Friday, September 30, 2016

Next in tech?

How does a company like Google stay competitive as its core business of web advertising change?  One possibility is to combine its vast knowledge gained from watching searches for 17 years with AI (artificial intelligence) to create a device that can "do things" rather than simply search.  It began with the ability to answer questions as an extension of search.  The new goal is to consider all the parameters and book the flight you want, i.e. figure it all out.  Or combine with others to schedule a meeting without human intervention.  http://www.nytimes.com/  If you have sold your soul to Google so that it knows everything about you, e.g. through that Android phone you are carrying around, try stretching the abilities of Google Now -- it is impressively capable at successfully responding to spoken questions.

Sunday, September 25, 2016

Secure Software

We have known for a long time that formal verification was possible in small pieces of code — that is, provably correct code (no bugs).  Well, embedded systems tend to have small code.  As a result, DARPA is finding success from a security standpoint in formally verified code.  The scenario is a formally verified helicopter delivery drone that attackers were unable to compromise even after providing exceptional access.  The article is nice because it explains the success and challenges.  It is entirely possible that embedded security such as vehicle security will be formal verification. https://www.wired.com/



Friday, September 23, 2016

Exoskeleton

Here is a different take on an exoskeleton from the Swiss Federal Institute of Technology in Zurich Switzerland: https://www.ethz.ch/  They wrap an exoskeleton around limbs with limited functionality and control them using a patient's own brain.  The example used here wraps the exoskeleton around the back of a hand allowing the hand to do the grasping assisted by the robot.

Wednesday, September 21, 2016

Tera-bit Internet

Nokia claims it will demonstrate tera-bit internet (http://www.zdnet.com/).  That would be 1,000 times faster than Google fiber and 10 times faster (or more) than the current internet backbone.  One thing to note is that the fiber itself isn't changing.  A strand of fiber is basically as pure as possible so the changes come at the ends where you put (and take) signals on the fiber.  In this case, they are tuning multiple wavelengths to be more efficient so they can carry more information.

Scanning + Computing reads ancient burned Biblical scroll

The video in this article (http://gizmodo.com/) describes how scans are processed in software to extract readable text from a piece of charcoal that was once a Biblical scroll.  They first determined the layers that represented the rolled up scroll.  Because the ink was denser than the scroll skin the ink showed up as brighter pixels on the layers revealing characters.

The text was Leviticus -- now the oldest version found.  Leviticus has such gems as "love your neighbor as yourself," but also "don't wear clothing made of two kinds of material" and many other things not to do.  It also has a darker side when it was used to justify slavery.

Monday, September 19, 2016

Hacking a secured iPhone

In the aftermath of the San Bernadino shootings last year the FBI was unable to hack past the security of an iPhone and demanded that Apple break their own security.  A security firm stepped forward and used a hardware attack to circumvent entry.  How did they do it?  Here is a high level description of what security researchers did -- likely similar to what the security firm did: http://www.bbc.com/

The problem is that after too many failed attempts to enter a passcode the phone will permanently shut down.  The challenge is to remove the attempt limit so all possible passcodes can be tried -- the passcode on that phone was only 4 numbers (new phones require 6 which is considerably more guesses).  The trick was to find the memory chip that stored the count and replace it with a new chip with a zeroed count before the limit was reached (much harder to do than it sounds).  It is a laborious process, but it can be done.

Saturday, September 17, 2016

Comparing an iPhone to the "first" supercomputer

I just got an iPhone 7 (switched from Android) so phone computing power is on my mind.

Linpack is a set of linear algebra routines used frequently in scientific computing for decades so it provides a way to compare new computers to very old ones.  

The Cray-1 supercomputer of 1979, sometimes referred to as the "first" supercomputer. It cost $9 million in 1979 dollars ($26 million today), had 1 MegaByte of memory, weighed 5.5 tons, and required 115 KWatts of power.  It ran the linpack benchmark at 3.4 Mflops (million floating point operations per second).  The iPhone 6+ ran linpack at 180 Mflops on similar data -- the phone actually runs faster on larger matrices.  So the iPhone 6 is roughly 60 times faster.  And it fits in your pocket.

