Tuesday, March 21, 2006

As Moore fails...

Gordon Moore became more famous because of his one casual statement, that was taken as a law. That law held good until recently. Moore's law was helpful for many computing companies to predict how fast their software would run after a signficant number of years, assuming that the particular software stands in the industry for that long.

Everything went fine, until one fine day, we found the mortality of Moore's Law. Suddenly all the programmers and processor designers started looking for alternate solutions. Programmers came up with multithreading and designers, with multi-core. Multithreading can be accomplished by running different threads on different processor cores.

Most of the processor design innovations first show up in digital signal processors and that is slowly taken into the building of microprocessors. Multi-core is not an exception. The technology in this field grows at a very fast rate. When we were all thinking that multi-core was cutting edge, "Inside DSP" magazine has reported that MIPS has come with a new DSP processor with a multithreaded licensible core, called MIPS 32 34K.

This has a single core with a built-in hardware support for switching between multiple threads. MIPS makes the rationale behind this multithreaded core with a reasonable claim that most of the time the processor is waiting idle for memory or IO. By switching between threads, the MIPS processor can use the otherwise idle cycles for doing some other useful operation. MIPS has reported that a 360MHz multithreaded processor could run 50% faster than a 400MHz single threaded processor. All these come with a small increase in the size of die.

MIPS 34K actually features five different "Thread Contexts" (TCs). Each TC has it own program counter, and register files. The processor can be tuned to switched between different thread for each and every clock cycle.

MIPS does not stop with that. It is also providing two virtual processing elements (VPEs). These VPEs have features to support OS, like look-aside buffer, etc. Meaning: at a time two operating systems can be run on a same processor. Mostly one will be an OS and the other an RTOS. That is, the same processor will run both Linux and VxWorks at the same time. MIPS also gives option to the system programmers to allocate different priorities between the two OS. Like quarter of the time is used up by Linux and the rest three-quarters are allocated to VxWorks.

But using all these is in the hands of the programmer. Programmers can only take advantage of the 34K’s multithreading capability if they write their code with multithreading in mind. This will add complexity to the software development process.

When Moore's law failed, programmers thought that the programs written so far won't run any faster than it does now. But the situation changed. This made designers think different. Innovation took place and the programmers are asked to think different to adapt to the changing environment. And the programmers did. The net effect is that we have a new system in hand. Now we know why the human race survived and dominated across different hurdles until their origin.

Sunday, March 19, 2006

Power analysis of RFID tags

Power analysis is a type of cryptanalysis, in which the physical implementation of the cryptosystem is attacked instead of exploiting on the established algorithm. Although the designer has implemented a strong encryption algorithm, the computers and the processors in which it is implemented and the microchips leak information about the operation, processed. In power analysis, the power consumption measurements and knowledge about the baseband modulation scheme can be used to find the secrets.

Yossi Oren and Adi Shamir (the same Shamir of RSA) have shown how such an attack can be launched on RFID.

UHF C1G1 RFIDs are generally passive. These high-frequency gadgets get alive when they come to a 3 meter distance from the RFID reader. The reader generates a powerful em-waves and all the tags lying around use this and act like a standing wave generator to empower themselves. They use pulse amplitude modulation in baseband. They have a 128 bits internal tag memory. The usual communication is through 96 bits payload and 8 bit kill password bits. A handheld device can be used to send a properly formatted data for kill password. If all the bits in MSB match, the RFID tag self-destructs without intentionally sending any message to the reader.

This is actually a serious issue and the manufacturers should take care to fix it at the earliest. This problem can be fixed, if a proper attention is given to it, since the power analysis based attacks are age-old and known fixes are available handy for them.

Thursday, March 16, 2006

RFID viruses

Computers and communication devices shrinked down at a very fast rate to the size of RFID and MEMS. RFID is a small computer-in-chip, that can be knitted with many things that we want to track. RFID transponders are usually no power circuits (not always), they are powered by an external reading device, called RFID reader. Usually RFID reader can sense only the RFID within some 50m distance. An RFID reader deciphers the query passed by the RFID transponder, to recoganize its properties. It has many application from tracking trucks to identifying your passport.

Since RFID is a computer, it can also spread virus. RFID attacks have become as common as RFIDs. Most of these attacks are normally fake RFID. That is RFID tags, that are doctored to carefully to send properly formatted, but fake data to the reader. This can result in identification problems, and mislocation problems. The attacks also include sniffing, spoofing, and even denial of service. But so far, all the RFID attacks are classified only in this category. But all these attacks are just admonitions. RFID tags can actually be used to host some serious SQL injection attacks. So the software writers for RFID readers should make appropriate security checks in its middleware to avoid these attacks. A recent whitepaper has actually shown a proof of concept of how an SQL injection can be done using RFID.

