0

Tamper-Evident devices and measures are devices which in some way indicate that an event not intended by the developer or manufacturer has occurred. Examples of tamper-evident devices are stickers that leave specific residue or are destroyed upon removal, etc.

Some of these tamper-evident devices are comparatively easy to "defeat", meaning that one can tamper with the device and not leave any indication that tampering has occurred.

Are there any standards or guideline that tamper-evident devices can adhere to, in order to indicate a certain level of quality? Similar to how some standards for web-application security already exist.

  • Like TCSEC https://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteria or Common Criteria https://en.wikipedia.org/wiki/Common_Criteria? – schroeder Feb 04 '20 at 13:35
  • @schroeder I don't know the orange book by heart - shame on me - but does it actually give a list of requirements how a tamper-evident device needs to perform? –  Feb 04 '20 at 13:37
  • Sorry, I expanded on it. I believe TCSEC and CC have physical criteria – schroeder Feb 04 '20 at 13:38
  • @schroeder I would have to go through CC, but I would be surprized if it would go more in-depth than "[...] has to ensure tampering attempts can be detected." –  Feb 04 '20 at 13:41
  • Someone asked a somewhat-related question [_How to protect network equipment in public spaces?_](https://security.stackexchange.com/q/216188/61744) a little while back, and in researching my answer, I could find little evidence of "hard" standards (although I wasn't searching specifically for "_tamper evident_"). – TripeHound Feb 04 '20 at 15:15

0 Answers0