 Thank you. So before I get started, I just wanted to say that this project ran for about a year and a half It was a large collaborative project between University of Michigan Johns Hopkins University and the University of California, San Diego We have a lot of co-authors listed here We also got a lot of support from people who did not end up being co-authors who are acknowledged in the paper that I'd like just to mention again Before I go on and actually talk about the technical content I'd like to observe that full-body scanners produce naked scans of the human body as part of their operation and as much as TSA would Prefer that we forget that fact The talk that I'm going to give will necessarily involve explicit images and so I'd like to warn everybody so that if you need to leave or you know text your friends to come over here if they're an infant talk Just be aware right now All right, so with that if you've flown anywhere in the last five years Especially if you've flown into the United States and Canada you have interacted in some way with full-body scanners Sometimes called naked scanners porno scanners TSA calls them advanced imaging technologies, which sounds very positive and and and Future-looking there are two of them That are widely deployed the one on the left with the rectangular boxes is the rapid scan secure 1,000 which uses backscatter x-ray technology to produce its image the one on the right the L3 provision ATD has a sort of a spinning component and It's uses millimeter wave technology to produce its images Both of them work by producing a naked image of the subject being scanned in the hopes of Detecting contraband hidden on the subject's body in an airport context that contraband would be say guns or knives or explosives or detonators or Bottles of water any of these things that are really dangerous to airport security. I'll give you a quick timeline Body scanners were first deployed in the United States as a secondary screening technology So if the metal detector went off if something was funny you could be routed to the special other lane where your body could be imaged and then The move for making these be secondary technology to turning them into a primary screening technology Happened with a lot of deliberation and foresight. What happened was that in December of 2009 There was a failed bombing the so-called underwear bomb That had the bomb hidden in the subject's clothing where It was not detected by metal detector and as a result within a week And this is between Christmas and New Year. So that's when a lot of Important government decisions normally happen within a week TSA announced that full-body scanners would become the primary Screening technologies used in airports. So when you go into an airport now in the United States still you go through one of these AITs full-body scanners We managed to get one of these machines to study I'll tell you how in a minute in November of 2012 it arrived in our lab and then in That machine happens to be of the Rapposcan kind We're very interested also in the millimeter wave the provision ATD. We don't happen to have one If we get our hands on one, we'd love to study it too but we got the Rapposcan one and those Rapposcan ones happen to have been removed from airports For unrelated reasons that I'll talk about later also in May of the next year So we actually had the machine in our lab for about Seven months while they were deployed at airport and many of the results that I'm going to tell you about and that Eric Is going to tell you about we actually already had during the time that they were at airports. They're not at airports right now Now these devices touch every third rail every Controversial topic that you could imagine in the context of airport security They use ionizing radiation which potentially could cause cancer to produce naked images of people's bodies In order to search for the kinds of things that could be used in terrorism against airplanes So every kind of hot Topic that you could imagine is involved in these machines and as a result They unsurprisingly generated a great deal of public debate and the public debate was around three topics first Do these things cause health issues to the people being scanned or more likely to the Operators who have to stand next to them for hours at a time on their shift and there was a letter by a prominent Scientists at the University of California San Francisco, which is a medical school Questioning whether the dose to the skin may be higher than the manufacturer claimed There are also concerns about the naked images that were produced by these scanners and whether for example TSA employees were taking advantage of the capabilities of producing these images to steer say Attractive people into where they could be scanned and observed This is a report from the flyer talk community where people claimed that That the TSA employees were using the walkie-talkies to warn others that a cutie Was coming through that they might want to to look at and then Maybe most German Lee there was also a question of whether these things would work at all We might be willing to take some health risks We might be willing to take some privacy losses if we protected airports But if we're not even doing that then it seems pretty clear that the other debates are not even worth having and there was a lot of Questioning about whether these things actually did their job and there was a blogger This is a video that he posted to YouTube Called Jonathan Corbett who claimed that in fact there were techniques by which he could get contraband past these scanners and he claimed that he actually tested these techniques against real deployments at real airports and This got some press coverage the TSA wasn't pleased