Presented at INMM in July 1998 (26th-30th), in Naples, Florida.

ABSTRACT

The Argus Seal is a low-cost replacement for Copper-Brass and Cobra Seals that offers the capability of in-situ verification; thereby dramatically reducing both the life-cycle cost of using the seal as well as the time-delay from removal to verification and thus increasing the credibility of the Safeguards process. The Argus seal is an electrical equivalent of the popular Cobra seal, with a multi-stranded high resistivity wire replacing the Cobra seal's multi-stranded fiber-optic cable. The seal is interrogated without contact or connection through a low-power radio link to a familiar VACOSS-like reader. A re-usable Argus seal is now ready for field testing. The Argus seal was developed for this purpose by Aquila Technologies Group, Inc. (Aquila), in the USA, and Hi-G-Tek, Ltd. in Israel, with partial funding from the BIRD Foundation.

To extend the functionality of the Argus Seal, the next step in the development is to provide cryptographic authentication of the data that is output by the Argus seal. The authentication will provide assurance that the seal data originates from the correct original seal and that the data has not been tampered while in storage since original acquisition. Addition of authentication will be accomplished in two ways. The first is the protection of the RF communication link by using the well-known 3DES technique. The 3DES approach is based on private keys that are used by the system components. When the components in the system are communicating with each other they transfer the signatures generated by the private keys together with the data. The second is the protection of the seal data by integrating the DS1954 CryptoButton from Dallas Semiconductor into the seal. This passive chip incorporates 286,000 transistors dedicated to the cryptography functions of modular exponentiation and prime number generation. Among many other functions, the DS1954 provides an encapsulated method for adding authentication to the data stream.

INTRODUCTION

Recent disarmament trends, as well as adding States to the Nuclear Non-Proliferation Treaty, and increasing numbers of facilities; all have added to an increased demand on storage for fissile materials and components. The need to guarantee the safeguarding of these materials is not only necessary from a treaty standpoint, but, more importantly, from the standpoint of international security and safety. It has become increasingly obvious that outdated technologies, particularly in the area of seals, will soon be inadequate to deal with such safeguarding. The increased requirements for efficiency in manpower, safeguards systems budgetary limitations, and technological advances in remote monitoring call for a new approach to solving the safeguards storage problem.

With increased attention to development of remote monitoring, it has become increasingly necessary to pursue initiatives which would reduce or eliminate the need for on-site visits to retrieve data. At present, only the VACOSS seal is capable of operating remotely. It remains a high-cost, complicated instrument in the safeguards inventory. Today's challenge is to develop an inexpensive, easily operated, and technologically superior replacement. One answer to this challenge is to adapt radio frequency (RF) communications to seal technology. RF technologies provide real-time, online inventory and increased inventory accuracy. Funded by a grant from the Bi-national Industrial Research Foundation (BIRD), Hi-G-Tek, Ltd., Aquila Technologies, and Canberra Industries have developed a family of fiber-electric seals that may be interrogated via RF. By adding authentication to the seal, it can now compete favorably with the high-priced, high maintenance VACOSS seal.

RF TECHNOLOGY ADVANTAGES

Applying RF technology to Safeguards overcomes the limitations of other automatic identification approaches, such as bar coding, because RF does not require line-of-sight between the transceiver (seal) and the reader. This means that RF seals work effectively in hostile environments where excessive dirt, dust, moisture, and/or poor visibility would normally hamper rapid identification. In short, the most outstanding benefit of RF is its ability to read through various environments and at remarkable speeds—responding in less than 100 milliseconds in most cases. In addition, RF is automatic and transparent, eliminating the need to scan an object manually or activate a magnetic stripe, reader, or other contact ID technology. Better still, in the case of passive or battery-free seals, the identification capability lasts the life of the object to which the seal is attached.

