latest pharma security talk May 2007

60 %
40 %
Information about latest pharma security talk May 2007
Education

Published on February 24, 2008

Author: Tatlises

Source: authorstream.com

Wrestling with the Realities of Pharmaceutical Tampering & Counterfeiting:  Wrestling with the Realities of Pharmaceutical Tampering & Counterfeiting Roger G. Johnston, Ph.D., CPP Vulnerability Assessment Team Los Alamos National Laboratory 505-667-7414 rogerj@lanl.gov http://pearl1.lanl.gov/external/c-adi/seals/index.shtml LAUR-07-2828 Slide2:  Physical Security consulting cargo security tamper detection training & curricula nuclear safeguards new tags, seals, & traps vulnerability assessments novel security approaches security psychological issues The VAT has done detailed vulnerability assessments on hundreds of different security devices, systems, & programs. LANL Vulnerability Assessment Team The greatest of faults, I should say, is to be conscious of none. -- Thomas Carlyle (1795-1881) Slide3:  Topics High Technology ≠ High Security Tamper-Evident Packaging Cargo Tamper Detection Anti-Counterfeiting Tags Problems with Secret Tags & Taggants RFIDs & Track-and-Trace Call-In the Numeric Token (CNT) Terminology:  Terminology lock: a device to delay, complicate, and/or discourage unauthorized entry. seal: a tamper-indicating device (TID) designed to leave non-erasable, unambig- uous evidence of unauthorized entry or tampering. Unlike locks, seals are not necessarily meant to resist access, just record that it took place. “Who are you and how did you get in here?” ‘I’m a locksmith and I’m a locksmith.’ -- Leslie Nielsen as Lt. Frank Drebin, Police Squad Terminology:  tag: an applied or intrinsic feature that uniquely identifies an object or container. types of tags inventory tag (no malicious adversary) security tag (counterfeiting & lifting are issues) buddy tag or token (only counterfeiting is an issue) anti-counterfeiting (AC) tag (only counterfeiting is an issue) lifting: removing a tag from one object or container and placing it on another, without being detected. Terminology Tags & Seals:  Applications customs cargo security non-proliferation treaty verification counter-terrorism counter-espionage banking & couriers drug accountability records & ballot integrity evidence chain of custody weapons & ammo security tamper-evident packaging anti-product counterfeiting protecting instrument calibration protecting medical sterilization waste management & hazardous materials accountability Some of the 5000+ commercial seals Tags: Uniquely identify an object or container Tags & Seals Seals: Detect tampering or unauthorized access Warning: High-Tech does not guarantee High Security. :  Warning: High-Tech does not guarantee High Security. The badness of a movie is directly proportional to the number of helicopters in it. -- Dave Barry If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology. -- Bruce Schneier Why High-Tech Tags & Seals Are Usually Vulnerable To Simple Attacks:  Why High-Tech Tags & Seals Are Usually Vulnerable To Simple Attacks Still must be physically coupled to the real world Still depend on the loyalty & effectiveness of user’s personnel The increased standoff distance decreases the user’s attention to detail Technology is a 2-edged sword Many more legs to attack Why High-Tech Tags & Seals Are Usually Vulnerable To Simple Attacks:  The high-tech features often fail to address the critical vulnerability issues Users don’t understand the technology Rohrbach’s Maxim (no security device or system will ever be used properly, i.e., the way it was designed, all the time) & Rohrbach-Was-An-Optimist Maxim Developers & users have the wrong expertise and focus on the wrong issues The “Titanic Effect”: high-tech arrogance Why High-Tech Tags & Seals Are Usually Vulnerable To Simple Attacks Warning: Existing tamper-evident packaging isn’t very effective, yet product tampering (by insiders or outsiders) is inevitable.:  Warning: Existing tamper-evident packaging isn’t very effective, yet product tampering (by insiders or outsiders) is inevitable. Why do croutons come in airtight packages? It’s just stale bread to begin with. -- George Carlin On a bag of Fritos: “You could be a winner! No purchase necessary. Details inside.” Common Tamper-Evident Packaging:  Common Tamper-Evident Packaging pressurized containers adhesively sealed packaging blister pack frangible plastic film break-off lids pop up buttons foil seal under cap I think the inventor of the piñata may have had some unresolved donkey issues. -- Dan Johnson Slide12:  7th Security Seals Symposium Santa Barbara, CA February 28 - March 2, 2006 Tamper-Evident Packaging Test 71 tamper detection experts participated. A VAT college student (Sonia Trujillo) did the product tampering using only low-tech attacks. 30 different consumer food & drug products. 