Computer Science 654Lecture 8: Security Printing

and Seals

Professor Wayne Patterson

Howard University

Spring 2009

Reference Security Engineering

Ross Anderson

Wiley 2001

Chapter 12

Available online at: http://www.cl.cam.ac.uk/~rja14/Papers/SE-12.pdf

12.2 History

Bulla system in clay Seals in Orient, China, Japan, Korea Hot wax, signet ring Tampering Substrate with security printing

12.3 Security Printing

Paper money --- Napoleon Photography Color printing Steel etching Predator-prey model Window thread

Threat Model

Government Criminal gang Small distributor Amateur forgery UK forgers – lithography US – inkjet Small-scale amateur forgers

Threat Model

Primary inspection Secondary inspection Tertiary level inspection

Printing Techniques

Intaglio (http://www.artelino.com/articles/intaglio_printmaking.asp)

Letterpress Letterpress Printing can be described as "the process of using a press for relief printing from metal type or raised surfaces formed from wood, metal, or linoleum."

Simultan presses http://www.bundesdruckerei.de/en/print/banknotes/panorama/simultandruck1.html

Rubber stamps Embossing and laminates Watermarks

More Modern Optically variable inks Inks with magnetic properties Microprinting Metal threads and foils Holograms and kinegrams Screen traps Alias band structures Digital copyright marks Unique paper stock

Lessons

Security features should convey a message relevant to the product

They should obviously belong where they are Effects should be obvious, distinct and

intelligible Should not have existing competitors that

can provide a basis for imitations Should be standardized

Related Issues in Printing and Forgery

Passports Drivers licenses Diplomas …

Fake Documents

http://www.espionage-store.com/passport.html

Watermarks

Look at a sheet of quality paper --- hold it up to the light

Digital watermarking --- develop digital techniques for doing the same

Often, Alteration is a Bigger Problem than Forgery

Financial instruments Checks Get a check back from a company ---

cancelled deposit Alter it to a larger amount Check fraud is many times greater in

value than credit card fraud

Credit Cards

Handwritten Signatures

Automated verification with acceptable error rates is beyond the state of the art

Germany

Check fraud suppressed by having most payments be bank transfers

12.4 Packaging and Seals

Substrate material• Add random variability to substrate

• Load paper with magnetic fibers

Random high-coercivity signal is read by low-coercivity equipment without disturbing the pattern• Bank cards in Sweden

• Telephone cards in Korea

Glue

If the glue is stronger than the substrate, seal will tear if pulled away

Many seals are vulnerable to hand tools Can often cut the glue on an envelope by

wiggling a knife Can beat a primary inspection, lose to a

tertiary, and may pass secondary

Threat Models

Customer is your enemy – banking Military --- single disloyal soldier Other side’s special forces Nuclear monitoring --- host government Commerce --- enemy will apply the seal

Staff Diligence

Breaking seals --- not difficult Application of seals may be careless or

corrupt Airport luggage

Effect of Random Failure

Speed limiter seals often break when a car is steam cleaned

Open an envelope, close with a mark “Opened by Customs”

Anthrax and Envelopes

When the Brentwood Postal Facility and the Hart Senate Building were attacked, it was a long time until people realized that (diameter of anthrax) < (diameter of holes in paper envelopes)

Vulnerability

Supplies of sealing materials are uncontrolled

Corporate seals: two metal embossing plates inserted into special pliers

Not Protecting the Right Things

Credit cards in late 80s: • Authorization terminals read the mag strip

• Payment draft capture equipment used the embossing

Hologram on a credit card covers last 4 digits … use the other 12

Evaluation Methodology Has anybody who really knows tried to defeat the system? What is the reputation of the design team How long has the system been in the field How widely available are the sealing materials Will the person who applies the seal be honest Does the way the seal will be used protect the right part of the

product What are the quality issues What are the effects of dirt, noise, vibration … If a seal is forged, who’s supposed to spot it? Are there any evidential issues? How will the seals be disposed of?