Category Archives: Digital Design

Is a Smart Toilet in Your Future?

HAL smart toilet

Is a smart toilet in your future?

When personal computers first appeared to on the market, there weren’t many people asking whether cars would have embedded computers. Today, a luxury sedan has somewhere around 60 embedded computers.  Yes, the Internet of Things is expanding, and that means we’ll be seeing more and more smart devices. Devices like these will also be communicating with each other so that they may work together to bring us more advanced information age benefits.

So, will toilets eventually have embedded processors?   Why change a good thing?  Why add a processor that will need software updates?  Why add electric power to a convenience that can function just fine without electric power?  These are very reasonable questions, and here are 5 possible answers.

1)   A smart toilet can include an automatic flush function.   A flushed toilet is always more presentable that an un-flushed one.  So, having an automatic flush function ensures that toilets are presented in the best possible light.  Self-flushing toilets already exist and can be found in public restrooms.  Assuming this functionality becomes popular in the home, the power needed for other smart functions will be available.

2)   A smart toilet can measure usage patterns.  By measuring how long someone is taking on the toilet, the smart toilet could remind the user to avoid taking too much time.  This could be done with and audible alert or more discretely by sending a text message to the user’s smart phone, reminding the user of the possible health consequences of prolonged toilet use.  To send this information by text messages, the smart toilet would need to identify the user.

3)   A smart toilet can measure a user’s regularity.  Once the smart toilet can identify the user, the smart toilet can also measure the regularity of the user, reporting trends and suggesting possible dietary changes to improve regularity (e.g. drink more fluids, eat more fiber, etc.).  In order to perform this function properly, the smart toilet might also need to communicate with other toilets.

4)   Similarly, a smart toilet could measure urinary frequency.  For male users, this function could be useful for detecting enlargement of the prostate.

5)   A smart toilet can also measure other healthcare information.   When traditional toilets are flushed, useful healthcare information is lost.  With more advanced sensors, a smart toilet can detect abnormal amounts of blood, or biochemical changes in the waste.   This can be helpful in the early detection of cancer.

Of course, there will probably be resistance to the idea of smart toilets. Some, perhaps most, people won’t like the idea of toilets recording their bathroom habits or having access to their healthcare information. Still, there are some practical and, perhaps, life saving benefits to be gained.   Consequently, when Smart Toilets start appearing, the manufacturers will need to assure their customers that these devices are secure and that their personal healthcare information will be kept private.   If buyers are convinced, smart toilets might eventually become more popular than the dumb toilets on the market today, and that’s an enormous market.

A smart toilet that’s already on the market…
http://singularityhub.com/2009/05/12/smart-toilets-doctors-in-your-bathroom/

Video of a smart toilet getting hacked…
http://www.forbes.com/sites/kashmirhill/2013/08/15/heres-what-it-looks-like-when-a-smart-toilet-gets-hacked-video/

Meanderings on Dancing, Dogs, Robotics and Artificial Intelligence

graceful robotics requires AI

Dancing Robots

To see dancing robots…   http://www.youtube.com/watch?v=4t1NWH6G1f0

After watching a dancer express herself so beautifully, conveying sensitivity, emotion and creativity, one can’t help but notice how far robotics has to go.  Sure… the robotic Atlas from Boston Dynamics is amazing, but it will probably be a long time before people will pass on the real thing to watch robots dance for pure aesthetics.  Similarly, when one considers the skill with which Fido can jump into the air and catch a ball, the dog certainly puts the latest robotic marvel in its place.

Still, the idea of graceful robots may not seem that far fetched.   The senses of joint position, position in space, space and time and gravity in humans are impressive, but machines can sense these things.   The skeletal/muscular capabilities of our bodies are also impressive, but, again, machines might generate similar motions.   The big difference is what is happening in the brain.