The Cray-1 was a milestone for weather prediction because it was the first computer that could do a 24-hour weather prediction in less than 24 hours (only a little less so it still wasn't useful at first).

Wednesday, September 14, 2016

ATM Skimmer

An ATM skimmer is a device that thieves attach to an ATM machine to read ("skim") the magnetic stripe on the ATM card.  Usually they are installed on the outside of the ATM machine and a wary eye can spot them.  A new "periscope" skimmer has been found in the wild that is installed inside the ATM -- it requires the thief to have a key to open the ATM for installation. See http://krebsonsecurity.com/ for details.  What can you do to defend yourself?  The skimmer cannot read the PIN you type in -- that is usually read with a tiny camera.  The defense is simple: use one hand to cover the PIN pad while you enter the PIN with the other hand.  Secondarily, be wary of ATM machines that are not owned by a bank -- try to use bank ATMs built into a wall.

Robots

IEEE regularly posts videos of robots http://spectrum.ieee.org/  I find exoskeletons and prostheses fascinating.  Here is a video of a new leg prothesis from that site: https://www.youtube.com

Monday, September 5, 2016

Teams

Most (all?) of you will work on teams in school and on the job.  What makes an effective team has been a vexing question.  Here is a long, but excellent article http://www.nytimes.com/  Psychological safety is important -- feeling comfortable to express your ideas.  Also, the ability to feel empathy for others is important -- effectively what is called "Emotional IQ".

Wednesday, August 31, 2016

Hardware hack

Most operating systems use a single bit to indicate whether a process is privileged (e.g. admin, root) or not.  If you can flip that bit, you can change a process from unprivileged ('normal') to privileged ('superman') giving you total access to a computer.   An attack named "Rowhammer" will hammer a row of bits in memory causing spillover into a neighboring row and flip bits.  By selectively choosing a row you can flip the "privilege" bit in a neighboring row. Here is a nice article describing Rowhammer and recent variants: https://www.wired.com/

Tuesday, August 30, 2016

Sensing key strokes remotely

Side channel attacks involve using indirect methods to extract data.  In this case, the researchers used perturbations of Wi-Fi signals from hand movement to accurately detect keys being typed -- allowing one to remotely detect typing, e.g. to steal passwords.  Similar attacks exist such as the rhythm of key strokes from key-clicking sounds or screen refreshes from key strokes. A summary can be found here: https://www.schneier.com/

Sunday, August 28, 2016

How a computer adds

Addition is the basis of all arithmetic in a computer.  Subtraction is adding a negative number, multiplication is repeated addition, and division is a combination of the others.  Of course, a computer uses binary numbers (digits 0 and 1 rather than digits 0 through 9).  This video describes how a binary adder circuit can be built using dominoes -- mirroring what actually happens in a computer.  The result is an easy-to-grasp description of computer arithmetic:  https://www.youtube.com/

Thursday, August 18, 2016

Lidar on a chip

Autonomous vehicles use laser range finders (lidar) to map their surroundings, often combined with radar.  Radar units are relatively small and inexpensive with no moving parts, but lidar has tended to be large and expensive (e.g. $70,000) with moving parts (something to break down).  They are the large, rotating objects on autonomous vehicle roofs.  MIT working with DARPA has shrunk lidar to a chip with no moving parts and a projected cost of $10 each -- a massive improvement: http://spectrum.ieee.org/

Friday, August 12, 2016

Spoofing GPS

I am interested in malicious interference in vehicles and a related issue is the spoofing of sensors that are increasing in vehicles.  GPS mapping is common and http://spectrum.ieee.org/ has an article on how to spoof GPS.  The short version is that a signal is broadcast that overrides the true signal -- the hard part is to do it in a way that cannot be easily detected by the GPS receiver.  Doing so involves manipulating the pseudo-random noise code (PNC) that is contained in the true GPS signal whose purpose is to distinguish among the multiple GPS satellites used for positioning.

