Tech Talk iconTech Talk

A photo of a transmitter, a receiver, and the backscatter sensor built by the University of Washington.

Low-Power Devices Use Backscatter to Transmit Data Several Kilometers

As the Internet of Things grows, sensors and other devices must collect and transmit data while consuming as little power as possible. One way to do this is to take advantage of backscatter by having IoT devices reflect radiofrequency signals transmitted to them. Tuned properly, these waves can deliver information over short distances.

A team from the University of Washington, with the Internet of Things in mind, has expanded the range of backscatter to several kilometers. Last week, the group presented research at Ubicomp 2017.  They showed that small sensors, transmitting signals using a special modulation technique, can backscatter data over greater distances than ever before.

Read More
An illustration shows a pile of credit reports stacked at the bottom of a box

After Equifax, What Will Credit or Identity Monitoring Really Do For You?

On the heels of the major security breach at Equifax, millions of Americans are considering signing up for identity and credit monitoring. Equifax is even offering its own version, called TrustedID Premier, for free to all U.S. consumers for a year.

Free credit and identity monitoring has become the salve that companies and government agencies dole out to consumers in the days after a security breach. When personnel records at the U.S. Office of Personnel Management were compromised in 2015, the government pledged three years of free identity monitoring to those affected.

But there hasn’t been much research to into whether these solutions are actually helpful, or if there are meaningful differences between the 60 or so companies that sell them. Little is known about the methods and algorithms that each company uses to search for stolen information on the dark web, for example, which makes it hard to compare them.

Read More
Cover of book called Life 3.0

Interview: Max Tegmark on Superintelligent AI, Cosmic Apocalypse, and Life 3.0

Ask Max Tegmark why people should read his new book and get involved in the discussion about artificial intelligence, and you get a weighty answer. Forget about book sales, this is about cosmic destiny: The fate of the universe may well be determined by the decisions made “here on our little planet during our lifetime,” he says.  

In his book, Life 3.0: Being Human in the Age of Artificial Intelligence, Tegmark first explains how today’s AI research will likely lead to the creation of a superintelligent AI, then goes further to explore the possible futures that could result from this creation. It’s not all doom and gloom. But in his worst case scenario, humanity goes extinct and is replaced with AI that has plenty of intelligence, but no consciousness. If all the wonders of the cosmos carry on without a conscious mind to appreciate them, the universe will be rendered a meaningless “waste of space,” Tegmark argues. 

Tegmark, an MIT physics professor, has emerged as a leading advocate for research on AI safety. His thoughtful book builds on the work of Nick Bostrom, who famously freaked out Elon Musk with his book Superintelligence, which described in meticulous detail how a supercharged AI could lead to humanity’s destruction.

Read More
A screenshot shows a website operated by a U.S. state where citizens can log on and register to vote.

Voter Registration Websites for 35 States are Vulnerable to Voter ID Theft

To hack a U.S. election, the bad guys don’t necessarily need to do anything on election day. They could just tamper with voter registration rolls of likely supporters of an opposition candidate during the weeks and months before the election. That was the finding of a new report that studied how alarmingly simple and inexpensive it could be to unleash a campaign of what its authors call “voter identity theft.”

The good news is that the one known possible case (the California Republican 2016 presidential primary in the town of Riverside) inspired a statewide response. California took steps to protect itself against voter ID theft, and indeed, the state did not see any evidence of such activity in the general election last November.

Read More
An image of the seven-quibit quantum computer that IBM researchers used to simulate complex chemical molecules.

Tiny Quantum Computer Simulates Complex Molecules

Someday, engineers will build large quantum computers that can solve currently impossible science problems, crack unbreakable encryption, and make artificial intelligence smarter. In the meantime, companies building quantum computers are trying to figure out how to use the small ones they expect to build in the coming years.

Decades of theoretical work suggest that quantum computers—perhaps even relatively small ones—will someday be able to solve important problems in chemistry that are intractable on existing computers. But before they can take on big challenges like understanding photosynthesis and improving catalysts for making renewable fuels, researchers have begun simulating small molecules and atoms. And so far, they haven’t gone far beyond what a math-savvy chemist can do with a pen and paper.

