Sense of Wonder

An update to a previous post: “The demise of stack based buffer overflow exploits?”

Read the previous post at The demise of stack based buffer overflow exploits?

Transmeta is adding the non-executable(NX) feature to their innovative chips, according to these news releases:

• from NetworkWorldFusion, "Transmeta targets Pentium M users with NX security bit":

  "Upcoming versions of Transmeta’s Efficeon chips will support the NX (No Execute) feature enabled by Microsoft’s upcoming Windows XP Service Pack 2 release, but Intel’s Pentium M processor won’t be ready for NX technology until 2005, representatives from both companies confirmed Monday."

• from ZDNet, "Transmeta to add antivirus feature to chips":

  "Transmeta said it will provide advance versions of Efficeon-based systems with NX support to Microsoft for testing. The NX-equipped Efficeon chips are due for general release later this year."

• Posted at 27-05-2004 07:42 PM

On GSM Security

   Nowadays, the typical example to illustrate the inconveniences of the “security through obscurity” method should be the worrisome insecurities of the GSM standard. Designed in 1989, its different security procedures were given the following names:

• A3: authentication algorithm
• A8: key generation algorithm
• COMP128: authentication algorithm widely used for A3 and A8
• A5/1: "strong" over-the-air voice-privacy algorithm
• A5/2: "weak" over-the-air voice-privacy algorithm
• A5/3: add-on stronger over-the-air voice-privacy algorithm .

   Since the beginning, there were problems: the closed design process, the unpublished descriptions of A5/1, A5/2 and COMP128 and the deliberate weakening of the algorithms were a clear indication of the poor quality of the standard.
   A leaked GSM document specifying COMP128 in 1998 started it all, and a corrected implementation of the algorithm came out: a chosen-challenge attack was announced, requiring physical access to the target SIM, although an over-the-air attack could also be carried out. With the SIM internal key and the intercepted random challenge sent by the base station, the attacker can derive the session key used by A5 and successfully decrypt the voice communications.
   With COMP128 broken, A5/1 was the next target: the first cryptanalysis, "Cryptanalysis of alleged A5 stream cipher" based on partial design appeared. But the publication of “A pedagogical implementation of A5/1”, containing an alleged implementation, allowed the first significant cryptanalysis: "Real-time cryptanalysis of A5/1 on a PC". Later, some other efficient attacks have been published:

• "BDD-based cryptanalysis of keystream generators"
• “Cryptanalysis of the A5/1 GSM stream cipher”
• "Another attack on A5/1"

    Bad publicity pressured to release the stronger cipher A5/3, KASUMI, based on MISTY1, which featured an academic design. A number of attacks have been test on both, without noticeable success:

• “On MISTY1 higher order differential cryptanalysis”
• "Strength of MISTY1 without FL Function for Higher Order Differential Attack"
• "Integral cryptanalysis (extended abstract)"
• "Cryptanalysis of reduced-round MISTY"
• “Improved cryptanalysis of MISTY1”
• "Related key attacks on reduced round KASUMI"
• "On the Strength of KASUMI without FL Functions against Higher Order Differential Attack"
  

   With KASUMI, it would seem that the GSM Association has learned from its mistakes: au contraire!. The second version of COMP128, COMP128-2, is unpublished. And even if KASUMI is secure, the protocols haven’t been fixed: the last attack, "Instant Ciphertext-only cryptanalysis of GSM encrypted communication", requests the secret key under the weak A5/2 to later decrypt voice under KASUMI.
   Some of these attacks have been implemented by the following companies (really expensive products!):

• Scandeas
• PGIS
• Shogi
• Securtelecom
• Accelerated Promotions
• DPL-Surveillance-Equipment

• Posted at 16-03-2004 07:30 PM

Biomimetic robotics

Please click on the images to get more information.

Flowers

Anemone

Fishes

Frog

Snakes

Lamprey

Dolphin

Lemur

Cat

Ape

Human-like robots

   Biomimetic robots sure are fun to build and a good investment to get future funding but we should not really need Nature’s pool of ideas: current animal’s shape is based on all previous evolutionary designs so, although adapted to their environments, they’re not the best possible design. Moreover, there are fundamental differences between animals and these robots:

• energy production/consumption is equally distributed over an animal’s body, but in a robot, the production is localized in a specific position.
• information processing is usually distributed over the robot’s body.
• robots do not fix themselves.
• lack of sensors compared to animals.

   A process of optimal shape design must take into consideration factors such as energy consumption, survivability, degrees of freedom, etc… to calculate the best achievable trade-off.

• Posted at 13-03-2004 07:45 PM

On some artificial enhancements to cognitive capabilities

 There are two main approaches: machines that stimulate the brain and specific pharmaceuticals.

 Since direct electrical stimulation of the brain by electrodes has many drawbacks, including the impossibilities to generate non-localized effects of the stimulation and the difficulties to reach profound parts of the brain, a promising technology could be Transcranial Magnetic Stimulation, a tecnique that is used to map the motor cortex and to suppress concrete functions of the brain. It has been shown that when applied to the front part of the brain it speeds up the ability to solve puzzles that require analogical reasoning.

Cogniceuticals

There are already some memory enhancing drugs. For example, Memantine, used to treat Alzheimer’s Disease, is an antagonist that blocks NMDA signalling, improving memory acquisition in these patients. Obviously, it doesn’t work for normal people; for them, it would be possible to use the trial drug Ampalex, from Cortex Pharmaceuticals, that boosts a neurotransmitter, called glutamate, activating its associate protein, the AMPA receptor, which activates the NMDA receptor. Another drug in test, from Nobel prize Eric Kandel’s Memory Pharmaceuticals, will boost the messenger molecule cyclic-AMP and CREB levels, which strengthen neural connectivity and consolidate memories, respectively.

Provigil/Modafinil: without addictions or the side effects of amphetamines, this drug keeps individuals awake for two days. Although originally developed to treat sleep apnea/hypopnea syndrome, it has recently been approved to treat excessive sleepiness associated with Shift Work Sleep Disorder. Additionally, it has begun to be used by students all over the world.

• Posted at 06-03-2004 01:30 PM