Figure 1:
Argus Seals and Readers

The RF/ID system fielded by Hi-G-Tek, Aquila, and Canberra includes a range of seals, represented in Figure 1, varying in read-range, plus hand held terminals and system software, which is adaptable to palmtop, laptop, or desktop PCs. The seals are the backbone of the technology, and range in capability and price range based on function desired. All information logged by the system can be easily transported over selected networks and read remotely.

Aquila, in collaboration with Hi-G-Tek, has developed three separate types of seals, each with unique capabilities adaptable to specific requirements. Table 1 lists the features of the different types of Argus seals currently available:

Table 1: Feature comparison

Seal demonstration kits are available for evaluating the Argus Passive, Active, and long range "Star" seals.

Seals

This project has produced both active and passive transceivers (seals). An active seal receives its operating power from a battery built into the seal. These systems have the advantages of reducing power requirements from the reader and they have a longer reading range. On the negative side, they have a limited operating life and are more expensive than passive devices. A passive seal operates without a battery by obtaining its power from the energy generated by the reader. Passive seals are lighter and less expensive than active seals, and they have virtually an unlimited lifetime. The downside is that they have a shorter read range, have no real time memory, and require a higher-powered reader.

Seals are further divided into re-usable and one-time use seals. The active seals and long range "Star" seals are re-usable, whereas the passive seals are one-time use. The principle of operation for the RF seals developed in this project is such that the sealing wire creates a unique resistance pattern which cannot be replicated. This resistivity measurement is coupled with the seal's serial number to make a unique identification number for the seal. The construction of the sealing wire is such that it is not possible to measure the wire resistance from the outside of the seal. In the re-usable seal, the wire may be disengaged and later re-engaged. The one-time use seals may only be engaged once.

Once the seal is activated, it is capable of being read remotely. The stored data transmitted from the seal to the reader includes the seal ID number (24 bits), the engaging event random code (6 bits), and the wire-specific resistance value (8 bits). Together with three pilot bits, a 38-bit data word is transmitted from the seal to the external world following each reception of a "wake up" signal from the hand held reader.

Reader

The RF reader contains 1) electronic components that send and receive a signal to and from the seal or tag, 2) a microprocessor that checks and decodes the data it receives, and 3) memory that stores the data for later transmission. The reader also has an antenna to transmit and receive signals. The reader emits an electromagnetic field in a zone, the size of which depends upon the operating frequency of the system and the size of the antenna.

Operating Characteristics

In the low-frequency passive or active systems (125 KHz to 250 KHz), the reader sends a wake-up signal to the seal, charging the seal (for the passive seal) and allowing it to return a signal carrying the unique identification and sealing stamp code stored within it. The low-frequency system allows for accurate transmission through most nonmetallic materials. Tests have proven operability from at least -20 to +60 degrees C.

The short range Argus Passive Seal enables instant remote reading of sealing status from distances of up to 10 centimeters. With the Argus Active Seal the user is given instant and comprehensive sealing verification details from a distance of up to one meter. Using the Argus Active Seal's Reader, comprehensive event details of up to 100 events, including the exact time and duration of the event, are displayed on the reader's screen and can be downloaded as a text file to a PC for management and office control purposes.

The high-frequency (300MHz to 2.5GHz) Argus Star Seal system boasts read distances approaching 30 meters and can communicate more information at higher speeds. The reader sends a signal to the seal, which returns the data via a modulated signal being continuously reflected off the seal, giving a much quicker read. Using a small stationary reader connected to a PC or laptop, accurate readings can be guaranteed for multiple seals simultaneously. With a proper antenna system, accurate readings have been consistently obtained at distances of 30 meters.

Both low-frequency and high-frequency seals have their advantages. Although the low frequency passive devices provide slower data transfer than the high-frequency devices and must work at closer distances, close-range readers are beneficial in situations which call for the ability to read one seal at a time. Such seals are generally small, low cost, maintenance-free, and one-time use (for the passive seal). The short range Argus Active re-usable seal provides readings of one seal at a time with data logging of up to 100 sealing events, including time and date data. High-frequency devices can work at distances up to 30 meters, and the active seals are comparable in function with the VACOSS seal, with memory, date/time stamps, and a function enabling multiple seals to be read simultaneously. They are also re-usable.