This threat is really serious and should be taken care of. Because it is very, very difficult to find and nail the hacker, who exploited the loophole. It is not internet, that you can track her through IP-address or machine address and the attacker would still keep the connection with that device or service provider. So before RFID breaks the digital divide and spreads to everybody, all these issues have to be tackled.

Wednesday, March 15, 2006

Globalization - A game of opportunity

A few days back, I read an article read by Swaminathan Ankleseria Aiyer in Economic Times. It talked about the impact of globalization over the society. This sparked an idea inside my mind. I may be right or wrong, the readers have to decide, and please express your opinion.

The hottest discussion today is whether globalization is a boon or a bane. This discussion runs continuouly everywhere - in b-schools, in parliments, in coffee-shops, and in all the countries where people have right of speech and expression. The biggest fire ball that is thrown on globalization is that it makes rich, richer and poor, poorer.

Is this claim true? Is it true for countries? Yes and no. There are some countries, the economies of which faced a declivity as a result of globalization. But there are also countries like India, China, Brazil which use globalization as a fulcrum for their growth.

Is this claim true for individuals? Again yes and no. For yes, no example is required. It doesn't matter whether globalization is running or great depression is running, most of the unfortunate poor become poorer. People in some African countries have reached the poorest possible condition, that they can't go any further poorer. But the answer is also no. There are a lot of first generation millionaires who came up as a result of globalization. Earlier, the Forbes' richest list usually contained Sultans, and barons who were richest, because their fathers were richer and grandfathers were rich. Now, the situation is different. Bill Gates is the richest according to the recent most list. But he was not born in a rich family. So was the second ranked Warren Buffet - a newspaper boy, who ended up as the most successful investor.

What should we learn from this? All the richest people during the globalization are innovative. They are all experts in their business. They all had killer instinct and some luck during the start of their business, because the other innovators and experts did not become or did not choose to become this successful. But above all these, they all used the oppurtunity, that knocked their door. They all used globalization as an opportunity, and they all came up.

So globalization is neither a boon, nor a bane. Whoever can use it as an opportunity succeeds and whoever misses it, is carried away.

Tuesday, March 14, 2006

Socially engineered basketball game

This is one interesting news, I read today.

It was a kind of crucial NCAA basketball match-up between Univ. of California(Cal) and USC. USC is headed by their All-Pac-10 guard Gabe Pruitt. Interestingly, a few days before this match, Pruitt had a conversation over IM with a girl who claimed that she was Victoria, studying in UCLA. The chat went on so well that Pruitt decided to meet Victoria after the match-up.

Surprizingly to Pruitt, that "Victoria" had many friends in Cal, so she simply shared the entire IM conversation with them. The IM conversation was printed out and seemingly circulated among the audience of this match. The conversation contained, a "lot" of details including Pruitt's digits.

When Pruitt stood in the free throw line, he heard somebody in the crowd shouting something familiar to him - his digits. Crowd started chanting "Victoria, victoria". Pruitt apparently got embaressed. A normal 79% free-throw shooter ended up with 3/13.

This is a perfect example of how social engineering works - a very clever work. Poor USC lost the match. No idea whether the alleged "Victoria" visited the match.

A blogspot for TCE-ECE

Yesterday, I contacted my friend Balaji after a long time. He shared a room with me 5 years back, during the first-year of my college. He was as proactive as he ever was and he suggested me something which should be given a serious thought (comment to my previous mail). The alumini of computer science department of my college have got their own blogspot, in which they share their common views. He questions why I should not start a own for my department (Electronics and Communications). A good idea. No, a very good idea.
First, I have to confess that most of my friends in my department, do not know what blog really is. But it is not a completely abstruce concept and can be thought through a single mail.

One more thing sparked into my mind, after reading that comment. We require seperate sites for CS and EC departments, because our contacts are bound inside our department. We knew people in other departments, but never involved in any intellectual conversations across departments.

Many of the final year projects that come out of our college can be classified as cutting edge (ok.. not so sharp). But so far, there has not been a single project that involved a student from, say EC and one from CS or one from Mechanical. Inside the college, there should be intellectual fusion between various departments. Students of different departments should combine together to do projects.

For instance, EC studies the FFT algorithm for digital filter design. CS studies the same as an example of divide and conquer. But rarely a few in EC knows that FFT is classified as a divide and conquer algorithm. This explains the existing situation.

So you can soon expect a blogspot for TCE-ECE. And after that there will be a fusion between various departments.