Vulnerability Assessment Team (VAT)
Vulnerability Assessment Team (VAT) projects:
|
|
Argonne has expanded its capabilities to protect U.S. interests at home and abroad. The VAT moved to Argonne's Nuclear Engineering Division in October of 2007 from Los Alamos National Laboratory (LANL). The VAT conducts multi-disciplinary research and development on physical security devices, systems and programs. "The VAT's expertise and capabilities align extremely well with Argonne's work in national and homeland security," said Alfred Sattelberger, Associate Director of Physical Sciences and Applied Science and Technology at Argonne, who helped to find the group a home at Argonne. "Since the tragedies of Sept. 11, 2001, this lab has been actively bolstering its research portfolio to support the federal government's national security efforts. We expect that the VAT will be integrated into that work."
The VAT has worked extensively in the areas of product anti-counterfeiting, tamper and intrusion detection, cargo security, nuclear safeguards and the human factors associated with security using the tools of industrial and organizational psychology. The VAT also runs a rapid, one-stop microprocessor shop where Argonne scientists and researchers can have a microprocessor solution - hardware and software - for analog or digital measurements in about a week. Another VAT activity is playing host to the Journal of Physical Security, the first scholarly, peer-review journal devoted to physical security R&D.
The VAT made the move to Argonne because the team wants to make scientific research an integral part of its activities - a strategy not typically considered or employed when it comes to physical security, said Roger Johnston, who heads the team.
More information is available on:
- VAT current projects, seals, vulnerability assessments, microprocessor prototypes, selected papers & invited talks, experience and expertise.
- For further information see also the links listed below.
- The Journal of Physical Security
ISSN 2157-8443
Check out the CURRENT ISSUE:
The Journal of Physical Security
Contact:
About the Journal of Physical Security
The Journal of Physical Security is our modest effort to deal with some of the serious
problems with the field of physical security—in particular, the lack of scholarly
peer-reviewed journals. There are a number of useful trade journals that cover physical
security. There are also numerous peer-review journals that focus on criminology,
law enforcement, cryptography, terrorism, national security, computer security, or
security management. The field of physical security, however, has long needed a journal
that can serve as a central focus, as well as a vehicle for rigorous discussion and
advancement of the field, especially in the areas of research, development, modeling,
testing, and analysis. We hope to contribute to the advancement and understanding
of the field. Physical security is not just of great practical importance, it is
also an intellectually challenging, multidisciplinary, fascinating subject worthy
of thoughtful study.
For more information: Journal of Physical Security |
In a Nutshell
The VAT in a Nutshell: VAT Fact Sheets
VAT fact sheets are available as a bundle or as separate fact sheets.
Download the Fact Sheets bundle [1.7MB] |
- Sticky Bomb Detection [553KB]
“Sticky bombs” are a type of improvised explosive device (IED), typically placed on a motor vehicle by a terrorist. - Detecting GPS Spoofing [128KB]
It‘s easy to generate fake GPS time and location signals using widely available GPS satellite simulators. This spoofing can be detected with $15 of parts. - Vulnerability Assessments of Biometrics & Other Access Control
Devices [150KB]
The Vulnerability Assessment Team is probably the most impressive physical security research team in the world. - Tampering with Drug Tests [151KB]
The Argonne Vulnerability Assessment Team: Internationally recognized expertise in tags, seals, cargo security, & physical tamper/intrusion detection - Better Tamper-Indicating Seals [222KB]
Anti-Evidence Seals: Fundamentally a better way to do tamper detection. - Countering Tampering & Counterfeiting [343KB]
The Argonne Vulnerability Assessment Team: Internationally recognized expertise in tags, seals, anti-counterfeiting, cargo security, nuclear safeguards, & physical tamper/intrusion detection. - Handbook of Security Blunders [138KB]
By Roger G. Johnston, Ph.D, CPP and Jon S. Warner, Ph.D. (the editors of the Journal of Physical Security) Available February 2010 - Key Keepaway [124KB]
Securing a secret key by keeping its fragments in motion. - Assuring the Veracity of Monitoring Data [122KB]
See RG Johnston, MJ Timmons, and JS Warner, Science & Global Security 15, 185-189 (2007). - Human Factors in Security [237KB]
- Effective Video Monitoring for Nuclear Safeguards [234KB]
Non-scary, but believable video monitoring. - Rapid Sampling Tools [112KB]
Sampling gases, liquids, or flowable powders from inside a container without opening the container, or becoming exposed to its contents. - Better Real-Time Monitoring of Cargo [145KB]
The ’Town Crier‘ Method - Chirping Tag & Seal [120KB]
A better approach than RFIDs!
