Pulse


Pulse

By GCN Staff


ISO: Tiny, inexpensive counterfeit electronics detector

Used and nonauthentic counterfeit electronic components are widespread throughout the defense supply chain. According to the Defense Advanced Research Projects Agency, over the past two years alone, more than 1 million suspect parts have been associated with known supply-chain compromises.

The problem is pervasive, with both expensive and inexpensive electronic parts being targeted. Counterfeit or otherwise suspect electronic components present a critical risk for the Department of Defense, where a malfunction of a single part could lead to system failures that can put missions at risk. 

A new DARPA program seeks to develop a tool to verify the trustworthiness of a protected electronic component without disrupting or harming the system.

The DARPA Supply Chain Hardware Integrity for Electronics Defense (SHIELD) program seeks proposals to develop a small (100 micron x 100 micron) component, or dielet, that authenticates the provenance of electronics components. Proposed dielets should contain a full encryption engine, sensors to detect tampering and would readily affix to microchips and other components.

“SHIELD demands a tool that costs less than a penny per unit, yet makes counterfeiting too expensive and technically difficult to do,” said Kerry Bernstein, DARPA program manager. “The dielet will be designed to be robust in operation, yet fragile in the face of tampering. What SHIELD is seeking is a very advanced piece of hardware that will offer an on-demand authentication method never before available to the supply chain.”

The dielet will be inserted into the component at the manufacturing site or affixed to existing trusted components, without any alteration of the host component’s design or reliability. There is no electrical connection between the dielet and the host component. Authenticity testing could be done anywhere with a handheld probe or with an automated one for larger volumes. 

Probes need to be close to the dielet for scanning. After a scan, an inexpensive appliance (perhaps a smartphone) uploads a serial number to a central, industry-owned server. The server sends an unencrypted challenge to the dielet, which sends back an encrypted answer and data from passive sensors—like light exposure—that could indicate tampering.

“The Department of Defense puts severe demands on electronics, which is why a trusted supply chain is so important” said Bernstein. “SHIELD is a technology demonstration leveraging the asymmetry of scaling for security. While the program is being funded by DARPA, industry will adapt future implementations to make the technology scalable to the industry and the defense supply chain.”

SHIELD is seeking proposals that would revolutionize electronic authentication with scalability and advanced technology not available today. DARPA will host a Proposers’ Day Workshop in support of the SHIELD program on March 14, 2014.

Posted on Feb 28, 2014 at 11:41 AM0 comments


Facial recognition tech takes on DUI offenders

The crackdown on drunk driving could be moving to the next level with a new alcohol testing system that combines traditional breathalyzers with government-grade facial recognition software.  

The handheld, wireless, portable breath alcohol device incorporates automated facial recognition and GPS with every single test. The technology is being used for long-term, unsupervised alcohol testing of first-time and low-level drunk drivers, according to the announcement by Denver-based Alcohol Monitoring Systems.

A SCRAM Remote Breath uses facial recognition software the company calls Automated Facial Intelligence to digitally map the facial features of the offenders as they take the test to match and compare those features to baseline images stored within the system, ensuring that the person taking the breath test is the offender required to submit to testing.

The technology automatically identifies 90 to 95 percent of the photos captured each day, while the remaining five to 10 percent are flagged by law enforcement for manual review, according to the SCRAM Systems website.

Alcohol Monitoring Systems developed  the SCRAM Continuous Alcohol Monitoring unsupervised test in 2003. The transdermal alcohol testing system involves an ankle bracelet that samples an offender’s sweat every half hour, 24/7 to measure for alcohol consumption.

 It is mainly used for high-risk alcohol offenders however, and SCRAM Remote Breath could provide courts with a less-intensive option for lower level offenders. Alcohol Monitoring Systems believes the new test will increase the number of courts utilizing technology to manage their alcohol offenders. Offenders may move up to Continuous Alcohol Monitoring if they fail a Remote Breath test, or move down to Remote Breath if they demonstrate a prolonged period of sobriety.

Posted on Feb 26, 2014 at 10:26 AM0 comments


NIST presents building blocks for mobile security

NIST's National Cybersecurity Center of Excellence has proposed two new cybersecurity building blocks, one to help organizations develop capabilities for attribute-based access control, and the other to help address enterprise security issues that result from the use of mobile devices to access company resources.

Building blocks are cybersecurity implementations that apply to multiple industry sectors and are expected to be incorporated into many of the center's sector-specific use cases, the agency said in its announcement.

The draft Attribute Based Access Control building block proposes an identity management system that allows multiple enterprises to exchange and validate employee attributes such as title, division, certifications and training. This would allow an organization like a disaster recovery team to grant a visiting doctor access to a range of hospital resources using risk-based policy enforcement.