Imagine that we built a robot in a humanoid form, and that we gave each part a computer.  For example, the head had a computer in it; the left forearm had a computer in it, and so on.  Each of these computers would be responsible for controlling the artificial muscles and monitoring the sensors contained within that body part.    This is possible, and it has already been done.  Naturally, in such a configuration, to achieve coordinated motion of the whole, there would need to be a great deal of communications going on between the various computer/body parts.  This seems like it should be possible, since we can transmit vast amounts of data quite quickly around such a machine using fiber optic technology.   If each computer had capabilities like that of an iPhone, it might make great use of those accelerometers, always knowing which direction is down, knowing where it is and how it is being accelerated.  Add the high capacity communications, and perhaps each body part could know where it is and how it is moving relative to the inertial frame and to the other body parts.

To get to a graceful expression, however, it seems a few things are still needed…

the algorithms that are going to allow all those computers communicate with one another,
the instincts,
the desire,
the ability to set goals,
the ability to learn from mistakes,
the instructor’s training,
the practice,
the self-discipline,
the dream,
the passion,
the inspired music and choreography,
the feelings,
and finally, the encouraging applause from an appreciative audience who sees greatness in the performance.

or, in the case of the dog, a master’s pat on the head and piece of bacon.

Happy New Year!

Creepy yet graceful

Creepy Robot Spider

To see robotic spider move naturally…

http://www.youtube.com/watch?v=HfiHOpv6HtI

Removing Oscillations From The Rising and Falling Edges

Improperly terminated digital transmission lines will result in ringing

A Digital Pulse With Ringing

The test engineer was puzzled.  He thought he had provided the correct commands to the programmable counter, but the results he was getting back from it were all wrong.  To be within the test specifications, he should have been measuring a pulse-width around 500ms.  Instead, he was getting a pulse-width of less than 10 nanoseconds.  His first thought was that there must be a bug in the test script that was sending the commands to the counter.  So, he manually programmed the counter from the front panel of the device.  This didn’t help.  He was still getting those short pulse-widths.  Next he tried manually measuring the pulse-width using a digital storage scope.   “That’s strange” he thought.  It looks like the pulse width is 500 ms.    He adjusted the time scale on the storage scope to 10 nanoseconds per division, and observed the rising edge of the pulse.  There it was.  The pulse was ringing on the rising edge.  Ringing is the process where a signal that is transitioning from a low to a high state or from a high to a low state oscillates back and forth before settling on the final value.  When viewed with an oscilloscope, this signal looks like the step response of a filter that causes oscillations until the oscillations are damped out.  The recently graduated engineer didn’t know what was causing the ringing, since he had not included inductors, capacitors or resistors in the circuit that connected the device under test to the programmable counter.  Still, he figured he could get rid of those oscillations by including a low pass filter before the input to counter.   Another solution that he found easier was to program the counter to ignore any falling edges that occurred within the first 20 nanoseconds of the pulse.  Years later, with a bit more experience, he realized what he had not realized then.  He had failed to include a terminating resistor matching the impedance of his 50 ohm coaxial transmission line.  If he had done this, the reflections that occurred at the point where the impedances were mismatched would have been made insignificant, and programmable counter would have measured 500ms from the beginning.  Many times later when facing problems, the test engineer would think of this and muse “Perhaps the problem is I don’t know what I don’t know.  Now, how do I solve that problem?”

By adding a terminating resistor to the transmission line, the oscillations can be removed.

A Digital Pulse Without Ringing

This schematic shows a terminating resistor at the receiving end of the connection.

Transmission Line Including a Terminating Impedance

Here’s a nice technical discussion on terminating digital lines…

http://www.ni.com/white-paper/3854/en/

Here’s a nice technical discussion on calculating the impedance of a transmission lines…

http://www.allaboutcircuits.com/vol_2/chpt_14/3.html

Copyright 2013 All Rights Reserved NetChime Research LLC

 

 

 

 

The Hacker-Proof Automobile

The Information Security Analyst sat quietly in the audience.  He had driven for hours to hear this presentation, and he could barely believe what he was hearing.  The speaker, the head of a government organization, an organization responsible for protecting his country’s information systems, was downplaying the importance of automotive cyber security, comparing those worried about the situation to “Chicken Little,” running around and complaining that the sky was falling.  “Wow” he thought.  “Does this guy just not understand the situation, or is he pretending that it isn’t a problem for some reason?”    The analyst knew full well there was a problem, because he had read two important papers on the topic.