AUTHENTICATION

Incorporating the capability of cryptographic authentication into the Argus seal provides not only assurance that the seal data originates from the correct original seal, but also that the data has not been tampered with while in storage since original acquisition. Addition of authentication will be accomplished in two ways. The first is the protection of the RF communication link by using the well-known 3DES technique which is based on private keys that are used by the system components. When the components in the system are communicating with each other they transfer the signatures generated by the private keys together with the data.

The second is the protection of the seal data by integrating the DS1954 CryptoButton from Dallas Semiconductor into the seal. Despite the fact that the seal wire resistivity and the seal ID combine to provide a unique registry for the seal, it is still necessary to cryptographically authenticate the seal data in order to ensure that the data actually originated from the specific original seal and that the data has not been altered since it was read from the seal.

As shown in Figure 2, the DS1954 will automatically append a true-time stamp and perform a hashing operation on any data that is input; in this case, the seal ID and resistivity data. Furthermore, the chip will encrypt the hash value with the private key generated and stored in the chip. The result is a cryptographic signature which, when appended to the original seal message, provides the required authentication.

Figure 2:
Authentication Process

It is only necessary to generate keys during seal manufacture. The DS1954 will broadcast the public key but will never reveal the private key. The private key is needed only internally and the public key can be engraved on the seal housing and stored in seal-reader databases. Also, the public key could be transmitted upon command. This combination provides the requisite authentication, key management, and key generation functions to provide the data security needed for the seal.

MEETING REMOTE MONITORING NEEDS

The Copper-Brass and Cobra seals currently in use in Safeguards applications are not suitable for remote monitoring. This project has demonstrated the feasibility of seals suitable for remote monitoring and that these seals can be produced affordably. In order to be effectively implemented with remote monitoring, the seal data must be exportable. In the case of Argus Seal systems, the data is collected at either a hand held terminal, palmtop, laptop, or PC. Information at these nodes is easily exportable via Internet, Ethernet, etc.

A comparison of the capabilities of various seals currently available for Safeguards applications is provided in Table 2:

Table 2: Technical Characteristics

As can be seen, the Copper-Brass and Cobra seals do not meet remote monitoring needs and are difficult to enter into safeguards databases. While the VACOSS seal is tamper resistant, in-situ verifiable, remotely verifiable, database compliant, and reusable, it is also very costly. Table 3 compares the cost of each seal.

Table 3: Cost Analysis

As illustrated in Tables 2 and 3, both remote monitoring and minimal cost requirements can be met by the new Argus seals. The verification costs for VACOSS and Argus reflect an amortized estimate for manual verification. In the case of remote monitoring, the verification cost is actually zero. Therefore, in remote monitoring applications these seals have a substantial advantage in cost-effectiveness compared to other technologies. These tables also point out the fact that those seals currently in use are at end of life; requirements have changed since they emerged. In addition, remote monitoring demands different seal characteristics such as:

• Real-time monitoring of containers via electronic tags/seals & transceivers/readers
• Ability to remotely log and store asset data
• Allow for periodic status reports
• Provide real-time asset tracking
• Report security and inventory information
• Ability to integrate with NDA measurement devices.

SUMMARY

Incorporating RF and authentication technology into a Safeguards tamper-indicating seal provides three advantages to MPC&A: real-time information and communications, accurate, real-time inventory, and authenticated information. The authenticated RF seals developed under this project offer the same reliability and verifiability of sophisticated electronic Safeguards instruments while keeping purchase and inspection costs extremely low. This technology has expanded the limits of MPC&A by providing timely, authenticated, accurate data collection right at its source. RF clearly out-performs other technologies in its accuracy, speed, flexibility, durability, and effectiveness in hostile environments.

REFERENCES

1. "RF Tags", Steve Kadner, INMM 1997.