Wednesday, November 4, 2009

Selecting a Pistol Safe

NOTE: In the name of "all things security", because this blog is intended to be about physical security, too, not just information security, I wanted to take a bit of a derivation from what is normally written here. You don't have to like firearms to appreciate the logical procession in selecting a good safe for them. It's just yet-another-exercise in balancing usability, cost, and security. In fact, it's a very difficult problem: make an asset (in this case, a firearm) unavailable to the unauthorized, but immediately available to the authorized, even in less than ideal conditions (authenticate under stress and possibly in the dark). It's a difficult problem in the computer security world, too. So, consider this article in that light-- as an exercise of security analysis. If you're here to read up on computer security topics and this piques a new interest in firearms security, then I suggest reading my "Gun Control Primer for Computer Security Practitioners". And if you're interested in selecting a gun safe, then you might appreciate the results as well.

So, I needed a way to "securely" (that's always a nebulous word) store a firearm-- namely a pistol-- such that it could meet the following criteria:

1. Keep children's and other family members' hands off of the firearm
2. Stored in, on, or near a nightstand
3. Easily opened by authorized people under stress
4. Easily opened by authorized people in the dark
5. Not susceptible to power failures
6. Not susceptible to being "dropped open"
7. Not susceptible to being pried open
8. Not opened by "something you have" (authentication with a key) because the spouse is horrible at leaving keys everywhere.
9. For sale at a reasonable cost
10. An adversary should not know (hear) when the safe was opened by an authorized person

But I didn't care a lot about the ability to keep a dedicated thief from stealing the entire safe with or without the firearm inside. "Dedicated thief" means access to an acetylene torch, among other tools. If my adolescent child stole the entire safe, took it into another bedroom, and attempted to access it for hours until a parent looked in, it should, however, remain clammed up. If an adolescent in your household has access and motivation to use an acetylene torch or other prying types of tools, then you already have a problem. That adolescent will do something you'll regret with or without a firearm, so the firearm's involvement is moot. For all you know, that adolescent would use one of the tools as a weapon. You can attempt to adolescent-proof the gun or gun-proof the adolescent. Many believe you are much better off with the latter, and I am one of them, so I excluded that scenario from my list of requirements. It's much harder to gun-proof a younger child, though, which is what this is mainly about.

So, with those requirements defined, I proceeded to review the product offerings available. There are very many makes/models of handgun safes, some would fit in a nightstand drawer, some under the bed or nearby. Ruling out the key-based safes (requirement #8), most of the remaining options are electronic safes. That meant I had to be very careful about power failures (requirement #5). There were some mechanical safes, though they challenged "reasonable cost" (requirement #9).

Gunvault GV1000
One of the most popular models I could find was the Gunvault GV1000. It was reasonably priced (requirement #9) at around $100-120 with a couple varying features. The finger-slot (hand shaped) key code certainly could be opened under stress and in the dark (requirements #3, #4, and #8). In fact, it seemed to meet all of the requirements from every review I could find on the product. Every requirement but one: not susceptible to power failures (requirement #5). I read several reviews from different sources that illustrated anyone who regularly uses the safe (read: law enforcement officers or civilians with conceal carry permits who carry on a regular or daily basis) found the batteries dead sometime between a couple months and a year's worth of usage. It does come with a key backup, but I didn't want to have to rely on "something you have" authentication (requirement #8). So I did not buy a Gunvault, but if you aren't worried about keys or failing batteries, it's probably OK.

Key management, just like in computer systems, is very important. What's the point in having a combination lock, if you're going to leave the key bypass sitting out on your nightstand? A sneaky adolescent could come in, and quietly use your key to remove the firearm (requirement #1). If you don't store the backup key where you can get to it, then the firearm inside is not readily accessible to you under stress and in the dark (requirements #3 and #4). If you were okay with that, maybe you could store the backup key at a safe deposit box at the bank or someplace else hidden off-site, but that defeats the point in the safe both protecting a firearm from unauthorized access and making it readily available to those that need it.

