Proceedings of the 51st Annual INMM Meeting Baltimore, MD, July 11-15, 2010

UNCONVENTIONAL APPROACHES TO CHAIN OF CUSTODY AND VERIFICATION Roger G. Johnston and Jon S. Warner Vulnerability Assessment Team Nuclear Engineering Division Argonne National Laboratory 9700 S. Cass Ave, Building 206, Argonne, IL 60439-4840 ABSTRACT The Vulnerability Assessment Team, first at Los Alamos (1992-2007) and now at Argonne has devised a number of unconventional approaches and technologies for nuclear safeguards, chain-ofcustody, and verification. These include: Anti-Evidence Sealsa fundamentally better approach to tamper detection based on our understanding of the weaknesses of conventional seals arising from vulnerability assessments on hundreds of different designs. Town Crier Monitoringa simpler, transparent, negotiable, and secure method for real-time monitoring of stationary or moving assets. Colorimetrya useful technique both for tamper-indicating seals and for real-time monitoring. It offers much of the sensitivity of video monitoring with much greater simplicity and without the concern for loss of sensitive information. Live and Local Verify for Video Monitoringsimple, transparent, negotiable methods for guaranteeing that a video signal is local and live, i.e., not prerecorded. Pointer, OPODS, and Key Keepaway Methodssimple techniques that are more secure than conventional approaches for data logging or authentication, and for protecting secret keys and passwords. INTRODUCTION Nuclear chain of custody and verification activities are unusually challenging security applications because the adversary (the host or inspected nation) has enormous resources if it wishes to cheat on its obligations. At the same time, the technologies and procedures that might be put in place for chain of custody or verification must meet stringent requirements for safety, reliability, cost, transparency, and negotiability. In our view, well thought-through simplicitynot high-tech complexityis likely to provide better security[1] while having the best chance of meeting the other requirements. ANTI-EVIDENCE SEALS Unlike a lock, a tamper-indicating seal (or tamper-evident container) is not meant to impede access, but rather irreversibly record that unauthorized access, intrusion, or tampering took place.[2] Seals have an important role to play in nuclear safeguards, both domestic and international.[3-5] Most (all?) seals currently in use, including for nuclear applications, can be fairly easily defeated given how they are designed and used.[1,2,4-9] To defeat a seal means to remove it from the container it is attached to, then reseal the container with either the original seal or a counterfeit seal, but without being detected. (Yanking a seal off a container is not a defeat because the fact that the seal is missing or damaged will be noted at the time of inspection.) Fortunately, there are practical countermeasures for most seal vulnerabilities.[4-6,10] These typically require modifications to the seal design and to how the seal is installed and inspected. There also needs to be extensive hands-on training for seal installers and inspectors so that they understand the vulnerabilities for the specific seals they are using, and know how to look for the most likely attack

