LA Airport Uses Random Numbers To Catch Terrorists

An anonymous reader writes "Los Angeles International Airport (LAX) is using randomization software to determine the location and timing of security checkpoints and patrols. The theory is that random security will make it impossible for terrorists to predict the actions of security forces. The ARMOR software, written by computer scientists at the University of Southern California, was initially developed to solve a problem in game theory. Doctoral student Praveen Paruchuri wrote algorithms on how an agent should react to an opponent who has perfect information about the agent's choices."

Re:Government vs Commercial

[speaker of the truth]

I don't know. However first we must look at the sampling done by the article and determine if it was a valid sample that would produce non-biased results. Then we need to look at the numbers themselves and see if they were interpreted correctly (involving both layman and well known mathematicians who are either known to offer non-biased results or enough mathematicians that represent both biases towards the government and towards commercial companies). Only then can we know if the results are correct and even begin to ascertain the reason behind them.

Re:Government vs Commercial

[JackMeyhoff]

Airport security done by the government? It's all private companies here.

Elementary

[RAMMS+EIN]

Randomize checking so that an attacker can't predict the next check and avoid it? That's what I would do, too. Can I be a high-paid security consultant now?

Probably not. It probably takes more nerve and marketing skills than I have to stand up and demand the world for what is essentially an elementary idea that anybody who thinks about the issue should come up with.

Re:Security Through Obscurity!

[Entrope]

Quite the opposite. The bit about strategies given "perfect knowledge" by the opponent assumes that any information about practices or techniques could leak out. Given that, it seems obvious that the proper response is to determine an appropriate level of coverage, and then implement a randomized search pattern that conforms to those constraints. The security is not through obscurity but through a smaller window for discovering and exploiting the search pattern.

Re:Security Through Obscurity!

[brusk]

Actually it didn't. In some ways this sounds like the opposite of security through obscurity. I'd feel more secure with a system whose entire workings was public knowledge, but that was still effective enough to be difficult to penetrate. Randomness is a great way of doing that. You may know, as a potential attacker, how the system is set up, but if you don't know where the people and equipment will be the best you can do is take an informed risk. It also makes it harder to do things like purchase information about the system: it's little use to bribe a guard for the schedule if he doesn't know it until he starts his shift (and then may only know his first task, not the remainder of his schedule).

To my mind, security through obscurity would be setting up a very complicated schedule, then overconfidently assuming that an attacker won't figure it out. There are lots of cases where randomness increases security (e.g. random strings as passwords).

So..

[madsheep]

Yea, hate to say it, but does this randomize button.. randomly put these checkpoints near a group of middle eastern people? :D

Re:What if the US just doesn't piss other people o

[thegnu]

Its amusing to hear people spout this line and then hear them decry America's inaction in Dafur. Which is it people? Do we meddle or not? Because at the moment we're going to be lambasted no matter what we do.

Well, I'll bet that oftentimes it's different people saying the two different things. And in cases where it's the SAME person, we have inaction in Rwanda during a genocide, inaction in Congo during a Genocide, and action in Iraq so that there would be an easy cover for laundering money.

Does anyone have any real number on what percentage of the cost of the war is contracts with private companies? Because we saved lots of money on body armor, armored vehicles, and training for the troops. We can certainly expect to see the same frugality in the area of private contracts, I'm sure.

The government paying private contractors does not constitute privatization.

My $2 opinion. (Weak dollar)

[iknownuttin]

I think it's because there is very little, if any, accountability that the Government employees have to worry about. They can be as rude and obnoxious as they like becuase they know that even if you navigated the bureaucracy to complain, it would just be recorded somewhere and nothing would be done about it. Just look at what the folks who are mistakenly put on the "no-fly" or "extra screening" lists go through. Even a powerful Senator (Kennedy D-MA) had a problem getting off of the list. Or the nun who had to call in a favor with Carl Rove to get off of the list.

The only time I've heard of a Gov. employee getting fired was because they let someone go through with a weapon.

Then there are the stewardesses. Since 9/11 you'd think someone anointed them in Flight Goddesses. Complain about something and the next thing you know, you're being taken away in hand cuffs.

Because of a few jerks in the world, flying has become just one big bullshit hassle. Which, for my own sanity, I refuse all jobs that require travel - bills be damned! Of course now with all the screening software, a bad credit rating will get you a second look by the TSA.