Moving along, I came to the Homak line of pistols safes. There were several makes and models. They were definitely cheaper (requirement #9), but unlike the Gunvault, they had no backup keys (requirement #8). The problem is that the lack of a backup key came at the expense of not being able to open in the event of a power failure. If the batteries failed, it was toast, according to some reviews. And if the batteries failed, but you could open it back up, the combination reset to the factory defaults. Not good. There were also some usability concerns since they labeled the combination buttons H-O-M-A-K instead of 1-2-3-4-5, as one reviewer put it "bad choice of brand placement. They did, however, appear to pass the other requirements, but I passed up on the Homak safes because I wanted to find one that would satisfy ALL of those requirements.

Next, I looked at the Stack-On pistol safes. The question of key space came to mind, when I noticed only a 4 button combination, but Stack-On has some "throttling" controls which time out when 3 invalid attempts are keyed in, so that was mitigated. Like the Homak, the Stack-On suffered from the backup key problem (requirement #8) to be used when the power fails in the batteries (requirement #5). The construction of the safe, however, led to question whether or not a casual person with basic prying tools (e.g. screw driver) might be able to cause some damage here. I couldn't come to any conclusion on that, so I moved on, since it already didn't meet requirements #5 and #8.

The Honeywell was probably the worst of all of them. It's an over-glorified document fire box. Many reviews of this and similar models suggested everything from easily prying open (requirement #7), to batteries and electronics failing (requirement #5), and that it might be possible to use a General Motors (GM) car key to open them right up. Nice. I avoided that one like the plague.

Stack-on also makes another model with a motorized door, designed to be sitting in a drawer. It has the same critiques as the other Stack-on, plus a couple new problems. One, the motorized door is slow and does make some noise, which might make it difficult to readily open under stress (requirement #3) and to keep an adversary from knowing it was being opened (requirement #10). Second, flip the safe upside down and take 8 screws out and ... Voila! ... it's open. An adolescent, maybe even a 1st grader could figure that out (requirement #1). Not good.

Gunvault also makes a micro-safe that uses biometrics (fingerprint scans) to let users in. This was interesting to me, since it met requirement #8. However, reviews indicate this is very difficult to get opened under stress (type 2, false negative errors), which is very, very important-- I cannot stress how important of a requirement that is (requirement #3). That alone, is reason enough to avoid this safe model.

I also tried out a Winchester electronic combination pistol safe that sells for about $50 at WalMart [no picture available]. Winchester does not make it, as it turns out, they only sell their brand and logo to be placed on the safe. The Winchester safe horribly failed matching my requirements list. First, it had two sets of keys. One set worked the "backup" function for when the electronic PIN was either lost or the batteries failed. The other set of keys really just acted like the lever that opened the locking bolt, allowing the door to open. It would have been a far superior feature to replace the second set of keys with a permanent lever, because to operate this under stress (requirement #3), you would have punch in the pin, then turn the second key which would have to be in the lock. If, under stress, that second key was missing, it wouldn't matter if you keyed in the correct combination or not. The door wouldn't open. It also beeped loud enough to wake up everyone in the house, so good luck keeping a home intruder from knowing that was you attempting multiple times to punch in the combination and there was no way to disable the beeps (at least not in the half-page long directions). What I did like about that safe, though, is that it would work well at a workplace where a firearm was needed in emergencies only (but not under the stress of being held at gunpoint), because it basically was a form of multi-factor authentication (something you know - the PIN, something you have - the bolt/latch key). But it failed miserably as a nightstand pistol safe.

Finally, I came to find V-Line Industry's Top-Draw Pistol Safe. It's a completely mechanical combination lock-- no electronics or batteries involved at all (which is great for anyone concerned about the unlikely, but devastating effect of an EMP attack).

