Tamper-evident describes a device or process that makes unauthorized
access to the protected object easily detected. Seals, markings or
other techniques may be tamper indicating.
2 Seals and signatures
3 Product packaging
4 Credit cards, money, stamps, coupons
5 Physical security
6 Computer systems
7 See also
Tampering involves the deliberate altering or adulteration of
information, a product, a package, or system. Solutions may involve
all phases of product production, distribution, logistics, sale, and
use. No single solution can be considered as "tamper proof". Often
multiple levels of security need to be addressed to reduce the risk of
tampering. Some considerations might include:
Identify who a potential tamperer might be and what level of
knowledge, materials, tools, etc. might they have.
Identify all feasible methods of unauthorized access into a product,
package, or system. In addition to the primary means of entry, also
consider secondary or "back door" methods.
Control or limit access to products or systems of interest.
Improve the tamper resistance by making tampering more difficult,
Add tamper-evident features to help indicate the existence of
Educate people to watch for evidence of tampering.
Length of time available for tampering. Particularly in transit,
anyone intending to tamper with tamper-evident-protected goods,
valuables, cash and confidential documents generally only has a window
of opportunity of a few minutes before discovery is likely. This makes
it both difficult and unlikely that they will have time to open the
packaging, examine or remove the items, and restore the packaging to
its original untampered condition.
Seals and signatures
Tamper-evident designs have been a feature of letters since ancient
times, often using wax, clay, or metal seals to signify that the
letter had not been opened since it was written. Roman signet rings
for example, were unique to the person who owned them, and the ring
was pressed into the hot wax seal forming a signature which could not
be easily duplicated by somebody attempting to re-seal the letter.
Similar practices continue today, from examples such as envelopes
to carefully designed packaging for payslips. In modern contract law,
it is common to see each page of a contract individually initialled
and numbered, so that any addition or removal of pages can be
detected. Meanwhile, most checks have a variety of features to defeat
both tampering and duplication (these are often listed on the back of
Technicians at the National
Security Agency developed anti-tamper
holograph and prism labels that are difficult to duplicate.
Security seals are commonly employed on devices like electronic voting
machines in an attempt to detect tampering. However, testing by
Argonne National Laboratory
Argonne National Laboratory and others demonstrates that existing
seals can usually be quickly defeated by a trained person using
low-tech methods. They offer ideas on countermeasures, and are
exploring the promising option of "anti-evidence" seals.
Tamper-evident currency bags have a seal that reveals if the bag has
been tampered with
A foil innerseal on a bottle
Tamper-evident design is perhaps most visible in the process of
product packaging and labelling, where it can be vital to know that
the product has not been altered since it left the manufacturer.
Cans of baby food were among the first high-profile cases, where
manufacturers were extorted by persons claiming to have added various
poisons to baby food and replaced them on supermarket shelves. The
amount of stock which needed to be destroyed (because it was
impossible to tell if a given item had been tampered with), and the
threat of public fear, meant that tamper-evident design principles had
the potential to save a lot of money in the future.
Jars of food items soon started appearing with a metal bubble-top lid,
commonly known as a "safety button", which -- like the lid of a Mason
jar -- popped out if the jar had ever been opened and stayed flat if
the jar was in pristine condition. Customers were advised to never buy
a product with a popped lid. (These lids would also pop out if the jar
was contaminated by gas-producing bacteria, which was an additional
safety feature.) Presumably the seal was achieved by packaging the
jars in a low-pressure atmosphere, although companies were reluctant
to divulge details. Soon after, the
BBC demonstrated that such
tamper-resistant jars could indeed be reclosed with their seals
intact, and this spurred more robust designs.
Newer jars of food tend to come with a plastic wrap around the edge of
the lid, which is removed when opening, although the springy-cap
designs are still in common use.
Tamper-evident packaging also extends to protect stores; there are
some scale labels for meats and deli products that will tear if
The Tylenol Crisis of 1982 involved over-the-counter medications. Due
to FDA regulations, many manufacturers of food and medicine (as well
as other products) now use induction sealing and other special means
to help provide evidence of tampering. Break-away components which
cannot be reattached are useful. Custom seals, security tapes, labels,
RFID tags, etc. are sometimes added.
Security packaging is needed to contain evidence of crimes. Items must
be kept in an unaltered state until they are submitted in a legal
Packaging that tears open raggedly or otherwise cannot readily be
resealed is sometimes used to help indicate tampering.
Often, multiple layers or redundant indicators are used because no
single layer or device is "tamper-proof". Consideration should be
given to unique custom indicators (which should be changed regularly
because these are subject to counterfeiting).
End-users and consumers need to be educated to watch for signs of
tampering, both at the primary means of entrance and at secondary or
"back door" locations on a package.
Credit cards, money, stamps, coupons
In financial terms, tamper-evident design overlaps a lot with
anti-forgery techniques, as ways to detect monetary tokens which are
not what they seem.
Postage stamps for example, may contain a layer of
ultraviolet-reflective ink which changes state under pressure. The
impact from a postmarking machine then leaves a UV-visible mark as
well as an ink mark which identifies attempts to reuse stamps.
