Schneier on Security
A blog covering security and security technology.
« Apollo Robbins, Pickpocket |
| What Facebook Gives the Police »
January 3, 2013
Classifying a Shape
This is a great essay:
Spheres are special shapes for nuclear weapons designers. Most nuclear weapons have, somewhere in them, that spheres-within-spheres arrangement of the implosion nuclear weapon design. You don’t have to use spheres -- cylinders can be made to work, and there are lots of rumblings and rumors about non-spherical implosion designs around these here Internets -- but spheres are pretty common.
Imagine the scenario: you’re a security officer working at Los Alamos. You know that spheres are weapon parts. You walk into a technical area, and you see spheres all around! Is that an ashtray, or it is a model of a plutonium pit? Anxiety mounts -- does the ashtray go into a safe at the end of the day, or does it stay out on the desk? (Has someone been tapping their cigarettes out into the pit model?)
All of this anxiety can be gone -- gone! -- by simply banning all non-nuclear spheres! That way you can effectively treat all spheres as sensitive shapes.
What I love about this little policy proposal is that it illuminates something deep about how secrecy works. Once you decide that something is so dangerous that the entire world hinges on keeping it under control, this sense of fear and dread starts to creep outwards. The worry about what must be controlled becomes insatiable and pretty soon the mundane is included with the existential.
The essay continues with a story of a scientist who received a security violation for leaving an orange on his desk.
Two points here. One, this is a classic problem with any detection system. When it's hard to build a system that detects the thing you're looking for, you change the problem to detect something easier -- and hope the overlap is enough to make the system work. Think about airport security. It's too hard to detect actual terrorists with terrorist weapons, so instead they detect pointy objects. Internet filtering systems work the same way, too. (Remember when URL filters blocked the word "sex," and the Middlesex Public Library found that it couldn't get to its municipal webpages?)
Two, the Los Alamos system only works because false negatives are much, much worse than false positives. It really is worth classifying an abstract shape and annoying an officeful of scientists and others to protect the nuclear secrets. Airport security fails because the false-positive/false-negative cost ratio is different.
Posted on January 3, 2013 at 6:03 AM
• 34 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
AFAIK (ICBW, but that would be top secret anyway) nuclear weapons don't actually use perfect spheres anyway - but rather shapes that are almost but not exactly spheres.
The reason is to make abuse more difficult - if it was a perfect sphere, you "merely" would need to set off all detonators around the sphere at the same instant. Instead, there's a tamper resistant control mechanism that will send the detonation signals at precisely timed intervals so that those explosives furthest out will detonate first.
If done out of sequence, the implosion will not achieve criticality, or at least have a reduced yield.
When I was 14 I travelled overseas for Christmas.
My family in the foreign country got me several gifts. One of which was a lava lamp. Another was a toy with concentric metal rings that span on their own axis, which was itself connected to the next outermost ring.
The boxes these came in happened to be the same size. So I made the sensible choice of packing them one on top of the other in my luggage.
The Australian customs scanner people freaked the hell out.
It was okay though - chuckles all around once they'd opened the suitcase and inspected the toys.
When I asked what bothered them the customs officer was nice enough to show us the image as they'd seen it... And yeah, I can see why that freaked them out so badly. It was totally a fair call to search my luggage in those circumstances.
It helped that the Australian customs people were very professional during their freak-out and very sweet and friendly about it immediately afterwards. My experience with US airline service is limited... But even so, I suspect that my customer experience at an American airport would have been somewhat different.
The TSA would have been perfectly happy to have the items in your checked baggage. However you would have been in trouble for saying LavaLamp since this could have been a threat to release a Volcano.
The same thing happens medically. I can't give blood or donate organs here in Canada because I grew up in the UK and so have BSE/JCD. But I can't give blood in the UK because on the way here I stopped in the USA and so - having spent a day in Newark Airport - have West Nile Virus.
The same nonsensical security reasoning applies to weapons in schools. If it looks like a gun and is shaped like a gun, it must be an actual gun capable of inflicting severe harm, ergo, little Johnny and Judy get expelled for having a toy water pistol or rubber-band gun in their backpack. Sometimes anything in the shape of an “L” merits expulsion or getting sent to the principal and have a notation on one’s records. I imagine that after the tragedy last month in Connecticut some of us who may have found this ridiculous in November have now decided that maybe this theater is worth the potential safety or “feel good” vibe it emits.