9 were tampered with. Participants were to pick exactly 3 (out of 10) products they thought had been tampered. Notes:  Notes This was not a realistic or rigorous test because… The seal inspectors were tampering experts. They were told the products were tampered with. (Tamperers usually don’t announce their attacks.) Visual inspection only. They didn’t get to open the packages, which can help spot tampering. (However, most consumers will use--at most--visual evidence.) Many participants took MUCH longer than the 4 secs per package they were directed to use. The hard part about being a bartender is figuring out who is drunk and who is just stupid. -- Richard Braunstein Slide14:  statistically the same as random guessing! If tamper detection experts can’t reliably detect product tampering, what chance does the average consumer have? Problems with Consumer Tamper-Evident Packaging:  Problems with Consumer Tamper-Evident Packaging Mostly about Displacement, Due Diligence, Compliance, & Reducing Jury Awards—not effective Tamper Detection No meaningful FDA Definitions, Standards, Guidelines, or Tests Consumers lack sufficient information to use properly Poor labeling. If the seal is removed, the consumer may not realize a seal originally existed. “Do not eat if seal is missing.” -- actual printing on the seal Problems with Consumer Tamper-Evident Packaging (con’t):  Problems with Consumer Tamper-Evident Packaging (con’t) What is the seal supposed to look like? Euphemisms (e.g., “freshness seal”) and manufacturer obscurations. Relatively unimaginative, cost-driven designs Few useful vulnerability assessments Not proactive to the threat It had only one fault. It was kind of lousy. -- James Thurber (1894-1961) Poor TEP Labeling:  Poor TEP Labeling The consumer may open the other end, where there is no warning. Printed on the side, where the consumer may not see it. Warning not highlighted: buried in the text. The only warning is on the seal. Incorrectly claims the TE packing “resists tampering”! Warning: Existing tamper-indicating seals (at least the way they are typically used) aren’t very effective for cargo security.:  Warning: Existing tamper-indicating seals (at least the way they are typically used) aren’t very effective for cargo security. Now that the world is getting over the initial shock, and the war against terrorism has begun, what now for bridal retailers? -- Actual editorial in the trade magazine Bridal Buyer “The time has come,” the Walrus said, “To talk of many things: Of shoes--and ships--and sealing wax Of cabbages--and kings.” -- Lewis Carroll, Through the Looking Glass Terminology:  defeating a seal: opening a seal, then resealing (using the original seal or a counterfeit) without being detected. attacking a seal: undertaking a sequence of actions designed to defeat it. Defeating seals is mostly about fooling people, not beating hardware (unlike defeating locks, safes, or vaults)! Terminology Seals Vulnerability Assessment:  Seals Vulnerability Assessment We studied 244 different seals in detail: • government & commercial • mechanical & electronic • low-tech through high-tech • cost varies by a factor of 10,000 Over half are in use for critical applications, and ~19% play a role in nuclear safeguards. Percent of Seals That Can Be Defeated in Less Than a Given Amount of Time :  Percent of Seals That Can Be Defeated in Less Than a Given Amount of Time High Tech Isn’t Automatically Better!:  High Tech Isn’t Automatically Better! Linear LS fit r = 0.10 Slope = 270 msec/$ 393 attacks Linear LS fit r = 0.19 Slope = 170 msec/tech level The Good News:  The Good News Simple countermeasures usually exist, but require: understanding the seal vulnerabilities looking for likely attacks having seen examples Countermeasures 393 attacks The Good News (con’t):  But better seals are also possible! conventional seals: They must store the fact that tampering has been detected until the seal can be inspected. But this ‘alarm condition’ can be easily hidden or erased, or eliminated by making a fresh counterfeit seal. anti-evidence seals: At the start, when the seal is first installed, store information that tampering hasn’t yet been detected. Erase this ‘anti-evidence’ when tampering is detected. This leaves nothing for an adversary to hide, erase, or counterfeit! The Good News (con’t) 20+ New LANL “Anti-Evidence” Seals:  20+ New LANL “Anti-Evidence” Seals low cost better security no hasp required no tools to install or remove seal 100% reusable, even if mechanical the seal can go inside the container can monitor volumes or areas, not just portals can automatically verify the seal inspector actually checked the seal (“anti-gundecking”) Warning: Practical & effective AC Tags don’t currently exist. The Holy Grail: a practical, inexpensive AC tag that is small, light-weight, easy for anyone to verify (ideally by eye), but difficult & expensive to counterfeit. Is this even possible? :  Warning: Practical & effective AC Tags don’t currently exist. The Holy Grail: a practical, inexpensive AC tag that is small, light-weight, easy for anyone to verify (ideally by eye), but difficult & expensive to counterfeit. Is this even possible? The great film comedian, Charlie Chaplin, once entered a Charlie Chaplin look-a-like contest for a laugh. To his surprise, he did not win. For every flamingo in the United States, there are 700 fake plastic ones. Common Anti-Counterfeiting Tags:  Common Anti-Counterfeiting Tags RFIDs contact memory buttons holograms color changing