I may have to move to Vermont.

Re:Security Through Obscurity!

[Hangtime]

There is a difference between Security Through Obscurity and disguising the strength, numbers, and routines of your forces by trying to nullify patterns in your behavior. People pick up on patterns very quickly. Patterns makes it easy to train, equip and ultimately be successful when addressing fluid, complex situations. If I know that once I see people streaming from one platform I have 30 seconds before the next train arrives I have an advantage.

By truly randomizing protocols, I can no longer plan for one or two specific scenarios but must be ready for hundreds. This increases the time, energy, and manpower it takes me to prep and execute a mission. In fact, if I can't bank on the fact that there will NOT be a canine unit to take my plastic through security I may change my approach and try to work from a stand-off position rather then a close-end. This makes it easier for security because I can fortify and create choke points in and around my perimeter.

Security Through Obscurity relies on your ability to hide something alone (hiding a key) versus what this is (moving the key every 4 hours and randomizing the patrols in and around the key). There is quite a bit of difference between the two.

Pretty Useless ...

[butlerdi]

You can not fight someone who is going to blow themselves up. I would think that airplanes probably no longer matter. If you get through fine, if not blow yourself up in a crowded terminal. Probably get more folks that was as well.Especially when so many virgins and good shit is at stake.

The chance of getting blown up (even if you believe the shit ol w and the ol boys say about all the foiled plots) is still less than traveling by car.

Smart, really smart

[sumnerp]

So, in order to improve airport security you give "vast amounts" of classified data about airport security to a collection of grad students to input into a program that produces allegedly randomized output. Yes, I see nothing wrong with that; I'd never have thought to do it that way, smart really smart

Re:set of locations?

[Hangtime]

If you have done it right you may give your security a general location and each patrol has an area within the airport so that they are all covered. Individuals have different patterns for searching. So if I have to watch 12 different teams that are all different in terms of who makes up those teams its going to make my job a lot tougher in pentrating. Maybe one person looks at this area, but another doesn't. If I can't bank on that person who does a crappy job being there when I want them to be there well I have to use a different approach or take a risk...oops canine unit came today, Abort.

To use your analogy but maybe a little more likely scenario, send security into the area behind the Starbucks kiosk. Why you ask? The problem is your trying to defend an infinite number of points while your enemy only needs one approach to win. Creating additional scenarios for them to plan for makes their job much more risky and much more complex. Randomness is your enemy when you're trying to plan and your friend when your trying to protect.

Read the analysis here

[Ambitwistor]

I believe this [usc.edu] (PDF file) is a draft of the study being discussed in TFA, or at least is closely related research.

The Art of war

[Anonymous Coward]

"The pinnacle of military deployment approaches the formless: if it is formless, then even the deepest spy cannot discern it nor the wise make plans against it."

--Sun Tzu, "The Art of War"

Re:Security Through Obscurity!

[deepvoid]

Randomized patrols have been around along time. There are several problems with this guy's approach. First, there are inner and outer bounds to patrol initiation and duration, as well as the human tendency to repeat the familiar, thus while the schedule may get changed, the actual patrols will follow a non-random, pattern. In addition, consigning the schedule to a computer also adds a level of security failure potential that shouldn't exist. If the guards, examiners, and cameras, are on a purely random schedule, and are following the direct orders of a machine, eventually, a social engineering exploit would open the door for the opponent to get a complete schedule from the computer itself. Just like lost page encryption can be circumvented by compromising the message sender, random patrols can be brought down by compromising the computer, and unlike computers in Hollywood movies, no computer on Earth, is secure, and connected at the same time.

The thing about having "Perfect Knowledge" of a patrol or observation pattern, is that you have to expect certain variations anyways, and plan accordingly, but the polar bear under the ice is that you also have to expect certain regularities, certain things that repeat, regardless of schedule. Most unit commanders and security bosses have had to learn this the hard way, and after they loose a certain amount of confidence in human nature, they learn how to manipulate it to make their facility more secure.