scenarios. Unfortunately, all of this involves more time, money, and effort than most security programs are willing or able to invest, even for nuclear applications. We believe there is fundamentally a better approach to tamper detection. Conventional seals store the evidence of tampering on or inside the seal until the seal can be inspected. This evidence may be in the form of damage or some other alarm condition that indicates the seal has been opened. The alarm condition is typically easy for an adversary to erase, hide, or block from view (or a fresh counterfeit seal can be applied that lacks the alarm condition). We believe a better approach is to use an anti-evidence method.[2,11,12] The idea is to put information that tampering has not yet occurred (the anti-evidence) in or on a seal prior to its use. The act of tampering erases this information (which is typically 1 byte in length for electronic anti-evidence seals). The absence of evidence that tampering has not occurred thus becomes the evidence for the tampering. Unless the adversary can obtain the secret anti-evidence before it is erased, there is nothing for him to erase, hide, or counterfeit. We have developed prototypes of two-dozen different kinds of anti-evidence seals.[2,7,8,12] Their potential advantages include simplicity, low cost, higher security, re-usability, and the ability to automatically check that an inspector actually examined the seal for tampering. (The act of reporting back the anti-evidence bytewhich can be done through non-secure communication channels indicates that the seal was actually inspected.) With anti-evidence, it is also possible, at least in theory, for the host (inspected party) to check the seal and report the anti-evidence data to inspectors without the inspectors needing to be present. TOWN CRIER REAL-TIME MONITORING The anti-evidence approach can also be used for real-time monitoring.[8,13,14] A real-time monitor is a device or system that watches over an object or container, and then produces an immediate alarm if the object or container is removed, tampered with, or experiences unauthorized intrusion. The alarm is typically intended to scramble a guard or police force. The alarm signals issued by most conventional real-time monitoring systems are often easy to block or jam. More sophisticated systems may rely on high-bandwidth two-way communication, radio frequency signals, sensor status and state of health checks, data authentication or encryption, and/or complex hardware and software. The resulting complexity often opens up new attack vectors for an adversary, and can complicate transparency and negotiability.[1,8,15] With the Town Crier (anti-evidence) approach to real-time monitoring, when unauthorized access, tampering, or theft is detected, we dont send an alarm that can be easily blocked or jammed. Instead, as long as everything is fine, we have the real-time monitoring system occasionally transmit a simple All OK byte called the bingo number. The correct bingo number at any given time is known only to the monitoring system and to the good guys listening in. Should the correct bingo number fail to arrive when expected, trouble is indicated. Unlike blocking an alarm signal, the bad guys gain nothing by blocking the All OK signals. They can try to counterfeit the bingo number, but have only a 1/256 (0.4%) chance of guessing one bingo byte correctly, 1/65536 (0.002%) chance of guessing two correctly, etc. The advantages of this Town Crier monitoring approach include simplicity, low-cost, the use of only very low bandwidth (~1 byte/minute) one-way communication (we listen for the bingo numbers but

dont try to talk to the real-time monitor), and high security. Blocking an alarm, counterfeiting the real-time monitoring hardware, or hacking into the monitor through a communications channel are no longer useful attacks for the adversary. Reference 8 discusses some of the Town Crier prototypes we have developed. COLORIMETRY Color is a difficult property to accurately reproduce or counterfeit, especially in the field. In the past few years, inexpensive commercial color sensors have become available to measure color accurately, such as shown in figure 1. They typically measure 3 color coordinate values. These colorimeter chips can be used as change detectors for tamper-indicating seals.[12] They are also useful for inspectors to check the walls of a camera enclosure or safeguards instrumentation rack to determine if it has been cut open, then repaired and repainted to hide the intrusion. Gloss measurements are also useful. Another interesting application for color sensors is replacing video or even motion sensors for realtime monitoring. The floor and walls of a secure storage vault or cargo hold can be painted in wildly varying colors, much like the colorful tie-dye T-shirts of the 1960s. Any movement against the background of the walls or floor will be detected by the color sensor(s). An intruder trying to match the background color as he moves through the volume would face a difficult challenge, especially if there is spatially varying illumination. The storage containers with nuclear material could also be painted loud colors so that their movement would cause a particularly dramatic change in the color spectrum. This type of color monitoring would have at least as much sensitivity to scene change as video, but with a much simpler, cheaper, and lower-bandwidth technology. It should be more transparent and easier to negotiate for treaty monitoring. Moreover, anyone intercepting the color readings when authorized activities were underway in the vault or cargo hold would not be able to learn much about the nature of the (potentially classified) activities taking place. This is not the case with video signals unless strong encryption is applied.

Figure 1 - The TAOS TCS230D color-to-frequency sensor.[16] About $2.50 each in retail quantities.

SIMPLE AND TRANSPARENT LIVE VIDEO AUTHENTICATION Video imaging is a potentially useful technique for verification and monitoring, but storing and authenticating the video can be a problem. Complex encryption, data authentication, intrusion detection, or information barriers add cost and degrade reliability and image quality. Their complexity