films covert marks, inks, or micro-patterns (secret tags) taggants Everyone wants to be Cary Grant. Even I want to be Cary Grant. -- Cary Grant (1904-1986) Fake Counterfeits:  Fake Counterfeits Counterfeiting security devices is usually easier than developers, vendors, & manufacturers claim. Often overlooked: The bad guys usually only needed to mimic the superficial appearance and maybe the apparent performance of the security device, not the device itself. Sincerity is everything. If you can fake that, you’ve got it made. -- George Burns (1885-1996) The Problems with Holograms:  The Problems with Holograms easy to counterfeit (See, for example, http://www.nli-ltd.com/publications/hologram_counterfeiting.htm) embossed (stamped) holograms are especially trivial to duplicate easy to fool consumers & harried pharmacy techs with flashy colors a number of companies will copy holograms for you, few questions asked do-it-yourself hologram turnkey systems are available The Problems with Color Shifting Ink:  The Problems with Color Shifting Ink Manufacturers will usually sell the ink to almost anybody (despite claims otherwise). There are lots of cheap, readily available color-shifting pigments, paints, cosmetics, & coatings that’ll fool consumers & harried pharmacy technicians. The Problems with Blister Packs:  The Problems with Blister Packs Packaging companies will blister pack for anybody, few questions asked. Blister pack supplies are readily available. New & used blister pack machines are relatively inexpensive (though aren’t really necessary). If ignorance were bliss, he’d be a blister. -- Anonymous Slide32:  The Problems with Covert Marks, Inks, Micro-Patterns & Other Secret Tags Drug counterfeiters already pore over the packaging, so they will figure out the secret. Secrets are hard to keep. Shannon’s Maxim: The bad guys know what you are doing (so “security by obscurity” won’t work). Use it & lose it: The secret is compromised the first time you tell a customer or government authorities how to check authenticity. Everything secret degenerates … nothing is safe that does not show how it can bear discussion and publicity. -- attributed to Lord Acton (1834-1902) Slide33:  Fooling the eye (and simple readers) with fake inks & patterns is easy. The public has known about UV fluorescent dyes & black lights since the 1960s. The new IR dyes are also becoming known. Can require high levels of quality control in the printing. The Problems with Covert Marks, Inks, Micro-Patterns, & Other Secret Tags (con’t) How do you know when you’ve run out of invisible ink? -- Steven Wright Slide34:  Can’t be used by the consumer. Repackagers, Consolidators, Commercial & Institution Pharmacies may dispense authentic drugs, then place fake drugs in the authentic packaging & resell. Suspicious products needs to be analyzed, anyway. Printing on a Chinese medicine bottle: “Expiration date: 2 years” The Problems with Covert Marks, Inks, Micro-Patterns, & Other Secret Tags (con’t) Slide35:  Requires reformulating the drug. Many of the same problems as with secret tags. The Problems with Taggants "Warning: do not use if you have prostate problems." -- On a box of Midol PMS relief tablets Slide36:  Why not analyze the drug instead? That’s the best possible taggant, and the only important issue, anyway! + New (fast/cheap/small) field analytical devices are becoming available: GC/MS/FTIR/LIBS/other spectroscopies + Other physical/mechanical properties are fast, cheap, & easy to measure, but tricky for counterfeiters to duplicate. Examples: density, gloss, hardness, porosity, viscosity, water content, melting point, dielectric constant, optical activity, thermal conductivity, vapor pressure, colorimetry. The Problems with Taggants (con’t) Nothing is like it seems, but everything is exactly like it is. -- Yogi Berra Slide37:  Potential High-Tech Tag Technologies (though little R&D is underway) thin films ferrofluids ultrasonics liquid crystals biological materials micro- & nano-particles novel glasses/ceramics electrostatics & magnetics transport & diffusion phenomena advanced polymers & composites exotic organics & macromolecules nonlinear optical & electrooptic materials Technology: No place for wimps! -- Scott Adams Slide38:  The Problems with FDA RFID Track & Trace mandatory several years off complicated & expensive consumers & small retailers are left out yet worldwide, most counterfeits are introduced at those levels no easy way to deal with consolidators & repackagers FDA misses the point: the RFID is not the security! Hope is not a strategy. -- Michael Henos RFIDs: Radiofrequency Identification Devices (Tags):  RFIDs: Radiofrequency Identification Devices (Tags) RFID transponders transmit serial numbers using radio waves. Most RFIDs do not use batteries (passive), but some do (active). Some are even “semi-passive.” Passive RFIDs draw power from a rf pulse generated by the reader. Common frequencies: low (~125 KHz), high (~13.56 MHz), ultra-high (433 & ~900 MHz), & microwave (2.45 & 5.8 GHz). RuBees: < 450kHz. There is a huge danger to customers using this (RFID) technology, if they don't think about security. -- Lukas Grunwald (creator of