This website does readability filtering of other pages. All styles, scripts, forms and ads are stripped. If you want your website excluded or have other feedback, use this form.

Schneier on Security: Blog Entries Tagged seals

Schneier on Security

Blog > Entries by Tag >

Entries Tagged “seals”

Page 1 of 1

Security Seals on Voting Machines

Related to this blog post from Wednesday, here's a paper that looks at security seals on voting machines.

Andrew W. Appel, "Security Seals on Voting Machines: A Case Study," ACM Transactions on Information and System Security, 14 (2011): 1–29.

Abstract: Tamper-evident seals are used by many states' election officials on voting machines and ballot boxes, either to protect the computer and software from fraudulent modification or to protect paper ballots from fraudulent substitution or stuffing. Physical tamper-indicating seals can usually be easily defeated, given they way they are typically made and used; and the effectiveness of seals depends on the protocol for their application and inspection. The legitimacy of our elections may therefore depend on whether a particular state's use of seals is effective to prevent, deter, or detect election fraud. This paper is a case study of the use of seals on voting machines by the State of New Jersey. I conclude that New Jersey;s protocols for the use of tamper-evident seals have been not at all effective. I conclude with a discussion of the more general problem of seals in democratic elections.

Posted on October 7, 2011 at 1:11 PMView Comments

Hacking Tamper-Evident Devices

At the Black Hat conference lasts week, Jamie Schwettmann and Eric Michaud presented some great research on hacking tamper-evident seals.

Jamie Schwettmann and Eric Michaud of i11 Industries went through a long list of tamper evident devices at the conference here and explained, step-by-step, how each seal can be circumvented with common items, such as various solvents, hypodermic needles, razors, blow driers, and in more difficult cases with the help of tools such as drills.

Tamper-evident devices may be as old as civilization, and today are used in everyday products such as aspirin containers' paper seals. The more difficult devices may be bolt locks designed to secure shipping containers, or polycarbonate locks designed to shatter if cut.

But they all share something in common: They can be removed and the anti-tampering device reassembled.

Here's their paper, and here are the slides from their presentation. (These two direct download links from GoogleDocs also work.) There was more information in the presentation than in either the paper or the PowerPoint slides. If the video ever gets online, I'll link to it in this post.

Posted on January 24, 2011 at 1:20 PMView Comments

Tamper-Evident Seals

Interesting article, available to subscribers only (unfortunately):

Prehistoric evidence indicates that people have always been concerned with detecting whether others have tampered with their belongings. Early human beings may have swept the ground in front of their dwellings to detect trespassers' footprints. At least 7,000 years ago, intricate stone carvings were pressed into clay to seal jars and later, writing tablets. What is the most secure way to ensure that people are not messing with your things? Roger Johnston's tests have covered everything from ancient clay seals to metal flange seals used to secure cargo containers and electronic seals used on nuclear material. He has found that high-tech, expensive seals are often no more reliable, and factors such as properly training inspectors to know what to look for are often just as important as the seal itself. Johnston has also developed some new electronic seals that are harder to defeat because they use "anti-evidence": They provide the correct passcode only when they are not tampered with, and the passcode is erased if they are interrupted.

Posted on October 26, 2006 at 7:01 AMView Comments

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.