increases the number of ways that an adversary can spoof the system[1], and impedes transparency, negotiability, and trust. Many of these problems can be avoided if the host (inspected) facility is required to provide continuous, live sensor data (including video signals) to inspectors who are (ideally) located just outside the facility during dismantlement operations. The veracity of these signals can be confirmed by techniques known as live verify and local verify.[17] The live verify techniques are intended to increase confidence that the video (or other sensor) data is live, not pre-recorded. This helps to overcome the inspectors' concerns that they are being fed recorded video (or other) data showing what is supposed to be occurring, rather than what is actually taking place currently inside the dismantlement facility. Examples of ways the inspectors can perform live verify on video signals include such things as: 1. Occasionally asking the facility personnel to take some specific action in front of the camera, such as holding up a certain number of fingers or a particular card. This is a kind of challenge-response strategy.[17] 2. Asking facility personnel to spray paint or scratch a complex pattern on the walls while being observed on video. When the inspectors are allowed back in the facility, they can check for fresh paint and compare the actual surface with the video images. 3. The inspectors can be allowed to control the scene illumination intensity and spatial gradients in rapidly changing, unpredictable ways. This could be done remotely by the inspectors from outside the facility, or by automated electronics inside the facility that the inspectors have protected from tampering. Figure 2, for example, shows an LED party projector that is being used to project rapidly changing, moving light patterns throughout the room, as shown in figure 3. The complexity of the interaction of the light with the 3-dimensional objects in the room makes a realistic counterfeiting of the video images very difficult to do in real-time. (Note: To avoid annoying the nuclear facility employees, all this could be done in the near infrared instead of the visible. The infrared light would be invisible to the naked eye but readily recorded by video cameras.) 4. Other unpredictable patterns can be projected around the room and made to move in complex ways, such as the laser projected icon of the frowning face shown in figure 4 and generated by the inexpensive handheld device in figure 5. 5. The inspectors could remotely adjust (slightly) the pan and tilt for the cameras at unpredictable times. This provides a stereoscopic view of the scene that makes it more difficult for the host nation to counterfeit the video images in real-time vis a vis a 2-dimensional image. 6. Two different video cameras watching the same scene can also be placed at a skewed angle with respect to each other, effectively create a 3-dimensional image. This makes it even more difficult to fake live video scenes in real-time, especially when combined with complex illumination and spatial gradients changes, as well as moving light patterns and shadows, all controlled by the inspectors or their equipment. 7. Chaotic kinematic toys[18,19] of the sort shown in figure 6 can be placed in the background of the video scene. Their motion is continuous, but unpredictable. The shadows and reflections they generate, especially when the illumination has a strong spatial gradient, can be very difficult to mimic smoothly in real-time. (Lava lamps can also be placed in the video scene to provide continuous, but slower motion.) The disadvantage to this approach is that even the inspectors do not know how to predict the motion, unlike 1-5 above. While it certainly is possible for the host facility to switch between pre-recorded video and live feed (or splice in different video signals into a portion of the true video frame) in order to try to fool the

inspectors, it is very difficult in real-time to get an exact match between the live scene vs. the prerecorded one. The illumination intensity and gradients, the shadows and boundaries, and the individual pixel noise and gains present in the two images are very difficult to match realistically in real-time, at least with current technology. An analysis by the inspectors (at their leisure) of the recorded video waveforms, sync signal, and of the image frame-by-frame and pixel-by-pixel is likely to turn up anomalies. Faking a single high-resolution still photo in a convincing manner is possible, but a difficult and time-consuming challenge when the photo will be subject to detailed, expert scrutiny. Faking moving video images in real-time without getting caught is an even more challenging task. Given that the host nation does not know what kind of video analysis might be undertaken by the

Figure 2 - A Chauvet J-Five Dual LED moonflower party illuminator (~$89 retail).[20]

Figure 3 - Disco verification. A snap shot of the moving illumination patterns from the Chauvet J-Five Dual LED moonflower party illuminator shown in figure 2.

Figure 4 - A projected, moving laser pattern in the shape of a frowning face (bottom center). This was generated from the device shown in figure 5. Some of the laser light has been reflected onto the floor from the metal cabinet, making it even more complicated for an adversary to seamlessly intermingle real and fake portions of video images in real-time.