RFDump) RFIDs: fine for inventory, problematic for security:  RFIDs: fine for inventory, problematic for security Easy to lift. Easy to block or jam signals. Easy to counterfeit. All needed information, software, & parts are readily available. Easy to eavesdrop on a RFID and record its signal. Free software and information are on the Internet. Easy to spoof the reader from a distance, tamper with it, or swap it out for a counterfeit. No access to the RFID itself is needed. RFIDs: easy to defeat:  RFIDs: easy to defeat We’ve counterfeited a number of different RFIDs, and otherwise spoofed a variety of readers. Our first attempt at attacking RFIDs a few years ago: Starting with zero knowledge, it took 2 weeks, and < $20 in parts to demonstrate 5 different defeats. “You’ve done a nice job decorating the White House!” -- Pop Star Jessica Simpson to Interior Secretary Gale Norton during her VIP tour of the White House RFIDs: easy to defeat:  RFIDs: easy to defeat Lots of other people (including hobbyists) know how to defeat RFIDs and readers, too. See, for example: http://cq.cx/vchdiy.pl http://www.rfdump.org/ http://www.gluelogix.com/OneDollarWirelessInterface.shtml http://www.theregister.co.uk/2006/08/04/cloning_epassports/ http://www.cl.cam.ac.uk/~gh275/relay.pdf https://events.ccc.de/congress/2006/Fahrplan/events/1597.en.html http://news.zdnet.com/2100-1009_22-5287912.html http://www.wired.com/wired/archive/14.05/chips.html http://www.wired.com/wired/archive/14.05/rfid_pr.html http://hackingrfid.pbwiki.com/FrontPage http://www.forbes.com/home/commerce/2004/07/29/cx_ah_0729rfid.html http://www.silicon.com/research/specialreports/ecrime/0,3800011283,39158120,00.htm http://www.iaik.tugraz.at/research/vlsi/02_products/05_rfid_demotag/index.php https://events.ccc.de/congress/2005/wiki/RFID-Zapper(EN) http://www.examiner.com/a-234701~Digital_dog_tag_already_cloned.html http://video.google.com/videoplay?docid=- 4157924840842457233&q=RFID+Vulnerabilities+in+RFID+Credit+Cards RFID Counterfeiting Devices:  RFID Counterfeiting Devices Hobbyist: RFID Skimmer, Sniffer, Spoofer, Cloner. Commercial: Used for “faking RFID tags”, “reader development.” Commercial: $20 retail, Cloner. What about cryptographic RFIDs?:  What about cryptographic RFIDs? Expensive & usually require a battery. Typically weak or non-existent physical tamper detection capabilities. People have defeated them various ways: http://www.enterprise-security-today.com/story.xhtml?story_title=RFID-Vulnerability- Exposed&story_id=30105 http://www.cioinsight.com/print_article2/0,2533,a=148335,00.asp http://www.examiner.com/a-234701~Digital_dog_tag_already_cloned.html http://www.wired.com/wired/archive/14.05/rfid.html http://www.eetimes.com/news/latest/showArticle.jhtml;jsessionid=E4UP4JUJB3I4UQ SNDBESKHA?articleID=180201688 Of all the radio stations in Chicago…we’re one of them. -- Slogan of FM 105.9, the classic rock radio station in Chicago Slide45:  Intended for public communication between two secure points (in space or time). Provides reliable security if and only if the sender and the receiver are physically secure. (Usually not the case!) Warning: Data Encryption/Authentication The security of a cipher lies less with the cleverness of the inventor than with the stupidity of the men who are using it. -- Waldemar Werther What encourages RFID attacks?:  What encourages RFID attacks? 1. High-Tech Security Maxim: The amount of careful, critical security thinking that has gone into a given security device, system, or program is inversely proportional to the amount of high-technology it uses. 2. Low-Tech Security Maxim: It’s easy to defeat most security devices and features (including high-tech ones) with low-tech attacks. 3. Familiarity Security Maxim: Any technology becomes more vulnerable to attacks when it becomes more widely used, and when it has been used for a longer period of time. 4. Payoff Security Maxim: The more money that can be made from defeating a technology, the more attacks & attackers will appear. There are two kinds of fools: One says, “This is old, therefore it is good.” The other one says, “This is new, therefore it is better.” -- William R. Inge (1860-1954) What encourages RFID attacks?:  What encourages RFID attacks? 5. Vehement Opposition: RFIDs face a lot of opposition, for both legitimate & wacky reasons: • rf interference • failure-to-read rates • anti-technology attitudes • desire to shoot down the hype • privacy & “Big Brother” concerns • international standards problems • cost, delays & hassles to implement • paranoia (health risks, fear of alien abductions, etc.) • increasing recognition that they are not security devices 6. RFIDs and rf technology has been around for decades & are now widely used in many applications, including by home hobbyists for robotics and home automation. 7. Counterfeits don’t have to work very well because rf is flakey anyway. What encourages RFID attacks?:  What encourages RFID attacks? 8. Passive short-range RFIDs aren’t really rf devices. 9. RFIDs and Readers are inexpensive & readily available for cannibalizing. (High-tech cuts both ways). 10. RFID manufacturers are eager to provide technical support, free samples, and cheap evaluation kits, thus revealing vulnerabilities. 