Simultaneous Authentication and Certification of Arms-Control Measurement Systems

Most arms-control, treaty-monitoring scenarios involve a host party that makes a declaration regarding its nuclear material or items and a monitoring party that verifies that declaration. A verification system developed for such a use needs to be trusted by both parties. The first concern, primarily from the host party’s point of view, is that any sensitive information that is collected must be protected without interfering in the efficient operation of the facility being monitored. This concern is addressed in what can be termed a “certification” process. The second concern, of particular interest to the monitoring party, is that it must be possible to confirm the veracity of both the measurement system and the data produced by this measurement system. The monitoring party addresses these issues during an “authentication” process. Addressing either one of these concerns independently is relatively straightforward. However, it is more difficult to simultaneously satisfy host party certification concerns and monitoring party authentication concerns. Typically, both parties will want the final access to the measurement system. We will describe an approach that allows both parties to gain confidence simultaneously. This approach starts with (1) joint development of the measurement system followed by (2) host certification of several copies of the system and (3) random selection by the inspecting party of one copy to be used during the monitoring visit and one (or more) copy(s) to be returned to the inspecting party’s facilities for (4) further hardware authentication; any remaining copies are stored under joint seal for use as spares. Following this process, the parties will jointly (5) perform functional testing on the selected measurement system and then (6) use this system during the monitoring visit. Steps (1) and (2) assure the host party as to the certification of whichever system is eventually used in the monitoring visit. Steps (1), (3), (4), and (5) increase the monitoring party’s confidence in the authentication of the measurement system.