Figure 5 - The Geospace Super Laser Disc [21], about $9 retail. 20 individual icons can be projected based on the diffraction grating chosen by rotating the outer dial. The icons are thus stable over time, not rasterized like in a laser light show.

inspectors on their recorded video weeks or years later, it should be concerned about getting caught cheating. A local verify technique can help to establish that the signals originate from the facility of interest (or at least nearby) and not, in the case of video signals for example, from a dummy location made to look like the facility. This technique relies on time-of-flight information to establish the approximate distance from the video cameras (or other live sensors) that provide the live feed to the nearby inspectors. The finite travel time of electronic signals (~200,000 km/sec in wires) helps to establish that the live video or sensor data is emanating from within a few kilometers of the dismantlement

Figure 6 - An example of a chaos toy in motion. Note the shadows being cast. The shadowing and reflections of light change in a complex and unpredictable, but continuous manner. They are especially dramatic when there is a strong illumination gradient

facility. (1 nsec corresponds to about 30 cm of travel time for electromagnetic signals through air, and about 20 cm down a wire.) This time-of-flight technique requires the inspectors to occasionally provide some kind of unpredictable, fast rise-time signal that is detected by the live video or other high-bandwidth sensors. For video monitoring, light emitting diodes (LEDs) with rise times much less than 1 ns are readily available to provide a sudden change in illumination. The unpredictable, fast rise-time signals can be provided by the inspectors from outside the facility. Alternately, equipment that they have protected from tampering or intrusion can be left inside the facility to produce the fast rise-time signals at unpredictable times known only to the inspectors. The time-of-flight technique requires that the inspectors be located within a few kilometers of the inspected facility. Alternately, the can locate recording equipment within a few kilometers, thoroughly secure it from tampering, and allow it to record the live stream of video or other data transmitted from the facility for later analysis. Video has a much higher temporal resolution than the 1/60th of a second (17 msec) time between video frames.[22-24] In theory, the bandwidth of high-resolution professional and consumer video ranges from 27 MHz (37 nsecs temporal resolution corresponding to 7 meters spatial resolution in the time of flight) to 140 MHz (7 nsecs equal to 1.4 meters).[24] In practice, the useful bandwidths are less.[24]. Nevertheless, a CMOS-based video camera (with rolling shutter[22,23]) has a temporal resolution approaching 17 ns (3.5 meters) for adjacent pixels and 22 !secs (4.4 km) for adjacent scan lines. The theoretical resolution for a CCD-based video camera with its global (semi-simultaneous) shutter[22,23] is much less than 1 nsec, but there may be too few differential photons in a realistic video scene to be useful at that time scale.

BETTER SECURITY FOR SECRET KEYS AND PASSWORDS Nuclear safeguards and security equipment often requires the use of secret keys, passwords, or identification numbers for access control, data authentication, or encryption. Being able to quickly and reliably erase these keys, passwords, or identification numbers (typically 8-256 bytes in length) when intrusion is detected is problematic for three reasons.[25,26] Firstly, reliable detection of physical or electronic intrusion is a largely unsolved problem, especially against sophisticated adversaries such as the nation-states involved in arms control verification. Secondly, even if intrusion is detected, it is challenging to erase the secret information quickly enough to prevent an adversary from obtaining some or all of the information. Thirdly, data remanence is a risk even if erasure occurs. These problems can be at least partially overcome by using pointers and sometimes pseudo-random number generators to reduce the amount of information that needs to be quickly and reliably erased from 8-256 bytes (or more) down to 1 or 2 bytes.[25] An extension of these techniques is called the One-Time Pad of Digits Substitutions (OPODS). Using OPODS, data that has been logged inside monitoring equipment prior to when an adversary engages in physical or electronic trespassing cannot be effectively altered (beyond total erasure, which is not surreptitious).[26] Unlike conventional data encryption or authentication techniques, this is true even if the trespassing goes undetected![26] ACKNOWLEDGEMENT AND DISCLAIMER This work was performed under the auspices of the United States Department of Energy (DOE) under contract DE-AC02-06CH11357. The views expressed in this paper are those of the authors and should not necessarily be ascribed to Argonne National Laboratory or DOE. REFERENCES 1. RG Johnston and JS Warner, The Dr. Who Conundrum: Why Placing Too Much Faith in Technology Leads to Failure, Security Management 49, 112-121 (2005). 2. RG Johnston, Tamper-Indicating Seals, American Scientist 94, 515-523 (2005). 3. IAEA, Safeguards Techniques and Equipment, 2003, http://www-pub.iaea.org/MTCD/publications/PDF/NVS1-2003_web.pdf. 4. RG Johnston, "Tamper-Indicating Seals for Nuclear Disarmament and Hazardous Waste Management", Science and Global Security 9, 93-112 (2001). 5. RG Johnston, "Tamper Detection for Safeguards and Treaty Monitoring: Fantasies, Realities, and Potentials", Nonproliferation Review 8, 102-115 (2001). 6. RG Johnston, EC Michaud, and JS Warner, The Security of Urine Drug Testing, Journal of Drug Issues 39, 1015-1028 (2009). 7. ANL, Vulnerability Assessment Team, http://www.ne.anl.gov/capabilities/vat. 8. JS Warner and RG Johnston, Chirping Tag and Seal, Proceedings of the 51st Annual INMM Meeting, Baltimore, MD, July 11-15, 2010.