This week in the journal Nature, researchers at IBM describe using a small quantum computer to simulate more complex molecules. The IBM team used six of the quantum bits (qubits) on a seven-qubit system to push into the second row of the periodic table, simulating molecules as large as beryllium hydride (BeH2). What’s significant, says Jerry Chow, manager of experimental computing at IBM research, is how they did it: by developing more sophisticated algorithms that could carry out the simulations on a small, noisy quantum computer.

Read More
In front of several brownstone buildings, an equipment-laden man holds a gray instrument shaped like a spade.

The Bandwidth Defender

It’s midday in Crown Heights, Brooklyn, and Kevin Argentieri is walking around a residential neighborhood brandishing a large gray arrow, like a medieval knight would wield a sword.

First, Argentieri stands in the middle of a sidewalk and holds the arrow out in front of him. Then, he rotates it and waves it down a street. Next, he points it directly at a house. All the while, he glances down to monitor live readings from a boxy console strapped to his chest.

The whole set-up looks rather bizarre, and somewhat suspicious in a city that constantly reminds its residents: “See something? Say something.” Curious passersby frequently ask if he’s searching for gold or looking for ghosts.

What he’s actually doing, he tells them, is trying to improve their cell phone reception. Argentieri works for P3, a company that performs radio-frequency interference hunting for nationwide carriers including Verizon, AT&T, T-Mobile, and Sprint. The device he’s waving around is a portable spectrum analyzer, a machine that helps him home in on sources of interference.

Read More
A golden circle on a black background has the letters "qb" at its center. The letters are surrounded by the symbol of an atom.

qBitcoin: A Way of Making Bitcoin Quantum-Computer Proof?

A new quantum cryptography-based Bitcoin standard has been proposed that could harden the popular cryptocurrency against the advent of full-fledged quantum computers. Bitcoin as it now exists involves traditional public key cryptography and thus could conceivably be hacked by a future quantum computer strong enough to break it. However, quantum cryptography, which is based not on difficult math problems but the fundamental laws of physics, is expected to be strong enough to withstand even quantum computer-powered attacks.

The proposal, dubbed “qBitcoin,” posits transmission of quantum cryptographic keys between a remitter and a receiver of the eponomous named cryptocurrency, qBitcoin. The system would use provably secure protocols such as the BB84 quantum key distribution scheme.

Read More
Illustration: Northeastern University/Nature Communications

Tiny Membrane-Based Antennas

New membrane-based antennas could be nearly 100 times smaller than the most compact current antennas, a new study finds.

These antennas could find use in portable wireless communications systems, including wearable electronics, smartphones, bio-implantable antennas, bio-injectable antennas, bio-ingestible antennas, and the Internet of Things, researchers say.

State-of-the-art compact antennas are designed to resonate at specific wavelengths. But their miniaturization is limited to roughly one-tenth of their resonant wavelengths.

The new antennas developed by researchers at Northeastern University and their collaborators can now be shrunk to sizes as small as one-thousandth of the wavelength they aim to receive and transmit—without any degradation in performance. The researchers detailed their findings online today in the journal Nature Communications.

Read More
Machine learning is being used to produce more accurate maps of the moon's surface.

AI in Space

If a distant comet is on course to collide with Earth, scientists will be able to detect it only about a year in advance. That doesn’t leave much time to prepare.

Artificial intelligence researchers believe they have the key to providing astronomers more foresight: machine learning algorithms that can more quickly identify and cluster the debris that comets leave in their wake. By speeding up analysis of meteor showers, researchers hope to pinpoint the orbits of distant, but potentially dangerous, comets. This project is one of five being explored as part of an artificial intelligence pilot research program sponsored by NASA.

Last Thursday at an event at Intel, participants in the NASA Frontier Development Laboratory research accelerators presented results showing how artificial intelligence can speed up space science. The lab, part of an effort by NASA to test the machine learning waters, is run by the SETI Institute; engineers at private companies including Intel, IBM, NVIDIA, and Lockheed Martin, among others, helped support the projects.

