Lovely work. Here's a similar project where I showed that randomly-placed multicolored candy particles (nonpareils) can be used to confirm the authenticity of pharmaceuticals: https://www.nature.com/articles/s41598-022-11234-4
As a giant identifier nerd, this is incredibly cool. Any insights/thoughts on tamper resistance/non-duplication? I realize that this is a bit outside the original use case/threat model, but would it be possible to ensure that any physical injury to the coating would ensure that the code would no longer match? Seems like a challenge because you want robust matching but not robust enough to allow someone to substitute or reproduce the exact pattern.
I'm fairly certain that this cannot defend against a determined adversary buying up a bunch of pills, reading out the ids, and then reproducing the patterns (which would already be in the database) or similar enough patterns via a non-random process. Only useful for substitution attacks where someone trusts a pill because it is in a database without realizing that its contents could have been substituted for e.g. poison.
This may be obvious, but it also seems critical for any database that might use these to have expiration dates, otherwise expired pills could be bought in bulk and resold or have their codes reused.
Very cool work! Speckles could be added to the pill itself to eliminate the possibility of shipping damage, though it was good to see you tested that.
I know explosives are often laced with statistical chemical properties that identify them. I was wondering if that could be done to limit ammunition purchases as a way to get around gun control.
Thank you for sharing that, I really enjoyed reading your work, it looked like a fun project.
In addition to authentication, I imagine they could also be used to double-check expiration dates or as a last-ditch effort to notify consumers in the event of a recall. Being able to precisely identify exactly which factory and batch any given pill or other edible item came from could be very useful in some cases.
If I were actually going to use a method like this in real life especially for international shipping etc, I’d probably avoid using rice or beans or other plant material to avoid unnecessary inspections at customs. I feel like this would definitely get stopped and inspected, where a block of multicoloured plastic or resin might not be.
I was expecting more stealthy techniques, like the old sticking a hair and tape on a door or carbon shoe prints under the carpet type tricks. I was imagining people spraying invisible coatings on USB sockets or something.
The problem with doing something as elaborate as wrapping stuff in vacuum packed beans is that it draws attention and provides an adversary plausible deniability due to customs inspections etc, "Oh sorry the DEA had to inspect your package but it's fine, here's your beans too".
Is that really a problem? I think you’ve described a valuable signal, and you may have a different threat model in your mind.
If my use case for this device is so sensitive that I’m taking these steps to avoid it being intercepted, any evidence of tampering, even slight, means the device is compromised, /full stop/.
In your scenario when the government hands me three bags of lentils & my device I thank them, walk to the nearest dumpster, and pitch the whole lot in because I have to assume it’s been bugged.
Good point, but if my package contained illegal material, I'd know I'm being played. Of course, they'd just arrest me instead in that case, but maybe that's preferable?
When flying I often lock my suitcase with a zip (the plastic strip you buckle up on its own, works one way). I got red and green zips because they are less common.
I do this to detect obvious attempts at opening the suitcase (to have a look what is inside, or to plant nuclear weapons for me to transport them).
When the suitcase is on the reception belt, I inspect the zips and if they are broken (or missing) i immediately go to the police/customs agents for them to inspect my suitcase because I see it was tempered with.
It happened twice that the zips were missing. There was no problem for the agents to inspect my luggage. Nothing was found or missing, the zips were probably broken during transport (or someone had a look inside but did not find anything interesting.
> with a zip (the plastic strip you buckle up on its own, works one way)
Just in case you didn't know, unless you buy ones that are specifically hard to open (like if you instead use ones from a random hardware store), they are trivial to open without breaking it by lifting the flap inside the lock-mechanism with something thin and sharp, roll it back out and inserting it again once you've done your deed.
This is a wise thing to do. I knew a guy who frequently travelled to the USA who one day got home and discovered something in his suitcase that neither he nor his partner had put in there.
The question "did you pack your bag?" that customs officers ask is used to infer guilt. Once you answer yes to this question you are criminally liable for whatever is in the suitcase. In Australia a number of baggage handlers have been convicted of trafficking drugs. Unsuspecting tourists have also been convicted of drug trafficking and sentenced to 10+ years in prison
A company makes security seals for this very purpose and markets them under the name "TamperTell". They have a serial number on them and a matching receipt tab that you remove before flight then check against on arrival.
If buying tamper-tempting devices online (e.g. powered USB/Thunderbolt docks with access to keyboard/mouse/video), you can order several devices from multiple vendors and look for unexpected delays or routes in shipment progress. Requires some experiments to determine baseline "normal" routes and latency.
If you’re worried about package interception I’d recommend just trying to buy your electronics at a local retailer. Decide which one you’re going to right as you walk out the door so there’s no reasonable way someone can even predict where you’re going.