9. JS Warner and RG Johnston, Handbook of Security Blunders, Proceedings of the 51st Annual INMM Meeting, Baltimore, MD, July 11-15, 2010. 10. RG Johnston and ARE Garcia, "Simple, Low-Cost Ways to Dramatically Improve the Security of Tags and Seals", Proceedings of the IAEA Symposium on International Safeguards, Vienna, Austria, October 13-17, 1997. 11. RG Johnston, The Anti-Evidence Approach to Tamper-Detection, Packaging, Transport, Storage & Security of Radioactive Material 16, 135-143 (2005). 12. RG Johnston, et. al., 23 New Tamper-Indicating Seals, Los Alamos National Laboratory Report LAUR-05-1123. 13. RG Johnston, ARE Garcia, and AN Pacheco, The Town Crier Approach to Monitoring, International Journal of Radioactive Material Transport 13, 117-126 (2002). 14. RG Johnston, ARE Garcia, and AN Pacheco, Improved Security Via Town Crier Monitoring, Proceedings of Waste Management 03, Tucson, AZ, February 24-27, 2003. 15. JS Warner and RG Johnston, Why RFID Tags Offer Poor Security, Proceedings of the 51st Annual INMM Meeting, Baltimore, MD, July 11-15, 2010. 16. Mouser Electronics, TAOS Color Sensors, http://www.mouser.com/taos/?utm_id=4&utm_source=google&utm_medium=cpc. 17. ER Gerdes, RG Johnston, and JE Doyle, "A Proposed Approach for Monitoring Nuclear Warhead Dismantlement", Science and Global Security 9, 113-141 (2001), www.princeton.edu/~globsec/publications/pdf/9_2gerdes.pdf. 18. Chaos Toys, Chaos World of Motion, http://www.chaostoy.com. 19. EM Bollt and A Klebanoff, A New and Simple Chaos Toy, Intern. J Bifurcation and Chaos, 12, 1843-1857 (2002), http://people.clarkson.edu/~ebollt/Papers/TubeToy10WithCover.pdf. 20. Cauvet, J-Five, http://www.chauvetlighting.com/j-five.html. 21. Amazon.com, Geospace Laser Super Disc, http://www.amazon.com. 22. Dalsa, CCD vs. CMOS, http://www.dalsa.com/corp/markets/ccd_vs_cmos.aspx. 23. Elurauser.com, AVCHD User Information, http://www.avchduser.com/articles/canon_HF100_vs_panasonic_SD1.jsp. 24. Extron Electronics, Video Bandwidth, http://www.extron.com/company/article.aspx?id=vidband3. 25. RG Johnston and JS Warner, Using Pointers for Better Key and Password Security, Proceedings of the 51st Annual INMM Meeting, Baltimore, MD, July 11-15, 2010. 26. RG Johnston, MJ Timmons, and JS Warner, Protecting Nuclear Safeguards Monitoring Data from Tampering, Science and Global Security 15, 185-209 (2007).