The technology demoed in this building block will use commercially available technologies and be modular, allowing organizations flexibility in their implementations based on their network infrastructures. Comments should be submitted to abac-nccoe@nist.gov by March 28, 2014.

The draft Mobile Device Security for Enterprises building block proposes a system of commercially available technologies that provide enterprise-class protection for mobile platforms that access corporate resources.

The building block will examine security technologies that can enable enterprise risk management for users to work inside and outside the corporate network using a securely configured mobile device. It will also incorporate a layered approach that allows enterprises to tailor solutions to their business needs. Comments should be submitted to mobile-nccoe@nist.gov by March 28, 2014.

Posted on Feb 26, 2014 at 10:03 AM0 comments


Report finds US citizens unhappy with digital government

Report: Digital Government: Pathways to Delivering Public Services for the Future, from Accenture

Key Points: The United States is ranked sixth in the world in its use of digital government to communicate with and engage citizens. “Digital government” includes offering portals to access public services as well as employing digital channels and social media. Singapore, Norway, the United Arab Emirates, South Korea and Saudi Arabia all ranked above the United States.

Despite investing heavily in digital technologies, the Citizen Satisfaction Survey revealed many segments of the U.S. population feel uncomfortable adopting mobile and cloud technology to interact with government. 

Smart mobile devices are becoming a more universal channel for interacting with government, with U.S. federal agencies launching 140 free applications on iOS and Android platforms in English and Spanish. But 43 percent of U.S. citizens surveyed said they are not interested in using mobile devices in the future to communicate with government departments offering public services.

Although cloud computing offers great potential to securely and efficiently store and share government and citizen data, the United States ranked among the last three countries in citizens’ interest in using it for interacting with their governments. The report suggests citizens may be concerned about data security and privacy: specifically, how enterprise data is safeguarded and shared in third-party environments.  

According to U.S. citizens, the top three priorities for improving future public services are to provide cost-efficient, sustainable services, to deliver a clear and stable long-term vision and to better understand better the priorities of citizens and communities.

The federal government has seen success with IRS e-services. This program provides taxpayers with online services to improve voluntary compliance and reduce tax gaps. Of the 147.6 million tax returns filed in September 2012, 113.8 million (77 percent) were done online.

The IRS2Go smartphone app has been a major reason for the success of the e-service. The app lets citizens request and track their tax returns and account statements. It has helped the IRS avoid issuing $4.2 billion of potentially fraudulent refunds.

Bottom Line: Although the United States is one of the most experienced countries in the development of digital government services, its citizens are neither satisfied nor confident in the government’s ability to deliver public services to meet their future needs. 

Posted on Feb 25, 2014 at 10:19 AM0 comments


AT&T, IBM to help cities build out Internet of Things

AT&T and IBM have joined forces to combine their analytic, cloud and security technologies to leverage big data analysis in the emerging network of machines and other systems known as the Internet of Things.

The new partnership will initially focus on creating applications for city governments and midsize utilities – organizations that intend to analyze vast quantities of data flowing through mass transit vehicles, utility meters and video cameras.

In using their joint technical assets, the companies aim to help city planners evaluate patterns and trends to improve urban planning and help utilities better manage their equipment to reduce costs. The two companies will work together to build solutions at the AT&T M2M Foundry in Plano, Texas, and at IBM Global Solution Centers around the world.

“We share a vision that the ‘Internet of Things’ will help [cities and companies] rely on their remote assets and connected devices to take their business to the next level,” said Chris Hill, senior vice president, AT&T Advanced Solutions.

For example, connected cities tracking service disruptions would be able to better allocate resources. Movements of people can be analyzed to improve traffic management and parking capacity, as well as the location and number of first-responder units. Social media updates could be monitored from citizens reporting bad weather or traffic tie-ups so the city can take best course of action.

“Smarter cities, cars, homes, machines and consumer devices will drive the growth of the Internet of Things along with the infrastructure that goes with them, [advancing] data gathering, predictive analytics and automation,” said Rick Qualman, vice president of strategy and business development for IBM.

The companies bring complementary technical strengths to the partnership, they noted.

AT&T offers its M2M global network and Global Subscriber Identity Module (SIM) to help connect devices to a single global network. These technologies are managed through AT&T’s M2M platforms to securely collect, organize, store and send the data to applications.

IBM brings its Intelligent Operations Center as well as its advanced analytics capabilities and other tools that work IBM’s MobileFirst solutions.  MobileFirst provides management, security and analytics to help organizations  capitalize on the increasing role of mobile devices in the Internet of Things.

According to industry analyst firm IDC, the installed base for the Internet of Things will grow to approximately 212 billion devices by 2020, a number that includes 30 billion connected devices. IDC sees this growth driven largely by intelligent systems that will be installed and collecting data — across both consumer and enterprise applications.

Posted on Feb 24, 2014 at 10:21 AM0 comments