Argonne Team Challenges Physical Security [601KB]
Fact Sheet part of the “Engineering & Systems Analysis Success Stories” Series
We recently were at:
See also our list of selected INVITED talks and keynote addresses on physical security.
In the Press
- FEATURED
ITEMS
How your vote can be hacked -- Argonne's Roger Johnston and Jon Warner featured in CNN Money video (Nov. 1, 2012)
Getting paid to break into things: Argonne's Roger Johnston on NBC -- Argonne Youtube channel (Mar. 15, 2011)
Roger Johnston interviewed by Phil Rogers, NBC Chicago News. - RT News live interview
- Counting Votes Should Be a Transparent Process, Bill Mego, Naperville Sun Times, October 2, 2012
- Laura Spadanuta, “Machine Politics”, Security Management, September 2012
- Eric Parizo, “Researcher Details Findings on Spoofing GPS, Malicious Insiders”, SearchSecurity, September 14, 2012
- Eric Parizo, “Researcher Vulnerability Researcher on Layered Security Plan Mistakes”, SearchSecurity, September 14, 2012
- Hackers Using TRENDnet Webcams to Spy on People -- FOX Chicago News (Feb. 10, 2012)
- Etan
Trex and Matt Soniak, “How Secure are Electronic Voting Machines?”,
Mental Floss 11 (1), January/February 2012, pg 50
- Aerial
Drones May Be Vulnerable to Sabotage Because of GPS -- The Daily Beast (Dec
17, 2011)
- Controversy over voting rules and security -- A Blog entry on election security by CNN's Senior National Editor Dave Schechter citing -among other items- the recent media coverage the VAT received on this issue (Nov. 10, 2011)
- US Lab Says Electronic Voting Machines Easy to Hack -- Roger Johnston and Jon Warner interviewed by Voice of America - watch the video and/or read the transcript of the interview (Oct. 18, 2011)
- Roger Johnston interviewed at The Mike Malloy Show -- Roger Johnston radio interview by Mike Malloy - featured on The BRAD BLOG (Oct. 5, 2011)
- Brad on KPFK: Interview with Argonne Lab's Roger Johnston on His $26 Remote 'Man-in-the-Middle' Diebold E-Vote Hack -- Roger Johnston radio interview by Brad Friedman (Sep. 28, 2011)
- National Security Lab Hacks Diebold Touch-Screen Voting Machine by Remote Control With $26 in Computer Parts -- The BRAD BLOG (Sep. 27, 2011)
- Researchers Hack Voting Machine for $26 -- securitynewsdaily.com (Sep. 28, 2011)
- Electronic Voting Machines Highly Vulnerable to Man-in-the-Middle Remote Attacks -- Softpedia (Sep. 28, 2011)
- Argonne researchers 'hack' Diebold e-voting system -- by Jaikumar Vijayan, ComputerWorld (Sep. 28, 2011)
- It only takes $26 to hack a voting machine -- by Matt Liebowitz, Security on MSNBC.com (Sep. 28, 2011)
- Diebold e-voting hack allows remote tampering $11 microprocessor-in-middle attack is 'significant' -- by Dan Goodin, The Register (Sep. 28, 2011)
- Diebold
voting machines can be hacked by remote control -- Salon.com (Sep. 27, 2011)
Brad Friedman from Salon.com wrote an article about how the VAT demonstrated that an e-voting machine used by a third of all voters can be easily manipulated.
