Cover Story Medical Informatics – Perk up Health Care Through Information 7 ISSN 0970-647X | Volume No

50/- `

Technical Trends A Technology Lead Business Model for Pharma 12

Article Multi-Biometrics for Unique Article Identiﬁ cation 27 Cyber Weapons 19 Security Corner CIO Perspective Information Security » Managing Technology » Demystifying Cross-Site Opportunity Qualiﬁ cation 34 Request Forgery (CSRF) 35 www.csi-india.org www.csi-india.org CSI Communications | December 2013 | 1 Invitation Young IT Professional Awards 2013 YITP-2013

Dear Young IT Professionals, • Criticality of IT Usage • Improvement of Customer Service In order to promote the young IT professionals in • Innovation, Return on Investment the quest of innovation in IT, Computer Society of • Quality of Management India (CSI) is conducting the National competition • Impact on Organisation and Society ‘Young IT Professional Awards’ (YITP Awards) for young IT professionals, an event instituted Eligibility: annually by CSI since 1999. The competition Any individual below 35 years of age (on 31st provides them an opportunity to demonstrate their March, 2013) who are either working professionals, knowledge, professional prowess and excellence in entrepreneurs or researchers and has made their profession. signifi cant innovation in the areas of research, academics, IT applications and services to bring The competition is to encourage Researchers, improvement in service, support and training in the IT professionals, Academicians, Consultants, fi eld of Information Technology. Entrepreneurs and IT Practitioners in an Organization, or individuals in service/ support/ Participants can be from CSI Institutional members, training function in the fi eld of Information Business organizations, Research Institutes and Technology. Interns from incubation centers of universities. Only those individual with minimum of 3 years and The objectives of YITP Award are: maximum 12 years of experience can participate in this competition. • To recognize the signifi cant contribution(s) made by a professional in IT profession. A team of maximum 3 members meeting all the • To motivate upcoming professionals and eligibility criteria can be nominated. enhance the prestige of the profession by enabling them to exercise their skills and Nominations should be supported by the competencies in the best possible and organisation to which the applicants are attached. innovative manner. Applications nominated by any CSI Fellow are • To directly or indirectly contribute towards the also eligible. improvement of professional eff ectiveness in diff erent spheres of life. The project which is nominated should be original • To motivate young men and women to and not published prior to the event. imbibe the entrepreneurial spirit and thereby encourage more and more people to venture Awards Comprise of: into entrepreneurship, and Trophy and Certifi cate to winning team/individual • To encourage contribution in boosting and prize as under: the economy of the country through entrepreneurship. Category National Awards Regional YITP award (For each region) Winner Rs 50,000/- Rs 10,000/- Through this Award, innovative and exciting 1st runner up Rs 25,000/- Rs 5,000/- initiatives of Young IT Professionals can be shared Special mention Rs 15,000/- Rs 3,000/- with the CSI members and IT community. Winning a YITP Award will boost morale of IT professionals. The information about the awards, guidelines and application process is available at: This award is instituted both at the national as www.csi-india.org. well as at the regional levels. The winners of the seven regional levels qualify for competing on the You may forward your queries to national level. This award is scheduled at seven [email protected] regions during January-February 2014. The fi nal National round will be held on CSI foundation day Satish Babu, Chairperson, - 6th March,2014 at Ahmedabad. CSI Awards Committee Criteria: Bipin Mehta-, Fellow, CSI, The most outstanding technology project of Convener-YITP Awards any kind, completed during the year 2012/2013 (project duration could be of 2-3 years from the D K Dwivedi, start date) within an organisation will be judged Co-Convener, CSI-YITP Awards for following criteria by the selection committee: CSI Communications Contents

Volume No. 37 • Issue No. 9 • December 2013

Editorial Board Cover Story Multi-Biometrics for Unique Medical Informatics – Perk up 27 Identiﬁ cation Chief Editor Health Care Through Information A P Raju Dr. R M Sonar 7 Mrs. C Sunitha, Mrs. K Vasantha Kokilam, and Mrs. B Meena Preethi Automated Teller Machines: Editors 30 A Business Model Dr. Debasish Jana Electronic Health Records – Wallace Jacob Dr. Achuthsankar Nair 9 An Overview Dr. S Vijayarani Resident Editor Practitioner Workbench Mrs. Jayshree Dhere Programming.Tips() » Technical Trends 32 Fun with ‘C’ Programs – A Technology Lead Business Using Escape Codes 12 Model for Pharma Wallace Jacob Damayanti Bandopadhyay Programming.Learn(“R”) » Published by Telemedicine-The New Era 33 Handling Files in R Executive Secretary 15 of Healthcare Umesh P and Silpa Bhaskaran Mr. Suchit Gogwekar Tadrash Shah and Chintan M Bhatt For Computer Society of India CIO Perspective Research Front Design, Print and Managing Technology » Dispatch by Applications of Zigbee Wireless Frequency for Patient Monitoring System Opportunity Qualiﬁ cation CyberMedia Services Limited 17 34 Krishnakumar Iyer Prof. Krishna Kumar L and Jimy Joy

