nobody really serializes them. So you could just, if you have another one,
43:21
you rip this one off, put a new one on, and then heat it back up so it shrinks. So think, again, how far are you willing to go to detect tampering? Are you gonna take photos of the exact pattern that your little plastic wrap seal's on to whatever you're doing? As you get bigger and bigger, think like huge companies. They can't afford to do this kind of detection. It's just a, well, we put a tamper seal on it
43:41
because the law says we have to. The next and last thing we're gonna talk about are adhesives. Adhesives are super popular for sealing a lot of stuff. Almost all the packages we get are sealed with some form of adhesive. And then you can also extend this to think about envelopes and that sort of stuff, and the bank bags we talked about earlier.
44:00
But adhesives are kind of, they're not very great. And one funny thing is that there's no standard for high security tamper adhesives. There's one for mechanical seals, but I thought the funny thing was is that they don't actually test for tampering for this standard until 2012. So there's all these seals that say we're compliant,
44:20
but it doesn't mean anything just yet because they haven't enforced this tamper-evident testing. So adhesives are kind of bad because they're misunderstood. A lot of companies think you could just slap on a sticker on the back of your Xbox, and then you're great. All the morons in the world are just gonna rip it off and they go, oh, damn, I guess I can't stand it back now.
44:41
But think of a more sophisticated attack. Can we shim it? Can we just put a piece of Coke can or wax paper and just get it up? Will heat help us get that off? Water, steam, solvents, temperature, again, both hot and cold. And then also there's always counterfeiting. There was a funny situation earlier
45:01
where they were judging the tamper contest, and they said, when you apply this tape, because all the contests will lift the tapes and put them back down, they said, did you get dust on here? And I go, no, when you use this roll, that's just how it looks. And they didn't like that at all. But we actually have dreams of one day giving back two boxes for our tamper contest
45:21
because we can counterfeit so much of it that we could just duplicate it. But I'm told that's bad form, so we haven't done that yet. So the thing about this is that you could put whatever you want on a piece of tape, but that doesn't make it any better than a piece of tape. So this is an example called tamper-evident tape,
45:40
and it's tape. And it's not very good at being tamper-evident. Now, the main feature of this is that if you cut it, think again to our targeted example, if you just take your knife and you slice it open, it's gonna be very difficult to realign all these little lines so that they look right. But again, why do that when you could just put acetone or isopropyl
46:02
or any of these things that you could buy in your local drug or hardware store or pharmacy to lift the tape? So the real questions are when you look at an adhesive, is it serialized? What's it applied to? Is it on wood? Is it on plastic? Is it on metal? Is it on paper? Because all these things depend how well it's gonna adhere.
46:21
And then you gotta think what type of material is the adhesive, the backing? Tapes are a combination of a backing, so like your little plastic layer, and then adhesive under it. So you combine that with whatever you're sticking it to, is gonna determine how well it sticks and how long you need to leave it before it sticks. Because think about a big company. You're a shipping company. You get an order in.
46:41
You wanna get that out as fast as possible so that customers are satisfied. So you slap tape on it, and then you send it out right away. Well, that tape hasn't had time to cure, so it's gonna be a lot less resistant to attack. So think about how do you integrate all this kind of information into making a more secure tamper-evident system? And then you gotta think, well, what type of residue, if any, does the tape leave behind?
47:01
How much do you really need to remove to open whatever it is you're working on? Because the answer is generally never all of it. Almost, very rarely, you have to remove the entire piece of tape. So the two things we have, and we'll just talk, we'll go right into them, is a full-residue tamper tape. And that's where if you pull the tape up, if you just physically force it up,
47:21
it'll leave behind a residue. And that residue will be the full width of the tape. So you can see here, there's a little residue all the way to the bottom. And then a partial-residue tape will only leave a certain imprint. There's also what's called no-residue tape, where when you pull it up, it doesn't leave anything behind on the substrate, but it voids itself. So the tape now says void or whatever,
47:41
in the same way that this leaves behind residue. So let's talk about solvents, because solvents are probably one of my favorite aspects of adhesives, even though I never paid attention in chemistry in school. So let's think about common solvents. Acetone, isopropyl. Carbon tetrachloride is funny,
48:01
because the CIA used to love it. I don't know if they still do. I'm actually not with the CIA, if you hadn't noticed. But, yeah, food. But it's extremely dangerous. We don't really use it for the contests, and I think it might even be illegal in a lot of the nearby states. But it's actually extremely effective at lifting a lot of adhesives.