@Daniel - Flew back into Sydney via Hong Kong last year, and I got randomly picked for everything to be scanned.
After running my bags through, The scanner operator called over a supervisor and his assistant, then started asking a bunch of pointed questions about what exactly was in a specific compartment in my bag.
Turns out a plastic bag with a bunch of Angry Birds 'stress balls' looks really suspicious. At the time I was thinking that it might look like a drug stash, now I'm reconsidering...
If this was really true, then the security hacks forgot that maxim about looking for what is missing, and that is what is most important. So, a spy looking around the office might notice that there are NO spheres laying about, and come to the correct conclusion that spheres must have some significant importance to the project...
The TSA has found a way around the problem of false positives and false negatives. They simply count false positives as "successes," and include them in their statistics that report an impressive number of detections by whatever costly intrusive technology they're using at the moment. They simply ignore false negatives. They can therefore point to the statistics as proof that they're an infallible security force that provides air-tight protection against past threats.
I wonder if such restrictions would be amenable to traffic analysis?
("Those scientists buy plenty of bananas but no apples or oranges. Perhaps they're working on something apple-shaped?")
John Petro - toy guns in schools are not "false positives" for real guns. They are banned because we don't want kids playing with toy guns in school. Whether or not that's a good idea is a different discussion - I just want to point out that this is a little different than TSA confiscating my nail clippers.
Nac Nos - Are video games that contain guns considered toy guns or is it acceptible for children to 'practice' 'cyber-warfare' in schools ;-)
As Blogger Bob often points out on the TSA blog, items that merely look (to a screener) like a prohibited are prohibited. By that rule, the art watch that triggered the hubbub in Oakland Airport, was indeed a prohibited item, even though it was actually harmless. This seems like the same mentality.
From Harry Harrison's novel "In Our Hands the Stars":
It is just institutionalized paranoia. All security men are the same, drawn to the work by their own insecurities and fears. They may be sincere patriots, but their sickness is what makes them demonstrate their patriotism in this manner.
As a security professional who worked for years in hi tech civilian contractor facilities (no, not as a guard) I can tell you from personal experience that engineers and scientists leave highly classified documents on their desks, in phone booths and taxis, on airplanes, in unlocked safes, and on lab benches. They scribble safe combinations on the back page of desk calendars. These are technology "hacks" who are so above the rest of us that they can't be bothered to use common sense. Just because you're (maybe) paranoid doesn't mean that there are not intelligent idiots out there.
Round nuclear weapons? Lol reminds me of The Dictator movie when he demands a pointy payload
Spaceman Spiff: There are no purple giraffes in my office. I must be working on top secret purple giraffe research, right?
With respect to blocking -- consider Scunthorpe!
Nac Nos: Expelling (maybe I should have said 'suspending' in earlier post) a student for having what is clearly a toy gun is a mindless overreaction, just like confiscating your nail clippers, or outlawing all spheres because some spheres could be bad. Would not an admonition be adequate?
I note that in today's (Jan 3) Washington Post is a report that a six year old was suspended for "pointing his finger like a gun and saying "pow"". Where is the reasonableness in this, what lessons are we teaching by such theater?
Was the kid wearing gloves?
I thought there was a constitutional right to bare hands
I remember I was once stopped at Heathrow and had my luggage inspected - this is about 20 years ago - because I had in my bag a toy Concorde plane I'd bought in the airport gift shop. Apparently that, too, looked like a gun in the xray.
> Once you decide that something is so dangerous that the entire world hinges on keeping it under control, this sense of fear and dread starts to creep outwards. The worry about what must be controlled becomes insatiable and pretty soon the mundane is included with the existential.
And this is exactly the irrational mindset and approach being employed and proposed by hoplophobes around the U.S., and unfortunately, in Congress. Those who know little about firearms (cf. "the shoulder thing that goes up") and history have no solution to the problem of violence, but to ban, ban, and ban some more, despite substantial evidence (and logical thought) which demonstrate that such laws have no effect. Of course, this process is driven by the mistaken notion that the govt. must do something about every problem of society, which we all know is a fool's errand at best.