A low level security guard is going to look at the schedule, and try to make it conform to his own sense of order, rounding up or down patrol times, falsifying patrols, or just plain blowing off the whole schedule entirely. After going through more than a few guards, the commander is going to have to admit, that going against human nature is not only counter productive, but dangerous. The radio messages, audio stimulus, and other auditory or visual stimulus that is used to keep the pattern random, can always be intercepted and used to an opponent's advantage, and with the high turnover rate already present in security jobs, it is a simple matter to place somebody on location that can compromise everything.

What the commander has to do is assume that his bottom line guards are going to be compromised, individually. For instance, he can safely assume, that at even if all of his guards are compromised that very few of them are going to entrust that fact with another guard. By identifying the loners on guard staff, he can group them in pairs, or triplets that are socially incompatible, and thus untrusting of one another. Since self preservation is a stronger human reaction than loyalty, the commander has to rely on this to prevent an actual incursion.

In military units, officers do not mix much with enlisted, and doing so can mean punishment or even jail time for the offenders. The reason for this, is that if two groups are not socially compatible, and they have a common stated goal, then the change of a conspiracy amongst the two is greatly reduced. If The officers decided as a group to betray, then military code would force the enlist, or non-commissioned officers to act against it, and visa versa.

The military relies on routine, because, unlike the scientist with his computer driven, game theory approach, they know it works. If patrols become regular, then is easier for those patrols to spot anything out of order. The only way to have consistent security, is to have reliable, consistent, and above all, complete coverage of the facility.

Just send more operatives

[EmbeddedJanitor]

Sure you can't predict random screening, but still the residual number of operatives will get through. If you're screening half the people (randomly) then:

If you send one operative you have a 50% chance of one getting through.

Send two and you have a 75% chance of at least one getting through.

Send ten and you have a 99.9% chance of at least one getting through.

The handy thing about many organisations is that they are willing to play the numbers.

Re:Just send more operatives

[NMerriam]

Sure you can't predict random screening, but still the residual number of operatives will get through. If you're screening half the people (randomly) then:
If you send one operative you have a 50% chance of one getting through.
Send two and you have a 75% chance of at least one getting through.
Send ten and you have a 99.9% chance of at least one getting through.
The handy thing about many organisations is that they are willing to play the numbers.

But that's only if you assume that security doesn't react in any way to the discovery of an operative, which is of course false. Once any operative is found, security will then force ALL passengers to be rescreened at that location, and increase security at other locations temporarily as well.

So sending in one operative gives you a 50/50 chance of being successful.
Send two and you have only a 25% chance of successfully penetrating security.
Send ten and you're virtually guaranteed to initiate a complete lockdown of all air traffic in the country.

That all depends.

[raehl]

What is success for a terrorist?

If you have 10 operatives, send an operative a month every 30 days +/- 10 days. Even if they all get caught, you'll have instilled a much higher level of terror. Either one of the operatives will certainly get through, or the level of security will be so high that the costs of air travel will increase substantially.

Re:Just send more operatives

[fishbowl]

>Send ten and you're virtually guaranteed to initiate a complete lockdown of all air traffic in the country.

What if that's your goal?

Re:That all depends.

[tumbleweedsi]

Woo, another American who does not understand how to deal with terrorists. Maybe that's because the greatest terrorist of the modern age is the US government. We lived through decades of terror threats and won over by getting on with our lives. Terrorists are having their job done for them by the US government because it is instilling paranoia and uncertainty.
Sure, everyone needs to take some basic precautions but the main way to beat terrorists is to not grant them endless media exposure. Just get on with your lives and refuse to be terrorised.

Re:That all depends.

[E++99]

Both you and the parent poster are clueless as to the actual goals of the Jihadists. They couldn't care less about instilling paranoia and uncertainty in the U.S. or Europe. They couldn't care less if the average Westerner feels some minuscule degree more "terrorized." They couldn't care less if there are longer airport waits, more time-consuming screening, or unquantifiable detrimental effects to the U.S. economy. They often claim that they care about causing as many deaths to Westerners as possible, but that's not what they really care about either.

What they care about is perpetrating large and visually satisfying acts of violence against their perceived enemy. That's why they will not go after things that would REALLY affect us, like going after our water supplies -- there is no visual impact. It's a matter of performance art. It's a matter of creating a spectacle of carnage to prove to your coreligionists that you are a great warrior and powerful taker of life from the infidels.

So, no, causing delays and uncertainty is not a success to them. To them success absolutely requires loss of life, and in generally requires large explosions as well.