Security Corner Articles Information Security » Cyber Weapons Manish Kumar, Dr. M Hanumanthappa, 35 Demystifying Cross-Site 19 Dr. T V Suresh Kumar Request Forgery (CSRF) Krishna Chaitanya Telikicherla Research Directions in Social and Harigopal K B Ponnapalli 23 Network Mining with Empirical Study on Opinion Mining Please note: Dr. M S Vijaya and V Pream Sudha CSI Communications is published by Computer Society of India, a non-proﬁ t organization. Views and opinions expressed in the CSI Communications are those of individual authors, contributors and advertisers and they may diff er from policies and offi cial statements of CSI. These should not be construed as legal or professional advice. The CSI, the publisher, the editors and the contributors are not responsible for any decisions taken by readers on the basis of PLUS these views and opinions. Although every care is being taken to ensure Brain Teaser genuineness of the writings in this publication, Dr. Debasish Jana 38 CSI Communications does not attest to the originality of the respective authors’ content. © 2012 CSI. All rights reserved. Ask an Expert Dr. Debasish Jana 39 Instructors are permitted to photocopy isolated articles for non-commercial classroom use Happenings@ICT: ICT News Briefs in November 2013 without fee. For any other copying, reprint or 40 republication, permission must be obtained H R Mohan in writing from the Society. Copying for other than personal use or internal reference, or of CSI Report 44 articles or columns not owned by the Society without explicit permission of the Society or the CSI News 45 copyright owner is strictly prohibited.

Published by Suchit Gogwekar for Computer Society of India at Unit No. 3, 4th Floor, Samruddhi Venture Park, MIDC, Andheri (E), Mumbai-400 093. Tel. : 022-2926 1700 • Fax : 022-2830 2133 • Email : [email protected] Printed at GP Off set Pvt. Ltd., Mumbai 400 059.

CSI Communications | December 2013 | 3 Know Your CSI

Executive Committee (2013-14/15) »

President Vice-President Hon. Secretary Prof. S V Raghavan Mr. H R Mohan Mr. S Ramanathan [email protected] [email protected] [email protected] Hon. Treasurer Immd. Past President Mr. Ranga Rajagopal Mr. Satish Babu [email protected] [email protected]

Nomination Committee (2013-2014) Prof. H R Vishwakarma Dr. Ratan Datta Dr.Anil Kumar Saini

Regional Vice-Presidents Region - I Region - II Region - III Region - IV Mr. R K Vyas Prof. Dipti Prasad Mukherjee Prof. R P Soni Mr. Sanjeev Kumar Delhi, Punjab, Haryana, Himachal Assam, Bihar, West Bengal, Gujarat, Madhya Pradesh, Jharkhand, Chattisgarh, Pradesh, Jammu & Kashmir, North Eastern States Rajasthan and other areas Orissa and other areas in Uttar Pradesh, Uttaranchal and and other areas in in Western India Central & South other areas in Northern India. East & North East India [email protected] Eastern India [email protected] [email protected] [email protected] Region - V Region - VI Region - VII Region - VIII Mr. Raju L kanchibhotla Mr. C G Sahasrabudhe Mr. S P Soman Mr. Pramit Makoday Karnataka and Andhra Pradesh Maharashtra and Goa Tamil Nadu, Pondicherry, International Members [email protected] [email protected] Andaman and Nicobar, [email protected] Kerala, Lakshadweep [email protected]

