Security Engineering: a Guide to Building Dependable Distributed Systems Security Printing and Seals

A seal is only as good as the man in whose briefcase it's carried. —KAREN SPÄRCK JONES 12.1 Introduction Many computer systems rely to some extent on secure printing, packaging, and seals to guarantee important aspects of their protection. • Many software products get some protection against forgery, using tricks such as holographic stickers that are supposed to tear when removed from the package. They can raise the costs of large-scale forgery; on the individual scale, a careful implementation can help with trusted distribution, that is, assuring the user that the product hasn't been tampered with since leaving the factory. • We discussed how monitoring systems, such as taximeters, often use seals to make it harder for users to tamper with input. No matter how sophisticated the cryptography, a defeat for the seals can be a defeat for the system. • Many security tokens, such as smartcards, are difficult to make truly tamper-proof. It's often feasible for the opponent to dismantle the device and probe out the content. The realistic goal for such a system may be tamper evidence, rather than tamper proofness: if someone dismantles their smartcard and gets the keys out, that person should not be able to reassemble it into something that will pass close examination. Security printing can be the key technology here. If a bank smartcard really is tamper-evident, then the bank might tell its customers that disputes will be entertained only if they can produce the card intact. (Banks might not get away with this, though, because consumer protection lawyers will demand that they deal fairly with honest customers who lose their cards or have them stolen).