they actually and this is quite remarkable They actually called up reporters and they said we would really prefer that you not cover this bloggers claims and Some reporters didn't as a result But this public debate this public debate around safety around Privacy around the efficacy of the devices was not informed by facts from the manufacturer or from TSA which was running these machines and Their response was in general trust us. We have done these studies. We have evaluated these devices These devices are safe. They protect your privacy. They're effective and know you can't find out why we think that and When TSA's hand was forced through for example the freedom of information act to reveal Something about the operation of these scanners what you got back was something like this where a Whole bunch of information about the workings of the machine up through the the potential on the x-ray tube inside It was redacted and so what you had was you had a debate around really important things That was uninformed By the manufacturer uninformed by TSA uninformed really by facts it was speculation instead of facts So as computer scientists, we did what computer scientists do in that situation, which is we turn to eBay and We found that These machines were all of a sudden available to purchase from a seller on eBay now this seller happens to be in Germany and He bought the machines at a surplus auction in Europe from a United States Government facility that was selling new old stock. So they just put them up for surplus sale He bought them put them up on eBay and we were very excited and we shipped them back to the United States At frankly great expense. I think they got a first-class ticket on Lufthansa And and we got them into our lab and our hope was that by having access to these machines to test by performing an Independent security evaluation of these devices We would be able to take that public debate and inform it with facts and we would be able to ask and answer First is the secure 1000 the Rapposcan secure 1000 radiologically safe What is the actual dose in normal operation? What is the dose that can be delivered by somebody who tampers with the machine software with the machines hardware? What are the implications for privacy of the machines operation both? with respect to the actual operators of the device and with respect to anybody else who might be able to get access to the images and How effective is this at actually? protecting Airport sterile zones from the kinds of contraband that TSA claimed to be concerned about when they deployed these machines so As Hovab said, we bought this on eBay and this machine showed up in in our lab in these in these crates here And we got to work taking it apart reverse engineering it seeing how it worked and What made it tick? The first thing you have to know about how these machines work is a little bit of background on x-ray physics So this machine does produce x-ray photons, which are essentially high-energy photons The the energy is actually fairly low for x-rays. It's a 50 kiloelectron volts Which is around half or so of what you'd receive it say a dentist or something like that at five mil amps and These photons are ionizing radiation so they can interact with electrons and strip them off of nuclei And they they tend to interact with these electrons in two main effects the photoelectric effect and the Compton scattering in the photoelectric effect the electron is hit by the photon and it absorbs it and Just goes along its way and there's no emitted x-ray in Compton scattering However, the photon hits the electron and sort of bounces off and the electron goes one way and the scattered photon goes another way In a random direction. That's the main cause for backscatter And which of these two interactions happens most depends on the materials effective atomic number So for example dense metals and things made out of iron or or lead Absorb these photons and don't really backscatter at all. They they undergo the photoelectric effect however organic compounds that have lots of carbon or oxygen in them undergo Compton scattering more and so they do backscatter and It's through this mechanism that the machine is able to detect different materials In the subject by how much x-rays are backscattered for a given spot The machine actually works in a backward camera or a backward raster camera and The idea here is that instead of having a large sensor or something like that that has a bunch of pixels or something like that You have an x-ray tube that's generating a bunch of x-rays in sort of uncollimated beam and it goes through a narrow slit So only a narrow slit sort of plane of x-rays goes through A here is the x-ray source It goes through the slit and then it passes through a chopper wheel noted B here the chopper wheel also has radio slits on it and is spinning around and so Combined with the previous slit There's only sort of a single collimated beam that's going through at any given time and that scans across the subject horizontally This whole apparatus then moves vertically so you essentially get horizontal scan lines vertically up the subject When these scan lines hit the subject they undergo the previous Phenomenon and either backscatter or are absorbed if they backscatter They will be received by photomultiplier tubes, which are essentially very sensitive photon detectors for x-rays Marked to D here and so from watching the Sort of series and synchronizing this with the the scan lines and the the rise rate of the of the x-ray tube You can essentially reconstruct an image of the density of materials An effect of atomic numbers of a subject as you scan it So here it is In in action in a fairly low quality video, which I apologize for But as you can see here, this is the the chopper disc it's made out of brass is very thick and Very heavy and takes a little bit of time to spin up Eventually it spins up and then this whole apparatus with the x-ray tube behind it Will rise vertically and scan across the subject and perform A naked scan But of course that's kind of scary to look at if you are being scanned This is the very fast-moving disc and there's you know 50,000 Volts behind it and x-rays are spewing out of it That wouldn't be very pleasant to look at if you were being scanned So they had the presence of mind to put a nice soft Sort of front on it so that you can't see any of this and you just stand in front of this box And all of that happens behind something that x-rays can easily pass through So this is what the image looks like when you reconstruct it. It's fairly revealing You can see two things of the subject first. He's definitely packing and He's also carrying a gun So he probably should undergo some further screening There are some other things that you can note here in this image though So for example, you can see shin bones bones that are very close to the skin are actually visible Through this through this back scatter because they do pen it the x-rays penetrate the skin to a small degree you can also see the zipper on the subject's pants the rivets on their the jeans and In on the chest the subjects just similar So going over our results starting with radiation safety To evaluate radiation safety we obtained a Sort of dummy phantom, which is a radiological phantom which is used in medical testing This is radiologically identical to humans Interesting note. It actually contains a real human skeleton inside of it, which is kind of weird and It's covered by a synthetic material that is sort of supposed to approximate human flesh So we use this throughout our testing And we apply dosimeters to it performed a number of scans at the Using the machine and we found that each scan deposited a relatively low dose about 70 to 80 nano sieverts of radiation For those of you who don't know the sievert scale This is about 24 minutes of background exposure or about the same radiation that you would receive eating one banana so Relatively safe and this this result was actually confirmed by another result from the American Association of Physicists in medicine in 2013 simultaneous to our result Looking at sort of the safety of this system Is it possible for this machine to say malfunction and produce more radiation than than it otherwise should or what under normal? Circumstances we found that there were safety controls on the radiological output for example when when the X-ray tube is on there are hardware interlocks that are measuring things like is the chopper spinning is the Vertical head moving in the sort of the speed that we expect and is the voltage and current in the x-ray tube in intolerance Note however, these are not security controls because the the ROM the embedded controller of the system Actually has the ability to override all of these safety checks So if the software running on this on this embedded system is evil it can override some of these However, there is a pretty simple modular design that makes some of these attacks Say trying to irradiate someone too much much more difficult for example the Stepper motor that drives the vertical assembly is its own system and it has pre-programmed Routines essentially they're scanned up or scanned down and the embedded system doesn't have any fine-grained control to say okay Go up only halfway or something like that So this simple modular design actually makes it much more difficult to over irradiate scan subjects Without replacing the software that's inside of this machine so moving on to privacy We wanted to again evaluate the implications of this system as it pertains to privacy and as you've probably seen it produces naked images these naked images are fairly revealing You can see Parts of the the subject here that the subject might not want you to see Some subjects might not mind, but this is you know, not the point of privacy and there's a number of questions here of What are the procedures surrounding these images and what can say a TSA agent do to say save these images or Or send them to their friends or show them or something like that and While we didn't have the software that TSA had And was using at the time TSA was claiming that these machines could not save They were incapable of saving these images to a disc however our version of this software delivered Which we believe came from the manufacturer Had a save option you could actually save it to in this case a floppy disk attached to the computer And you could export these and that's actually you know clearly we were able to export these images as you can see them here There's another Interesting privacy implication that these machines have that sort of follows from how they work so because the x-rays backscatter in all directions and it's not sort of a Big sensor inside of the inside of the machine Any adversary that's nearby with their own photo multiplier tube can essentially reconstruct the naked images as this machine scans over the subject So we performed this attack using sort of relatively simple PMT that was just laying around I guess is not really optimized for this attack or anything, but we were still nonetheless able to Reconstruct an image now. This is nowhere near as good as what the machine is reproducing That is in part because the machine has eight photo multiplier tubes located All around the edges of the machine and we only have one in this case And so you can see that it's much brighter toward the side that the photo multiplier tube is on and But nonetheless a larger photo multiplier tube or a more sensitive one for this radiation or perhaps some additional Image processing could clean this image up Substantially so finally we want to look at the efficacy of this of this machine. Is it able to detect contraband? Like this gun so the first attack that we looked at is an attack where the threat model is an Adversary has access to the software running on the console And this is what the software running on the console looks like so that you can see the naked images on the left and the operators sort of Options on the right they can scan they can zoom they can save as we mentioned earlier to floppy drive And we wanted to ask what would happen if say someone were able to replace this software could they attack the system and We implemented a pixel perfect representation of this program here. I'll show you it now it's actually the same and Indistinguishable however our version of this software they call their version of software secure.exe ours was called insecure.exe and Our version of the software had malware in it And this malware essentially looked at the image coming back the true image coming back from the backscatter machine And if it noticed that there was this pattern this sort of secret knock Which we made is just a sort of square outlined with another square like a QR code corner Which you can easily make by putting lead tape on someone's shirt and then concealing it under another shirt We found that When the machine sees this or when the when the malware sees this it replaces that image with a benign image So in this way Someone colluding with someone that's put this malware on the machine can sneak past contraband We also wanted to look at a threat model where the attacker does not have access to the console What if they can't change the software all they can do is sort of understand how these machines work Walk up to the machines with some contraband and try to sneak it through And we thought about this for a bit and we have a few attacks in this in this area the first one that we we thought of was that if you look at a gun it's absorbing the x-rays in the backscatter and The skin is reflecting it and then back scattering back But the background is sort of you know, it's not even the x-rays. You're just going off into space and not coming back So given that the background and the gun are both black what happens if we just place this black gun over this black background and This result was surprisingly effective This is a fairly naive attack, but this subject here is carrying a 380 ACP pistol I Invite you to try to guess where on the subject this he is carrying this this pistol We had to actually look back at our notes when we made these slides to figure out where he was actually holding this pistol It turns out it's right above this right kneecap here So this attack is surprisingly effective for concealing metallic objects like firearms It's also works for for knives and other things like this in this picture We have Lead tape arrows pointing to where the the knife is to make it even easier to see that the subject is carrying this knife There is one mitigation that you can do for this type of attack which is to scan from the side and it becomes very obvious that the Subject is carrying something They shouldn't be carrying However, we don't know of anyone that's performing these additional scans Or we're performing these additional scans at the time that these machines were deployed Of course, these machines were not intended really they weren't designed to detect Metallic threats that you know with something that metal detectors already did the purpose of these machines was to detect Plastic explosives or non-metallic devices as the as the TSA said and So seen here is actually a Simulant of C4. This is a one-pound brick of simulated C4 It's again supposed to be radiologically identical to the real C4 It surprisingly also cost the same amount as C4 But I don't know Don't know if we tested if it was actually just C4 So And you can see that in an early Sandia sort of Test of this you can see some of these blocks if you naively strap these these these bricks to you You can see them outlined here In sort of two blocks here in two rectangular blocks But you'll note that the middle of these blocks is sort of the same color as the skin of the subject here And it's really only the outlines that you're that you're seeing here And in fact what you're seeing is the shadows of the edges of this of this of this block so We looked at this and we wondered can we find some way to exploit this to to to hide The non-metallic threats these machines were designed to protect against And thinking adversariably instead of taking a Brick like this and thinking well, it's called plastic explosives probably because It's plastic you can you know mold it you can shape it you can Remove sort of taper it down and and and flatten it and so we took this we took this technique and we said okay, let's say let's try to make a thin Pancake essentially of the simulant and try to smuggle it past and We were able to do so so in this image one of these subjects is carrying 200 grams of C4 simulant and one of them is not so one of these subjects should be let through and the other should be questioned or Have a have an additional screening take place Again, I invite you to to guess which one It turns out this one has 200 grams of C4 over the stomach This is again a pancake a very thin 1 centimeter pancake sort of flattened over the the belly It looks almost indistinguishable from the the the normal belly of the subject However, we had two issues that when we did this originally the first issue was that There was no belly button because this covered up the sort of normal dark spot that showed up as a belly button And the second problem was that we had no way you know if you were trying to attack the system You'd have to sneak some metallic detonator past the checkpoint as well We solved both of these problems by placing the detonator where the belly button is Thus solving those problems So in conclusion our results show that Imply that adversaries can conceal a number of contraband including metallic threats like knives and firearms But also the plastic explosives and detonators that they were designed to detect in the first place A number of these attacks were predicted by people that did not have access to these machines However with access to these machines you can refine these attacks and make them much more Effective and and successful All right I'd like to take a step back now and think a little bit about what the implications are of our findings for These systems for airport security more generally and for screening systems that have computerized components in them before I do that though I'd like to note that anytime you're studying and finding and Speaking about vulnerabilities in deployed security systems you have to think about the ethics of Disclosing versus not and our decision to disclose our findings was made much easier by the fact that after we started Started studying these machines. They were pulled away from airports So our tax that we disclosed could not then immediately be used to target airports Even so we were careful three months before talking publicly about our findings at all to reach out to the manufacturer to wrap a scan and to DHS which is Department of Homeland Security, which is the umbrella department that that includes TSA about our findings and We know we that they received them for example because TSA had a press release ready when our paper actually came out But we didn't really get a lot of engagement otherwise except I got an email from a DHS higher-up asking basically What were you thinking whose idea was this and who funded it? That was a fun email to respond to One thing we did as part of our disclosure is That we also tried to come up with the best procedural Mitigations that we could come up with if you had these systems you needed to rely on them for security and you wanted to Avoid some of the flaws that we had uncovered We suggested some procedures notably these side scans that Eric talked about are really important We also think that since metal detectors do a fine job of finding metal that these should be used In conjunction with metal detectors as opposed to the way that TSA currently does where you either go through the metal detector or through one of these but never both and These mitigations were in our disclosure to DHS and the manufacturer right so Given that these devices are no longer at airports I think it's fair to ask why anybody should care about the fact that they don't work as well as As people claim they did and I think there are three answers to that question And I'd like to address each of them in turn first our results shed light on the development process that TSA and the government more broadly and its suppliers use to develop systems that we rely on every day for critical infrastructure second Backscatter scanners are not gone. Even if they're currently gone from airports, they're still being used and they may be used again at airports So our findings matter there and third we learned some lessons that we think have broader applicability to the design of secure systems So I'll take each of these in turn before I do that though Some of what I'm going to say is based on a report that came out of the DHS office of the inspector general a month after our paper came out and This is a really interesting report that looks at how TSA dealt with the machines once they were taking them out of airport I'll give you two random facts that I found Interesting in the report if you've ever seen the Raiders of the Lost Ark where the Ark of the Covenant is Put away in some sort of government warehouse. This is the government warehouse. I guess actually a Contractor warehouse where at the time a hundred and six of these no longer used Rapid scan machines were stored the OIG folks visited this warehouse on March 27th of this year and took this photo any guesses for when this nice fence was put up That's right March 26th Crap people are visiting Another fact from this report TSA claims and they claimed in their press release that their machines have special software and that this special Software is not available to anybody else and not given to anybody else who has these machines the OIG found that at least one of the machines was not properly wiped and That it was released to the state of North Carolina in September of 2013 and then for I think eight months was sitting in a warehouse there with the software and OIG found this and a week later some TSA folks flew out in a panic with a copy of DBAN to go wipe the hard disk All right, so based on that report There are two models for how security systems get deployed They either get deployed in public so that there is public availability public testing public reporting public bounties Things like Ponte own even if the source isn't necessarily available You can still buy the thing poke at it study it and tell people about what you found And that's a model that gets used for a lot of things But it's not a model that gets used for a lot of systems that go in airports and other kinds of critical infrastructure That model is secret everything developed in secret evaluated in secret deployed in secret does this work sure it works trust us and We're pragmatists we think that both of these models are fine if they produce secure systems And the question is do they now we have a lot of evidence about how well the public model works But not a lot of evidence about how well the secret development model works because well it's secret so one way to look at our result is to say that well, this is a data point about how well the secret development model produced airport scanners and Doesn't seem to have done a super great job and frankly there's really two alternatives And we don't know which one of these is the case We need some more transparency to find out either the TSA's process didn't find the flaws that we were able to in about a year and a Half with under 200 K of budget and at some graduate student time Which is kind of bad or they found the same flaws and they went ahead with deployment anyway And that's kind of bad too, but neither of these makes the model look particularly good And we're very curious which it is, but we don't know and TSA isn't saying in fact these These departments are doubling down on secrecy I was talking with a reporter who had spoken with a spokesperson at a TSA like agency in a different country They said oh, yes, we have evaluated these machines too. We have our own findings about how they work reporter asks will you release those findings will you release that report and The spokesperson just left right, so That either works or doesn't what we need to do is either to have more third-party audits of these devices if you can get them on eBay if you can get your hands on one of these provision ATDs the millimeter wave scanners, please call us Billy Rios had a talk at black hat this year where he studied some of these other devices They also didn't do so well or we think that a different model in which the agencies reach out to to Academics to security experts in the community and try to get an independent rigorous evaluation Is really valuable and one model for that is California Secretary of States top to bottom review Debra Bowens top-to-bottom review of voting machines in Houston, California in 2007 which produced reports that really helped push the debate around voting machines forward quite a bit now TSA should make clear pulled the machines out because the manufacturer wasn't able to produce what's called automatic target recognition software that worked and the idea behind automatic target recognition is that the naked image is not shown to the Operator directly rather it's interpreted by software and the software says go investigate the left arm and Because of that functional requirement that a manufacturer was not able to reach these machines were pulled back That means two things it means one that if the manufacturer is able to come up with that software later They could come back to airports it means to that TSA made these machines available to other government agencies on The model that these things work and if your functional requirements are different from ours then you might want to deploy them and the OIG report Actually gave the details on where these machines went TSA had 251 of these machines Which they bought at a cost of about 40 million dollars the total cost of the AIT program is well over a billion dollars This is just to purchase the Rapposcan hardware 250 of those 251 machines were at airport at one point or another they were all pulled back by June of 2013 and by the end of August TSA had gotten Rid of about a hundred and sixty-five of these 161 of them to state and local governments. Where did they go? Well, they went to a bunch of sheriff's offices They went to a bunch of states to distribute they ended up by and large at courthouses and jails and frankly I think that whether somebody can get a Gun into a courthouse or a jail still matters. So our findings still matter in that respect Finally TSA also has a contract with other manufacturers looking to provide new AIT's that also use backscatter X-ray technology To do the imaging and these might still end up at airports All right, so taking a step back some more talking about the broader lessons that we learned First thing we learned is that you can't ever do better than what's coming out of your sensors So the way that these machines are operating their sensors all they get is a brightness per pixel Dark or light and there's no way for them to distinguish between dark metal and background where there's no backscatter and there's just nothing they can do to improve on that There's other X-ray scans for example for baggage that use a different model and and do do better But the physics doesn't matter if the software that mediates between your sensors and the operators view has been compromised And we were able to do that with physical access to the machine And show a proof of concept That is a problem with every kind of scanner But it's not a problem that based on the public messaging at least TSA or the manufacturers seems to have understood Second procedures really matter you deploy a system not just on its own but as part of a bigger system with humans operating it and Procedures are something that you can lose you can know today That you should be doing side scans that sandia report from 1991 said that you should be doing side scans And then by the time the system gets deployed that's gone In fact the way that the UI of the system is set up It discourages operators from doing both side scans and front and back scans It really wants only two scans per subject instead of four and that's really unfortunate because it nudges the operator away from doing This thing that would actually be safer Next this is not the crowd that needs to be told this but Thinking like an adversary really matters in whether you end up producing a secure system or not another thing that really matters is how simple how modular How carefully separated all the parts of the system are and this is Unfortunately somewhere where I think we're seeing somewhat of a regression because these systems that were designed in the 80s and 90s with Discrete logic and very simple protocols seem to do much better than Systems that are more commonly designed today that have a lot of integration and very capable SOC's And then finally It's not really clear that the Secrecy with which TSA and the manufacturer treated these systems actually kept people from coming up with attacks that would work So I talked earlier about Jonathan Corbett the blogger who said well I bet you could just place this to the side of the body and it would just be invisible and I tested it and it seems to work He wasn't the only one there were physicists even earlier who in that infuriating physicist way that Physicists who looked at the images that were published and said well the machine must work this way And therefore we hypothesize that metal to the side of the body will be invisible and we further hypothesize That a pancake of explosive shaped to the to the stomach Should be invisible against a scan and both of these things were right and neither of these groups had access to the machines to test on so the fact that The details of the operation of these machines was kept secret didn't keep people from coming up and publicly disclosing attacks That would work it kept the public from being informed and participating in a meaningful debate One thing that we did find out that we were a little bit surprised by is how much better our attacks got Once we had access to the machine to test on so we had things that we were sure would totally work and then we'd put them up against the the machine and they'd be very visible and we had to go through a process of iteration and refinement until we came up with something that actually was That as you saw quite invisible and we were able repeatedly to to get things past the machine so one defense that might actually work is to Keep these machines out of the hands of People who might want to actually mount attacks Now unfortunately if that's what you're going to do you probably shouldn't sell these machines at surplus auction in Europe to any random old person You probably should control a lot better who gets access to these machines as part of their jobs and Frankly, it's not really clear at all that this is that this is a feasible control Because I used to be able to keep track of all these other machines that were available to sale on auction I Lost track. I believe that as of a couple days ago You could buy one of these machines for $4,000 and the seller even claimed that it was an XTSA model with both of the units Side-by-side as opposed to ours so the one Kind of secrecy that we think might actually be valuable in practice does not seem to be Being used and with that reassuring note. I'll stop and take any questions that you have Thank you for this very interesting talk First of all, do we have any questions from the signal angel? Yes. No, maybe Yes, please Yes, we have three questions. The first one is would the scanner detect explosives that are hidden inside a human body? Have you tested it? We did not get a subject willing to test that particular attack We don't know It is clear that the the scanner does see a little bit into the body. You could see the shin bones But I don't know that we can speculate about any particular other placement Okay, one more from the signal angel, please. Okay. Thank you another question was would it be helpful to have a Check check up pattern in the background of the scan people to distinguish the the outline better So is the question that having a pat down in addition to The advanced imaging I think this I think the question is could you have some sort of? background behind this the the subject that was some sort of Checker board pattern or something like that Yes, exactly where wasn't all it wasn't all clear The problem is that you'd need that to be pretty close So there was a wall behind our subject It was just far enough away that the x-rays didn't come back to register substantially So you'd need this to be much closer to the the person now if you look at the TSA model in order to save time They have two of these units facing each other and the subject in the middle So it's not really clear where you could place that To to get a useful background you might also be able to use the external PMT attack to Determine what that pattern is and then figure out where to hide your contraband based on that Okay, let's take one question from microphone three, please Hi first. Thanks for the talk It's really good. Good You mentioned that the secrecy model doesn't work so well I don't believe That we can get rid of that it's just human nature just as a manager in charge of I'm not but just Thinking of a manager in charge of implementing a system The idea would be that I get you know a lot of people from the outside to you know try to break my idea on my project in order to make it secure and that requires a lot of backbone and That's I don't want to insult anybody, but managers Tend not to be you know very backbone strong but more like you know whistling around and so I Don't believe that you get rid of the secrecy model That's just my opinion Sad as it is I Think that there's a difference between secrecy and sort of keeping Say closed source or something as as a as a model for keeping things secret So as what Bob said the the public model could include proprietary software proprietary solutions being evaluated in the public Versus sort of a trust us. This is this is secure. You don't even need to look at this. You shouldn't be looking at this Sort of model. I've been working in professional software And I know that you build something and you know it's flawed You just hope nobody finds out And you don't want to track and track Get attracted and attention to that And you know tell people just look at that and tell me my project is busted pessimistic way, but Okay, just a quick note if you have to leave in between please be quiet if you can please remain seated It's not gonna take that long And I think the discussion has been very interesting so far So let's take one question from microphone to please Do you know about the publication of that a TSA's software it was to able to save images to from one of the machines that went to a courthouse and some journalists got to know of it and Asked the freedom for information act of this courthouse to release those images and then I think the EFF Published some of those redacted Yes, so so other AITs in other deployments definitely have shipped to the field with software that allows saving TSA swears up and down that there's ship to the field with software that doesn't allow saving But it's pretty clear that if that software were replaced or if somebody put you know a VGA capture dongle or any of these other kinds of things smuggled a cell phone into the room where the the images are inspected that These these images are not Necessarily as a femoral is TSA claims. Okay. Thank you Do we have any more questions from the internet? No, okay, then let's go back to microphone three please Firstly great talk guys. Thanks for coming doing that to us From what I gather it seems like this these sensors are basically a skin sensor It's telling you where there is skin and where there's not skin So what's stopping or in fact have you tried using say a sheet of pig skin which you can buy for about 20 bucks from the butcher and Concealing contraband underneath that and if the skin is thick enough then I mean we can see the shim bones because the skin There is quite thin, but if you get a thick piece of pig skin you could put Practically anything under there from from what I gather from how this how this works Has this been tested by yourselves or anyone else? So one of the problems with testing with pig skin or you know steaks is that you end up having raw meat Which gets very messy So I think I think I agree that those sorts of techniques could mask But again, they do have to be fairly thick and the other thing that you have to keep in mind Is that they have to taper down to To to sort of match your skin because if there is sort of a gap between Sort of a thick slab of meat that all of a sudden just ends you'll see a shadow So I'm my family's Italian and I've worked with pig skin quite a lot And you can actually really shape and taper this stuff and contour it is So and it doesn't it doesn't sort of drip blood like like a steak would so I would recommend perhaps trying to work with This I mean it's it's ten bucks. Give it a give it a go guys That's what's gonna happen I will say that right now. I think our best our best Answer for how do you smuggle say a gun on a person as opposed to off to the side of the body? Is you is you wrap it up real nice and plastic explosive? Because that's easy to get than a piece of pig skin Well, it turns out you just call up or you call up this company and you say I'd like some simulants Please and they say okay That's scary And we did test we tested before we put the detonators next to the simulant so that it's not Not real explosive Thanks to that Okay, let's get back to Microphone 2 please. Yeah, I wonder if it would be possible to Hide something even with the side scans my being my the idea would be maybe between the thighs that In the scan from the front and behind it would be between against the background and For the side scans that maybe the knife would be shielded by the by the by the thighs themselves I wonder if that's a bit might be possible. I think So the procedure for the side scan is actually sort of a offset legs and offset arms To try to counter that but yes, there could still be you know, you could sort of fake it No, I didn't hear you sort of Maybe with with the arms, I think they were not right not a lot of completely completely straight up Okay, microphone 3 again, please So there are x 100 million flights per year in countries that deploy these things or deploy these things and each person gets a banana or two Have you plugged it into a model to figure out the number of excess deaths? well, so we have looked at worked with the medical department a Little bit too to sort of look at that and see One of the problems is that the the levels of radiation here are so low that the models We're not confident that the models can actually accurately reflect Sort of an aggregate of a number a large number of very very small scans But given the models that we do have I think that the the increased number of deaths is still below one Okay, so Okay, we have one more question from the internet. Thank you. The question is how do These scanner perform with leather clothes I am sorry to report that we're not cool enough to have tested that Maybe it's worthy. Okay, again microphone number three, please. Hi. Thanks for the very interesting talk I've I think I've once read in a cybercrime novel or something like that that someone used glass weapons like a glass knife or would you be able to conceal that in x-ray scans? Like would that even show up in a just normal skin without hiding it? So glass specifically will it reflects Backscatters much like skin. However, you can sort of put it over skin and If it's the right thickness and everything then it might look very much like skin similarly ceramic Materials could could also be used. I think ceramic is brighter than yeah, so then skin by default So that you see it as a as a bright spot on the skin. I don't know how glass looks Thanks Okay, if there are no more questions Please give our speakers another warm round of applause