Though if that’s a legitimate part of your threat model, you’re in a very difficult situation.
Can't find the article but I read that during the cold war US used translucent resin with pieces of aluminium foil to seal high-security rooms, with multiple photos from different angles to capture the 3d arrangement of the foil.
A similar technique exists for non-replicable unique tokens. The token is multiple translucent microspheres pressed together and its authenticity verified by shining a laser on it from different directions and capturing the output.
I was wondering if you could defeat the beans/lentils by injecting some water vapor in there (while maintaining the vacuum & placement of the items), and freezing the whole thing. Then cut it open under hard freeze and maybe everything sticks together.
Might even be doable without water vapor at cold enough temperatures. Vapor could damage or cause the rice/beans to start to rot later on, dead giveaway of tampering. Maybe the plastic beads are better in general because of their lack of moisture and general lack of organic weirdness.
Can we get a warning to those of us with a clearance so that we don't have to self report? Thanks. This turned my day right the hell upside down. Still cool article.
Author- portion markings like that are cool and all, but fml.
> verifying the authenticity, integrity and/or the physical state of an item by employing the propagation behaviour of electromagnetic waves. In particular, it enables to check for any tamper attempts for larger structures, such as off-the-shelf computers and their periphery. The technology extends existing tamper proof approaches from the chip/PCB to a system level and is easily retrofittable.
In this presentation, we are demonstrating exemplary tamper proofing in order to protect secret information without an attack-detection or data-deletion circuit (!), which is a known difficult problem and an imperfect undertaking. Therefore, we demonstrate the simplicity and effectiveness using a very cheap self-made testbed (using alumium foil) to protect standard hardware against invasive attacks, such as needle probing through the case. Cyber-physical systems are ubiquitous and are often located in non-trustworthy environments, in which data is processed that is both sensitive and worth protecting.
I wonder if it would be possible to fill the bag with CO2 and then freeze it, so nothing moves. (Use two tiny needles, and carefully inject CO2 on one side and remove the air from the other.)
Then open it inside of a room kept at dry ice temperatures, do what's needed, and then put everything back.
Let the dry ice sublimate (slowly so nothing moves) and resume the shipment.
I'm wondering if it would be possible to manufacture some sort of clear plastic sandwich-like material that contains two separate chemical "fillings", kept apart by a central barrier which, if punctured, would allow the chemicals to mix together, triggering a colour-changing chemical reaction.
I guess the problem would be wrapping the target object in a way that couldn't just be unwrapped afterwards, but maybe a glue could be used which creates a chemical bond that is tamper-evident.
I've always felt for very critical equipment you'd be better off designing a PCB to be physically cracked in two, such that you need both specific halves for it to operate at all, and then ship each half separately. E.g. the electronics version of tearing a dollar bill in half and matching the two halves to verify the identity of the holder (something I've seen in spy movies). You'd probably want to make sure the recipient got the first part before shipping the second, just to make sure.
It's not as obvious as it could be, because the images were taken from slightly different angles and with slightly different exposure settings, causing a lot of visual distraction.
I'm with you - I noticed that little pac-man, but it's not an optimal way to see the difference. Seems like scaling both images and doing an image diff would be much more effective. That's a standard tool in semiconductor manufacturing.
I easily spotted the difference, but the article says “a black lentil in the lower left area has been removed”, and I couldn’t see the removal.
Maybe they meant “a black lentil in the lower left area has been moved, thereby moving another lentil a little bit”? (Seems an easier demonstration to me. Removing a single lentil is trickier than moving one a tiny bit)
I think this is an interesting but my immediate question is how much are the color matrices affected by normal shipping?
If your intention is to be able to detect tampering during shipping but shipping always causes some disturbance then it probably deserves some discussion?
I wonder whether it would be possible to use isotopic ratios of gases in negative pressure containers or something like that to ensure that any puncture will disrupt the mixture before it can be measured. Hardly foolproof, but anything that an adversary can measure you have to assume that they can reproduce unless you have some way to prove that the process required to reproduce that physical state _must_ take longer than the transit duration.
The other thing that comes to mind would be quantum systems that can only be measured once. Unfortunately I think that practically you would need a system that is "only twice" so that it can be compared, but I have this sense that anything that can be measured twice can be measured 3 times.
Lots of great links here to people working on practical solutions, but in the limit I wonder whether for many of the "black box in enemy territory" models you just have to go with self destruction as the only safe solution because anything less than a fully trusted human being is at risk for being tampered and pwnd (and even then you might still worry).