Quantum cryptographic communication

The word "quantum" gets attached to multiple, very different technologies related to cryptography leading to confusion. The main two to date are the quantum computer (which has the capability to crack the asymmetric cryptography that underpins the internet) and quantum key distribution (which uses quantum characteristics of photons to securely distribute a symmetric, cryptographic key over an optical fiber).  Now we have a third: quantum, cryptographically-secured communication.  Rather than simply sharing a key as in quantum key distribution, here an entangled photon is used a the key so an eavesdropper intercepting the key will disturb the key rendering the communication indecipherable to everyone, especially the eavesdropper. It is not an existing technology, but the target of recent NSF funding: http://www.nsf.gov/ 

Friday, August 5, 2016

ATM hack using new EMV cards

The new credit cards in the US now have the EMV chips that have been common elsewhere.  They make transactions more secure than the old mag-stripe cards which were easier to duplicate.  However, they are not perfect.  In this attack the point-of-sale (POS) terminal has a "shimmer" installed inside it which sits between the credit card and the POS hardware -- the classic "man-in-the-middle" attack. At some distant location is an ATM machine with an "out-of-order" sign on it.  The ATM has a smartphone that the "shimmer" communicates with to share the information that it is snooping while the credit card's EMV chip at the POS terminal is communicating with the banking system.  The "out-of-order" ATM has a device to emulate the EMV's communication as well as mechanical servos to push buttons.  Using the information from the "shimmer" a transaction is approved, the servos push buttons, and ATM throws out cash. The link (http://www.eweek.com/) includes a brief video of a demonstration.

Hotel door locks can be hacked.

It has been known that one brand of hotel lock, Onity, could be easily hacked by plugging into its power port that's on every lock (http://www.computerworld.com/).  At this year's Black Hat an upgraded attack can unlock all the doors in a hotel, including creating a maid's master card.  You scan one card to identify the fields and then brute force the relevant fields (http://www.computerworld.com/).  The solution is old-school: jamb a chair under the door knob or carry a door stop to jamb under the door.

Wednesday, August 3, 2016

How to Hack an Election

There is an interesting article in http://www.bloomberg.com/ on a guy who claims to have hacked a number of Central and South American elections.  Basically it is "dirty tricks" using 21st century technology: accessing opponent's data and communication, setting up rumor campaigns on Twitter, etc.

NIST no longer recommends TFA on SMS

"NIST no longer recommends TFA on SMS" -- lots of acronyms! NIST is the National Institute of Standards and Technology.  TFA is two-factor authentication and SMS is the common way texting is done on a smartphone.  TFA requires a second item when logging in, e.g. for Gmail you enter your name and password which triggers Google to send a text (SMS) which a code that you also enter -- two factors: password and texted code.  In this way, if someone has stolen your password, they will be unable to log in unless they also stole and accessed your phone.  SMS fails in multiple ways.  One is a malware app on the phone.  Another is social engineering (conning) the phone company to yield access to the phone.  I believe that the latter has been more common than the former.  TFA can also be done with an authenticator app on the phone and that is still recommended by NIST.  For example, Google has an authenticator app.

Tuesday, August 2, 2016

Don't change your passwords!

Growing research indicates that mandated, frequent password changes result in passwords that users create an algorithm for.  The end result is a predictable password that is easier to crack.  A nice overview is here: http://arstechnica.com/security/

Thursday, July 21, 2016

Recreating a dead man's finger for a fingerprint reader

Police asked Dr. Jain's PRIP lab in MSU's CSE Department to create a 3-D finger of a dead man so they could access his phone because they believe the phone has clues to who murdered him.  One challenge is that the fingerprint reader has a sensor to detect if the finger is live. http://fusion.net/

Nanosecond

Here is a classic that I came across on the Internet.  I hadn't seen it in a long while: Admiral Grace Hopper explaining a nanosecond: https://www.youtube.com

