http://www.lamonitor.com/articles/2006/12/22/headline_news/news06.txt By ROGER SNODGRASS Monitor Assistant Editor December 23, 2006 One of the world's oldest preoccupations, right up there with the question of how we got here, has to do with whether anybody has been messing with somebody's stuff. A Los Alamos scientist who is a leading authority on the subject of tamper detection imagines hunters returning to their cave after an expedition and checking the ground for bear tracks. Some of these inventive humans may have swept the ground outside their dwelling to make it easier to spot traces of an intruder. Later, as civilization developed, priests and magicians may have needed ways to make sure their ritual materials or instruments had not been contaminated by unworthy handlers. "It was less important to stop them than it was to find out if they had been messing around," speculated Roger Johnston, who leads a team called Advanced Diagnostics and Instrumentation in the lab's chemistry division. Johnston is not only a practitioner of seals and other devices for ascertaining the security of nuclear materials, among the world's most dangerous stuff to tamper with, he is also a scholar of the 7,000 years of history behind the notion of tamper-proofing objects. In an article in the current edition of American Scientist, Johnston has traced the technology back to ancient Middle Eastern property contracts written in cuneiform on clay tablets and enclosed in clay envelopes that were stamped with the personal seals of witnesses - 3700 years ago. "Tamper detection is a very old field, but it doesn't get a lot of recognition or attention," he said recently. "I wanted people to appreciate it as an interesting area that goes way back." It is also a technology that is so common it is almost beneath notice. Johnston estimated that on average more than 40 million seals are either set or checked on each day in the United States. Counting tamper evident packaging (TEP) used for drugs and other ingestible items, he wrote, the daily number goes up to more than 200 million. The packaging security that is now required for all over-the-counter medicines sold in the U.S. was an outgrowth of an unsolved crime in 1982, when the death of eight people was traced to a stock of cyanide-laced Tylenol. Johnston said that TEP is surprisingly immature and easily spoofed or defeated, considering the consequences and especially given the added risks theoretically posed by terrorists. A smart undergraduate student working with Johnston's team, with no special skills and using mostly her own ideas, was recently able to fool 72 experts in the field who were unable to say which products had been tampered with. Johnston said he wasn't surprised that she was able to do that. "What really disturbed me is how little research has been given to the subject," he said, "especially considering that people in the pharmaceutical industry are sitting on billions of dollars in liabilities, if somebody tampers with them." Johnston was honored with a LANL Fellows Prize in 2004 for his "ingenuity" and "path-breaking work." His team of about 10 people includes two industrial psychologists and has recently added Jon Warner, a new technical staff member versed in electronics and microprocessor techniques. They do work for the International Atomic Energy Agency, the Department of State and Defense and the intelligence community. Johnston is also the editor of the on-line Journal of Personal Security. He prefaced an introduction to the first edition with a mind-bending quote from Yogi Berra that seemed to sum up the kind of thinking that is required in the field of tamper-thwarting. "In theory, there is no difference between theory and practice," Yogi said. "In practice there is." Johnston explained that physical security seems so simple, like taking out the garbage, that if it fails, it's because somebody screwed up. In fact, what is lacking is rigorous theory and scientific study that can help separate the theory from how things work. _____________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Fri Dec 22 2006 - 23:48:14 PST