Artificial Intelligence Development

News

Strong software protection needed for mobile devices

The massive adoption of mobile computing platforms creates the urgent need for secure application execution on such platforms. Unfortunately, today's mobile platforms do not support strong security solutions equivalent to smartcards in set-top boxes or to dongles to reliably control licensing terms. Furthermore, many of these mobile devices are shared for professional and private applications, and are thus intrinsically hard to control and secure.

Michael Zunke, chief technology officer of SafeNet's Software Monetization Business Unit states that "Security is ever more essential as an enabler for the sustainable innovation of mobile applications and services. Security solutions based on custom hardware security components like dongles and smart cards are not a natural fit for these mobile environments. The industry therefore needs a comprehensive security framework in which software protection is the key ingredient."

According to Brecht Wyseur, NAGRA's security architect, the big challenge in the next years will be to increase the security level of software solutions to allow for both cost effective deployment and long-term renewability, either stand-alone or in combination with a hardware root of trust.

Hence, more research is needed to come up with a solution that is strong enough to be a viable solution for an increasing number of applications in which privacy and security are essential. The ASPIRE project will create the ASPIRE software security framework which will develop, combine and integrate five different types of software protection techniques into one easy to use framework. It will deliver comprehensive, effective security metrics and a decision support system to assist the software developer.

"The integrated tool chain will allow service providers to automatically protect the assets in their mobile applications with the best local and network-based protection techniques," notes Bjorn De Sutter, coordinator of the project, adding that "ASPIRE will make mobile software more trustworthy by leveraging the available network connection and by developing a layered security approach of strong protections. We will also make it measurable by developing practical, validated attack and protection models and practical metrics."

Story Source:

The above story is based on materials provided by Ghent University. Note: Materials may be edited for content and length.

 

Critical vulnerabilities in TLS implementation for Java

In January and April 2014, Oracle has released critical Java software security updates. They resolve, amongst others, three vulnerabilities discovered by researchers from the Horst Görtz Institute for IT Security at the Ruhr-Universität Bochum. These vulnerabilities affect the "Java Secure Socket Extension" (JSSE), a software library implementing the "Transport Layer Security" protocol (TLS). TLS is used to encrypt sensitive information transferred between browsers and web servers, such as passwords and credit card data, for example.

Similar to Heartbleed

Recently, the Heartbleed vulnerability of OpenSSL, the most important TLS implementation, has hit the headlines. Like OpenSSL, JSSE is an open source TLS implementation, maintained by Oracle. The researchers discovered three weaknesses in the JSSE library, two of which could be used to completely break the security of TLS encryption. Following the "responsible disclosure" paradigm, the team of Prof Dr Jörg Schwenk privately informed Oracle about these vulnerabilities prior to public announcement. The researchers recommend to install Oracle's software updates for applications using JSSE as soon as possible.

How to break TLS in JSSE

JSSE was found vulnerable to so-called "Bleichenbacher attacks." First, the researchers intercepted an encrypted communication between a client (e.g. a web browser) and a server. Then, they sent a few thousands requests to the server; by examining the responses of the server they could compute the secret session key. This session key can be used to decrypt all data exchanged between client and server. The first vulnerability was based on critical information that the TLS server transmitted via error messages. The second one was based on different response times of the JSSE server. Bleichenbacher attacks are complex cryptographic attacks, also referred to as adaptive chosen-ciphertext attacks.

April patch from Oracle solves another problem

The April patch provided by Oracle also fixes another cryptographic algorithm (PKCS#1 v2.1, aka RSA-OAEP), which was vulnerable to a different adaptive chosen-ciphertext attack. This algorithm is not used in TLS, but in other security-critical applications, such as Web Services, for instance.

Story Source:

The above story is based on materials provided by Ruhr-Universitaet-Bochum. Note: Materials may be edited for content and length.

 

Equipped with new sensors, Morpheus preps to tackle landing on its own

A test flight later this week will challenge a set of sensors to map out a 65-yard square of boulder-sized hazards and pick out a safe place to land.

Mounted to an uncrewed prototype lander called Morpheus that flies autonomously several hundred feet above the ground, the sensor system will have 10 seconds to do its work: six seconds really, as it will take four seconds to map the area before choosing a landing site.

The sensor system is a 400-pound set of computers and three instruments called ALHAT, short for Autonomous Landing and Hazard Avoidance Technology.

If it works Thursday and in a pair of later flights, the sensor package and a host of technologies introduced by the lander may find themselves instrumental in the success of future missions to other worlds -- perhaps propelling a descent stage on a spacecraft landing people on Mars.

