Issue No.08 - August (2007 vol.40)
Published by the IEEE Computer Society
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MC.2007.287
Topics covered include a spherical optical system that captures images from all directions, evasive cyberattacks that affect unsuspecting visitors to infected Web sites, a high-tech mirror that helps shoppers reflect on their purchases, and a technique that creates high-performance storage technology.
Spherical System Captures Images from All Directions
Researchers have built a spherical optical system that can record images from all directions around its location, giving viewers a 360-degree view of the surrounding area.
The Massachusetts Institute of Technology's Research Laboratory of Electronics, along with MIT's Department of Materials Science and Engineering and Department of Electrical Engineering, developed the new technology, known as fiber webs or optoelectronic fiber arrays.
The technology could be used instead of cameras for surveillance systems or to monitor equipment performance or safety, said MIT research scientist Ayman Abouraddy.
It could also produce real-time optical images over large areas such as projection screens or walls, he added.
Because the fiber webs are temperature-sensitive, they could even provide alerts for nuclear reactors and other systems in which excessive heat is a sign of possible problems.
The temperature sensitivity could also help in smart clothing for soldiers, informing troop monitors if a soldier is shot or alerting a soldier to the presence of a sniper using a rifle with laser sights, Abouraddy explained. Blood loss and laser beams generate thermal activity, he noted.
The MIT system is a sphere consisting of 900-micrometer-wide fibers made of polymers and semiconducting, chalcogenide glass. Photons or heat emitted or reflected by objects whose images are being captured strike the fibers. The semiconducting material either absorbs the photons or gets hotter when contacting heat, thereby generating electrical charges that produce a measurable signal, explained Abouraddy.
Metal electrodes extending the length of the fibers deliver the electrical signals to a chip that digitizes them. The system then delivers the signals to a computer, either via a Universal Serial Bus cable or wirelessly via Bluetooth, Abouraddy said.
The computer runs an algorithm that analyzes the signals coming in from all over the sphere and constructs an omnidirectional image. The algorithm combines approaches widely used in medical and astronomical imaging.
Image resolution depends on the number of fibers in the system, noted Abouraddy. Early experimental versions have relatively low resolution, but researchers plan to progressively increase the number of fibers in the system.
Before the technology could be used for clothing-related applications, he said, researchers must shrink the fibers to about 100 micrometers, the size of commercial threads, which could take a few years. However, he noted, the system could be ready sooner for non-clothing-related uses.
Next year, researchers hope to build a prototype of the system using fibers only 200 micrometers wide.
New Attack Works Hard to Avoid Defenses
A new and increasingly popular cyberattack that affects unsuspecting visitors to infected Web sites uses innovative measures that make detection difficult for security products and researchers.
The software for these evasive or antiforensic attacks serves a Web page with malicious code only once to any computer that visits a site infected by the hackers. Upon subsequent visits by the same user, the software serves a harmless Web page.
The software also serves harmless pages to security crawlers that vendors use to find dangerous sites, as well as to visitors from countries where many security researchers are located. This delays discovery and analysis of the malicious code.
These techniques represent another shot in the ongoing arms race between hackers and vendors, noted Marty Lindner, a senior member of the technical staff at the CERT Program, a federally funded Internet-security R&D center.
The hackers' motivation in these attacks is primarily financial, said Lindner. The assaults frequently use keyloggers to capture victims' keystrokes and learn confidential information such as bank and credit card account numbers, user names, and passwords.
Hackers also use the technique to create botnets of infected PCs that they use to remotely launch large-scale spam, phishing, and other attacks, noted Patrik Runald, security response manager for F-Secure Security Labs.
Yuval Ben-Itzhak, chief technology officer for Web-security vendor Finjan, said that his company has found thousands of previously harmless Web sites that hackers have infected and that other companies have found tens of thousands of other compromised sites. "We believe these numbers will continue to grow quickly," he predicted.
Most of the hackers using these attacks are based in Europe and the US, although their exact locations often cannot be traced, he said.
Antiforensic attacks represent a "quantum leap" in technological sophistication for hackers, said Ben-Itzhak. "It changes the entire model that security vendors use to find malicious content," he explained.
Security vendors will have to do more than just use code signatures to recognize and stop malware attacks, Lindner added.
In the antiforensic attacks, hackers use server-side scripting to install malware on a Web page dynamically. The malware then takes advantage of visitors' browser vulnerabilities to infect them with any one of a number of available harmful files, said Ben-Itzhak.
When a user visits an infected site, the attack software records the computer's Internet Protocol address in a database belonging to the hacker and then serves only harmless pages on future visits.
The software also uses Web-traffic-statistics applications to identify IP addresses of search engines' and security vendors' crawlers. Hackers are wary of search-engine crawlers because some engines generate confidence ratings for Web sites or advisories for those that might contain malicious code.
The software saves the crawlers' addresses in the hacker's database to identify when they visit the hacker site. The system then serves a legitimate Web page, according to Ben-Itzhak. This keeps security researchers from learning about the software for as long as possible, he explained.
The software can also block the serving of malicious code to visitors from specific countries, particularly those where many security researchers are based, such as Germany, the UK, and the US, he added.
Technique Creates High-Performance Storage Technology
An international group of physicists has developed a technique using electrical pulses that could boost the capacity, speed, and reliability of computer storage technology.
The scientists use nanosecond pulses of electric current to improve storage performance by pushing magnetic signals along a wire at 110 meters per second to the system's reading and writing components.
The researchers from Germany, Korea, and the US work for facilities such as the Lawrence Berkeley National Laboratory and the University of Hamburg.
Today's hard drives rely on a disk spinning at speeds up to 15,000 revolutions per minute to move data-containing magnetic regions to the reading or writing component.
The new system works within a ferromagnetic, permalloy wire 50 to 100 nanometers long, rather than a disc drive with moving parts. Permalloy consists of 20 percent iron and 80 percent nickel.
The writing component records data by changing the magnetic orientation of an area, known as a domain, on the wire. Magnetic bits' negative and positive orientations represent binary data's ones and zeros.
The system passes short electrical pulses into the wire, exerting a torque on and moving the domain walls—the areas between domains—toward the reading component.
The reading component works by identifying the data bits' magnetic orientation.
Researchers had to use a powerful x-ray microscope to snap images of the system before and after the electrical current passed through to determine whether and how well the process worked, said Peter Fischer, staff scientist at the Lawrence Berkeley National Laboratory, who is working on the storage project.
The new system can work faster and store data more densely and thus offer more capacity than hard drives. In addition, it has no moving parts and, therefore, could be more stable, durable, and reliable.
Fischer said the new technology could be used in any device that currently works with hard drives or solid-state storage and might begin to appear commercially in about five years.
Whether and when this storage system can be successful in the marketplace depends on its cost and whether manufacturing it for commercial purposes will be practical, said analyst Jim Porter, president of Disk/Trend, a disk-drive market research firm.
One potential barrier is that longer pulses can cause domain walls to stick on crystalline imperfections that sometimes exist within the permalloy wires.