Monday, July 26, 2010

Hackers in Hardware: Will It Happen and Can We Stop It?

Most famous cases involving engineering ethics start with a headline, a crisis, or a tragedy. In such situations, we can take steps to make sure it’s less likely to happen next time only after we figure out what went wrong. But every once in a while, farsighted engineers can actually anticipate a major new problem before it happens and convince people to prevent it without anyone getting hurt. This is obviously the best way to go if we can manage it. The potential problem of hardware hackers is a case in point.

As John Villasenor explains in the current issue of Scientific American, hardware hacking is the planting of a malicious circuit in hardware, typically deep within the incredible complexity of an integrated circuit (microchip). ICs are so complicated nowadays that the design of most of them is comparable to the design of a large building or an oil refinery. Simply because the system is so large and diverse, pieces of the design are farmed out to numerous subcontractors. In such a complex circumstance, a hardware-hacking scenario could come about in the following way.

Suppose some evil person wants all cell phones sold by a given firm to quit working at a certain date in the future. They infiltrate one of the subcontractors that helps to design a critical IC in the new phone models, and slip in a circuit that monitors the time code and suddenly ties up the communication bus in the system once the blow-up date arrives. Since it’s impossible to check for every conceivable situation a phone might experience, the likelihood that this circuit will pass unnoticed into the final design is pretty good. A few weeks before the blow-up date, the criminals in charge of this trickery send a blackmail letter to the company, telling them what will happen and offering them an encrypted key to prevent the disaster—for, say, a billion dollars.

That particular scenario would be enacted by criminals, but political sabotage or terrorism could also inspire such machinations. Villasenor and his fellow researchers claim there are several ways to prevent such attacks.

One, favored by the Pentagon, is a kind of security-clearance check for every organization involved in the chip design. While this may be practical for certain costly military ICs, it doesn’t seem like a plan that will work for commercial designs, where vendors change at the last minute and are spread out all across the globe in a variety of jurisdictions.

A better idea Villasenor mentions is to install inspector or security circuits in every IC to monitor for suspicious behavior that would indicate the presence of a hardware hack. While this will reduce the space and speed available for the IC’s main tasks slightly, the added security appeal of knowing your new IC is protected against hardware hacking might make it worthwhile.

There are two questions in my mind about this whole situation.

First, how real is the threat of hardware hacking? Villasenor says that there have been no significant incidents so far, but of course there might be unknown time bombs out there right now, ticking away. I think one reason this kind of thing hasn’t happened yet is that, unlike viral malware, hardware generally has a paper trail that can be traced back to the place of origin. Being fingered as the guilty party in a hardware-hacking case would mean certain death to a firm, even if they were unaware of what was going on at the time. Nobody would ever want to buy circuits from them again.

Another reason, at least in the case of political terrorism of the Islamofascist variety, is that companies which design ICs are generally not found in places where organizations like the Taliban have significant influence. The extreme contrast between the state of Israel, which has dozens of high-tech firms turning out world-class technology, and the surrounding Arab nations, which have to buy nearly all the technology they have from other countries, is an example of this. So unless terrorists manage to convince individual designers in critical firms to implant hardware hacks, this kind of threat seems unlikely.

The second question is, if manufacturers develop security measures to install that allegedly prevent hardware hacks, will people pay the extra price for them? No matter how small, the security features will adversely impact price and performance, and it then becomes a question of perceived value added. Some customers with heightened concerns about security, for example the military and government, might be more willing to buy such chips than commercial customers such as computer makers. Of course, once a major hardware hack actually caused damage, the feature would sell itself. So you have the perverse situation that the best incentive to buy a hardware-hack-secure IC is to have a major problem occur with hardware hacking.

Unfortunately, that may be what has to happen if hardware-hack prevention is to amount to much more than a few academic papers and articles. Let’s hope the cure arrives well before the disease, at least in this case.

Sources: John Villasenor’s article “The Hacker in Your Hardware” appeared in the August 2010 issue of Scientific American (pp. 82-87).

Monday, July 19, 2010

The Honor of Dirty Fingernails

On a trip we just completed, the van we drove over a thousand miles in six days (a Dodge) suddenly quit outside Wichita Falls, Texas. The minute it happened, I was pretty sure what the problem was. We have replaced the fuel pump three times in six years, and since the last one was replaced about two years ago, I figured it was curtains for this one. I’m pretty sure (though not certain) that the people who designed that fuel pump had college degrees. And I’m also pretty sure that few if any of the people who helped us from that point onward had degrees in engineering, or possibly anything else. But we would have been stuck without their help.