Wednesday, July 20, 2016

Robotic touch

Computer vision has a long history, especially in CSE at MSU, and it is quite sophisticated, but touch will be needed to advance robotics (nice overview here: http://spectrum.ieee.org/).  As an example, check out this article (http://spectrum.ieee.org/) on the recent Amazon picking challenge where a robot does the current human task of putting items on shelves or selecting from shelves to place in a bin (box).  The winner from Delft does a good job, but is quite slow.  A common way to pick an object is to use suction, but that doesn't work on everything so the Delft robot has a second grasping "hand."  Amazon currently uses a lot of automation (check out the clever Kiva warehouse robots: https://www.youtube.com/), but they still need humans for picking.  Our robotic overloads can't replace that human task. Yet.

Thursday, July 14, 2016

Carbon nanotube circuits

Current (FET) transistors have driven the computer age nearly since its inception. In spite of their death having been predicted many times, they are finally reaching their limits -- physics is a hard limit.  Transistors based on carbon nanotubes have been an elusive potential substitute.  This http://spectrum.ieee.org/ article gives a nice overview of the state of the art and indicates that significant progress is being made.  A small 178 transistor circuit that runs has been demonstrated -- even though small that is non-trivial.  One point confuses me: transistors have two properties, they are a switch and they amplify.  Amplification with carbon nanotubes has been an issue and is not mentioned in the article.  Is is so obviously solved that it need not be mentioned or is this optimistic article ignoring that point?

Defense against car hacking

The CAN bus handles communication among computers on vehicles.  It is a point of vulnerability because by law there is an external OBD connection (so backyard mechanics can work on their cars).  Identifying a malicious device hooked into the CAN is critical for automotive security.  A new technique has been proposed: each device on the CAN has a unique signature in its clock (called clock skew) that can be used to identify devices on the CAN.  Therefore, a new, previously unknown and likely malicious device can be identified. A summary appears here: https://www.wired.com/   This latest technique joins an earlier technique that identified the regular communication patterns of devices on the CAN allowing a new one to be identified (summary https://www.wired.com/)

What is this 5G approved by the FCC?

The FCC just approved 5G super fast cell communication.  It is very different so it will require a huge infrastructure investment and time to roll it out.  Simply: it is a higher frequency communication that requires "line-of-sight" which means lots (lots!) of antennas that will be "in sight" of your phone.  Here is a nice article: http://www.wired.com/

Wednesday, July 13, 2016

Mind control of devices

It sounds like science fiction, but the ability to control devices directly through thought is not unreasonable.  Crude interfaces have been in labs for years.  The basic idea is to record brain waves when a subject thinks certain actions such as moving a finger.  Recognizing those signals can be used as control.  One challenge is that it is relatively easy to train for an individual, but has proven difficult to standardize.  Here is an article about recent advances: http://spectrum.ieee.org/

Monday, July 11, 2016

SmartWatch reveals ATM PIN

One aspect of thinking about security is to consider side channels for attacks.  Here is one where hand movements detected through a smartwatch reveal an ATM password being typed: http://www.binghamton.edu/ (Of course, the defense is simple: type with the other hand.)

Friday, July 8, 2016

Post-quantum cryptography

There are two types of encryption: symmetric uses a fixed key (that must be shared for communication), a common usage is to encrypt your computer or phone; asymmetric constructs a key from a private key and a public key (removing the requirement to share a key) and it the basis for encryption across the Web.  If you can factor large numbers into its primes (e.g. 15 = 3 * 5), you can break asymmetric encryption.  Quantum computers will be able to factor the large numbers that are the basis for asymmetric encryption so encryption on the Web is endangered.  Google has begun experimenting with encryption that will be resistant to an attack using quantum computers.  This is important work: http://www.networkworld.com/