> The other thing that comes to mind would be quantum systems that can only be measured once. Unfortunately I think that practically you would need a system that is "only twice" so that it can be compared, but I have this sense that anything that can be measured twice can be measured 3 times.
Just spitballing, but you could do it with a "once only" system if you could generate it reliabilly/deterministically enough that you don't need to measure it post-generation
This is cool, but a manufacturer isn't going to vacuum pack your router with rice and beans. So how do you know the thing you are packaging up before sending to someone else wasn't already intercepted before you received it?
[+] [-] wgrover|3 years ago|reply
[+] [-] tgbugs|3 years ago|reply
I'm fairly certain that this cannot defend against a determined adversary buying up a bunch of pills, reading out the ids, and then reproducing the patterns (which would already be in the database) or similar enough patterns via a non-random process. Only useful for substitution attacks where someone trusts a pill because it is in a database without realizing that its contents could have been substituted for e.g. poison.
This may be obvious, but it also seems critical for any database that might use these to have expiration dates, otherwise expired pills could be bought in bulk and resold or have their codes reused.
[+] [-] seventytwo|3 years ago|reply
I know explosives are often laced with statistical chemical properties that identify them. I was wondering if that could be done to limit ammunition purchases as a way to get around gun control.
[+] [-] Crespyl|3 years ago|reply
In addition to authentication, I imagine they could also be used to double-check expiration dates or as a last-ditch effort to notify consumers in the event of a recall. Being able to precisely identify exactly which factory and batch any given pill or other edible item came from could be very useful in some cases.
[+] [-] boruto|3 years ago|reply
Something like Take RED ones in afternoon, Take the capsule in evening. Would be a pain for her if each one has a different color.
[+] [-] jarenmf|3 years ago|reply
[+] [-] Gys|3 years ago|reply
[+] [-] noodlesUK|3 years ago|reply
[+] [-] owenfi|3 years ago|reply
Colorations brand from discount school supply or amazon works well for her and she makes a lot of colorful rice!
[+] [-] tomxor|3 years ago|reply
The problem with doing something as elaborate as wrapping stuff in vacuum packed beans is that it draws attention and provides an adversary plausible deniability due to customs inspections etc, "Oh sorry the DEA had to inspect your package but it's fine, here's your beans too".
[+] [-] bad416f1f5a2|3 years ago|reply
If my use case for this device is so sensitive that I’m taking these steps to avoid it being intercepted, any evidence of tampering, even slight, means the device is compromised, /full stop/.
In your scenario when the government hands me three bags of lentils & my device I thank them, walk to the nearest dumpster, and pitch the whole lot in because I have to assume it’s been bugged.
[+] [-] Buttons840|3 years ago|reply
[+] [-] BrandoElFollito|3 years ago|reply
I do this to detect obvious attempts at opening the suitcase (to have a look what is inside, or to plant nuclear weapons for me to transport them).
When the suitcase is on the reception belt, I inspect the zips and if they are broken (or missing) i immediately go to the police/customs agents for them to inspect my suitcase because I see it was tempered with.
It happened twice that the zips were missing. There was no problem for the agents to inspect my luggage. Nothing was found or missing, the zips were probably broken during transport (or someone had a look inside but did not find anything interesting.
[+] [-] capableweb|3 years ago|reply
Just in case you didn't know, unless you buy ones that are specifically hard to open (like if you instead use ones from a random hardware store), they are trivial to open without breaking it by lifting the flap inside the lock-mechanism with something thin and sharp, roll it back out and inserting it again once you've done your deed.
[+] [-] CTDOCodebases|3 years ago|reply
The question "did you pack your bag?" that customs officers ask is used to infer guilt. Once you answer yes to this question you are criminally liable for whatever is in the suitcase. In Australia a number of baggage handlers have been convicted of trafficking drugs. Unsuspecting tourists have also been convicted of drug trafficking and sentenced to 10+ years in prison
A company makes security seals for this very purpose and markets them under the name "TamperTell". They have a serial number on them and a matching receipt tab that you remove before flight then check against on arrival.
[+] [-] unknown|3 years ago|reply
[deleted]
[+] [-] chrisseaton|3 years ago|reply
Given they didn’t see your suitcase before you sealed it… what can they inspect it for?
[+] [-] walterbell|3 years ago|reply
For post-delivery tamper deterrence, ship via package receiver and audit home door/window locks, https://news.ycombinator.com/item?id=31856444
[+] [-] varenc|3 years ago|reply
Though if that’s a legitimate part of your threat model, you’re in a very difficult situation.
[+] [-] praptak|3 years ago|reply
A similar technique exists for non-replicable unique tokens. The token is multiple translucent microspheres pressed together and its authenticity verified by shining a laser on it from different directions and capturing the output.