Division Chairpersons Division-I : Hardware (2013-15) Division-II : Software (2012-14) Division-III : Applications (2013-15) Prof. M N Hoda Dr. T V Gopal Dr. A K Nayak [email protected] [email protected] [email protected] Division-IV : Communications Division-V : Education and Research (2012-14) (2013-15) Mr. Sanjay Mohapatra Dr. Anirban Basu [email protected] [email protected] Important links on CSI website » About CSI http://www.csi-india.org/about-csi Membership Subscription Fees http://www.csi-india.org/fee-structure Structure and Orgnisation http://www.csi-india.org/web/guest/structureandorganisation Membership and Grades http://www.csi-india.org/web/guest/174 Executive Committee http://www.csi-india.org/executive-committee Institutional Membership http://www.csi-india.org/web/guest/institiutional- Nomination Committee http://www.csi-india.org/web/guest/nominations-committee membership Statutory Committees http://www.csi-india.org/web/guest/statutory-committees Become a member http://www.csi-india.org/web/guest/become-a-member Who's Who http://www.csi-india.org/web/guest/who-s-who Upgrading and Renewing Membership http://www.csi-india.org/web/guest/183 CSI Fellows http://www.csi-india.org/web/guest/csi-fellows Download Forms http://www.csi-india.org/web/guest/downloadforms National, Regional & State http://www.csi-india.org/web/guest/104 Membership Eligibility http://www.csi-india.org/web/guest/membership-eligibility Student Coordinators Code of Ethics http://www.csi-india.org/web/guest/code-of-ethics Collaborations http://www.csi-india.org/web/guest/collaborations From the President Desk http://www.csi-india.org/web/guest/president-s-desk Distinguished Speakers http://www.csi-india.org/distinguished-speakers CSI Communications (PDF Version) http://www.csi-india.org/web/guest/csi-communications Divisions http://www.csi-india.org/web/guest/divisions CSI Communications (HTML Version) http://www.csi-india.org/web/guest/csi-communications- Regions http://www.csi-india.org/web/guest/regions1 html-version Chapters http://www.csi-india.org/web/guest/chapters CSI Journal of Computing http://www.csi-india.org/web/guest/journal Policy Guidelines http://www.csi-india.org/web/guest/policy-guidelines CSI eNewsletter http://www.csi-india.org/web/guest/enewsletter Student Branches http://www.csi-india.org/web/guest/student-branches CSIC Chapters SBs News http://www.csi-india.org/csic-chapters-sbs-news Membership Services http://www.csi-india.org/web/guest/membership-service Education Directorate http://www.csi-india.org/web/education-directorate/home Upcoming Events http://www.csi-india.org/web/guest/upcoming-events National Students Coordinator http://www.csi-india.org/web/national-students- Publications http://www.csi-india.org/web/guest/publications coordinators/home Student's Corner http://www.csi-india.org/web/education-directorate/student-s-corner Awards and Honors http://www.csi-india.org/web/guest/251 CSI Awards http://www.csi-india.org/web/guest/csi-awards eGovernance Awards http://www.csi-india.org/web/guest/e-governanceawards CSI Certifi cation http://www.csi-india.org/web/guest/csi-certifi cation IT Excellence Awards http://www.csi-india.org/web/guest/csiitexcellenceawards Upcoming Webinars http://www.csi-india.org/web/guest/upcoming-webinars YITP Awards http://www.csi-india.org/web/guest/csiyitp-awards About Membership http://www.csi-india.org/web/guest/about-membership CSI Service Awards http://www.csi-india.org/web/guest/csi-service-awards Why Join CSI http://www.csi-india.org/why-join-csi Academic Excellence Awards http://www.csi-india.org/web/guest/academic-excellence- Membership Benefi ts http://www.csi-india.org/membership-benefi ts awards BABA Scheme http://www.csi-india.org/membership-schemes-baba-scheme Contact us http://www.csi-india.org/web/guest/contact-us Special Interest Groups http://www.csi-india.org/special-interest-groups Important Contact Details » For queries, correspondence regarding Membership, contact [email protected]

CSI Communications | December 2013 | 4 www.csi-india.org Prof. S V Raghavan President’s Message From : [email protected] Subject : President’s Desk Date : 1st December, 2013

Dear Members The arrangements for our annual convention are in full swing. The team at Vizag is working overtime to make sure that the convention is extremely interesting and memorable. The top management of Vizag Steel Plant are personally involved in making sure that the event is a grand success. Their zeal and enthusiasm is just fantastic. The organizational planning team is lead by the Chairman of Vizag Steel Plant Shri Choudhary and the delivery is lead by their Directors of Finance and Technology, ably supported by General manager (IT), Shri Rajeswara Rao. Of course, the all rounder Shri P. Satyanarayana is doing wonders in gearing up the Vizag chapter for the mega event. The committee of Offi ce Bearers reviewed the arrangements in September this year and is convinced that CSI is about to witness an event to remember. It is my fervent appeal to all Chapter Chairpersons to attend the Annual Convention along with your complete Management Committee and make sure that at least 20 members from your chapter participate in this grand event. It is your event and your participation is a must.

Honorary Secretary is ensuring that all the National Meets are given prominence; for example, the National Council and the General Body - where the Chapter related matters as well as the functionaries in the government and is bringing in an order member related matter are discussed - are given prominent prime that will beneﬁ t the society immensely in the coming years. It time. It is your society and you decide as to where we should go and is my earnest appeal to all Chapter chairs, Division Chairs, and how. Therefore your presence in large numbers is a must. Whatever Regional VPs to ensure accounting compliance as proposed by our ideas you may have, CSI Annual Convention is the place to discuss Honorary Treasurer. Looks like it is becoming the natural next step them together. I will be looking forward to meeting you all. to follow the core banking idea that banks adopted some years ago. Our society will progressively move towards a core-banking Our Vice-President carefully reviewed the program and off ered concept with ﬂ exible local operational freedom coupled with very fruitful suggestions. He underlined the fact that CSI HQ policy framework overlays, as necessary. I am sure the Honorary should take direct responsibility for the entire show and make Secretary and the Honorary Treasurer will be working with you in full use of the extraordinary eff ort put in by the Vizag team. I fully a detailed manner for the next few weeks. Please cooperate in the agree with his observation. We will support CSI Vizag team. interest of your society.

I hope you are all aware that there are two conventions! They I want the members as well as the Division Chairs, SIG Chairs to are the CSI Annual Students’ Convention and the CSI Annual think about the feasibility of consolidating all our activities in the Convention. The CSI Annual Students’ Convention is scheduled form of workshops / tutorials / conferences, etc. in to a certain during 11-12 December 2013 and the main CSI Annual Convention number of “fl agship” events (may be 12 events- monthly) that are is scheduled during 13-15 December 2013. The National Council carefully placed in any calendar-year, well in advance. While doing meet and the General Body will be scheduled during the main so, kindly take in to accounts what impacts the society around convention. Of course, formal notifi cation will reach you through us. Some examples for themes are Architecture and Systems, proper channels. The venue for the main convention is Hotel Software Design and Performance, Cyber Security, Computational Novotel, Vizag. Do visit the website www.csianc2013.csi-vizag.org Science, Applications such as Education, Health and Agriculture, and Economics, practice, and management of ICT deployments The convention theme this year focuses on ICT and Critical in all sectors of economy. May be we can plan one event in Infrastructure. Being Vizag, surrounded by Steel plant, Port, Ship each stream at the R&D level and one event at the operational building, and allied heavy industries, there are enough critical level to serve the membership of our society which is inherently infrastructure around. The speakers’ list, which reads like a “who pluralistic. I expect Design and Innovation in these areas hold the is who” in the areas of Critical Infrastructure protection provides key to technology leadership in the coming years. I am sure the enough justifi cation for any one to be a part of this annual mature membership of CSI understands the diff erence between convention. The organizers have nicely packaged a program for “managers” and “leaders”. Let us exhibit “LEADERSHIP”, that too all of us and provide suffi cient choice of events, lectures, talks, in technology generation and deployment for societal benefi t, presentations, and demonstrations. We can together declare their creating fi nancial value and social value in one stroke. eff orts a Grand Success if we can make sure that at least 1000 participants are there at the convention – including many of our Looking forward to seeing you personally in Vizag. dear members. Prof. S V Raghavan Our Honorary Treasurer has been trying set the house in order so far as the Service Tax is concerned. He along with some of President the key members had several rounds of meeting with important Computer Society of India

CSI Communications | December 2013 | 5 Rajendra M Sonar, Achuthsankar S Nair, Debasish Jana and Jayshree Dhere Editorial Editors