11. RFID manufacturers are not security companies. 12. The Internet & patents are full of RFID design & attack information. 13. Programmable Read/Write RFIDs can often be made to look like Read-Only RFIDs (because they are often the same product). Never buy beauty products from a hardware store. -- Miss Piggy What encourages RFID attacks?:  What encourages RFID attacks? Radio frequency signals are invisible and not very directional. 15. Security does not happen by accident. RFIDs are not security devices, & it’s difficult enough to have good security even when security is designed in from the start. 16. Rohrbach’s Maxim. Blink your eyelids periodically to lubricate your eyes. -- Hewlett-Packard’s Environmental, Health, and Safety Handbook for Employees Bar Codes & RFIDs: essentially the same thing:  Bar Codes & RFIDs: essentially the same thing RFID is basically a bar code that barks. -- Robin Koh, MIT Auto-ID Lab visible operation + highly directional (good for security) invisible to user + not highly directional (bad for security) Bar Codes offer poor security, but RFIDs may be worse! (Score each attack 0-10, with 0=trivial, 10=very difficult.):  Bar Codes offer poor security, but RFIDs may be worse! (Score each attack 0-10, with 0=trivial, 10=very difficult.) average attack difficulty: 3.3 1.7 Which pharma counterfeiters will be hampered?:  Which pharma counterfeiters will be hampered? RFID + Track & Trace RFID Only RFID readers widely used by small retailers & consumers RFID readers not widely used by small retailers & consumers Types of counterfeiters: 1 - High-volume, who introduce counterfeits at the wholesale or large retail level. 2 - High-volume, who introduce counterfeits at the small retail or consumer level. 3 - Unsophisticated small-volume, who introduce at the small retail or consumer level. In the absence of effective AC Tags, this is one method to impede & detect product counterfeiting.:  In the absence of effective AC Tags, this is one method to impede & detect product counterfeiting. The pursuit of perfection often impedes improvement. -- George Will “Call-In the Numeric Token” (CNT) Technique virtual numeric token imperfect, but inexpensive & painless a societal/statistical approach to counterfeiting participants help others & themselves Slide54:  Lot: 4ZB1026 Exp: 04/06 Bottle ID: MPD709 unique unpredictable random, non-sequential at least 1000 times more possible ‘Bottle’ IDs per Lot than actual bottles CNT (“Bottle” can really mean bottle, tube, box, container, pallet, truck-load, etc.) Bottle ID Slide55:  CNT Technique (con’t) Print “Bottle” ID on bottles, or other packaging at the factory, or attach printed adhesive labels later. Keep secure computer list (database) of valid Bottle IDs for each Lot. >1.5 billion containers per DVD. CNT handles Case 1 (all fakes have same ID), Case 2 (all fakes have different IDs), or Case 3 (some combination). Slide56:  CNT Technique (con’t) “Calling-in”: Customers log into a web site, or call an automated phone line to quickly check if their Bottle ID is valid for the given Lot number. (Yes/No response.) Works at the consumer level—unlike FDA’s RFID track & trace Callers may or may not remain anonymous. (Pros & Cons). Useful even if only a very small fraction of customers participate. Slide57:  Invalid Bottle IDs that are called-in will be immediately recognized as counterfeits. Any duplicate valid Bottle IDs that are called-in will be flagged as counterfeits with fairly high reliability. Wholesalers, re-packagers, and other handlers of large quantities can spot counterfeits even without calling-in by finding duplicate Bottle IDs in their own database of past and present stock. (“Self-checking”.) Counterfeits are spotted by… Slide58:  Counterfeiters The bad guys are hampered by these problems: Guessing valid ID numbers isn’t practical. Getting large numbers of valid IDs is challenging, and they change with each new Lot. Making counterfeit products with duplicate IDs may be detected via call-ins or self-checking. Counterfeiting the packaging, bar code, or RFID gains them nothing. Slide59:  Notes Putting the Bottle ID inside the tamper-evident packaging will make it more difficult for counterfeiters to covertly obtain valid IDs. Bar code (or RFID) the Lot & Bottle ID numbers so wholesalers, re-packagers, and high-volume customers can automate the process. Provide free readers & automated call-in software to major customers. Handle the resale of drugs multiple ways, including raising the minimum threshold for declaring counter- feiting when duplicate Bottle IDs are called in. Slide60:  Percentage of callers reporting the same (valid) Bottle ID who will be notified their drugs are counterfeit vs. the number of callers reporting that Bottle ID For 4 values of the threshold, T Slide61:  Repackagers & Pharmacies If consolidating: Re-use some of the original Bottle IDs & destroy the rest (perhaps reporting this to the manufacturer). If subdividing, do one or more of the following: Set threshold T > 2. Notify manufacturer so corrections can be applied to the database. Obtain new Bottle IDs from manufacturer. If trusted, generate own new Bottle IDs & report them to manufacturer. Manufacturer packs multiple (unique) IDs inside the original tamper-evident packaging, about one per new “bottle” to be created. Slide62:  What We Tell Call-Ins Any caller with an invalid Bottle ID: “You have a fake with 100% certainty.” 