How about more news featuring the VAT? Show/hide older articles
- Vulnerability
Assessment Team discusses digital privacy with Medill Reports -- NE Highlights
(June 9, 2011)
Radio frequency identification tags (RFIDs) & your privacy: Roger Johnston and Jon Warner (VAT) share their views and experience on RFIDs in an interview with Medill Reports. - Digital
privacy: Are you ever alone? -- Medill Reports (June 3, 2011)
What is RFID and can it be tricked? Roger Johnston and Jon Warner from Argonne National Laboratory explain RFID:101. - Six
rising threats from cybercriminals -- Computerworld (May 19, 2011)
Roger Johnston interviewed -among other experts- by John Brandon of Computerworld. Roger discussed with him about GPS spoofing. - Argonne
Lab's Head of Vulnerability Assessment Team Disses Election Security -- OpEdNews
(Mar. 29, 2011)
Roger Johnston interviewed by Joan Brunwasser, Election Integrity Editor for OpEdNews. - Argonne Lab's Head of Vulnerability Assessment Team Disses Election Security -- by Joan Brunwasser, The Register (Mar. 29, 2011)
- Getting
paid to break into things: Argonne's Roger Johnston on NBC -- Argonne Youtube
channel (Mar. 15, 2011)
Roger Johnston interviewed by Phil Rogers, NBC Chicago News. - Getting
paid to break into things: How vulnerability assessors work at Argonne National
Lab -- TechRepublic (Feb. 14, 2011)
"Let's face it. Deterrents such as "keep out" or "do not open" are powerful magnets to us techies. Now, imagine getting paid to ignore those warnings."
Read Roger Johnston's interview by Michael Kassner at the Tech Republic web site. - Easy
Breach: Most Security Measures Easy to Breach, Expert Says -- NBC Chicago (Jan.
6, 2011)
Roger Johnston talks with Phil Rogers from NBC Chicago about the illusion of "foolproof" systems. - At
Argonne National Lab, closing the curtains on “security theater” --
Smart Planet (Nov. 9, 2010)
Roger Johnston speaks with Boonsri Dickinson from SmartPlanet.com, a web site from CBS Interactive, about the dangers that technological progress brings to security, from electronic voting machines to global positioning satellites. - The Security
Fallacy: Seven myths about physical security -- Argonne News Release (Oct.
26, 2010)
Argonne researcher Roger Johnston finds vulnerabilities in surprising places—including voting machines, GPS and even high-tech security devices that use iris or fingerprint scans. - Roger Johnston on Security Vulnerabilities of Electronic Voting -- Verified Voting Blog (Oct. 15, 2010)
- Electronic
Voting, Video from Chicago Tonight TV show, Oct. 11,
2010
Roger Johnston appeared on WTTW-Channel 11’s Chicago Tonight program on October 11 to explain how it is possible to commit voter fraud even without being in a voting booth and discuss voting machines vulnerabilities and what can be done about it. - Roger Johnston on Security Vulnerabilities of Electronic Voting (Video)-- Roger Johnston interviewed live on WTTW Public Television’s “Chicago Tonight” program about electronic voting machine security, (Oct. 11, 2010)
- Voltaire Lives: A Report from USENIX Security Symposium 2010, article published on CyBlog, Aug. 13, 2010
- Security
blunders 'dumber than dog snot', article published on CSO Online, Aug. 11,
2010
Bill Brenner, senior editor at CSO Online, comments on Roger Johnston's presentation at the 2010 USENIX Security Symposium - Good Cybersecurity Requires Common Sense, article published on eSecurity Planet, Aug. 11, 2010
- Detecting
sticky bombs, article published on Homeland Security News Wire, Jul. 30, 2010
Sticky bombs -- explosives affixed to a car, which explode when you turn the ignition key -- as the stuff of movies dealing with the Mafia, but terrorists used them as well (as do the secret services of some countries); researchers at Argonne National Laboratory offer a way to detect surreptitiously placed sticky bombs - News
Analysis: Security Cameras, Video from Chicago Tonight TV show, Apr. 28, 2010
Roger Johnston, manager of Argonne’s Vulnerability Assessment Team, appeared on WTTW-Channel 11’s Chicago Tonight program April 28 to discuss Chicago’s plan to expand its security camera program - Laura Spadanuta, ”Lessons for Layering”, Security
Management Podcast, January, 2010
RG Johnston interviewed by "Security Management" Host Editor Laura Spadanuta - IT
Security: Maxims for the ages
Michael Kassner writes on Tech Rebublic about the "Security Now!" podcast featuring the VAT Security Maxims.
by Michal Kassner on Tech Republic (Sep. 29, 2009) - Security
Maxims
Steve Gibson and Leo Laporte discuss the first portion of a collection of pithy and apropos "Security Maxims"(*) that were assembled by a member of the Argonne Vulnerability Assessment Team at the Nuclear Engineering Division of the Argonne National Laboratory, U.S. Department of Energy.