48:21
Methyl ethyl ketone is pretty strong, but it could be useful for some stuff. And then, pretty much the sky's the limit. Any type of solvent will probably work on something. Again, it depends on your backing, depends on your adhesive, depends on your substrate. All this kind of stuff. And so, literally the sky's the limit. There's huge amounts of solvents you could pick from.
48:42
I did a black hat teaser talk for the training, and I didn't want to show a solvent in it, because I wanted it for the contest, and I wanted it to be a secret. So I replaced it with aromatic bitters. So my goal was to, no, no, I thought this out. My goal was to identify all the bad teams by whether or not they added aromatic bitters to their kit.
49:01
So think about, how do we inspect adhesives? Because adhesives and envelopes and that kind of stuff, we generally have more of a drive. When we see them, we could tell if it's been tampered with or not. So we look for cuts or tears or wrinkles, any distortion, if it has lettering. We also want to look at, has it changed place? Again, how far are you willing to go
49:21
to look at this kind of stuff? Is the texture of it different? Is the gloss different? When you peel it up, is the adhesive the same strength? If it's supposed to leave a residue, does it? Does it leave it properly? Has it been altered? So there's lots of stuff. The bad part about solvents is that if you use the wrong one, you're probably screwed.
49:40
So this is just an example of a ruined tape, and you can see it just basically dissolves and leaves the security pattern behind. And if we look at this again, you can see it even flared out to the sides here, so it's all covered in blue ink. If you use heat, if you use too much heat, it's pretty easy to ruin a lot of adhesives. So here's an example.
50:00
One thing that a lot of solvents do is that they affect the gloss of the tape itself. Because generally speaking, you don't want to put the adhesive on top of the backing. You want it between whatever it's stuck to in the adhesive. Because it doesn't really do you any good to have it on top of it, because that's not what's holding it there. So if you get it on top, you might change the actual texture
50:21
or gloss of the backing itself. You could also look even, as far as you want to get into this, to look at is it actually stuck? And when you peel it, does it feel the same? Does it look the same? So again, here's another example of heat with all the letters are all distorted and smeared. Big bubble marks.
50:44
Let's say you use solvent, and the solvent lifts the tape, but it damages the adhesive, so the adhesive doesn't work right. So you gotta add new adhesive, right, if you want it to look right. Pretty difficult to do, and you can see here's a photo of glue being stuck kind of around the edges from it being resealed.
51:02
Here's an example of aerosol adhesive. So when you use aerosol, it's a combination of whatever the sticky stuff is and the propellant that actually makes it spray out. And here's a photo of all those little particles on the tape itself. And so that's obviously not normal, because that's not how normal adhesives come.
51:21
So the things I want you to take away from this talk are that there's lots more seals. There's hundreds of types of seals out there, and little design variants that make certain attacks better or worse. There's always room to improve your methods of defeat. Everyone's leaving, geez. And so how do we improve our defeats? How do we improve, more importantly, our installation, our storage, our inspection methods?
51:43
Because at the end of the day, you don't need to beat the tamper seal. You need to beat the people looking at them. And that's generally a much easier thing to do. And how do you integrate all this into whatever your business is? So don't think that you could just slap a sticker on and then it's gonna work. The hard part about it is that, unless you're crazy like me,
52:00
it's hard to evaluate seal A versus seal B and determine which one's better. And there's no real information on the internet about how to do this. So that's one of the goals of the contest that DT's running, is starting this year, all the documentation will be a public wiki every year for the contest. So we do all our defeats, we type it up,
52:21
and then once DEF CON's over, that all gets published to the internet. So you can look up this seal. Was this used in the contest? How did people defeat it? And what are ways that we can make it better, that we could use it better in our business? So I wanna thank you all for coming. Are there any questions?