Sandia LabNews

SecuritySeal: Sandia’s tamper-detecting technology is tough to fool


Jason Hamlet

SEALED UP — Jason Hamlet was on the Sandia team that developed SecuritySeal, a device that attaches to a container and detects tampering. The technology, which is based on physical unclonable functions, or PUFs, is available for licensing. “We are looking for commercialization partners,” Jason says. “We want this to be licensed and moved to the next level.” (Photo by Randy Montoya)

Protecting assets from threats defines the wide-ranging industry of security, running the gamut from a padlock to a surveillance camera to a critical cyber firewall.

“Adversaries continue to advance and technology is readily available, creating a more complex challenge to those of us who try to protect assets and detect unauthorized access to them,” says Dianna Blair, manager of Global Technology Engagement, Research & Analysis Dept. 6832. “One advancement by an adversary can make a security technology obsolete overnight in our world. The key is to stay ahead of the adversaries.”

An important area of security is ensuring that something inside a shipping or storage container stays there. “You might have to guarantee that cargo has not been tampered with or that nuclear materials in storage haven’t been diverted,” says cybersecurity specialist Jason Hamlet (5627).

Sandia has a long history in tamper-detection research and continues to advance the field, providing technologies to users such as the International Atomic Energy Agency. The next generation of technologies has produced SecuritySeal, a patented method of tagging and sealing containers or doors. The seal is placed on a closed container so that any attempt to open it is detected cryptographically. “When you come back in the future you can verify that it had not been opened,” says electronics engineer Todd Bauer (1746), a principal investigator with Jason on the SecuritySeal project.

Moving technology into the marketplace

 SecuritySeal is available for licensing and is in the US Department of Homeland Security’s Transition to Practice program, which helps move cybersecurity technologies developed through federally funded research and development into broader use. The program provides a connection point for researchers, the federal government, and the private sector to drive technology from research labs to the marketplace.

“We are looking for commercialization partners,” Jason says. “We want this to be licensed and moved to the next level.”

The prototype is a little bigger than a credit card and would fit a truck or cargo container. But it could be sized to something larger or as small as a prescription medication bottle. “Seal a truck, seal a pallet, seal a box, or a bottle,” Todd says. “You will know if the container has been opened and that what is in it is what is supposed to be in it.”

Jason and Todd came up with the idea in 2009 and worked on it for several years. The technology is based on physical unclonable functions, or PUFs, the small defects that are part of any manufacturing process, a function of materials properties and tolerances.

Microelectronics is no exception. “Electrical characteristics exist in microelectronics that were not designed, small variations from one device to another that exist due to the manufacturing process,” Jason says. “A PUF is a measurement of those variations, which are uncontrollable, unclonable, and unique to individual devices. It’s a kind of fingerprint.”

Jason, Todd, and team members including Bob Brocato (1751) and Brian Wroblewski (1833) developed a way to use PUFs to authenticate integrated circuits. SecuritySeal has two PUFs, one from a resistor network printed on a thin polymer film, and another from an on-board integrated circuit. The resistor network is adhered to the surface of the container it protects. The two PUFs are then measured and combined to form a system-level signature, leading to a private key that stays with the device and a public key a verifier can use.

 Each SecuritySeal would be enrolled in a database with a serial number with the public key, similar to the Entrust identity management system. The private key is not stored in the device’s memory, but is instead regenerated from a measurement of the PUFs when needed.

Resistance properties of the network change if the film is lifted, slid, or attempted to be removed from the surface it is adhered to, and the PUF response is altered so the tamper is detected. A digital reader interrogates the device remotely and can infer a change in signature if the tag-seal fails to properly respond to a challenge provided by the reader. Knowledge of the private key is needed to generate the right response. If the PUF changes, the private key changes and the tag-seal can’t provide the correct response.

A deterrent to adversaries

“Tamper-indicating seals are a critical part of the regime I work in,” Dianna says. “SecuritySeal might not stop tampering, but it will help us monitor if a protected volume has been accessed. It addresses a key vulnerability. If a seal can be counterfeited, an intruder could take it off and replace it with one that looks just like it. SecuritySeal has a unique signature that cannot be counterfeited. It has a strong deterrence factor.”

The research was done in the area of national security that focuses on arms control and treaty verification. “In nonproliferation treaties, a weapon system is dismantled and the component parts are stored in different containers,” Todd says. “How do you know without continuous visual surveillance that no one has gone into the containers? This tool can remotely monitor treaty compliance with assurance.”

But the device, which could be manufactured with custom parts or with less expensive commercial off-the-shelf components, has a variety of potential uses including protecting pharmaceuticals, cargo, crime scene evidence containers, consumer goods against warranty fraud, and ballot boxes.

“The market is quite broad for this technology,” Todd says. “There are many ways to seal and protect assets, starting with padlocks. Our goal is to raise the bar. This helps keep everyone a little more honest.”