1st caller through caller T-1 for a given valid Bottle ID, where T is the counterfeiting threshold: “Thanks for contributing to everybody’s safety! We have no information at this time that there is a problem with your drugs but you can optionally: (1) check back later, but be sure to tell us you are rechecking, or (2) give us your contact info & we’ll get back to you if new information becomes available.” Slide63:  Tth caller and all subsequent callers for a given valid Bottle ID: “There is a high probability you have a fake.” What We Tell Call-Ins (con’t) Drug: A chemical compound which, when injected into a rat, produces a scientific report. -- Anon Slide64:  Invisible to customers who don’t care. Fewer consumer privacy/paranoia issues than with RFIDs. Getting consumers to take responsibility for checking the authenticity of their own medicines may have multiple benefits. Enhanced by sense of civic duty. CNT Impact Is it ignorance or apathy? Hey, I don’t know and I don’t care! -- Jimmy Buffett Notes:  Notes People who inadvertently call-in the same bottle more than once hurt mostly only themselves. Scratch- or Tear-Off Bottle IDs can reduce inadvertent duplicate call-ins. The call-in phone number and URL must not be printed on the product! If the Phone Doesn’t Ring, It’s Me. -- Song title by Jimmy Buffett Slide66:  Question: Will Consumers & Customers Participate? One possible answer: Who cares? The extent of participation will tend to be automatically commensurate with the public level of concern! …and CNT will be automatically available should a counterfeiting panic break out—with CNT demonstrating good faith on the part of pharmaceutical manufacturers. …and Self-Checking may work even if nobody calls-in. (Counterfeits tend to cluster in time and space.) If people don’t want to come to the ballpark, how are you going to stop them? --Yogi Berra Slide67:  0-0-1 Case 1 or 2: number of valid bottles incorrectly called fake ~ 0 Assume Weak Call-In Participation (Only 1% call-in rate at 1 level) Case 1 or 2 Slide68:  Assume N0=1 million valid bottles in this lot. Assume N1=100,000 counterfeit (“fake”) bottles for this lot (9%). Assume 3 levels of participation (wholesaler/pharmacy/consumer). Case 1: All fakes have the same valid bottle ID Case 2: All fakes have different, randomly guessed IDs. What about stronger call-in participation? Slide69:  Case 1 or Case 2 - Fakes Detected Slide70:  Case 2 -- Fakes Missed Case 1: fakes missed = 1 Slide71:  Case 2 - Valid Bottles Incorrectly Identified as Fake Case 1: 0-1 Slide72:  Without calling-in: An invalid Bottle ID indicates a fake with 100% certainty (if they are given a list of valid Bottle IDs). They know with high probability that two or more duplicate Bottle IDs in current stock are both fakes, and know with 100% certainty that at least one of them is a fake. They know with high probability that two or more duplicate Bottle IDs in current and past stock are both fakes. Self-Checking Volume Customers Slide73:  But if there is no calling-in, and self-checkers have no information on valid bottle IDs or syntax information… then counterfeiters can defeat self-checking by making every bottle have a different randomly guessed ID (Case 2). Self-Checking Volume Customers Slide74:  CNT Self Checking Assume N1 counterfeit (“fake”) bottles in existence for this lot. Assume the fraction of the lot held by the volume customer is 0<f<1. Customer has no information on valid bottle IDs or event the syntax. Thus, Case 2 is by far the best strategy for a counterfeiter if only Self Checking is done--especially since with Case 1, once some fakes are found it becomes easy to notify the public about additional fakes having the same ID. fakes detected fakes missed valids misidentified Slide75:  Sampling for Fakes 1. Counterfeits tend to strongly cluster in time & space. Thus: Counterfeit detection in the field is not a standard quality control problem based on stochastic occurrences. The statistics are not well studied. Occasional sampling can be powerful in spotting counterfeits. Intuition will be useful. 2. Currently, counterfeit drugs are most commonly inserted (worldwide) at the retail level—calling into question the potential efficacy of the FDA’s Track & Trace. You can observe a lot by just watching. --Yogi Berra Slide76:  CNT Costs: Low to Moderate Real-time printing of bottles or labels: inexpensive Maintain ‘database’: inexpensive (single PC) Software web site for callers: inexpensive (just a big LUT) Automated, voice recognition phone line: moderate Publicity & education to encourage participation & effective usage: moderate Run as a third party service? Slide77:  CNT Possible Legal Issues Sometimes, partial measures to a security risk can represent a legal hazard. This can be mitigated by: • Making CNT an “experiment” • Involving the government or other manufacturers • Making