The Congressional Security Theater presents
Proud to be Paranoid
The Price of Security is the Cost of Freedom
The Congress Critters are not idiots. Their real job is reelection. And the easiest way to reelection is to overreact - proudly take credit for taking action (at any cost).
The reason is to make abuse more difficult - if it was a perfect sphere, you "merely" would need to set off all detonators around the sphere at the same instant.
Which, in fact, is hard. Modern warheads don't need many detonators to fire at the same time. They need exactly two -- by using the right combinations of slow and fast explosives, and an oblate primary, they achieve a near perfect implosion using only two, rather that thirty-two detonators. And getting two, rather than thirty-two, detonators to fire simultaneously is easy -- use the same (large) current source, two current lines of identical length, and slapper or exploding bridgewire detonators.
The problem with this is "what if one goes off accidentally?" Thus, the many "single point detonation" tests conducted in the 1980, most of which resulted in fizzles, but a couple of the early ones resulted in 18-25kt detonations.
Two point primaries have another advantage. They're not spheres, they're sharply oblate spheroids, which fit much better into a conic reentry shield, with a spherical or cylindrical secondary behind them. See the W-88 design, where the very oblate, possibly asymmetrical oblate (read, peanut shaped) primary rides in the point of a a reentry shield, with a spherical secondary behind, where the cone shaped reentry shield is widest. End result, ~500kt out of a throw weight under 400kg.
Slapper/Exploding bridgewire detonators are a classic example of "hit something hard enough and it will blow up". You charge a low inductance, high voltage, and high capacitance capacitor, and dump that power though a very fast switch, like a spark gap, thyratron, or krypton, through a very low impedance and low resistance lead, into a very thin wire in contact with a secondary explosive. When the fast rising and high current pulse hits the detonator bride wire, it literally explodes. A slapper detonator has a sheet of metal that focuses that explosion into the secondary explosives, but fundamentally, they work exactly the same way -- ram enough current in a short enough time through anything, and it will blow up hard enough to set off a less sensitive explosive.
Oddly enough, it strikes me that a) asymmetrical firing times are a good thing, and b) different lengths of wire will result in different firing times.
This being bluntly obvious, I should patent it.
When I read the above about the orange I my first thought was,
What if it had been a Golf ball?
As this was the name (supposadly) given to the initiator at the core of the sphear.
However I then thought back to times when I suffered the durance vile of security and "Clear Desk Policy" and I remember a write up I got for a chocolate bar, (which they did not give back which annoyed me more). What had happened was I'd cleared my desk for the day and whilst searching my pockets to check I had not put my keys wallet in my desk by mistake, I put the chocolate bar down on the desk next to my bag, picked the bag up whilst turning to go I left the bar. Thus a simple mistake actually caused by the security policy (ie once you'd left the building you could not get back in till the following morning, so checking personal items like keys etc was important) caused me to break another part of the security policy.
But importantly for this post was the write up of the security misdemeanor, in the appropriate box it gave the reason as "left mars bar on desk". That is they named the object...
So the thought occured maybe this "orange" incident was not about the shape of the object but just a description of the object left on a desk in a clear desk policy area and it was actually written up as "left orange on desk".
Oh and when you think about the TSA/school/etc security policy of banning something that looks like a banned object it actually makes sense from an overall perspective.
If an indistinct outline of what looks like a prohibited item is seen then the object needs to be further checked to see if it is a prohibited item. This causes considerable disruption and thus cost of resources. They cannot "not investigate" because that opens a security hole, but they also (I know it sounds strange) don't want to cause disruption either due to the delay and cost to others. It's "Dammed if they do and dammed if they don't" or "Catch 22" for them. Thus banning items that look like prohibited items doess make some sense. However because of the further "Catch 22" potential of giving either discretion to agents or spelling out each and every Go/Nogo on look alike items you get what for them is the safe route of a blanket ban which includes T-shirt images.
For the TSA it's a "Fail Safe" policy and when the occasional bit of bad news happens over a T-Shirt issue or a "Velvet cup cake in a jar" it is not realy the public ire they are woried about, it's that of their PayMasters think.
And it's easy when the paymaster says,
"Why did you allow this to happen?"
"Well the rules you approved say this, the agent followed the rules, OK they were being a bit over vigilent, but with those sneaky journalists always trying to make us look bad, do you realy want the agent to be undervigilant?"
To which the only answer can be "No"...