The gentleman driving the tow truck told us he’d been a semi-trailer driver for thirteen years, then switched to towing for the next thirteen. He was the only person at the small gas station he worked for who could drive the tow truck, and so he’d been on call 24 hours a day for the last several years, except for one day off when he got married.

The guy in charge of the repair shop where they towed the van was very proud of the twenty-something young man who actually did the repair, which involved draining out some 30 gallons of gas (we’d just filled it) without setting the place on fire, dropping the tank, getting all the gaskets and clips and screws out and back in the right way, and putting it all back together again so it didn’t leak. The auto technician did nothing that I couldn’t do without some practice, but he did it in about an hour and a half. I would have taken all day and spent most of it on trips to the auto-parts store to get special tools, assuming I didn’t blow up my house first. The manager said he was very proud of that technician after watching him grow from an inexperienced teenager to a seasoned professional over the ten years or so he’d worked there.

Over 60% of Americans 25 and older have not completed even a two-year associate college degree. They are citizens like anyone else, and voters too, but to listen to certain elite groups in this country, you would think that everybody either has to have a college degree or else they represent abject failures of the system if they don’t. Columnist John Derbyshire recently cited several quotations along these lines, such as: “All students should graduate from high school prepared for college and a career—no matter who you are or where you come from.” The speaker was President Obama, and for a politician it is a peculiarly unqualified statement. If he had simply stopped at “All students should graduate from high school,” I’d agree with him there—about fifteen percent of Americans over 25 haven’t even gotten that far. But at the risk of raining on my own parade (I teach engineering in college), I think it is unrealistic to expect or insist that everybody, no matter what their inclinations, abilities, or interests are, should graduate from college ore else become a second-class citizen.

Please don’t misunderstand me. I am not saying that the opportunity to get a college degree should be artificially restricted to a given class, or income level, or sex, or race. Opportunities should be equal for all, but if for good and logical reasons, a given student would like to cease his or her formal schooling after high school and become a great plumber, or auto mechanic, or tow-truck driver, or filmmaker (Steven Spielberg dropped out of college to go into the film business), I would like the economy to provide them with that opportunity, and for society not to look down upon them as some sort of failure simply because of the kind of work they do. Not everybody who drops out of college is another Spielberg, but the point I’m trying to make is that there are many honorable, useful, and even significant jobs out there which do not require a college degree. And that is as it should be.

The natural tendency of our society, unfortunately, is to look up to people who (1) have lots of money, (2) have lots of people working for them, or (3) manipulate symbols instead of real things. Most engineers nowadays are in the third category, but for every engineer with a college degree in most industries, there are two or three folks who build, test, sell, and fix the things that the engineers design. And while increasing numbers of the lower-ranking workers have college degrees, in many cases such degrees are still not necessary, for example in the construction trades.

The engineering-ethics angle here is to respect those whose education is not as advanced as yours, and remember that the thing called “tacit knowledge”—the right way to ease a tank full of gas down out of a car without incinerating yourself or your shop, for example—is real, and sometimes more important for a given task than anything you could learn in college.

Everyone in an honorable occupation—that is, one which isn’t positively evil—makes a useful contribution to society and deserves to be treated as an important, knowledgeable part of the grand system that makes engineering the vital thing it is in modern life. The next time you deal with such a person, don’t belittle their educational attainments. Instead, watch them, find out just how much they can do that you can’t—and learn.

Sources: John Derbyshire’s column, “The Jobs Americans Should Not Have to Do?” appeared at http://article.nationalreview.com/438112/the-jobs-americans-should-not-have-to-do/john-derbyshire. The statistics on the percentage of Americans who are college graduates is from the U. S. Census Bureau website http://www.census.gov/compendia/statab/2010/tables/10s0226.pdf.

Sunday, July 11, 2010

Big Mother Is Watching You On Your Cell Phone

George Orwell made the phrase “Big Brother” famous in his dystopia 1984 when he epitomized the intrusive, spies-everywhere nature of the omnipresent state of the future with the slogan, “Big Brother is watching you.” While pieces of his futuristic novel (published in 1949) have come true over the years—he anticipated television pretty well, for example—even Orwell did not imagine that some day, for a measly five dollars a month, parents could get continuous accurate information on the whereabouts of their children. Hence “Big Mother.”

This is no science-fiction dream. Last month a flyer came in my cell phone bill. Normally I just throw them away, having no use for most of the features of my cell phone anyway, but this one’s headline caught my attention: “See your kids on a satellite map!”