That's a big dream for the two small projects called Morpheus and ALHAT. Morpheus is the lander -- a 10-foot-diameter, 2,400-pound four-legged metal frame holding four spheres of propellant that feed into a single, 5,300-pound-thrust engine. They were developed in the Advanced Exploration Systems Division of the agency's Human Exploration and Operations Mission Directorate. The branch pioneers new approaches for rapidly developing prototype systems, demonstrating key capabilities and validating operational concepts for future human missions beyond Earth's orbit.

The good news for the team of about 45 engineers who have been working on the combined projects for years is that the sensor set did just what it was supposed to during an earlier free flight, so it should do just as well during Thursday's flight over a landing field at the Shuttle Landing Facility at NASA's Kennedy Space Center in Florida.

"I generally don't sleep much the night before a flight," said Jon Olansen, project manager for Morpheus, which is based at NASA's Johnson Space Center in Houston. "But the team has really done a fantastic job of trying to tease out potential issues and mitigate them. I have tremendous faith in the team."

Just as during a spaceflight, the lander controls itself once it's launched.

"The only thing we do in the control center is push the go button and watch the data," Olansen said.

Morpheus is filled with innovations, including an engine that burns methane mixed with oxygen, which has also, for the first time, been coupled with smaller roll control jets using the same propellants. Methane is considered an earth-friendly fuel and its importance in spaceflight is that it can be stored in space without boiling off like hydrogen. It's also a chemical that has been seen by robot scouts surveying the moon and Mars.

"We know these technologies have a place in the future of spaceflight," Olansen said.

Bolted to different parts of the lander, the suite of sensors surveys the target landing area, identifies safe landing sites, and then uses three methods to tell the lander where it needs to go to avoid rocks or slopes or other hazards.

"We've been working a long time, eight years, to prove we can do autonomous, precision landing and hazard avoidance and guidance," said Chirold Epp, project manager for ALHAT. "We really need to show the world that everything we've been advertising for eight years works."

The technological advancements have come with the work of a team that comprises people from seven NASA field centers.

"The opportunity to take people from seven different centers and get them to work together on what is a relatively small project really is phenomenal," Olansen said.

Thursday's free flight is an open-loop test, which means Morpheus' own flight computer will fly the lander above 800 feet before heading several hundred feet away to the landing field and landing softly on a predetermined pad. While this is happening, the ALHAT system will employ its flash Lidar system, a laser altimeter and a Doppler velocimeter -- think of it as a super-accurate speedometer for spacecraft -- to scan the field and pick out the best place to land.

The benefit of the hazard avoidance system is that it gives spacecraft far more flexibility to land accurately and to land on worlds that are not as well-studied as Mars and the moon. The ALHAT team is shooting for a system that can land within 10 feet of a given spot, a big improvement on the current best of about 270 feet.

The precision isn't academic -- it could be the difference between setting down on a stable plateau or tipping over into a ravine.

A successful flight Thursday will clear the way for the next important step in this development: closed-loop flights that turn over control of the lander to the ALHAT system, letting it tell the lander where it needs to park.

"We've done airplane tests, helicopter tests, but this is the first time we've been in this environment," Epp said. "Free flight 10 gave us tremendous information. Some things didn't work quite right and other things worked quite well. Everything worked to some degree. So we go back and we fix it and we test it again."

"We've already achieved an awful lot with this project," Olansen said. "We just need to wrap up well and get the closed-loop flights accomplished."

Story Source:

The above story is based on materials provided by NASA. The original article was written by Steven Siceloff, NASA's Kennedy Space Center, Fla.. Note: Materials may be edited for content and length.

   

Cyber buddy is better than 'no buddy'

A Michigan State University researcher is looking to give exercise enthusiasts the extra nudge they need during a workout, and her latest research shows that a cyber buddy can help.

The study, which appears in the Games for Health Journal, is the first to indicate that although a human partner is still a better motivator during exercise, a software-generated partner also can be effective.

"We wanted to demonstrate that something that isn't real can still motivate people to give greater effort while exercising than if they had to do it by themselves," said Deborah Feltz, a University Distinguished Professor in MSU's kinesiology department who led the study with co-investigator Brian Winn, associate professor in MSU's College of Communication Arts and Sciences.

The implications from the research also could open the door for software and video game companies to create cyber buddy programs based on sport psychology.

"Unlike many of the current game designs out there, these results could allow developers to create exercise platforms that incorporate team or partner dynamics that are based on science," said Feltz.

