Monthly Archives: May 2016

Know the secret of security threat to many Internet

images (1)Such a weakness could be used to launch targeted attacks that track users online activity.

Forcibly terminate a communication, hijack a conversation between hosts or degrade the privacy guarantee by anonymity networks such as Tor.

Led by Yue Cao, a computer science graduate student in UCR’s Bourns College of Engineering, the research will be presented on Wednesday (Aug. 10) at the USENIX Security Symposium in Austin, Texas. The project advisor is Zhiyun Qian, an assistant professor of computer science at UCR, whose research focuses on identifying security vulnerabilities to help software companies improve their systems.

While most users don’t interact directly with the Linux operating system, the software runs behind-the -scenes on internet servers, android phones and a range of other devices. To transfer information from one source to another, Linux and other operating systems use the Transmission Control Protocol (TCP) to package and send data, and the Internet Protocol (IP) to ensure the information gets to the correct destination.

For example, when two people communicate by email, TCP assembles their message into a series of data packets — identified by unique sequence numbers — that are transmitted, received, and reassembled into the original message. Those TCP sequence numbers are useful to attackers, but with almost 4 billion possible sequences, it’s essentially impossible to identify the sequence number associated with any particular communication by chance.

The UCR researchers didn’t rely on chance though. Instead, they identified a subtle flaw (in the form of ‘side channels’) in the Linux software that enables attackers to infer the TCP sequence numbers associated with a particular connection with no more information than the IP address of the communicating parties.

This means that given any two arbitrary machines on the internet, a remote blind attacker without being able to eavesdrop on the communication, can track users’ online activity, terminate connections with others and inject false material into their communications. Encrypted connections (e.g., HTTPS) are immune to data injection, but they are still subject to being forcefully terminated by the attacker. The weakness would allow attackers to degrade the privacy of anonymity networks, such as Tor, by forcing the connections to route through certain relays. The attack is fast and reliable, often taking less than a minute and showing a success rate of about 90 percent.

Qian said unlike conventional cyber attacks, users could become victims without doing anything wrong, such as downloading malware or clicking on a link in a phishing email.

“The unique aspect of the attack we demonstrated is the very low requirement to be able to carry it out. Essentially, it can be done easily by anyone in the world where an attack machine is in a network that allows IP spoofing. The only piece of information that is needed is the pair of IP addresses (for victim client and server), which is fairly easy to obtain,” Qian said.

How powerful form of mobile computing

A fully functioning, yet compact and lightweight cloud computing system.

Using 10 low-cost, credit-card-sized computers called Raspberry Pi’s, an old winter jacket, three power banks and a small remote touch screen display, Hasan and Khan developed a wearable system that brings all mobile computing solutions together, creating the ultimate smart device. The cloud jacket could make the design of mobile and wearable devices simple, inexpensive and lightweight by allowing users to tap into the resources of the wearable cloud, instead of relying solely on the capabilities of their mobile hardware.

“Currently if you want to have a smart watch, smartphone, an exercise tracker and smart glasses, you have to buy individual expensive devices that aren’t working together,” Hasan said. “Why not have a computational platform with you that can support many forms of mobile and wearable devices? Then all of these capabilities can become really inexpensive.”

The need for more powerful processors and consumer expectations for high-performance applications have caused the design of wearable and mobile devices to be complex and expensive. Someone who wishes to own a smart watch, smart glasses, a smartphone and a wearable health device would have to spend between $2,000 and $3,000 to purchase such devices. The cloud jacket prototype has roughly 10 gigabytes of RAM, while the average smartphone has only one to three gigabytes. In regard to storage, each Raspberry Pi within the jacket has 32 gigabytes of memory available.

Most wearable and mobile devices are made with processors that are nearly 10 times slower than desktop or laptop processors, limiting the types of applications that can be run on them. With mobile apps’ becoming more complex, newer, more powerful versions of mobile and wearable devices are continuously released in order to keep up with changes in technology, resulting in increased prices.

To make up for resource limitations, many mobile applications are also powered by cloud servers, which require constant communication over the internet. Mobile and wearable device users are required to upload all personal data to remote public clouds or local cloud data centers, without the knowledge of where their personal data is actually being stored.

“Our overall approach is to create a generic atmosphere or platform that users can customize to fit their needs,” Khan said. “The wearable cloud can act as an application platform, so instead of modifying or having to upgrade hardware, this wearable model provides a platform, and developers can build anything on top of it.”

With a wearable cloud, mobile and wearable devices would no longer need complex, powerful processors. By turning them into “dumb terminal devices” or controllers, the wearable cloud would provide the experience of a smart device. By connecting the terminal devices via Bluetooth or Wi-Fi, a user utilizes the devices to request services via a user intuitive display and interactions. The computational task is sent to the wearable private cloud.

Nodes inside the jacket are engaged and compute the task collectively. Upon completion, the displayable result is sent back to the terminal device. The tasks are performed from the privately owned wearable cloud jacket, which also retains most, if not all, personal data.