In a similar vein, asset-numbering labels on corporate equipment (PCs
and the like) are often designed to leave an imprint of either the
serial number, or the word "VOID" if the label is peeled off. However,
this can easily be defeated by warming up the label using a blow dryer
so it will be more flexible and forgiving to removal (and
Road tax vignettes and price tags are often tamper-evident in the
sense that they cannot be removed in one piece. This makes it
difficult to move a vignette from one car to another, or to peel off a
price tag from a cheaper article and reapply it to a more expensive
Money is tamper-evident in the sense that it should be difficult to
produce a financial token without authorization, even if starting from
a token of lower value. For example, forgers may attempt to clean the
ink from a banknote and print the image of a higher-denomination note
on it, giving them the carefully guarded "banknote paper" which is
otherwise very difficult to obtain. This may be one of the reasons why
many countries use banknotes of different size in ascending order of
value. A British £5 banknote issued by
Bank of England
Bank of England is much
smaller than a £50 banknote, and therefore can't be used to create a
Tamper-evident physical devices are common in sensitive computer
installations, for example network cabling is often run down
transparent conduit in plain view and switches located in
glass-fronted cabinets, where any unusual device attached to the
network can easily be seen.
Despite the easy availability of miniature key loggers, tamper-evident
design is not often used in personal computers. While transparent
computer cases and keyboards are common, they are mainly used for the
decorative effect rather than security. Many PCs do have a switch to
detect opening of the case, and this provides a visual notification
when the computer is next turned on that the case has recently been
opened. In any case, it has long been possible to complicate the task
of tampering with electronic devices by sealing them with
tamper-evident tape or sealing wax. Alternatively, radio-controlled
alarm-devices (which transmit a silent alarm) can be installed, or
cases can be glued shut in such a manner that tampering attempts will
distort or fracture the casing.
Fire alarms and other emergency switches are typically non-reversible,
using a piece of glass which must be broken to activate the alarm. For
example, Panic buttons in burglar alarm systems might require a
plastic key to reset the switch.
In very much the same manner as with fire alarms, many emergency
handles and levers, or handles that are not meant to be opened
regularly, are enclosed in a thin metal or plastic security seal. The
seal is thin, so as not to prevent the handle from being used (in due
time), but only to alert maintenance/security personnel that the
handle was indeed used. Many times, large sea-going shipping
containers have such a metal ring or seal attached to them at the
source port. After traveling at sea (and perhaps by land as well), the
containers reach their destination, where each container is checked to
have the seal properly in place (against a list of doublets -
In police work, tamper-evident techniques must often be used to guard
access to evidence, providing means of storing items and samples in a
way which can be used to prove that they were not altered after their
collection. It could be argued that CCTV systems perform a similar
function in the handling of suspects. Video systems of course, can be
given tamper-evident features by the use of timestamps generated by a
suitably trusted clock.
In cryptographic terminology, cryptographic hash functions and
cryptographic signatures are used to add a tamper-evident layer of
protection to document, often referred to as an electronic signature.
Hardware encrypted full disk drives utilise tamper-evident cases, so
when it is retrieved the owner can be assured that the data has not
been compromised, thus preventing costly further actions such as
notifying the data owners.
The document, email, or file to be protected is used to generate a
signed hash, a number generated from the contents of the document. Any
change to the document, no matter how trivial, such as changing a
single bit from a 1 to a 0, will cause it to have a different hash,
which will make the signature invalid. To alter a document while
purposely maintaining the same hash, assuming the hash function and
the program implementing it are properly designed, is extremely
difficult. See avalanche effect and hash collision.
Hardware-based full disk encryption
1982 Chicago Tylenol murders
Packaging and labelling
^ Johnston, R.G. (July 1997). "Effective Vulnerability Assessment of
Tamper-Indicating Seals". J. Testing and Evaluation. 25 (4).
^ Sharon A. Maneki. "Learning from the Enemy: The GUNMAN Project".
2012. p. 26.
^ "Defeating Existing Tamper-Indicating Seals". Argonne National
Laboratory. Archived from the original on 7 October 2008.
^ Rosette, J L (2009), "Tamper-Evident Packaging", in Yam, K L,
"Encyclopedia of Packaging Technology", Wiley (published 2010),
^ Dallas, Martin (1 October 2014), "Anticounterfeiting Packaging 101",
PharmTech, retrieved 21 January 2018
^ Nationwide wrote to all customers
FDA Compliance Policy Guides - CPG Sec. 450.500 Tamper-Resistant
Packaging Requirements for Certain Over-the-Counter Human Drug
"Improving Tamper-Evident Packaging: Problems, Tests and Solutions",
Jack L. Rosette, 1992
"Tamper Evident Microprocessors", Adam Waksman and Simha
Disposable food packaging
Modified atmosphere/modified humidity packaging
Bags and flexible containers
Corrugated box design
Flexible intermediate bulk container
Foam food container
Insulated shipping container
Intermediate bulk container
Self-heating food packaging
Linear low-density polyethylene
Liquid packaging board
Screw cap (wine)
Shock and vibration data logger
Temperature data logger
Time temperature indicator
Automatic identification and data capture
Blow fill seal
Die forming (plastics)
Electronic article surveillance
Track and trace
Verification and validation
Extended core stretch wrapper
Injection molding machine
Label printer applicator
Lineshaft roller conveyor
Material handling equipment
Mechanical brake stretch wrapper
Orbital stretch wrapper
Rotary wheel blow molding systems
Turntable stretch wrapper
Vertical form fill sealing machine