Wednesday, June 29, 2016

AI Top Gun

AI as "Top Gun" defeats Air Force ace in simulator: "The ALPHA artificial intelligence (AI) created by a University of Cincinnati doctoral graduate is a milestone in the use of genetic-fuzzy systems with specific implementation in unmanned combat aerial vehicles (UCAVs) in simulated air-combat missions. ALPHA's programming involved deconstructing the challenges of aerial fighter deployment into sub-decisions consisting of high-level tactics, firing, evasion, and defensiveness. The language-based fuzzy-logic algorithms cover a multitude of variables, and ease the instilling of expert knowledge to the AI; ALPHA's programming also can be generationally improved. The earliest version of ALPHA consistently beat other AI opponents used by the U.S. Air Force Research Laboratory for research purposes. Subsequent matches against a more mature iteration by a human opponent also proved the AI's invincibility, as retired U.S. Air Force Colonel Gene Lee could not defeat ALPHA, and was consistently bested by the program during protracted clashes in a flight simulator." From http://magazine.uc.edu/

Monday, June 27, 2016

Top Ten Tech

"Prediction is difficult, especially about the future" (attributed with some dispute to Niels Bohr).  The World Economic Forum's top ten technologies for the coming year are out (http://www.kurzweilai.net/): nanosensors, next-gen batteries, the blockchain (especially uses beyond BitCoin), 2D materials, autonomous vehicles, organs on chips, new solar cells, open AI, optogenetics, and metabolic engineering.

Monday, June 20, 2016

What is the "deep learning" that was used in the impressive program that defeated a champion Go player? Wired (http://www.wired.com/) article that puts the accomplishment in perspective and provides a high-level description of deep learning (in 6 brief steps).  Placing it in perspective: "Thus, deep learning (and machine learning in general) has proven to be a powerful class of methods in AI, but current machine learning methods require substantial human involvement to formulate a machine learning problem and substantial skill and time to iteratively reformulate the problem until it is solvable by a machine."  (Unfortunately the author dismisses the field of Genetic Algorithms as a failure, and I take exception to that -- GA can do amazing things, but just because it has limitations doesn't make it a failure.)

Wednesday, June 15, 2016

New research from Yale uses sound to amplify light on a silicon chip.  That likely sounds esoteric and meaningless, but the Internet runs on a backbone of optical cables.  When signals get routed they currently convert signals to electricity to determine the routing and convert signals back to light to run on an optical cable.    Logic gates using light have been invented, but with no way to amplify the light they are of little use.  This invention could remove that inefficient conversion to electricity leading to improvements on the backbone of the Internet.  Details are here: http://news.yale.edu/  (There is a way to amplify light in an optical cable using lasers but I don't think that technique works on a chip.  Passive optical amplifiers ref: http://www.fiberopticshare.com/)

Friday, June 10, 2016

Can a computer observe online behavior and spot when someone becomes radicalized?  Researchers at Lancaster U. in the UK think they can.  They looked at 100 million tweets across 100K accounts. The research shows that when users begin either sharing tweets from known pro-ISIS accounts, or using extremist language they quickly display a large change in the language they use, tweeting new words and terms, and indicating a clear shift in online behavior.  http://www.lancaster.ac.uk/

Wednesday, June 8, 2016

Seemingly unrelated information can be usefully mined.  In this case, Microsoft has found that examining search queries allows them to identify pancreatic cancer patients before they even know it themselves! http://www.nytimes.com/  What may not be immediately obvious is that a malicious entity examining search queries may be able to glean information for nefarious purposes.
How does a computer play chess?  This website, http://www.bewitched.com/chess/, shows the moves that the computer is exploring before deciding on its move.  Basically it is trying many moves ahead, putting a score on each move, and choosing the best move.  In general, given two computers playing against each other, the one which can look one move further ahead will win more than it loses (assuming that the scoring system is relatively equal).  Knowledge of chess shows in the scoring algorithm.  Give it a try!

Tuesday, June 7, 2016

Robot-assisted surgery exists and will likely increase. This http://spectrum.ieee.org/ video looks like a compilation of ads, but it is still interesting.  Note that medical software isn't without risks -- see the classic Therac-25 case (https://en.wikipedia.org).