“Once you have turned everything else into a ‘dumb device,’ the wearable cloud becomes the smart one,” Hasan said. “The application paradigm becomes much more simple and brings everything together. Instead of individual solutions, now you have everything as a composite solution.”

Hasan and Khan’s wearable cloud concept differs from existing “smart clothing” solutions in that they only act as input devices. Current products such as the Levi’s “Smart Jacket” allow a user to make hand gestures on the jacket to answer a phone call or shuffle through a playlist.

The wearable personal cloud concept is not limited to clothing. The system model allows the personal cloud to extend to any item carried on a daily basis, from a jacket to a briefcase, purse or backpack. Hasan and Khan believe this type of technology solution could aid in a variety of ways, from the way first responders communicate and share information during disasters to the way soldiers communicate on the battlefield.

“With seven to 10 people wearing such a cloud together, they create what we call a hyper-cloud, a much more powerful engine,” Hasan said. “The jacket can also act as a micro or picocell tower. All of its capabilities can be shared on a private network with other devices via Wi-Fi or Bluetooth. If a first responder is out in the field and doesn’t have complete information to act on a mission, but someone else does, it can be shared and updated through the cloud in real time.”

Suppose a disaster occurs and first responders are entering a damaged building. They may have blueprints of what the building looked like prior to the incident, but only those inside know what areas are now damaged or where an injured person is located. By pairing the wearable cloud with a device like Google Glass or night vision goggles, anyone with access to the cloud can see whatever the person wearing the cloud is seeing in real time, without the need for platform- or device-specific hardware and software.

Hasan and Khan call this a delegated experience.

“Another potential application area that we are looking into is hospital gowns,” Hasan said. “When a patient comes in, they are connected to monitors to obtain heart rate, blood pressure and other vitals. Whenever a patient has to go to the restroom or needs to be moved around, they have to take everything off or maneuver around with a large pole carrying all of the connected devices. Instead, we are putting sensors inside a vest that can be placed over the hospital gown itself. There will be a small version of the wearable cloud within the vest so that the vest itself can collect information, like a patient’s temperature.”

Know the effect of blue light screens

The use of smartphones and tablet computers during evening hours has previously been associated with sleep disturbances in humans.

The use of blue light emitting devices during evening hours has been shown to interfere with sleep in humans. In a new study from Uppsala University involving 14 young females and males, neuroscientists Christian Benedict and Frida Rångtell sought to investigate the effects of evening reading on a tablet computer on sleep following daytime bright light exposure.

‘Our main finding was that following daytime bright light exposure, evening use of a self-luminous tablet for two hours did not affect sleep in young healthy students’, says Frida Rångtell, first author and PhD student at the Department of Neuroscience at Uppsala University.

‘Our results could suggest that light exposure during the day, e.g. by means of outdoor activities or light interventions in offices, may help combat sleep disturbances associated with evening blue light stimulation. Even if not examined in our study, it must however be kept in mind that utilizing electronic devices for the sake of checking your work e-mails or social network accounts before snoozing may lead to sleep disturbances as a result of emotional arousal’, says senior author Christian Benedict, associate professor at the Department of Neuroscience.

learn more about the computer algorithms

The use of algorithms to filter and present information online is increasingly shaping our everyday experience of the real world.

Associate Professor Michele Willson of Curtin University, Perth, Australia looked at particular examples of computer algorithms and the questions they raise about personal agency, changing world views and our complex relationship with technologies.

Algorithms are central to how information and communication are located, retrieved and presented online, for example in Twitter follow recommendations, Facebook newsfeeds and suggested Google map directions. However, they are not objective instructions but assume certain parameters and values, and are in constant flux, with changes made by both humans and machines.

Embedded in complex amalgams of political, technical, cultural and social interactions, algorithms bring about particular ways of seeing the world, reproduce stereotypes, strengthen world views, restrict choices or open previously unidentified possibilities.

As well as shaping what we see online, algorithms are increasingly telling us what we should be seeing, the study argues. For example, an algorithm that claims to spot beauty and tell you which selfies to delete implies we should trust technology more than ourselves to make aesthetic choices. Such algorithms also carry assumptions that beauty can be defined as universal and timeless, and can be easily reduced to a particular combination of data.

The idea that everything is reducible to data is also beginning to affect the way people perceive their environment and everyday relations. This can be seen in the growing popularity of wearable devices that track aspects of our physical activity and health then analyse and relay them back to us. Such algorithm-driven technologies transform biological items and actions into data — a process that is unquestioned, normalised and invisible.

Professor Willson said: “By delegating everyday practices to technological processes, with the resultant need to break down and reduce complex actions into a series of steps and data decision points, algorithms epitomise and encapsulate a growing tendency towards atomisation and fragmentation that resonates more broadly with an increasing emphasis on singularity, quantification and classification in the everyday.”