The first was titled “Comprehensive Experimental Analyses of Automotive Attack Surfaces.”  The second was titled “Experimental Security Analysis of a Modern Automobile.”   These two papers, both written by a team of researchers from the University of California, San Diego and the University of Washington painted a very different picture of automotive cyber security.  Not only did the papers point out that there were vulnerabilities.  The researchers demonstrated exploits against the vulnerabilities.  Three experiments were most notable.   First, they demonstrated that it was possible to hack a vehicle through a music file, which would play fine on a computer or a stereo system, but would deliver software updates to onboard computers called Electronic Control Units (ECUs) when played on a vehicle stereo system.  Next, they demonstrated that it was possible hack a car while the car was in motion, disabling the brakes at 40 miles per hour.  Finally, they demonstrated that multiple cars could be hacked and then commanded to respond to remotely issued commands in unison.  This was done while the cars were geographically separated by a large distance.

The authors left it to the reader to speculate what sort of major cyber-attack might be possible should some gifted hacker, terrorist group or some nation state decide to get very nasty.  The idea of millions of cars simultaneously losing the brakes while driving over 55 mph came to the analyst’s mind.  “Guess that means I’m chicken little” he thought.  “Well, at least I’m not running around claiming the sky is falling.”  Of course, he would do something about it.  He was planning to get another car.  This car would be cyber hardened because it would contain no ECUs.  This car would be a 1966 Corvette.

This car has no computers to hack.

The Hacker-Proof 1966 Corvette Stingray

Two important papers on automotive cyber security…

http://www.autosec.org/pubs/cars-oakland2010.pdf

http://www.autosec.org/pubs/cars-usenixsec2011.pdf

copyright 2013 NetChime Research LLC,  All rights reserved.

Egad… Electromagnetic Interference is Emanating From the Prototype! (Part 1)

The electronics test engineer was the first to enter the lab that morning.   He turned on the radio and thought to himself  “That’s the third time I’ve heard that song today, and it’s so monotonous.”  It was time for a new station.  He turned the tuning knob and soon realized he was scanning the AM band.  “Why do the lab techs always insist on listening to AM stations?”  He switched the radio to the FM band and was soon listening to his favorite golden oldies station.  OK, it was time to get to work.

He applied power to the unit under test and a horrible buzzing sound filled the room.    It was coming from the radio.    He tried other FM stations on the radio.  Each one was accompanied by the buzzing sound.  “Oh…now I understand,” he thought.  The prototype has been generating electromagnetic interference.  That interference has been garbling the music on the FM stations.  The lab techs were probably adapting to this by only listening to the AM stations.

To test his theory, he switched the radio back to the AM band, trying various stations.  Each AM station came through loud and clear.  The electronics test engineer had a problem, because his company would not be able to sell a device that interfered with FM broadcasts.  He knew the prototype would eventually be sent to a special testing lab for an FCC certification.  The electromagnetic compatibility (EMC) test technicians there would also detect the interference.  He hoped he would be able to find the source of the problem and fix it before schedules and budgets were negatively impacted.

To be continued in “Egad… Electronic Interference is Emanating From the Prototype!   (Part 2)”

Egad… Electronic Interference is Emanating From the Prototype! (Part 2)

Continued from “Egad… Electronic Interference is Emanating From the Prototype!   (Part 1)”

He was reminded of his childhood, driving through the desert with his father, listening to music.  They had crossed over a river by driving over (actually by driving through) a truss bridge.  The radio went dead.  “What happened to the music Dad?” he asked.  His father, who had studied electronics in the Navy, said “Well son, this bridge is acting like a Faraday cage.  The metal is shielding us from the radio waves coming from the AM radio station. “

radio wave are shielded by the Faraday cage.