> When the fast rising and high current
> pulse hits the detonator bride wire, it
> literally explodes.
Kawasaki and some other companies use this method to impregnate cylinder walls with harder-wearing metals. The sacrificial wire is run axially down the semifinished bore, then whacked with a bazillion or so amps. The impinging metal is supposed to be a plasma when it hits the wall.
> banned shapes
Though currently newsworthy due to "zero tolerance" policies in schools, *pictures* of banned shapes go way back, in the forms of banned religious or political symbols, gang tags, etc.
The exploding-wire detonator has also long been used to set off flash powder and other minor theatrical pyrotechnics. All you need is the wire and a mains switch.
Meanwhile, the idea of outlawing false positives also extends to drug testing (and other, medical tests). Every few years you read about another poor sap sent back to prison for eating poppyseed bagels. And although there's no judicial sanction, your doctor will be quite displeased with you if you eat or drink prohibited items before diagnostic tests.
I once was taking a church group of ~10 people to Ecuador to visit and help out a sister church there with some kids activities. The Ecuadorian security guards checking customs asked about our group as we came through and were smiling and welcoming us... until one of our bags went through the scanner and they suddenly turned shocked, grim and appalled. There was a lot of talking in Spanish amongst them and they then asked to open the bag. We shrugged, said sure, and they did and they laughed in release as a they saw a number of bulk boxes of crayons. Without a word, they then turned the monitor around and showed us the security image of the bag and we suddenly understood-- before us was an image of an ammo case with hundreds of cylindrical, cone-tipped bullets. We all laughed.
My family had a similar experience to Daniel Schealler and others. We were flying through Australia 15-20 years ago (I can't remember the exact date) and one of our bags produced a very suspicious image on the customs screen. To add to the paranoia, my family weren't actually in the airport at the time - we had about a six hour layover so we'd gone out to a nearby restaurant and had a long lunch. We came back and found that the airport security had been calling us by name every ten minutes for the last two hours!
What item caused this problem? My brother's toy railway set. It had metal tracks and if you stacked the track segments on top of each other you ended up with what appeared to be very suspicious parallel metal plates.
Fortunately the Australian guys were very professional and just let us go when they'd found out what it was. There was no nonsense about confiscating anything that looks odd.
Security is indeed a classification problem: to decide whether something is permitted or not. We'd all love to have perfect classifiers as security mechanisms, preventing just the adversaries' attacks and nothing else. But to create such perfect classifiers is not only difficult, it is impossible due to our incomplete understanding of the features distinguishing adversarial from legitimate action - if there is an objective distinction at all. Even if we could theoretially create perfect security mechanisms, doing so would be hard and thus, costly. We will therefore see simplified approximations, like the one discussed here, over and over again.
Say what you want about banning things that look like but aren't banned objects, but TSA has done some very stupid things. Governor Joe Foss was held up by screeners who thought his Medal of Honor was some kind of ninja throwing star. Senator Edward Kennedy was blocked from boarding a flight because a "T. Kennedy" was on the no-fly list (which would have blocked literally thousands of Americans from flying, apparently including all the Edward Kennedys as well as the Toms, Tonys, and Theresas). Imagine the havoc if someone put a "J. Smith" on the list. Let's not forget the infants and toddlers who were denied boarding because they had the same name as someone on the list. They have confiscated the tiny toy weapons that come with 7" action figures. Patrick "Ask the Pilot" Smith tells of having a dinner knife taken from him that was exactly the same as the ones that passengers on his flight got with their dinners - as if a pilot needed a serrated butter knife to bring down his plane.
Can anyone justify or provide a rationale for any of this that doesn't amount to security theater?
A few years ago, a co-worker had their SecurID token destroyed by TSA at Raleigh-Durham when the agent thought it was some sort of detonator because it kept displaying random numbers. Goober tried to get inside it and only succeeded in breaking the display. I never could grasp the thought process there - Vaguely sinister looking thing shows random numbers...it must be dangerous...let's pry it open and see if it explodes!
My father would tell us about an occasion in the Navy in WW2 where he need to get some cooling fins for a repair he was working on but was told that the word "fins" was classified due to the use on rockets. The approved code word was to use "wedges" in place of the word "fins" so his request went out for "cooling wedges". Seems to me that this weakened the secret due to the unusual use of the word, but thats the military for you.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.