《Chapter 14 Security Printing and Seals》.pdf

C H A P T E R 14 Security Printing and Seals A seal is only as good as the man in whose briefcase it’s carried. ¨ — Karen Sparck Jones You can’t make something secure if you don’t know how to break it. — Marc Weber Tobias 14.1 Introduction Many computer systems rely to some extent on secure printing, packaging and seals to guarantee important aspects of their protection. Most security products can be defeated if a bad man can get at them — whether to patch them, damage them, or substitute them — before you install them. Seals, and tamper-evident packaging generally, can help with trusted distribution, that is, assuring the user that the product hasn’t been tampered with since leaving the factory. Many software products get some protection against forgery using seals and packaging. They can at least raise the costs of large-scale forgery somewhat. We saw how monitoring systems, such as taxi meters, often use seals to make it harder for users to tamper with input. No matter how sophis- ticated the cryptography, a defeat for the seals can be a defeat for the system. I also discussed how contactless systems such as those used in the chips in passports and identity cards can be vulnerable to man-in-the-middle 433 434 Chapter 14 ■ Security Printing and Seals attacks. If you