Using "CyBud-X," an exercise game specifically developed for Feltz's research, 120 college-aged participants were given five different isometric plank exercises to do with one of three same-sex partner choices.

Along with a human partner option, two software-generated buddies were used -- one representing what looked to be a nearly human partner and another that looked animated. The participant and partner image were then projected onto a screen via a web camera while exercising.

The results showed that a significant motivational gain was observed in all partner conditions.

"Even though participants paired with a human partner held their planks, on average, one minute and 20 seconds longer than those with no partner, those paired with one of the software-generated buddies still held out, on average, 33 seconds longer," said Feltz.

Much of Feltz's research in this area has focused on the Köhler Motivation Effect, a phenomenon that explains why people, who may not be adept exercisers themselves, perform better with a moderately better partner or team as opposed to working out alone.

Her findings give credence that programs such as "CyBud-X" can make a difference in the way people perform.

"We know that people tend to show more effort during exercise when there are other partners involved because their performance hinges on how the entire team does," she said. "The fact that a nonhuman partner can have a similar effect is encouraging."

Story Source:

The above story is based on materials provided by Michigan State University. Note: Materials may be edited for content and length.

 

Jacket works like a mobile phone

A fire is raging in a large building and the fire leader is sending a message to all firefighters at the scene. But they don't need a mobile phone -- they simply check their jacket sleeves and read the message there. Communication is essential during the chaos generated by a fire, earthquake or similar crisis. A standard mobile phone is of only limited help in such circumstances. It is a difficult, if not impossible, task for rescue personnel to operate small mobile phones for reading and sending messages. There has to be a better way.

A common ICT platform

For this reason, ICT researchers at SINTEF have been working for some time on the idea of developing a physical user interface to social media. A year ago they developed a jacket together with students from NTNU. Wires and sensors were installed into the jacket, together with battery-driven circuitry controlling sensors and speakers fitted into one of the pockets. Instead of a phone screen, a display was sewn into the jacket sleeve showing a line of rolling text. A person receiving a message feels a small vibration in his or her collar.

"Making the connection to Facebook was just one example," says Thomas Vilarinho at SINTEF. "The jacket is now all set to be integrated with a variety of social media platforms," he says. When the Norwegian researchers started their involvement in the EU project SOCIETIES, their focus was on finding out how social media and technology could be used to facilitate collaboration between groups. Foreign researchers taking part in the project have been looking into how to promote collaboration among students on campus or among employees in a company. The Norwegians have been researching into how the idea will work for rescue teams in crisis situations.

"Our aim has always been to create a platform on which we can integrate all social media services such as LinkedIn, Facebook and Twitter. This has now been completed," says Vilarinho.

Communication within a group

Rescue operations are often carried out by large teams of professionals drawn from different organisations. "Our starting point is that these teams must maintain high levels of coordination and communication among themselves while a rescue operation is in progress," says Vilarinho. "In conversations with Red Cross, police and fire service personnel in Ireland, they have always emphasised how vital it is to keep information within the team in question. They are very careful about what information they distribute outside the team," he says. For this reason, the researchers have now developed a so-called "peer-to-peer" system and have transferred the service from Facebook to a private, closed, network.

The new Wi-Fi Direct system has been designed for persons in a group operating within the same area, between 20 and 50 metres apart, and in situations where they are not dependant on a mobile network in order to communicate with each other. This is a major advantage because mobile networks are commonly adversely affected during natural disasters and other crisis situations.

The need to respond

A team leader can thus send information from his or her mobile or PC to other members of the team. However, it is still not possible for one jacket to communicate with another. Nor can the receiver of a message respond to the sender.

The Norwegian researchers have carried out assessments and talked to a variety of users both in Norway and abroad. They have demonstrated the jacket technology to focus groups consisting of 4 to 5 persons in the Irish fire service, and to civil defence personnel in both Ireland and India. The jacket was also demonstrated at the EU's ICT Event in Vilnius in 2013, during which visitors had a chance to try it out. "Event participants got the chance to play around with the equipment," says Vilarinho. "And afterwards we discussed issues such as the useful benefits, ease of use and any changes they might suggest. A major and obvious wish has been to enable team members to acknowledge that a message has been understood, and to send messages back to the leader," says Vilarinho. The project is headed by TSSG in Waterford in Ireland and will be wound up next month. Norwegian researchers are hoping to be able to continue the work.

Story Source:

The above story is based on materials provided by SINTEF. Note: Materials may be edited for content and length.

   

Page 6 of 28

Our Partners