Dear Fellow CSI Members,

We are glad to bring to you a special issue on the theme of Medical Informatics, which brings Information Technology and Healthcare Information Technology receives a humane face together. As the applications of computers started pervading when it delivers value addition to medical fi eld. various areas of concern to mankind in recent times, coming It can range from processing of patient data to together of medical sciences and healthcare has had to happen. computer aided drug discovery. Medical informatics mainly deals with the former and has been around Informatics typically is about issues related to information for a substantial time. and medical informatics therefore deals with issues related to information in the medical parlance. Information Technology one writes about “Automated Teller Machines: A Business receives a humane face when it delivers value addition to medical Model” by Wallace Jacob. fi eld. It can range from processing of patient data to computer aided drug discovery. Medical informatics mainly deals with the Practitioner Workbench column has two sections – Programming. former and has been around for a substantial time. The theme Tips(), which comes with an article on “Fun with 'C' programs articles in this issue give a clear indication of the maturity and – using escape codes” by Wallace Jacob and Programming. prognosis of this fi eld. Learn(“R”), wherein Silpa Bhaskaran and P. Umesh write about how to handle fi les in R. There are two theme related articles in the cover story section. First one is about “Medical Informatics – Perk up Health Care In CIO Perspective, we have an article titled “Opportunity through Information” by C Sunitha, K Vasantha Kokilam and Qualifi cation” by Mr Krishnakumar Iyer, who writes about B Meena Preethi. It explains the term Medical Informatics and qualifying opportunities between Sales and pre-Sales functions by talks about various scientifi c approaches in medical informatics. reaching agreement and by having the same objective of winning Second theme article in the cover story section is about “Electronic in the marketplace. The article provides 3 winning mantras for Health Records – An Overview” by Dr. S Vijayarani, who writes being successful. about advantages of converting paper based health records in electronic format such as reduced cost, improved patient care and In the Information Security section under Security Corner, we lesser medical faults and about the challenges involved in creating provide sixth article in the series on Web Application Security. This such records. is about “Demystifying Cross-site Request Forgery (CSRF)” by Krishna Chaitanya Telikicherla and Harigopal K B Ponnapalli. CSRF Technical Trends section also comes enriched with two theme is one the top 10 vulnerabilities that can exist in web applications. related articles. The fi rst one is “A Technology Lead Business In this article, authors write about In this article, authors write Model for Pharma – Collaborative Patient Care” by Damayanti about how CSRF works, its adverse consequences and popular Bandopadhyay, wherein she concludes that soon there is going defences to mitigate the risk. to be convergence of life science and pharma ecosystem with business focus changing towards integrated services and value As usual, H R Mohan, Vice President, CSI, AVP (Systems), The oriented pricing. Second article is about “Telemedicine-The New Hindu, Chennai brings ICT News Briefs in November 2013 Era of Healthcare” by Tadrash Shah and Chintan Bhat. This article under various sectors at a glance in the column Happenings@ explains how telemedicine is not merely treating patients remotely ICT. Dr. Debasish Jana, Editor, CSI Communications presents a using technology but it is about holistic approach of medicine over crossword under Brain Teaser column for our enthusiastic readers information technology. and answers questions under the column “Ask an Expert: Your Question, Our Answer”. Research Front section also has an article related to the theme of the issue. It is about “Applications of Zigbee Wireless Frequency We have other regular features like CSI Announcements, Calls for Patient Monitoring System” by Prof Krishna Kumar and Jimy for Papers, CSI Reports and Chapter and Student Branch News. Joy. The article explains what Zigbee is and how it is useful for Remember we eagerly await your feedback and welcome it at the patient monitoring system, which provides new level of healthcare email id [email protected]. Do drop in a mail if you like the articles and individual attention for all categories of patients. or even if you do not like them. Do provide your suggestions on what you would like to read and learn about. Also do send your Article section is enriched with 4 articles of general interest. contributions and partner with us in our endeavour of making The fi rst article is about “Cyberweapon: The Most Dangerous CSIC a great learning experience for its readers. Weapon of Future” by Manish Kumar, Dr. M Hanumanthappa, and Dr. T V Suresh Kumar. Second one is about “Research directions With warm regards, in social network mining with empirical study on opinion mining” Rajendra M Sonar, Achuthsankar S Nair, by Dr. M. S. Vijaya and V. Pream Sudha. Third one is about “Multi- Debasish Jana and Jayshree Dhere Biometrics for Unique Identifi cation” by AP Raju while the fourth Editors

CSI Communications | December 2013 | 6 www.csi-india.org Cover Mrs. C Sunitha*, Mrs. K Vasantha Kokilam**, and Mrs. B Meena Preethi*** *Head, Dept. of Computer Applications and Software Systems, Sri Krishna College of Arts and Science, Coimbatore **Assistant Professor, Dept. of Computer Applications and Software Systems, Sri Krishna College of Arts and Science, Coimbatore Story *** Assistant Professor, Department of Computer Applications and Software Systems, Sri Krishna Arts and Science College, Coimbatore