A system that only a few months ago I heard described as “coming soon” by a telecommunications researcher has been rolled out by Sprint, and no doubt many other companies as well. The fact that it has been available for several years shows that researchers and professors can be out of touch about some things too. The technology is fairly simple. You give your children cell phones with a GPS feature, which nowadays is not that complex—if there aren’t single-chip GPS receivers available already, there will be soon. The phone company, upon receipt of your five dollars a month (plus taxes, fees, and surcharges), queries the GPS receiver periodically, takes the coordinates, plots them on a map, and makes it available to the parents.

I suppose this “family locator” (as it is billed) is too new to have inspired much in the way of reactions from the teenage set. Apparently, the feature has been available in some markets since 2006, but in a cursory glance at a web search I turned up only corporate press releases and reviews, generally favorable, by the press. One report makes it clear that the teenager has to consent to the tracking, and even gets a text message letting him or her know that “Big Mother” (my use of the phrase was not original) is watching.

Originally introduced at a cost of $10 monthly, the fact that Sprint is now putting flyers into their bills and advertising it for only $5 a month tells me that the feature may not have created as much demand as the company had hoped. There are at least two big obstacles to its use: the opt-in feature that lets the kid know what’s going on, and the fact that the offspring can always leave their phone at home or at a friend’s house if they want to go somewhere their parents really don’t approve of. And as every network engineer knows, anything that leads people to disassociate themselves from their phones lowers the value of the network, not only to those directly involved, but to everyone else as well. So in that regard, Sprint could be shooting themselves in the foot with this technology, at least among the under-20 set.

Of course, governments have used cell phones for years to track down criminals without their knowledge or consent, and it worked for a while until the bad guys figured out what was going on. But bringing what started out as high-tech Mission-Impossible-style spy technology down to the level of a commercial $5-a-month option for family use is a new twist on the way technical innovations often start out expensively at the government level and percolate down to the consumer, often in a different form.

What some parents would really like, I suspect, is the stealth version of the family locator, but for fear of virtual stalking, Sprint won’t sell it that way. Of course, there may be some enterprising hackers out there who could modify the software somehow, but that gets into what you might call “grayware” and I wouldn’t recommend it.

What effect would this technology have on a teenager who grows up with it? You could view it as just one more accessory to further enable the “helicopter parent” syndrome that supposedly plagues many families today. Moms with nothing better to do can live out their teenage daughter’s lives vicariously by tracking them from house to mall to wherever. “What were you doing on Lover’s Lane from midnight to 2 A. M.?” I wonder, does the family locator have a history function, or do you have to stay up and watch it in real time? Some things are better left unspeculated about.

Well, judging by Sprint’s efforts to promote this thing, it doesn’t appear to be taking America by storm. But if this and similar location-tracking technology become generally accepted, I can see how it could change the work environment for lots of people, from public-safety employees to delivery personnel to anyone who spends time outside the direct physical supervision of their bosses. A company could easily make carrying a tracking-enabled cell phone a condition of employment, much as long-distance trucking companies keep track of their drivers through GPS already. I’m sure this would change the nature of the work environment, but how is another question altogether.

Should personal tracking be regulated? That depends on what people use it for. Clearly it could be abused, which is why commercial versions all notify the trackee of the system’s operation. But even with notification, it seems to me that one more small piece of freedom disappears when a teenager, or anyone else, agrees to be tracked by someone in authority over them. Yes, it’s the business of the authority to supervise, and knowing where someone is can be an important aspect of supervision. But there will be all sorts of subtle changes, and not all of them good, if a person knows, even subconsciously, that some other person knows exactly where they are at all times—or even just has the capability to know. Will it make a difference in the larger scheme of things? As with so many questions I raise in this blog, we will just have to wait and see.

Sources: An article reviewing one of the first offerings of the Sprint family locator was carried by the website of a New York City TV station in 2006 at http://www.ny1.com/?SecID=1000&ArID=58641.

Monday, July 05, 2010

Deepwater Drilling: More Research Needed?

The ongoing Gulf of Mexico oil spill has led many to question the competence of both industry and government in conducting and regulating deepwater oil drilling. The perspective of Tad Patzek, chairman of the University of Texas Petroleum and Geosystems Engineering Department, is worth listening to, if for no other reason that he stands at some remove from both corporations and government institutions. On June 8, he gave prepared testimony before Congress in which he shared his thoughts about the root causes of the Deepwater Horizon oil spill and what should be done to prevent such tragedies in the future.