Companies such as Facebook and Google use machine learning to predict people’s buying habits and tag photos, but so far it hasn’t been widely applied to basic science problems, says Bill Diamond, CEO of the SETI Institute. Through Frontier Development Laboratory, which just finished its second year, NASA is exploring the possibilities. The lab sponsors small groups of computer and planetary science researchers to work on important problems in space science for two months each summer.

NASA scientists in the audience were excited, but skeptical, about the results from the comet detection project. Long-period comets, whose orbits take them far beyond Jupiter, are too distant to observe directly. What we can see is the evidence they leave in their wake. One type of clue is a meteor shower, which happens when Earth moves through debris left by a comet. Researchers on the comet project developed an image-classifying algorithm to more rapidly distinguish meteors from passing clouds, fireflies, and airplanes (a task that’s usually done by people) and then cluster these individual observations over time. In so doing, they were able to draw attention to a group of previously unidentified meteor showers. These showers, the group believes, may be evidence of previously undetected long-period comets.

The neural network, which the group put together and tested over the course of two months, agreed with human classifications of meteors about 90 percent of the time. In the pilot project, the group analyzed about one million meteors.

Some NASA reviewers in the audience wanted to see more evidence that the meteors detected by the neural network were not noise; others wanted more evidence that the meteors were actually from comets, not asteroids or other sources. Project scientist Marcelo de Cicco, an astronomer at the Brazilian National Metrology Institute, said there are many next steps to take. “We want to learn from what we can see, and look into these predicted orbits, because right now we have nothing,” he said.

Other projects had more to go on. One group used Intel’s deep-learning accelerator, called Nervana, to improve the resolution of maps of the moon. This team also used a neural net to classify images—crater or no crater? Their results agreed with human image classification about 98 percent of the time, about five times the accuracy of previous image analysis systems. The group’s aim is to provide recon so that future lunar rovers don’t fall into unmapped craters while looking for water at the moon’s poles. The poles are highly shaded, so it’s difficult to distinguish crater from shadow.

Two teams working on forecasting solar flares—magnetic pulses that can cause problems with the power grid, GPS, and other systems—had support from IBM and Lockheed Martin. One group’s algorithm, called FlareNET, outperformed NOAA’s existing system for predicting solar flares. “I don’t know who’s got the job of telling NOAA about this,” quipped Frontier Development Lab director James Parr.

“The projects show how AI can crunch the workflow, and do a few months of work in a few hours,” says Parr. Scientists in the room were excited about the prospects for continuing these projects beyond the pilot stage—and for putting the detection and forecasting systems into practice. However, neither Diamond nor Parr could comment on whether NASA will take up and expand on any of the projects before next summer’s session.

A photo illustration shows two hands resting on a keyboard of a laptop computer with the words "turtle box super liquor" written on the screen as one example of a password.

Q&A: NIST's Paul Grassi on What Makes a Strong Password

Let’s all agree that passwords are one of the worst parts about being online. They’re hard to remember and annoying to recover. Once you come up with a good one, it expires immediately. If you’re like many people, you just gave up and now use the same password for every site, or write them all down somewhere. 

In June, the U.S. National Institute of Standards and Technology updated its Digital Identity Guidelines with best practices for how federal agencies should identify users on websites and handle personal data. The guidelines include new recommendations about passwords that could finally resolve some of these common frustrations.

In the past, the agency had said it’s best to select a mix of uppercase and lowercase letters, numbers, and special characters. Those bizarre combinations soon became the norm across government agencies and the tech industry. Now, NIST says agencies should allow users to come up with much longer passwords—at least 64 characters in length—without requiring any special characters.

This would allow users to choose a string of easy-to-remember words with spaces in between—such as “turtle box super liquor”—instead of something like X30UnMx$#. NIST also says users should be able to keep a password forever, with no expiration date.  

Paul Grassi, senior standards and technology advisor for NIST and the author of the new guidelines, explains the agency’s new thinking about the problem of passwords.

This interview has been edited and condensed for clarity.

IEEE Spectrum: How are the Digital Identity Guidelines meant to be used?

Paul Grassi: They’re specifically designed to only be for federal agencies, specifically civilian and non-national security, targeted only at our federal stakeholders. That said, we expect and hope the private sector will actually deliver the solutions these guidelines discuss, so we very much have the private sector in mind.

