Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
Measures that leave visible or detectable proof when a device, package, or data has been accessed or altered, unlike tamper resistance that blocks it.
Tamper Evidence Definition: Measures that leave visible or detectable proof when a device, package, or data has been accessed or altered, unlike tamper resistance that blocks it.
Tamper evidence refers to security measures designed to reveal clear, detectable proof when a device, container, package, or data has been accessed, opened, or altered. Its goal is not to prevent tampering but to ensure that any tampering cannot go unnoticed, preserving trust in the integrity of the protected item. It is distinct from tamper resistance, which actively impedes tampering, and tamper response, which reacts to it.
Mechanisms span physical and digital domains. Physically, they include tamper-evident seals, security tape that reads "VOID" when peeled, holographic labels, frangible stickers that fracture on removal, and crimped or breakable enclosures. Digitally, integrity is verified with cryptographic hashes, digital signatures, message authentication codes (HMACs), and audit logs, where any modification changes the computed value or leaves a record. In hardware security modules and payment terminals, tamper-evident design (often combined with tamper response that zeroizes keys) is required by standards such as FIPS 140-2/140-3 and PCI PTS.
This matters because many security guarantees rest on knowing whether something was interfered with. Tamper evidence supports chain of custody in forensics and legal proceedings, protects the supply chain against interdiction and counterfeit insertion, assures voters and auditors of ballot integrity, and lets administrators trust that configurations or logs have not been quietly modified. Without it, an attacker could access or alter an asset and leave no trace, undermining confidentiality and integrity assurances.
For example, a forensic investigator seizes a suspect's hard drive, creates a bit-for-bit image, and records the SHA-256 hash of both the original and the image. The drive is placed in a tamper-evident evidence bag with a serialized seal logged in the chain-of-custody form. Months later in court, the investigator re-hashes the image and shows it matches the original recorded value, and the unbroken seal confirms the physical drive was not accessed. The combination of physical and cryptographic tamper evidence proves the evidence is unaltered and admissible.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →