{"id":876,"date":"2009-02-12T19:02:19","date_gmt":"2009-02-13T03:02:19","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/?p=876"},"modified":"2009-02-12T19:03:47","modified_gmt":"2009-02-13T03:03:47","slug":"poker","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2009\/02\/12\/poker\/","title":{"rendered":"Security Review: Poker Game"},"content":{"rendered":"<p>A game of poker can be played for fun or money. The game itself uses low tech equipments, and the two main ones are a standard deck of cards and playing chips of different colors to represent different amounts of money. Depends on the type of poker game, the dealer usually shuffles the card and deals out the cards to the players. Then the players would bet chips to play against each other. The goal is to garner as much money (in chips) as you can. I\u2019m going to use the terms chips and money interchangeably.<\/p>\n<p><!--more--><\/p>\n<p><strong>Assets and Security Goal:<\/strong><\/p>\n<ul>\n<li> <strong>Assets<\/strong>: Players\u2019 chips. The goal of the game is to make as much money as you can or be the last one left at the table by taking everyone else\u2019s money.<\/li>\n<li> <strong>Security <\/strong>Goal: Protect your own chips at all cost! You basically don\u2019t want others to cheat and take your chips with an unfair advantage.<\/li>\n<\/ul>\n<p><strong>Adversaries and Threats:<\/strong><\/p>\n<ul>\n<li> <strong>Other players<\/strong>: They are your main threat since they are the one in the game trying to take all your chips away.<\/li>\n<li> <strong>Bystanders<\/strong>: They may potentially be helping out players at the table, such as leaking information about other players\u2019 cards.<\/li>\n<\/ul>\n<p><strong>Weaknesses:<\/strong><\/p>\n<ul>\n<li> <strong>Counterfeit the chips<\/strong>. If the chips don\u2019t have any security features (e.g. watermark-like markings, a system keeping track of individual chips, etc.), then it is easy to BYOC (Bring Your Own Chips). This is very hard to pull off at a casino however, but you are more likely to succeed at a friend\u2019s house playing a \u201cfriendly\u201d game of poker. You can either buy the same chips used in the game, or you can try manufacturing them on your own.<\/li>\n<li> <strong>Marking the cards<\/strong>. You can try to mark the cards so that others don\u2019t notice the marks, but you can identify them easily. This can help you tell what cards your opponents have in order to help you win. For instance, you can dent different parts of the card, or you can use the pattern on the back of the card as a camouflage for your markings so that you have to intentionally look at certain parts of the pattern in order to notice the difference.<\/li>\n<li> <strong>Sleight of hand<\/strong>. Some people can shuffle the deck so that certain cards always appear, for example, on the bottom of the deck. When he\u2019s dealing out cards, he can deal out the desired cards from the bottom of the deck to his partner, who is also another player at the table. They can then team up and split the winnings in the end. See the movie Rounders for more info.<\/li>\n<li> <strong>Shoulder surfing<\/strong>. The difficulty of pulling this off depends on the size and shape of the table, how the players are seated, and how the players look at their cards. Most of the time it\u2019s very hard to shoulder surf, but sometimes new players look at their cards by exposing the entire surface of the cards, giving others an opportunity to read the cards. Like I mentioned above, shoulder surfing can also be done using a bystander or a spy camera.<\/li>\n<\/ul>\n<p><strong>Defenses:<\/strong><\/p>\n<ul>\n<li> <strong>Other players<\/strong>. This is the main defense all poker games use. Since the players are playing against each other, they would look out for themselves and make sure others don\u2019t cheat.<\/li>\n<li> <strong>Security Guards<\/strong>. In some casinos, security guards act like a threat to cheaters in which the cheaters may be beaten up if they get caught. The cheaters will have to re-evaluate the cost and benefit before cheating.<\/li>\n<li> <strong>Guns<\/strong>. Bringing an unconcealed gun to a game of poker is similar to using security guards in the sense of instilling fear in cheaters, but guns are more threatening than security guards.<\/li>\n<li> <strong>RFID chips<\/strong>. Use RFID to keep track of the chips. When the players cash in the chips, the casino can check whether the chips belong to the casino.<\/li>\n<li> <strong>Raised table edges<\/strong>. This increases the difficulty to shoulder surf as the shoulder surfer has to be at the same angle as the player in order to read the cards.<\/li>\n<li> <strong>No space to stand behind players<\/strong>. This can be a small room in which each player\u2019s back is close to the wall so that there is no space for shoulder surfers to stand behind the players.<\/li>\n<\/ul>\n<p><strong>Risks:<\/strong><br \/>\nThe risk of being cheated is losing money or the potential to lose money. Depending on the type of cheating, the amount of money lost can vary significantly. For instance, shoulder surfing gives you an advantage of knowing your opponents\u2019 cards, but you still have to play the game to win the money. On the other hand, being able to counterfeit chips and cash in the chips successfully, it\u2019s a direct monetary gain depending on the amount you counterfeit.<br \/>\nThe risks of cheating are also high. If you are playing at a friend\u2019s house and get caught for cheating, you are probably going to be disqualified in the game and lose your friends\u2019 and other players\u2019 trust. If you are playing at a casino, especially in Vegas, the consequences may be more than just getting disqualified and losing all of your money.<br \/>\nThe ethics of cheating in a game of poker can vary. Some people think it\u2019s completely unethical. Others may think gambling is a vice, and vice against vice isn\u2019t so bad. There are online poker games now in which you can play for either fake or real money. It eliminates some weaknesses (e.g. shoulder surfing) but introduces other weaknesses (e.g. hacking).<\/p>\n<p><strong>Conclusion:<\/strong><br \/>\nCheating in a game of poker can sometimes be a lot easier than hacking into a corporate server. Even though it doesn\u2019t require too much knowledge to cheat, how it\u2019s executed is very important if you don\u2019t want to get caught. This means that almost everyone can cheat, but being able to pull it off requires a lot of practice and careless opponents. Unlike breaking through the airport security to plant a bomb on a plane, it\u2019s still possible for you to win the game without cheating at all, so cheating is not necessary to achieve your goal but can help you to achieve it. I play poker for fun. Winning is good, and I wouldn\u2019t feel bad if I lose. Cheating, however, just makes the game not fun anymore.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A game of poker can be played for fun or money. The game itself uses low tech equipments, and the two main ones are a standard deck of cards and playing chips of different colors to represent different amounts of &hellip; <a href=\"https:\/\/secblog.cs.washington.edu\/Security\/2009\/02\/12\/poker\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":67,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,5],"tags":[31,208],"class_list":["post-876","post","type-post","status-publish","format-standard","hentry","category-physicalsecurity","category-security-reviews","tag-physical-security","tag-security-reviews"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/876","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/67"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=876"}],"version-history":[{"count":24,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/876\/revisions"}],"predecessor-version":[{"id":899,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/876\/revisions\/899"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=876"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=876"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=876"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}