Prof. Patzek's main point was that complex systems behave in a qualitatively different way from the simpler systems of which they are a part. He used the analogies of a watch and a frog. Given the right tools, you can take a watch apart and reassemble it, and it will work just as well as it ever did. Try the same thing with a frog, and you don't get a live frog back—you get high-school biology lab. Even such an apparently simple thing as a single-celled organism such as an amoeba is a fantastically complex interconnected system of thousands of micro-machines, chemical plants, disposal systems, data storage in the form of DNA, and so on. And just writing down the chemicals involved doesn't begin to explain the complex behavior of a living organism.

According to Prof. Patzek, the highly complex system of an offshore oil rig in deep water has moved beyond the boundary between simple, easily-understood systems (such as the plumbing in your bathroom sink) and complex systems that come up with surprising behavior that the simpler systems don't show. Unfortunately, the design and management structure of deepwater drilling, along with the technologies used, have not kept pace with the increasing complexity needed to drill in deeper waters, which is where a good deal of U. S. oil production has moved since most onshore reserves have already been exploited. Prof. Patzek says that neither the oil industry nor government funding agencies have spent much money in the last few decades on long-term research into these problems of complexity. Federal support for such research has essentially disappeared, while industry research is narrowly restricted to fields that can show an immediate short-term return: namely, exploration techniques and methods of drilling that improve rates of oil and gas recovery. While these are important and necessary, they do not fill out the big picture of what has to happen if the whole system of deepwater exploration is to function smoothly.

There are well-known analysis techniques that deal with the hazards and failure modes of complex systems. These approaches were developed in part by the space industry, where repairs are generally not possible and astronauts' lives are sometimes at stake. They are paper-and-pencil (or rather nowadays, computer-and-spreadsheet) techniques which force the analyst to imagine what will happen if this or that element in the system fails. While we don't know enough about the Deepwater Horizon failure yet to say (and Prof. Patzek calls for a thorough investigation as part of his testimony), it is possible that if these analysis methods had been applied to the system in question, they might have shown there was a problem, and how to avoid it.

But even if they had, the culture of the industry would have to change so that the results of an office worker's analysis would trump the gut feelings of the guys who are getting their fingernails dirty out on the platform in the Gulf. One of the problems that seems to have contributed to the accident is the distributed nature of command and operations. Rather than one integrated operation owned and run by one entity, large offshore oil-drilling operations are a collaboration between an oil company (BP in this case), a rig operator (TransOcean), and numerous smaller contractors, each of which runs his own little domain. While this mode of operation can work well in non-life-critical systems such as motion-picture production, the Deepwater Horizon accident may be the test case that shows this kind of management structure is inadequate either to prevent such an accident, or to deal with it quickly and efficiently once it occurs.

Not surprisingly for a professor of engineering, Prof. Patzek winds up his testimony by proposing a number of specific research projects, including one to develop a large-scale "skimmer" (system for recovering oil from the ocean surface) by converting a conventional oil tanker. None of these plans will probably be implemented in the near term, but the hope is that Congress will recognize that a vital part of our economy has been left to deteriorate in some ways, and research is needed to fix the problems. Direct Federal involvement is not necessarily the only answer, although some increase in the form of better regulation is probably needed, as Prof. Patzek admits. But a longer-term view of R&D investment on the part of oil companies would help a great deal.

One success story in this regard that might serve as an example of what to do can be drawn from the history of the U. S. semiconductor industry in the 1980s. To oversimplify, Japanese firms were eating their lunch in terms of technical advances, so the major U. S. firms got together, funded a large research effort with shared contributions and shared discoveries, and basically grabbed the football back. This required Federal cooperation in terms of allowing what would otherwise be a violation of anti-trust laws, but it was handled well and it worked out with benefits for both the industry and the general public.

Whether the very different culture of the oil business will lend itself to this kind of inter-company co-operation remains to be seen. One problem is that the U. S. no longer has the lead in terms of oil-company size. Our largest (and according to many sources, best-run) company is ExxonMobil, and it is ranked 17th in the world in terms of oil reserves. But these are still well-off outfits capable of putting some percentage of their profits into a common research foundation that could address some of the safety and accident problems that have been so vividly brought to our attention lately. To my mind, it is the least they can do, and the smartest too.

Sources: The July 4, 2010 Austin American-Statesman carried a portion of Prof. Patzek's prepared testimony, which can be found in full at http://alt.coxnewsweb.com/statesman/pdf/07/070410patzek.pdf.