more on Air Mauritania's innovative airline security

[David Farber <dave () farber net>]

Begin forwarded message:

From: bobr () bobrosenberg phoenix az us
Date: February 18, 2007 4:55:15 PM EST
To: David Farber <dave () farber net>
Subject: Re: more on Air Mauritania's innovative airline security

Dave

*Every* time I see something like this, I am reminded of Avi Rubin's  
excellent essay
(from Aug 17, 2006) on airport security.  I suppose I believe it's  
excellent
because, instead of relying on the kind of smoke & mirrors the Big  
gummint uses, Avi
relies on reason and logic.  I've copied/pasted it below (hoping that  
Avi won't come
after me under DMCA).

Bob Rosenberg
P.O. Box 33023
Phoenix, AZ  85067-3023
Mobile:  602-206-2856
LandLine:  602-274-3012
bob () bobrosenberg phoenix az us


> Begin forwarded message:
>
> From: Matt Murray <mattm () optonline net>
> Date: February 17, 2007 6:24:38 PM EST
> To: dave () farber net
> Subject: Re: [IP] Air Mauritania's innovative airline security
>
> One has to wonder how the guy was able to get on board with not one,
> but two guns.
>
> Matt Murray
>
> MattM () optonline net


Avi Rubin Blog
08.17.2006
Hackers & Terrorists (4 comments )
http://www.huffingtonpost.com/avi-rubin/hackers-terrorists_b_27470.html

It has been several years since I took a real vacation, away from the  
Internet and
the news, but every time I do, it seems that some major international  
news breaks. I
was in Skagway, Alaska with my wife and three kids, taking a scenic  
rail tour
through the snow capped mountains last week. Political and world  
events that I
typically
follow with daily doses of NPR, the New York Times and CNN were as  
far from my mind
as possible, when one of the other passangers asked everyone around  
him if anyone
heard the news about the thrwarted terror attack in London. Suddenly,  
the detachment
of our remote vacation evaporated, and as soon as I returned to the  
cruise ship, I
turned on CNN in my cabin, as I'm sure, did many of the other  
passangers. That
night, the cruise ship staff provided a flyer to all the passengers  
outlining the
new security measures that were being implemented, as well as  
instructions on what
to expect for the flight home from Vancouver.

I imagine that liquids will never again be allowed in carry-on  
luggage. I suppose
that this restriction makes sense if they pose the risk of providing  
improvised
explosives. But something struck me when I read the rest of the  
information about
new airline security policies. I am a computer security expert, not a  
physical
security expert. And yet, I think much can be gained from applying  
some of the
principles of information and network security to the real world. Let  
me give an
example. A subfield of computer security is intrusion detection,  
where network
traffic patterns are captured in complex models. The idea is to  
develop the
capability of recognizing legitimate traffic and thus identifying an  
attack when
packets on the network do not fit the proper profile. The biggest  
problem with
intrusion detection is that any widely used system, whether  
commercial or open
source, will also be available to the bad guys. So, they can design  
their attacks
and test them in the lab against the most widely used intrusion  
detection systems
until they develop an attack that the intrusion detection models fail  
to recognize.
As new attacks are developed, the security experts can capture them  
in their labs
and tune their models so that the new attacks no longer work. As soon  
as the new
detection program is released, the attackers go back to work. Thus,  
there is an arms
race between those developing computer network protection systems and  
the attackers.

We need to take the lead in the arms race against terrorists. After  
all, the
attackers have dictated the race so far. Cockpit door locks were  
installed after
9/11. Liquids in carry on were just eliminated in response to the  
London plot.
Airline security today is too static and predictable. The key to my  
suggested
approach is to reduce the planning capacity of the attackers. Attacks  
on the scale
of 9/11 and the thwarted London terror plot last week require a  
tremendous amount of
planning. The current system is too predictable. For example, the new  
restrictions
allow for liquids in prescription medications as long as the name on  
the medication
matches the passenger's name. Are we really thinking that the  
terrorists will use
different names if they try to hide their insidious liquids in  
perscription bottles?
I remember that shortly after 9/11, the airlines implemented "random"  
searches of
people as they boarded planes. I thought that was a terrific idea,  
but it didn't
take long to figure out how to avoid being one of the random people  
chosen. "Don't
enter the plane first." pretty much summed it up. In fact, if you  
boarded second or
third, you would be sure to avoid being chosen because they would  
still be busy with
the first person. After a while, it got ridiculous, where everyone in  
the boarding
area who wanted to get on the plane early would jockey for the second  
position in
line, nobody wanting to be in the front. It made for some interesting  
maneuvering.

The more the process is randomized and made truly unpredictable, the  
less likely
that a massive, coordintated attack will succeed. It is much more  
difficult to plan
for 20 terrorists to board four different planes on the same day when  
there is no
way of knowing which ones are going to be selected for random  
searches and careful
questioning.

My primary suggestion is to truly randomize some of the process. Game  
dice can be
used to make choices. (Games such as Dungeons and Dragons have many  
different sided
dice.) For example, if you want to subject 16% of passengers for  
additional
screening as they go through security, then as each person appraches,  
roll a six
sided die, and if it lands on a predetermined number, the person gets  
the royal
treament. Randomize the choices of where to screen. Some days,  
perform additional
screening at the security checkpoint. Other days, perform it when  
people are
checking their luggage or as they board the plane. On some randomly  
selected days,
security officials can approach people at random in the boarding area  
(using dice or
some other mechanism to make truly random choices) for screening. On  
other randomly
selected days, people can be randomly chosen after they take their  
seats, and before
the plane leaves the gate. The point is that passengers will not know  
where they are
going to be screened, and terrorists will not be able to plan the  
details of their
activities as easily as they can when all of the procedures are known  
and
predictable.

Obviously, there are many other aspects to airline security, such as  
training of the
screeners, bomb detecting equipment, background checks of employees,  
on board
marshals, etc. I am not suggesting replacing any of these. My only  
point is that in
addition to all of the other security measures, try to make the  
process as
unpredictable to passengers as possible. While this will  
inconvenience non-
terrorists to some degree, it will also disrupt the planning process  
of the
terrorists and make large-scale attacks much more difficult to  
implement.




-------------------------------------------
Archives: http://v2.listbox.com/member/archive/247/@now
Powered by Listbox: http://www.listbox.com