Medical Informatics – Perk up Health Care Through Information

Medical Informatics is a scientifi c generate reports and even provide discipline which intersects medical insurance details. Care2X, OpenEMR, related Information and Computer Imported Data MirrorMed, Open Dental, and TAPAS Science. It is a controlled scientifi c fi eld (Transcribed Documents) are some of the most popular medical of study which focuses on acquiring practice management softwares. information, storage, retrieval, and processing of medical data, biological Lab Pharmacy Radiology and associated data, to interpret Data Captured at Encounter knowledge for the purpose of prediction and decision making. This article focuses Transaction Server on unifying all the underlying scientifi c approaches in Medical Informatics. EHR/EMR Database Server Medical Informatics Data Transformation Internet

Medical Computer Information Science Clinical Output Hospital Office Others (Test Results & Scanned images) Fig. 3: Practi ce Management Soft ware

Fig. 2: Architecture of EHR and EMR Health System Management The hierarchy of management in health Fig. 1: Medical Informati cs clinics, hospital networks, and health Diff erences between EHR and EMR care systems are organized by the Health Electronic Medical Records (EMRs) are a system management software. This is Mechanism used in Medical digital version of the paper charts in the an important tool for human resource Informatics clinician’s offi ce. management in the health care sector. • Electronic Health or Medical Record Medical and treatment history of the The softwares available for health care (EHR/EMR) patients are available in EMRs. management are DHIS, HRHIS, IHRIS, • Medical Practice Management Electronic Health Records (EHRs) Medinous, and Omron. Software (PMS) also provide these details and more. EHRs focus on total health of a patient. It goes Administrator • Health System Management beyond standard clinical data collected in • Medical Information System the provider’s offi ce and focuses on the • Coding Technique broader view of patient’s care. They also • Mobile/Handheld Devices share information with other healthcare Electronic Health Record or providers, such as laboratories and Electronic Medical Record - specialists. So, they contain information from all the clinicians involved in the EHR/EMR Unauthorized Authorized Electronic health or medical record is patient’s care. Personnel Personnel an organized collection of computerized Medical Practice Management record of patients’ data which is stored Software - PMS electronically. Information can be shared Medical Practice Management Software across hospitals or departments within (PMS) is used to manage the everyday View Death/ View Access logs Emergency Reports a hospital. A few of the most popular activities in a hospital or other such software packages include Medilig, institutions. This software helps to ClearHealth, FreeMED, GNUmed, and maintain patient records, schedule Fig. 4: Health system management FFEHR. appointments, write prescriptions,

CSI Communications | December 2013 | 7 Medical Information Systems list of terms which together with their Some of the programs available for The patient’s information is stored definitions are designed to describe mobile or handheld devices include electronically using Medical Information unambiguously the care and treatment Commcare, EpiHandy, FrontlineSMS, Systems software. It is used mainly in of patients into code numbers Sana, and Ushahidi. clinics and laboratories for research containing alphabets and numbers. Terms cover diseases, diagnoses, purposes as the data pertains to clinical Public Databases records. Some of the programs that findings, operations, treatments, support Medical Information Systems drugs, administrative items etc., and are Caisis, OpenClinica, OpenMEDIS, can be used to support recording and Resmedicinae, and OIO. reporting a patient's care at varying levels of detail. Coding helps to Registration, Order diagnose the patient accurately and Patient Application (Mobile Device) Placed & Receives efficiently so, that the right treatment output can be administered. OpenGalen, NHS Common User Interface program, and Real Time secure ODIN are the softwares used in coding. Data Sharing System Processing Physician Application (Device) Illness & Injury (Documents)

EMR LAB Machine Processing Code Numbers (Numbers/Alphabets) Imaging Fig. 5: Medical Information System

Fig. 7: Mobile/Handheld devices Data Translation Software Right Treatment can be administered The Data Translation software is used to translate the data and, messages References across multiple transports or locations. Fig. 6: Coding techniques [1] http://www.fda.gov/MedicalDevices/ It is used for mapping, decoding, and DeviceRegulationandGuidance/ coding available data. Some of the HumanFactors/ucm124829.html Mobile/Handheld Devices most widely used Data Translation [2] http://www.k4health.org/blog/post/ These softwares enable the doctors and programs include Glassfish ESB, Mirth, unexpected-results-health-system- medical personnel to access patient’s and Bots. improvements-through-knowledge- information and health related data management-interventions Coding Techniques through one’s own mobile phone or [3] http://www .globaldenso.com/en/csr/ Coding is the process of converting handheld device. It also helps them to plan sociality_report/associates/safety/ clinical vocabularies, terminologies, or the day, visits, manage appointments, and [4] http://skynet.ohsu.edu/~hersh/jama- coding systems. There are structured communicate with a group of patients. 02-informatics.pdf n

Mrs. C Sunitha, MCA, M.Phil. is working as the Head of Dept. of Computer Applications and Software Systems at Sri Krishna College of Arts and Science, Coimbatore. With rich teaching and administrative experience, she is also the Controller of Examinations in the College. She is guiding many M.Phil. research scholars and has published papers in International Journals. She has also presented papers and organized various seminars and Forums. She is pursuing her Ph.D. at Bharathiar University, Coimbatore and doing research work on Speech Recognition. She is a Life Member of CSI and The Indian Science Congress Association (ISCA).