CNT an industry best practice. • Being open about the limitations. (Don’t let the PR Dept. over promise!) Actual courtroom testimony Lawyer: All your responses must be oral, OK? What school did you go to? Witness: Oral. Slide78:  CNT differences from existing product ID reporting Societal/statistical/probabilistic approach, not absolutist statements or implications about the guaranteed authenticity of individual products 2. Threshold not rigidly set to 2 3. No assumption that the 1st caller of a valid product ID has an authentic product 4. Use of information about multiply called-in product IDs Recognition that information on how to check the product authenticity should not be included with the product 6. Phone & DTMF calls-ins Slide79:  7. Can handle volume customers & individual consumers Encourages the use of self-checking by volume customers; they might even be given full or partial product ID format information. Options & strategies for dealing with repackaging and resale 10. The token (product ID) does not need to be co-located with the product Options & strategies for inadvertent re-calling in, and for dealing with a caller who reports many invalid product IDs CNT differences from existing product ID reporting Slide80:  12. Can exploit counterfeit clustering & information on the order of call-ins 13. Strategies for dealing with mistyping, check-back, & registration 14. No need to identify the manufacturer, or to mix unrelated products & manufacturers 15. Can work with bar codes or RFIDs 16. Use of existing lot numbers allows relatively short product IDs CNT differences from existing product ID reporting Slide81:  17. Strategies for dealing with legal liabilities 18. No encryption or hashes, which do not contribute to security in this context. 19. The random number generator must be chosen with great care! Computer & mathematical Pseudo Random Number Generators (PRNGs) are dangerous. The order of product IDs must be scrambled (not serialized), and the lot #, date, time, product, location, or manufacturer cannot be an input to the PRNG. Physical generation is much safer. Anyone who attempts to generate random numbers by deterministic means is, of course, living in a state of sin. -- John von Neumann (1903-1957) CNT differences from existing product ID reporting Slide82:  Summary Tamper-evident packaging & cargo seals aren’t very good, but could be a lot better. Effective anti-counterfeiting tags don’t currently exist. This includes RFIDs (though they are fine for inventory). Covert marks, inks, micro-patterns, & taggants won’t be very effective either. Why not just quickly analyze the drug itself? Track & Trace might work, but has many problems (cost, complexity, mandatory, excludes consumers) CNT is imperfect, but may be worth a try. (Just do it correctly!) Slide83:  The following are additional handout materials not part of the formal presentation… Slide84:  LANL Time Trap: detects counterfeiting & tampering The product’s “serial number” changes unpredictably in time. Microprocessor-based with 5-year battery A tag & an anti-evidence seal: allows the product authenticity to be checked, and also detects tampering with either the tag or the product. Cost: < $2 in quantity and reusable Final volume: ~ 1 cc When I was in high school, I got in trouble with my girlfriend’s Dad. He said, “I want my daughter back by 8:15.” I said, “The middle of August? Cool!” -- Steven Wright Slide85:  (Yanking a seal off a container is not defeating it, because it will be noted at the time of inspection that the seal is damaged or missing.) A Seal is Not a Lock! Results for 244 Different Seal Designs:  Results for 244 Different Seal Designs Vulnerability Assessment (VA):  Discovering and demonstrating ways to defeat a security device, system, or program. Should include suggesting counter-measures and security improvements. Vulnerability Assessment (VA) He that wrestles with us strengthens our skill. Our antagonist is our helper. -- Edmund Burke (1729-1797) Effective Vulnerability Assessments:  Perform a mental coordinate transformation and pretend to be the bad guys. (This is much harder than you might think.) Be much more creative than your adversaries. They need only stumble upon 1 vulnerability, you have to worry about all of them. Gleefully look for trouble, rather than seeking to reassure yourself that everything is fine. It is sometimes expedient to forget who we are. -- Publilius Syrus (~42 BC) Effective Vulnerability Assessments It’s really kinda cool to just be really creative and create something really cool. -- Britney Spears On a laser printer cartridge: “Warning. Do not eat toner.” We need to be more like fault finders. They find problems because they want to find problems::  We need to be more like fault finders. They find problems because they want to find problems: bad guys therapists movie critics computer hackers scientific peer reviewers mothers-in-law “Two mothers-in-law.” -- Lord John Russell (1832-1900), on being asked what he would consider proper punishment for bigamy. I told my psychiatrist that everyone hates me. He said I was being ridiculous--everyone hasn’t met me yet. -- Rodney Dangerfield (1921-1997)

