Schneier on Security

Clive Robinson • May 16, 2012 6:58 PM

@ aph,

If you mix two colors of wax and take a picture(saving the picture in an immutable location), you can create a seal that is tamper evident and can’ be easily replaced.

Actually the modern version of this is done with printing a unique serial number on the object using “etching ink” then a layer of clear epoxy resin with a layer of very loose “chop strand mat” fiberglass and on top of this more clear epoxy with a small dusting of small glass beads with a slight stipiling in the finish before the expoxy cures.

You then take the equivelant of a holographic image of the seal.

I’ve been told that this was considered suffiiciently tamper proof for use in SALT treaties.

In effect the US put one on every Russian nuke or armament that was to be limited. And the Russians would put one on every US nuke etc.

Independent monitoring teams would then make random visits to check the serial number seals.

@ Alan Bostick,

Isn’t it the case that long before strong crypto came about, various Black Chambers were able to open and reseal wax seals virtually undetectably.

Yes and No…

There are two types of documents “sent under seal”. The first is where a single sheet of paper/parchmment is either written on or wrapped around another message, the second is to use an envelope and seal the flap down.

The second is compleatly insecure and the seal needs not be touched in any way what so ever. Basicaly what you do is bank the envelope on a surface to make the contents go to the top of the envelope. You then clamp the bottom of the envelope between two steel rulers with just a paper thickness of the envelope protrouding through. You then using a very very sharp razor slice this off and take the letter out of the envolope and copy it before returning it. You then re clamp the envelope but this time with just a half millimeter of the envelop protruding you then fold it back very hard fold it back up. apply a very thin bead of glue down the outside of both sides. Wait untill nearly dry then remove from the clamp fold the flaps into the envelope and re clamp and wait untill the glue has set, then put it back in the post. Few people will spot this as they just don’t inspect the eenvelopes carefully.

A second and more modern way due to the design of the ordinary white windowed envelope is to go for the glued side seam. If you have a knife with a thin flexible blade that is not to sharp you can insert this at the right angle and using a sawing motion actually cut the glue not the paper. You then unfold the seam extract the letter copy and put it back. You then very gently apply PVA wood glue over the glued area you have cut ensuring the coverage is the same. Then when tacky put the flap back in and apply preasure untill the glue is dry. Even on examining the envelope this is very difficult to detect. It is why sometimes when asked to give important refrences you are asked to not only put sellotape across the envelope flap, but also around the edges and sign over both pieces.

When using seals on the first type of package using a single piece of paper it is best first to squigle in a series of random designs etc or have it printed in raised ruled ink designs (these are used on some bank notes and when you tip them through the light the raised ink throws shadows to form particular patterns). From an attackers point of view cutting this paper will be very tamper evident so they have to go for the seal.

Now unless a particular type of sealing wax is used you can attack the seal by very slowly heating the seal from the other side of the paper whilst keeping the top of the seal as cold as possible (wet cotton wool with an ice cube in a thin plastic “sadwich bag” on top is one way). The trick is to get the bottom of the seal to the “plastic” state between solid and liquid then using a small amount of bending and a very thin slide of glass the top of which has a lubricating solvent on you can slice the seal off.

The way to stop this is to fold the paper in such a way that all four edges come together over seam folded with a rose fold in the middle on which the seal is placed the sealing wax compleatly envelops the rose fold and alows a very small amount of the sealing wax to go through the center of the rose fold onto the letter below.

As a general rule for seals you need to make their recesses deep and with a cross ground surface that produces a secondary image. When you apply the seal to the wax you press it sufficiently hard that it actually displaces the wax away from the paper surface. You thus have the cross cut image showing up from the paper surface, and the main seal image on top of this.

Another way is to use an embossing stamp (like those used by noteries etc) on the edges of the paper then apply the sealing wax over this and press the seal down with moderate force so as not to flatten out the embossing. On opening the paper wrapper you inspect the back of the seal to check that the embosing is clear and undisturbed.

Then there are older methods used with parchment where it is sewn with a thread that is then sealed at the ends. The idea being that the thread should be uncut on delivery and cracking the seal to remove the ends of the thread should enable the integrity of the seal to be checked.

Some modern sealing methods work this way using very fine enamaled copper wire the circuit can be checked to see if it is still integral. Often this is used inside computing “security modules” that are then filled with epoxy with quartz sand in it. As the ends are inside the module along with the battery back up trying to get into the module will break the wire giving the CPU time to erase and start over writting the secret stored in the ram. This sort of thing is by it’s self insufficient as there are ways to attack the epoxy without drilling or grinding and the circuit can be frozen in time using various cryo techniques that will stop the CPU but retain the memory contents. There are both hardware and software solutions to both of these attacks that I’ve outlined in the past (search on “data shadows” my name and “RobertT” or “Nick P”).

There is a problem with using threads or cords especialy those on electricity meters where the thread is a piece of stainless steel wire and the seal a soft metal such as lead or whites metal. It is possible to heat the wire with a high power soldering iron and slip it out of the seal. The industry first solution was to deform the ends of the wire in some way so that it was larger in diameter, one such way being to put eyelets or crimps on the end. The method of attack then becomes heat the wire slide it back towards the seal untill the eylet or crimp is against the seal. cut the wire on the other side of the seal as close to the seal as possible. Putting the seal back can be done in a number of ways but basicaly you end up pushing the cut end back into the seal and when it has cooled the seal metal has melted into the wire and wicked sufficiently that the end is effectivly soldered in place. A simpler way if you are any good at “tool making” is to make a new “security crimp” as the whole thing is generaly a deterant not a proper security seal the design of the crimp embossing is generally very simple and not very acurate in design, likewise making a new “unused” seal is usually just a case of identifing the metal its made of sourcing a rod of it and turning it down on a watchmakers lathe (if you don’t have one then a 12volt craft drill with a large chuck held in a vice will do the same only instead of using cutting tools you use needle files and grit paper to provide the finish). I know from experimentation and “proving the point” to others you can do the whole lot from scratch in a day…