[+] [-] mleonhard|3 years ago|reply
[+] [-] skrap|3 years ago|reply
[+] [-] thehappypm|3 years ago|reply
[+] [-] elheffe80|3 years ago|reply
Author- portion markings like that are cool and all, but fml.
[+] [-] zeristor|3 years ago|reply
OK it could probably be reproduced, and I don’t think I recorded what the position was, but I was only 10 at the time.
[+] [-] xpe|3 years ago|reply
[+] [-] leetbulb|3 years ago|reply
TLDR: HSM housed within an envelope composed of layered electrodes having a unique capacitive signature used to derive its secret material.
[+] [-] walterbell|3 years ago|reply
https://www.hardwear.io/netherlands-2019/presentation/Enclos...
https://media.ccc.de/v/35c3-9611-enclosure-puf
> verifying the authenticity, integrity and/or the physical state of an item by employing the propagation behaviour of electromagnetic waves. In particular, it enables to check for any tamper attempts for larger structures, such as off-the-shelf computers and their periphery. The technology extends existing tamper proof approaches from the chip/PCB to a system level and is easily retrofittable. In this presentation, we are demonstrating exemplary tamper proofing in order to protect secret information without an attack-detection or data-deletion circuit (!), which is a known difficult problem and an imperfect undertaking. Therefore, we demonstrate the simplicity and effectiveness using a very cheap self-made testbed (using alumium foil) to protect standard hardware against invasive attacks, such as needle probing through the case. Cyber-physical systems are ubiquitous and are often located in non-trustworthy environments, in which data is processed that is both sensitive and worth protecting.
[+] [-] daneel_w|3 years ago|reply
[+] [-] CTDOCodebases|3 years ago|reply
[+] [-] ars|3 years ago|reply
Then open it inside of a room kept at dry ice temperatures, do what's needed, and then put everything back.
Let the dry ice sublimate (slowly so nothing moves) and resume the shipment.
[+] [-] jfim|3 years ago|reply
[+] [-] dane-pgp|3 years ago|reply
I'm wondering if it would be possible to manufacture some sort of clear plastic sandwich-like material that contains two separate chemical "fillings", kept apart by a central barrier which, if punctured, would allow the chemicals to mix together, triggering a colour-changing chemical reaction.
I guess the problem would be wrapping the target object in a way that couldn't just be unwrapped afterwards, but maybe a glue could be used which creates a chemical bond that is tamper-evident.
[+] [-] walterbell|3 years ago|reply
[+] [-] javajosh|3 years ago|reply
I've always felt for very critical equipment you'd be better off designing a PCB to be physically cracked in two, such that you need both specific halves for it to operate at all, and then ship each half separately. E.g. the electronics version of tearing a dollar bill in half and matching the two halves to verify the identity of the holder (something I've seen in spy movies). You'd probably want to make sure the recipient got the first part before shipping the second, just to make sure.
[+] [-] thematrixturtle|3 years ago|reply
[+] [-] teraflop|3 years ago|reply
I was able to clean up the animation a little bit: https://i.imgur.com/cgKSA7H.gif
[+] [-] jerzyt|3 years ago|reply
[+] [-] moioci|3 years ago|reply
[+] [-] HanClinto|3 years ago|reply
[+] [-] Someone|3 years ago|reply
Maybe they meant “a black lentil in the lower left area has been moved, thereby moving another lentil a little bit”? (Seems an easier demonstration to me. Removing a single lentil is trickier than moving one a tiny bit)
[+] [-] xarope|3 years ago|reply
[+] [-] nl|3 years ago|reply
If your intention is to be able to detect tampering during shipping but shipping always causes some disturbance then it probably deserves some discussion?
[+] [-] tgbugs|3 years ago|reply
The other thing that comes to mind would be quantum systems that can only be measured once. Unfortunately I think that practically you would need a system that is "only twice" so that it can be compared, but I have this sense that anything that can be measured twice can be measured 3 times.
Lots of great links here to people working on practical solutions, but in the limit I wonder whether for many of the "black box in enemy territory" models you just have to go with self destruction as the only safe solution because anything less than a fully trusted human being is at risk for being tampered and pwnd (and even then you might still worry).
[+] [-] codesections|3 years ago|reply
Just spitballing, but you could do it with a "once only" system if you could generate it reliabilly/deterministically enough that you don't need to measure it post-generation
[+] [-] amelius|3 years ago|reply
[+] [-] jacobsenscott|3 years ago|reply
[+] [-] walterbell|3 years ago|reply
Other manufacturers may be interested in increasing their slim profit margins via optional packaging services.
[+] [-] leetbulb|3 years ago|reply
[+] [-] 2bitencryption|3 years ago|reply