Mrs. K Vasantha Kokilam, MCA, PGDBA, M.Phil. is working as an Assistant Professor in the Dept. of Computer Applications and Software Systems at Sri Krishna College of Arts and Science, Coimbatore. She is pursuing her Ph.D. at Karunya University, Coimbatore and doing research work on Data Mining in Bioinformatics. She is an Associate Member of CSI and has published papers in International Journals and presented at various seminars and wishes to contribute to the Computing arena. She can be reached at [email protected]

Mrs. B Meena Preethi, M.Sc., M.Phil. is an Assistant Professor since 2009 in Department of Computer Applications and Software Systems at Sri Krishna Arts and Science College, Coimbatore. She is the 1st Rank holder in her PG Degree from Bharathiar University in the year 2008. She has published many papers in National and International Journals and presented her research papers in various conferences. Her areas of interests include Data Mining and Computer Networks. She can be reached at [email protected] About the Authors

CSI Communications | December 2013 | 8 www.csi-india.org Cover Dr. S Vijayarani Story Assistant Professor, Department of Computer Science, School of Computer Science and Engg, Bharathiar University, Coimbatore

Electronic Health Records – An Overview

Introduction doctor was responsible for the control of vaccination dates, allergic reactions, In recent years, a tremendous growth in the care and documentation processes and laboratory test results, x-ray reports, internet usage raises concerns to perform approved the information release. Patients scan images, records of hospitalization all the tasks electronically which saves have occasionally seen their medical and information about any surgeries or our time and eff ort. Nowadays, most of records. A second disadvantage of the procedures performed. It permits access the business organizations are doing their paper-based medical record was the to tools through which contributors can businesses electronically and the software security issue. easily make decisions about a patient’s care. It helps to automate and simplify industries are trying to update and convert What are Electronic Health Records? the workfl ow. their software which is able to work online. An Electronic health record is mainly People can buy airline tickets and check in an electronic replica or digital version Benefi ts and Advantages of EHR to the fl ights through online, buying goods of a patient’s paper medical record. An electronic health record helps to on the web, and even get degrees online. Its primary focus is total health of a improve health practice with eminent care However, in spite of these advanced patient, frequently going away from and ease, enhances patients’ involvement developments in our country, a majority regular clinical data, and normally in their care, improves the diagnoses, of patients are given handwritten medical including a detailed view of a patient’s accurate outcomes, quick communication prescriptions and only a small number of care. These are developed to distribute between the medicinal and behavioral patients are capable to email their medical information to other healthcare suppliers health providers which in turn enhances reports to doctor or get an appointment as a way of giving integrated care across eff ectiveness and saves cost. It has the to visit a physician without talking to the professionals. These are intended to capability to automatically distribute receptionist. In the healthcare industry, be interoperable in order to switch and update information among diff erent almost many developed countries have over information between the systems. organizations and offi ces. already started to treat their patients They should be used in a signifi cant EHRs and the facility to handle health through internet and they are maintaining and meaningful approach. This concept information digitally help to off er high the patient’s health records electronically. should be utilized to advance care, get quality and secured care for patients. To understand the diffi culties of the better security protection and encourage EHRs facilitate contributors for better upcoming electronic health record system, the synchronization of care by applying health care by it is useful to identify what the health the information exchange between • Giving precise, advanced, and entire information system had been, is now, and various contributors. Electronic health information about patients at the needs to become. The medical record, records contain patient’s complete health time of care whether it is paper-based or electronic, history which includes patient’s contact • Permitting speedy access to patient it is considered to be a communication information, information about visits to records for more synchronized and device which helps to support medical health care professionals, family history, well organized care decision-making, synchronization of insurance information, information about • Securely distributing digital various services, assessing the quality, any conditions or diseases, diagnoses, information to patients and other eff ective caring, conducting researches, treatments, list of medications, clinicians applying legal protections, giving Diff erence between EHR, EMR, and PHR proper training, education, offi cial EHR EMR PHR recognition and regular processes. This is considered as the business document It is an automated Electronic medical records are the Personal health of health care system; all the details patient-centric computer software in which medical records are the are recorded in the usual course of its history of an practitioners use to gather, control and records that are activities. The information available in the individual’s health store in the electronic health records. maintained by documentation should be legitimated and care record that Nowadays, physicians are maintaining the patients. if it is handwritten, we have to ensure that takes data from the digital version of the older paper Normally, PHR all the entries are readable. Previously, several sources of fi les and charts which are used by them contains record of medical records were paper repository of care that the patient in their offi ce cabinet. With the help appointments, email information that was analyzed and used has used. of EMR software, patients are able to communication with for medical, administrative, fi nancial and receive a care from their family doctor, health care providers, even research purposes. This information nurse, specialist, health provider and medication details is strictly limited in terms of ease of dietician electronically. This gives and an interaction access, only one user is allowed to access precise, obvious and crisp information with other patients at a time. This paper based medical record about patient’s health care condition through online. was modifi ed physically which results in available to all members of their health delay for record completion. The medical care team.

