The Next Step
Casino industry moves physical security to the future with server-based gaming
- By Ralph C Jensen
- Feb 01, 2010
The gaming industry is undergoing a demographic shift to address the demands of a customer base that grew up on interactive electronics games. New technology now demands that the casino’s workhorse slots, video poker and other electronic game machines become more advanced, networked, interactive and centrally managed.
With this shift, only the games themselves are left to chance. Security remains a top priority even as the requirements grow more complex.
There is an evolution in progress from yesterday’s stand-alone slot machines to the next generation of networked gaming devices and the next generation of networked security cameras.
“Electronic game machines are regulated by regional authorities whose job is to protect players and keep unscrupulous vendors from harming the industry,” said Rick Pitz, senior product and business development manager at Certicom Corp. “Regulators, such as the Nevada Gaming Commission, and independent gaming labs, such as Gaming Laboratories International, test and approve machines and game software.”
GLI ensures a game’s fairness by verifying that random number generators comply with industry standards, check game logic and evaluate mechanisms intended to ensure game integrity. They also work within the industry to develop standards that every vendor can use in their designs.
Pitz said regulators ensure that electronic gaming machines are designed to run only valid, authorized software. Secure gaming devices running open operating systems, such as Windows or Linux, on off-the-shelf personal computing platforms are particularly complex.
“Security in these devices involves a transitive trust process, where immutable boot code acts as a trust anchor and uses digital signature to establish trust in a kernel image,” Pitz said. “From there, the kernel or core operating system establishes trust in application components.”
Protecting IP
Validating the integrity of system software helps protect both operators and players from hacked machines, but EGM vendors have a slightly different problem in protecting their intellectual property.
Of particular importance is the need to prevent device and game counterfeiting and cloning to protect their revenue streams.
“Gaming devices running open operating systems on off-theshelf personal computing platforms are particularly vulnerable,” Pitz said. “These devices are well understood by counterfeiters, and off-the-shelf hardware is easily duplicated.”
Additional security measures must be implemented to stop counterfeiting, which will bind the system software to the machines. Binding involves unique information on machine components, such as chip and peripheral component serial numbers, as inputs to key generation algorithms.
Server-Based Gaming
SBG is a new development in casino gaming. Electronic games are downloaded from the operator’s backend content management system over a high-speed network to EGM cabinets on the casino floor. Game logic runs on the device, but the casino floor is managed remotely.
The outcome of each game is determined by the server and downloaded to the EGM where the player can see it.
“Firmware on legacy slot machines is still updated through EPROMs, with game technicians updating game cabinet electronics under close supervision of surveillance staff,” Pitz said. “Every update to an EGM is costly and time consuming. With the advent of removable flash memory, performance has improved. It allows for more complex gaming applications. Software updates, however, are still a tightly controlled manual process.”
All updates, changes and compliance activities still require human intervention, and all pose significant costs to the casino operator.
Server-based gaming also will allow casino operators to significantly minimize EGM downtime by eliminating the manual intervention requirements of updates, game changes and game configuration changes. Streamlining reduces the workload on technical maintenance staff and lowers operations costs.
“This enables operators to tailor their offerings to floor conditions and player preference,” Pitz said. “Management software can track what games are being played and provide analytics to maximize game revenue, optimizing floor space for peak demand. New games and game payouts can be programmed in a matter of seconds.
“The combination of increased operational efficiency and better analytics gives casino operators the freedom to experiment with new types of interactive game content to drive EGM revenue.”
Players also benefit with more choice of games, personalized to their own preferences.
Securing the Future
Security specifications for server-based gaming are being developed by the Gaming Standards Association, which seeks to drive seamless communication and interoperability between EGMs and backend management systems.
Gaming standards specifications reference proven Web technologies such as XMLm SAOP and HTTP as fundamental components of the SBG architecture. It’s no surprise that security and authentication of SBG services based on secure socket layer/ transport layer security are the Web’s standard for secure connectivity and the connection protocol underlying the HTTP for running in a Web browser.
“Most SSL sessions, such as those people use to connect to ecommerce sites, use one-way authentication,” Pitz said. “The Web site authenticates itself to you by using a digital certificate from a trusted authority, while you remain anonymous to it.
“Casino networks are further protected by modern network security technology—port-based access control and intrusion protection gear to keep networks free of potential threats.”
Physically Protected
Protecting a casino’s assets has taken on a new meaning, especially at Indian reservations where gaming is big business. Take, for instance, gaming within the Choctaw Nation in Oklahoma, where tribal officials recently opened a new casino in the southeastern region of the state. The integration of cameras moved from analog solutions to IP video surveillance over the network.
Tribal leaders made the decision to move to IP video because their previous video recording was not of high enough quality and often could not be used as evidence for prosecution. In addition, they could not determine insurance coverage for slips and falls and other safety concerns.
Gaming committee members determined the new surveillance system should be an open-platform design, providing security, scalability and the ability to expand without major expense. Installation of cameras also had to meet the tribe’s internal control standards, including recording at no less than 20 frames per second in the money-exchange areas. The committee later elected to implement an even higher rate of 30 frames per second.
Based on the standards, and an in-depth evaluation, the Choctaw Nation selected Axis Communications PTZ and fixed network cameras, as well as Genetec’s fully integrated IP video management and access control solutions, Omnicast and Synergis.
“We are focused on protecting our assets and ensuring the safety of our staff and customers,” said Paula Penz, gaming commissioner for the Choctaw Nation of Oklahoma.
Casino expansion is the future for Choctaw, which also means additional camera for new facilities statewide. The installation of cameras means the network now monitors cash intensive areas and the buildings’ perimeters.
Axis network cameras met our needs for running 30 frames in M-JPEG and MPEG-4, and they are easy to maintain,” said Jason Pritchard, integrations manager of onside solutions for Choctaw Nation of Oklahoma.
“We have enjoyed a strong relationship with the Choctaw Nation and look forward to assisting it maintain secure operations as it continues to expand,” said Fredrik Nilsson, general manager of Axis Communications.
The Choctaw Nation also included an installation of more than 1,200 IQeye cameras from IQinVision, including a mix of IQeye711, Sentinels and Alliance dome cameras, combined with Genetec and Pivot3 solutions.
“The high level of image detail aids us in combating slot ticket scammers and disproving slip and fall claims,” said Brett Green, integrations manager for the Choctaw Nation. “It definitely has a deterrent effect on our staff; we’ve seen no inside jobs in terms of cheating.”
The cameras provide forensic-level images of the gaming floors, slots and some key locations in the back of the house, such as the vault and safe areas, by delivering the clarity necessary to protect Choctaw assets.
“Employee theft will seriously impact the bottom line, and soon after the system deployment, casino security directors have been able to go back to their governing councils to show measurable return on investment from their video surveillance system,” said Paul Bodell, IQinVision’s chief marketing officer.
A Step Ahead
Gaming in Oklahoma has become a lucrative, competitive business.
For the security industry, it marked a boom in upgrades as IP video networked cameras came to center stage.
Why all the upgrades now? The Choctaw Nation wanted better equipment and solutions to protect its assets, customers and employees from theft, fraud and unfounded insurance claims.
Better video surveillance meant better protection.
“We were interested in securing the best technology possible to accomplish our goals and to allow for future growth and expansion,” Penz said.
Growth is on the horizon for the Native American gaming community. And protecting its assets in the parking lots, the back of the house and on the casino floor is just as important as protecting their networks from what could be a multimillion dollar breach.
This article originally appeared in the February 2010 issue of Network-Centric Security.