The truss bridge acts like a Faraday cage

“Why can’t the radio waves get through the holes in the cage?” he had asked.

“You can’t see them, but radio waves have a size called a wavelength and a strength called an amplitude.  These radio waves are too big and not strong enough to get very far through the holes.  If we switch to an FM station, we’ll be receiving radio waves with a shorter wavelength.  These wave are small enough to get through the holes, and we’ll hear the music again.”  The old man flipped the AM/FM band selector on the radio to FM, turned the tuning knob and, sure enough, there was music again.

Remembering this, the electronics test engineer realized that a metal lid had been removed from the prototype to replace some read only memory (ROM) components.  He selected the FM setting on the radio, and the buzzing returned. He found the lid, bolted it to the prototype, and the buzzing sound stopped.  There really wasn’t a problem after all.  The necessary shielding was in the design, and it had been removed during the ROM replacement.  The electronic test engineer was thankful for his discovery.  He had one less problem to worry about.   He was also thankful for the nice memory of driving through the desert and being with his father.

Click here to see an interesting presentation on EMC.

Controlling Your Interfaces (Part 1)

It was July 2000 and one could imagine the product manager’s frustration when he learned the news.  A hacker, going by the handle “Kingpin,” had found a vulnerability in the iKey® 1000*.  Furthermore, @Stake, a company associated with Kingpin was planning to go public with this information by publishing a security advisory.  The iKey® 1000 was poised to be a great success, and the last thing the Rainbow Technologies ** product manager needed was to have his information security device branded as “insecure.”

Joe Grand is known for white hat hacking

Joe Grand aka “Kingpin”

Fortunately, there was time to act.  @Stake had given Rainbow a grace period, just enough time to admit that @Stake had found something significant and to promise Rainbow’s customers that some necessary changes would be coming.    So, when @Stake released the advisory, describing the attack in sufficient detail for hackers to reproduce it, they also expressed admiration for Rainbow’s professionalism and responsiveness.

See  http://dl.packetstormsecurity.net/advisories/l0pht/l0pht.00-07-20.ikey

This was a consolation for Rainbow Technologies.  Of course, they would have looked better, if @Stake had not found the vulnerability.

The iKey® 1000 was designed to store passwords and private keys for authentication purposes, thus providing a means for 2 factor authentication.   The first factor (something you have) was the iKey® 1000, and the second factor (something you know) was a user password.  To access the passwords and private keys stored in the device, the user would provide the user password, and the iKey® 1000 would then provide access to the private keys or other passwords stored within it.  There was also a master password that could be used to access all of the iKey® 1000’s stored secrets.

* iKey® is a registered trademark of Safenet.
** In 2004, SafeNet merged with Rainbow Technologies.

To be continued in “Controlling Your Interfaces (Part 2)”

Controlling Your Interfaces (Part 2)

Continued from “Controlling Your Interfaces (Part 1)”

Inside the iKey® 1000 there was a microprocessor and a serial EEPROM.    The EEPROM is where the secrets were stored.  What Kingpin was able to do was find out where an encoded (obfuscated) hash of the master password was stored in the EEPROM.  He could do this because Rainbow had provided a direct interface to the EEPROM.  Rainbow had done this intentionally by making an internally available interface for adding more memory to the iKey® 1000.  Rainbow purposely did not apply a conformal coat this interface, so that the iKey® 1000 could be easily upgraded.

This device had a vulnerability that was found by a hacker.

The Rainbow Technologies iKey(r) 1000

Kingpin was able to access the memory through this interface, figure out the encoding function (and its inverse function).    This meant that anyone understanding the technique could get to the iKey 1000’s secrets without the user or master passwords.