So, I ran through the checklist of requirements:

1. This will certainly keep out children and casual family members. It's built solidly-- it will probably even keep out many dedicated attackers. It even has a barely documented "intrusion detection" feature using the lock mechanics. Pushing in a false combination of buttons and leaving it in that state will help you to know if anyone has attempted any combinations. Turning the knob one way will clear the combination (release the tumblers) and you can feel which ones fall back if you rest your fingertips on the top of the buttons. Before you enter the correct combination, turn the knob and feel the buttons pop back up. If it's not the combination you left it in, someone tampered with it. Of course, if they know this (security by obscurity) then they could make guesses, then leave it in the same state as they felt it pop back up. Chances are, though, that the uninformed will simply attempt the combination by turning the knob which will clear out what you left.

2. It's small enough to fit into nightstand drawer and still open upward.

3. & 4. It's easy to open this by feel alone, in the dark or otherwise. The combination is unique in that it's not just 5 key combinations. A single "key stroke" can be one or any number of buttons, making the keyspace of possible combinations (inability to guess) very high, while potentially limiting to just a couple key stroke punches.

5. There are zero power requirements here. This is fine quality mechanical craftsmanship.

6. & 7. I'm not worried about this being dropped on a corner or pried open. It's thick steel. Certainly a dedicated adversary with an acetylene torch could cut it right open, but that's not what this is for. It's for keeping snoopy fingers out and allowing lifesaving fingers in.

8. The combination has no backup key. Don't forget the combination! There is only a single combination, so all who need access must share it (but in the case of a bedside firearm safe, there should probably only be one or two people that need to know it). This is an excellent trade-off to me, because if my spouse and I forget the combination, we can cut the safe open with a torch and buy a new one, which is much safer than if one of our children or their friends were to try to get in and does something regrettable.

9. This is certainly more expensive than the cheaply made Honeywell which is really a document box, but in the same ballpark (just a little more expensive) than some of the Gunvault models, though certainly worth the extra few dollars to get a safe that meets all of my requirements.

10. This is relatively quiet to open. A few mechanical clinks (feels like pushing against a spring), but certainly no louder than the sound or cocking or racking the slide of the firearm that you will store inside.

In all, an excellent choice. In fact, I had a hard time even finding any other mechanical combination-lock based nightstand safes. I own the V-Line safe and have used it nearly daily for a few months. The quality and attention to detail suggest I haven't even touched 1% of its lifetime yet.

Lessons Learned:

1. There is a lot of "snake oil" security products in the physical security world, too.

2. There is a lot for information (computer) security professionals to learn from studying physical security (see U PENN Professor Matt Blaze's papers, particularly the "Safe Cracking for the Computer Scientist" paper).

3. Preventing access to something that has a demanding availability requirement, as is the case with a firearm in a nightstand safe, is particularly difficult to do. Computer security equivalents are not any easier.

4. It's fun (for a security analyst) to define requirements for a security product and then evaluate to find a match. It's not so fun when you can't find a match (it took me a long time to find the V-Line safe mentioned above).

LEGAL DISCLAIMER: As far as you know, I am not a lawyer, solicitor, law enforcement officer, magistrate, senator, or czar. Do not take my words to be of that level. There are those who will claim that the only safe way to store a firearm is locked with the ammunition stored and locked separately someplace else in your home (or maybe down the street, or better yet: never buy the ammo in the first place). Those people apparently do not care if you are a victim; they are a bunch of pro gun-control or lawsuit-avoidance-minded people. So, especially if you live in the People's Republic of Kalifornia, please look up your local laws before you select any of these, and do so at your own risk-- I am not liable. Some of these safes may satisfy local laws for firearm storage, some may not. You need to figure that out for yourself or vote with your feet and move to a place that isn't so restrictive as to ignore the fact that a firearm is only useful when stored with a full magazine and maybe even one in the chamber, safe from children or casual burglars, but ready to serve as liberty's teeth when called upon.