A "Security Now!" podcast (Episode #215 | 24 Sep.,2009 | 74 min.)
[transcript and mp3 podcasts]
(*) More about the Security Maxims - Pick
a lock. For fun. (It's legal too)
Give Eric Michaud a can of beer (Guinness works best) and a pair of scissors and he can open just about any garden-variety padlock in seconds.
Chicago Tribune (Sep. 25, 2008) - GPS
Spoofing
MAKE: Magazine blog (Sep. 19, 2008) - GPS
Spoofing by Bruce Schneier
Schneier on Security blog (Sep. 17, 2008) - GPS
and Wall Street by Sheri Davidoff
Philosecurity blog (Sep. 11, 2008) - Tampering
with Transportainers by Sheri Davidoff
Philosecurity blog (Aug. 25, 2008) - GPS
Spoofing by Sheri Davidoff
Philosecurity blog (May 25, 2008) - New
bottle cap thwarts wine counterfeiters
Argonne News Release (Aug. 1st, 2008) - Security
team makes its home at Argonne
TheDoings-ClarendonHills.com (Jan. 24, 2008) - Argonne bolsters
efforts in security research
Argonne News Release (Nov. 28, 2007)
Publications
For a selection of VAT papers available upon request, see Publications.
For copies of the VAT papers and presentations on a wide variety of physical security issues (tags, seals, product counterfeiting, vulnerability assessments, RFIDs, GPS, nuclear safeguards), contact Roger Johnston at
Other Publications
- 287 Security Blunders You Should Avoid, Jon S. Warner and Roger G. Johnston, ASIS International Annual Meeting, Sep. 21-24, 2009, Anaheim
- “Vulnerability
Assessment’s Big Picture”, Sarah D. Scalet, CSO Magazine, June 2007,
pp. 32-36
Roger Johnston talks about how aliens, Elvis impersonators and your worst security users can help you find and fix security problems - The (In)Security of Drug Testing, Roger G. Johnston, Eric C. Michaud, and Jon S. Warner, ANL-62762
- "The
5 Myths of RFID”
Big pharma's RFID trials aim to keep fake drugs out of your medicine cabinet but the technology has significant limitations.
CSO Online Magazine, May 15, 2007 - "Why
Pharma's Anti-Tampering Strategies Don't Work”
PharmaManufacturing.com Magazine - "Do
Random Codes Make Sense?”
Medical DeviceLink.com Magazine, May 2005 - You can read about Roger Johnston and the VAT in the book "Safe: The Race to Protect Ourselves in a Newly Dangerous World," by Martha Baer, Katrina Heron, Oliver Morton, and Evan Ratliff (Harper Collins, 2005), pages 254-257 and 259.
- More about the work of the VAT can be found in a feature article that appeared in the May 2005 issue of Mechanical Engineering.
- "Get Creative to Reveal Unseen Vulnerabilities”, IOMA Security Director’s Report, Issue 05-11, November 2005, pp. 1, 12-13. SUBSCRIPTION NEEDED to read full article
- F. Kahn, "The Eyes Don’t Have It", Business Travel Executive, June 2005. SUBSCRIPTION NEEDED to read full article
- J.S. Warner, and R.G. Johnston, "GPS
Spoofing Countermeasures", LAUR-03-6163, Appeared in Homeland
Security Journal, December 12, 2003
247KB - J.S. Warner, and R.G. Johnston, "A
Simple Demonstration that the Global Positioning System (GPS) is Vulnerable to
Spoofing", LAUR-03-2384 The Journal of Security Administration
25, 19-28 (2002)
266KB - On Mar. 15, 1997, Roger was interviewed on National Public Radio (NPR) for
"ALL THINGS CONSIDERED":
"Tamper Proofers" the broadcast
Brochures
- Philosophy on Vulnerability Assessments RG Johnston, [116KB];
- The Vulnerability Assessment Team at Argonne - Brochure [890KB];
Awards
- 2013 CSO40 Award Honoree - See CSO Magazine Recognizes Security Business Value with Inaugural CSO40 Awards
- About other awards the VAT won...
Last Modified: Thu, February 14, 2013 2:43 PM