Follow

entropyseal.com/

Neat tamper-evidence packaging concept: a random pattern of beads that's modified when you open the package, along with a smartphone app to automatically verify the pattern is correct.

Reusable glitter basically: to fake a seal, you need to make the significant effort of positioning each bead in the right place. Possible. But very time consuming.

I'd buy one!

With OTS timestamps this product would let you prove that a container had been sealed for a certain amount of time.

Show thread

@pete Neat indeed! Hacker injects water, freezes it, opens box, takes out cookies, closes it, dries it, ... easy :D

@giszmo Better yet, turn it upside down and immerse the top part in a liquid that you can freeze so as to not leave marks.

But it loot like it has protrusions into the beads to move them if turned. Those protrusions would also prevent movement if frozen.

@pete To me the mechanism looks like a cap on a cap on a jar. The friction between cap 2 and jar makes cap 1 rotate against cap 2 and only that mixes the beads for quarter a turn at which point the caps block and allow you to turn them against the jar. If turning it over changes the pattern, it's probably too fragile for any practical use.

@nic It's actually not a new technique: I first heard about it for use in securing nuclear weapons.

@pete we're investors in DUST which does a similar thing at a much smaller scale with post-industrial diamond particles

@nic Can a smartphone take a photo of the diamond dust? Or do you need more sophisticated tech?

@nic Too bad. Cellphone cameras would be a lot more convenient.

"@pete you need stronger optical sensors."

...also, after seeing just that message with in my notifications, my first thought was "ah! a joke about my glasses!" 😂

@pete I wonder how easy it is to open & close the thing without disturbing the pattern if you are slow & careful enough.

@kekcoin it looks like it's designed to disturb the pattern when it's rotated with small protrusions below the beads.

@jgettbtc I mean, seems like a pretty good question to me. :)

@pete I guess I'd just take another picture. But that's assuming I was aware it was dropped.

@pete I wonder if the security can be improved by doing it Russian dolls style. This way an attacker cannot take a picture, recreate at home and swap the jars later. Assuming they could get only brief access without possibility of taking it with them

@pete Isn't this is what people at ShiftCrapto working on?

@thinkmassive interesting!

In the vacuum sealed design, using particles with a strong static charge might be helpful: will change orientation when the seal is broken, and harder to position manually.

@pete Shift Crypto made a really nice tamper evident container like this a couple years ago. Used a bubble with beads like this that formed a unique fingerprint when air was vacuumed out of the package.

Unfortunatly they only seem to sell TE bags on the shop now...
shiftcrypto.shop/en/products/t

@jonf3n Interesting! Did you need a special vacuum pump? You could probably replicate that with off-the-shelf food storage bags.

@pete good question. I don't really know, but I think their intention was to use it as a hardware wallet manufacturer to discourage interdiction. So off-the-shelf isn't required.

The food storage vacuum system sounds like a great idea. I know they had to experiment a bit to find these little black balls which moved very randomly inside of the bubble. Used some kind of industrial lubricant powder or something.

@pete

hey all, i built both the vaccum TEP of shiftcrypto and the entropyseal.
apologies we have not yet published a video that clarifies some of the assumptions discussed here.

@giszmo - freezing attack is indeed not easily doable thanks to the protrusions, which we call pins, locking the entire system if the particles are frozen.

@giszmo - not friction makes cap insert rotate against the cap. there are teeth, actually heavy duty teeth that prevent from twisting the jar open without opening the particle insert into a loose state forcefully.

@kekcoin - slow and careful will still disturb the pattern due to pins inside cap and also from the other side of the insert. upside down opening does also not do the trick.

@jgettbtc - the design is foreseen in transparent polycarbonate, the locked particles should survive a simple drop easily. after all the design is made to be shipped internationally in locked state. thick tempered glass would be an option for the jar but would increase cost a bit.

@121
- love the idea of russian doll style. tough that would need two initial sizes and injection mold tooling is quite a cost factor.

@pete
- the vacuum tep's main security was not the bag but the problem to pull away the velcro particle pouch from the container without disturbing the pattern.

i gladly answer any further arising questions, also via entropyseal@protonmail.com

@fabianwyss I miss the part in the video where your app tells you if the jar was opened or not.

* close
* seal with app
* check seal with app: succeeds for a range of angles and lighting
* break seal
* check seal with app: fails with display of pattern

Not sure how far in the product cycle you are but I would find it extra cool if the app would recognize the orientation of the lid and normalize it and when checking, show a radar scanner animation superposing old and new scan.

@fabianwyss I imagine the app having a "seal" button which puts it into scan mode. As soon as it recognizes the lid in a good resolution, sharpness and lighting, it freezes the video stream, cuts the image to an ellipse and rotates that ellipse to a default orientation circle with max contrast (lid needs a marker for that).

The "check" button does the same but then diffs both images radar style for one round, displaying the pixel diff in red, with the result expressed as %% match.

@giszmo

Thanks for your valuable inputs.

We have not started with the App yet, focus until here was solely on the hardware.

It is our plan to normalize the image with the help of markers, rotation and homography. Instead of an algorithm to check on similarity, one concept we have in mind is to make a "blinking comparator" that shows normalized reference image and image to verify after each other with adjustable strobe speed. A speed slider helps to check on both images are authentic. If there is a difference, the user can see it.

@fabianwyss So the idea is to let the user judge. For a start that's probably good enough.

@giszmo

The plan is to offer the user a simple and utmost failproof App to visually compare. Algorithm based (dis)similarity in %, highlighting differences in red dots/areas, particle count etc. can be added on top. From a security perspective we believe it is safer to have a simple visual base layer in the App than fancy value prints.

I would go so far one day to show the user 5 sec movieclips of the taken image being automatically rotated to north, un-distorted, scaled, cut in a square standard and bw thresholded. Manipulated algorithm based pattern change would be visually detectable in a movieclip. Wysiwyg motion instead of an obscure algo in the background that is difficult to know what it exactly does and how it can be manipulated backdoor by an attacker.

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!