IEEE Spectrum: How did you figure out what the newest guidelines should say about password security?

Paul Grassi: We make sure we evaluate [our guidelines] on a regular basis to make sure they’re current and not lagging behind threats in the market. This one was a long time coming for a lot of reasons. We had an RFI process, asking the private and public sector what they thought was missing, and then we basically opened up an open-source version of the document on GitHub where we were collaborating amongst ourselves and anybody who wanted to contribute. We certainly learned a lot about what modern research was telling us about some of the flaws in the guidelines.

IEEE Spectrum: Can you explain the concept of password entropy?

Paul Grassi: A password’s entropy means how difficult it is to guess, how random it is, and what would be the length of time for a brute force attack to be able to break it. The longer the password, typically the more entropy there is, which is why we’ve changed our guidelines to allow for longer passwords that are easier to remember rather than shorter passwords that are easy to forget.

IEEE Spectrum: You emphasize usability in the new guidelines. Why is it important to think about usability of passwords?  

Paul Grassi: I’m of the mindset that poor usability tends to create workarounds that are insecure. We’ve seen it across the board. In the case of passwords, humans are really bad at randomizing passwords. Where a highly randomized one can reach high entropy, non-randomized ones do not. Users were substituting special characters that look like regular characters, an @ sign instead of an “a.” What we were hoping were truly random, difficult passwords were actually not because of those workarounds.

IEEE Spectrum: What else did you learn from new research about passwords and incorporate into these guidelines?  

Paul Grassi: The other update about passwords is—don’t expire them. Expiration isn’t a motivator to create a brand new password, it’s motivation to shift one character so you can remember the password. If you’re like me, and most people are, they’re following some keyboard progression they know, with moving one character up and one down. So all those workarounds created insecure passwords.

IEEE Spectrum: So if I want to keep a password for the rest of my life, I should be able to do that?

Paul Grassi: Absolutely. If your password hasn’t been breached, then why would you change it? If a password file has been broken by a bad guy and you’re going to change it by one digit, they’re going to know that. The expiration date doesn’t make a whole heck of a lot of sense in that paradigm.

In the big scheme of things, passwords are only allowable in our guidelines for low-risk applications. In most cases, multi-factor authentication is required anyway. Your password, if it’s used in a multi-factor scheme, is one piece of the puzzle and the impact of a breach in a single-factor scheme should not be significant because it’s for a low-risk application.

IEEE Spectrum: Do you have suggestions about what users can do to better manage their passwords?

Paul Grassi: The best practice is to have a different password for every site. That’s going to be impossible to remember. So segmentation is helpful—use one password for financial services, use one password for social media. Use one password for email and don’t use it anywhere else, because email is still the recovery method of choice for most sites. We also advocate multi-factor authentication whenever it’s available.

IEEE Spectrum: Aside from passwords, what else do the Digital Identity Guidelines cover?

Paul Grassi: We’ve spent a lot of time writing privacy requirements. We want agencies to absolutely undercollect, not overcollect. We want their default to be, if I need somebody’s age, can I just ask that question, rather than require the user to provide their full date of birth? So privacy is a big focus.

It’s not up to us to require specific architecture, but we certainly encourage [agencies] to federate. Identity is costly and we see cost savings if every agency does not individually identity-proof a user. If it can be done once or twice, and used across the government, that’s a good thing.

IEEE Spectrum: Your guidelines address biometric security. How close are we to living in a world without passwords?

Paul Grassi: Passwords may be there for the foreseeable future. Even though there’s innovation allowing for a passwordless experience, you have to have the technology to be able to do it, and not everybody has it or wants it. This is the tough part. Some folks may just not want to keep up with innovation and we have to have a solution that works for them, too. Passwords aren’t going anywhere.

Advertisement

Tech Talk

IEEE Spectrum’s general technology blog, featuring news, analysis, and opinions about engineering, consumer electronics, and technology and society, from the editorial staff and freelance contributors.

Newsletter Sign Up

Sign up for the Tech Alert newsletter and receive ground-breaking technology and science news from IEEE Spectrum every Thursday.

Load More