Sunday, June 5, 2016

A VISA ring instead of a card will be tested at the Rio Olympics: http://www.engadget.com/. Unfortunately, technical details are missing from this article except for this comment which does not make one comfortable: "It doesn't exchange as much data as Apple Pay or Android Pay, but it's on par with swiping your card."  Convenience at the expense of security.
Over the years there have been a variety of attacks speculated for malicious hardware including one that manipulates the random number generator to break encryption.  Here is a particularly insidious one because of the tiny change (add a capacitor) and a demonstration of the backdoor that is created.  The paper appears in the IEEE Symposium on Privacy and Security, but this https://www.wired.com/ article provides a brief description.

Thursday, June 2, 2016

Mario Brothers is hard -- in a computational sense.  That is, figuring out the optimal strategy is hard (according to research at MIT).  Better understanding where a game fits in computational theory puts us closer to understanding how computationally hard real life is.  These are questions probed in a computational theory course (such as CSE 460 at MSU).

Wednesday, June 1, 2016

Autonomous vehicles are currently outsourcing their hardware to the same company: Mobileye.  Here is a great article on the underlying hardware: xhttp://wccftech.com/
Apologies for a post related to politics, but this sysadmin view of the Clinton email mess explains it better than any political posting I've seen.  It describes the "entitled executive," a creature that exists in the corporate word.  Hillary fits: http://arstechnica.com/

Tuesday, May 31, 2016

The Fourier Transform is a formula (algorithm) that plays an important role in our digitization of the analog world.  Here is a nice, short article on it: gizmodo.com

Thursday, May 26, 2016

5G, the next generation of cell (mobile) communication, is coming.  Here is a brief article of the 5 Mythons About 5G

Friday, May 20, 2016

How much does phone meta-data reveal about individuals?  That has been the pressing question after Snowden revelations about NSA data collection.  A recent study from Stanford  http://news.stanford.edu/ showed that significant personal information can be gleaned from only meta-data -- supporting those who argue that collecting meta-data is not innocuous.  It is interesting that the title says "surprising", but it wasn't a surprise to many (including me).

Wednesday, May 18, 2016

Online Voting: 30 states offer it, but the Dept. of Homeland Security cyber-division “does not recommend the adoption of online voting for elections at any level of government at this time.”  It is a bad idea for so many reasons. Here is a good article on it.  https://www.washingtonpost.com/  It is ironic that many state legislatures are passing laws that make voting more difficult in the name of preventing voter fraud while leaving this huge backdoor wide open for fraud on a scale that would dwarf any existing fraud by orders of magnitude.

Tuesday, May 10, 2016

NIST has announced that it will begin work on a new asymmetric cryptographic algorithm that is resistant to attack by quantum computers (https://www.schneier.com/).

Much of the Internet is currently secured by asymmetric cryptography (https://support.microsoft.com/).  Quantum computers, currently in their infancy, will eventually be able to break current asymmetric cryptography putting large parts of Internet commerce in jeopardy.

Friday, May 6, 2016

Skimmers scan credit card magnetic strips for account information and are usually accompanied by a pin camera to record the PIN as it is being typed.  To better hide the skimmer they are being inserted into the ATM machine slot.  Krebs reports: http://krebsonsecurity.com/  (Skimmers have also appeared inside gas pumps -- unlike ATMs gas pumps are easy to open.)

Here is a posting about finding a skimmer in Bali.  The details are interesting: https://trustfoundry.net

He found it because he jiggles ATM pieces to test for skimmers and cameras -- they are designed to be easily snapped into place and retrieved.

Takeaway: use your free hand to cover the keyboard as you type in your PIN

Wednesday, May 4, 2016

Bruce Schneier has a excellent article on Credential Stealing as an attack vector -- possibly the most important one.  Sood and my work on how banks are robbed was about credential stealing.  What is credential stealing?  Stealing someone's account and password.  Yup, that is the most common way in. Not zero-days.

Thursday, April 28, 2016

IEEE Spectrum has a nice article on spam and spam detection.  There is a large advertising component from the authors, but, in spite of that, it is excellent.
http://spectrum.ieee.org/