Add a comment

Related presentations

Related pages

Pharma Marketing Talk by Pharmaguy on iTunes

Download past episodes or subscribe to future episodes of Pharma Marketing Talk by ... informs listeners about the latest pharma marketing ... 12/18/2007 ...
Read more

NDTV: Latest News, India News, Breaking News, Business ...

NDTV.com provides latest news, ... Health News Depression May Affect Stomach, And Anxiety The Skin. How Highly Potent ... Walk The Talk With TeamIndus ...
Read more

Pharma

... we talk about how the owner of Veeva, Peter Gassner found a gap in the market and built a Cloud platform for the Pharma ... Systems in 2007, ...
Read more

FierceBiotech - Biotech Industry, Biotech News ...

Read the latest biotechnology articles on biotech industry leaders, emerging biotech companies, FDA decisions, VC deals, and other biotech industry news.
Read more

InformationWeek News Connects The Business Technology ...

InformationWeek.com: ... While slow and steady may sometimes win, ... Latest Comment: ...
Read more

Times Of India - India News, Latest Sports, Bollywood ...

Times of India brings the Latest News & Top Breaking headlines on Politics and Current Affairs in ... iPhone may cost the ... Pharma loses premium ...
Read more

Tech blog for sysadmins – GFI Blog

GFI Blog is a technology blog for sysadmins ... Sticking to Windows 7 may seem logical for you and ... with Chrome bringing even 21 security fixes this ...
Read more

Government & Policy | Healthcare IT News

The latest news in Healthcare IT ... Government & Policy. News. Blog. Resource. Video. ... Cognitive security will be available to any hospital within ...
Read more