See  http://ebookbrowse.com/safenet-datasheet-ikey-1000-pdf-d106292414

Rainbow could have done many things to make @Stake’s attack more difficult.  For example, Rainbow could have done a better job of controlling the interface to the EEPROM.    One way to do this would have been to encase everything but the USB interface of the PCB in epoxy.

Companies frequently include “back doors,” expansion ports and/or test interfaces in systems for their own purposes.   These interfaces provide potential new avenues for attack.  If you find that you need to include interfaces like these in your company’s products or systems, consider including some controls that will make it difficult for attackers.  Insufficient interface control is a common security problem in information systems.  While, overall, it may be true that the percentage of people with the skills and intent to exploit your interfaces is low, there are still lots of people and organizations with the skills and many of these would be happy to give it a try.   Why make it easy for them?

“FIPS 140 Made Easy” Part 1

The product manager smiled and offered his guest some coffee.  “What we’ve managed to do is build a high performance cryptographic processor with just the right combination of algorithms and other characteristics.   This has uniquely positioned our company for a rapidly growing market.  It turns out that the US government is very interested, and we can seize a significant portion of this opportunity by moving quickly.  The only problem is that the government wants our device to be FIPS certified before they’ll commit to buying any.”  The product manager paused and waited for a response from his guest, an information security engineer who had had experience designing products to meet NIST’s FIPS140-2 requirements.

Getting a FIPS 140 Cert can be challenging

Typical FIPS 140 Certification

His guest suppressed a smile when he heard that getting a FIPS certification was “the only problem.”  He knew from what had been said so far that there were many other problems.  That’s because FIPS 140-2 consists of many requirements, and each one can result in a significant amount of work.   He had been through this scenario twice before, and in both cases, the same big mistake had been made.  The design engineers should have known about the FIPS 140-2 requirements from the beginning.  Now there were bound to be software changes, retesting and additional troubleshooting.  “Do you know what level of certification you need?” he asked.

“We’re thinking level 4.” the product manager replied.  “Do you think that will be a problem?”

“Well… if you haven’t been designing for a level 4 FIPS certification up to this point, it’s highly likely you’re going to need both hardware and software design changes.”

“Do you have any suggestions for me?”

To Be Continued…

“FIPS 140 Made Easy” Part 2

Continued from “FIPS 140 Made Easy” Part 1…

“Do you have any suggestions for me?”

“Sure,

  1. Maybe you only need a level 4 for one of the areas.  For example, let’s say you only need to meet the FIPS 140-2 level 4 physical security requirements.    It’s possible have your device’s physical security certified a level 4, but have an overall certification level of 2.  This might be good enough for the application your customers have in mind, and it will take much less time and money to get the certification.

    Pick your FIPS 140 compliance levels carefully.

    Compliance levels may vary by FIPS 140 section

  2. Consider changing your design so that it has approved and non-approved modes of operation.  Some of your customers may not want a device that obeys all the rules of FIPS 140-2.   You can retain a non-approved mode of operation that will function in a way that will still satisfy those customers.
  3. Make the Finite State Machine description of your device as simple as possible.  That means with as few states and as few ways to move between those states a possible.   These should be a high level finite state machine.  Your device will obviously have many more low level states, but the more states you add to your high level description, the more work you’ll make for yourself and the more work you’ll make for the certifying lab.

    Don't get hung up trying to get your FIPS 140 Finite State Machine fully describe the device operation.

    Make your FIPS 140 Finite State Machine simple

  4. If there is an embedded OS, consider designing your system so that the OS cannot be modified.  If you don’t do this, for level 2 devices and above, you’re going to need to ensure that the operating environment is evaluated to at least Common Criteria Effective Assurance Level 2 (EAL 2).  If the operating environment hasn’t already been evaluated, the addition work necessary will significantly increase your development costs, and will cause significant schedule delays.”

“What about FIPS 140-3?”

To be continued…