CSI Communications | December 2013 | 9 • Serving providers more successfully Coordinator for Health Information orthopedics, plastic surgery and with patients’ diagnosis thus, Technology -Authorized Testing dermatology practices. It uses an minimizing medical errors and Certifi cation Body) and CCHIT adaptive learning engine to study the • Allowing safer and more trustworthy (Certifi cation Commission for Health physician’s requirements and creates prescribing Information Technology) in 2011. The a platform for doctors to speedily • Enhancing proper communication main feature of WRS is e-prescribing take decisions for usual diagnoses, and interaction between providers which helps data to fl ow accurately approve forms and treatments, and patients in small and medium organizations. time-saving and allocating dynamic • Providing clear and complete It was devised to permit doctors to commitment with the patient during documentation run their entire practice activity only the whole scheduled time. It is a •Effi cient, accurate billing and coding on electronic health records on a touch-based system which helps to • Providing security and privacy of single platform. Important avoid need to type or chooses from patients’ data capabilities of WRS are medical drop-down menus. This software • Reducing cost of EHR software billing, secured faxing, patient was developed by medical doctors scheduling, managing orders, storing for medical doctors. Nowadays, there is a tremendous growth images and predicting diseases. in the usage of EHR software worldwide. Centricity Benchmark Clinical EHR Some of the popular EHR software’s are • This software was developed by GE • This software has also received the healthcare and it gives wider facilities MediTouch EHR Software certifi cation from ONC-ATCB and in diffi cult areas like gastroenterology. • MediTouch EHR is a complete CCHIT. It is a web-based EHR and the It proposes strong incorporation and electronic health record software. best for small practices. It provides supports communication with other Its design is suitable for performing billing and scheduling the system contributors engaged in patient care. its operations on both web and which gives customized functionality. Centricity software is an integrated touchscreen user interface. It off ers Benchmark systems propose a group method for medical and economic various functions for charting, listing of server or cloud based-software management in health organizations. of problems, managing medications, which includes scheduling patients’ This software provides a complete electronic prescriptions, checking appointments, electronic health collection of functionalities for allergies, lab tests, ordering records, practice management and medical organizations and electronic management and managing diff erent the services required for collection medical records. GE healthcare has documents. MediTouch EHR is a and billing. a wide focus on systems for the cloud based software and is well Medios EHR complete healthcare services. It also suited for iPads, tablets, and Apple • Medios EHR is a web based system combines with an extensive choice and window computers. which gives the facility to access of medical imaging systems, medical Kareo the patient’s records through an devices, and other healthcare • In the United States, thousands of internet browser on a number of products. Centricity EHR is developed medical physicians are using Kareo various web-enabled devices. This to provide accurate reporting on EHR software which is one of the most software permits medical physicians medical outcomes. popular web based medical billing to easily contact patients and third WebPT EMR Software and perform organization solutions party providers. The important • WebPT is a popular Electronic in the market. Kareo, when combined functions performed by Medios Medical Records system and is with a number of web-based certifi ed are appointments scheduling, mainly used for physiotherapy EHRs makes them perfect for small medications, allergies and other practices. It supports documentation, and solo practices. Kareo is used to necessary functions. It provides the proper scheduling, billing process, perform simple schedule for patients, requirements of a large variety of and medical management features. managing insurance, accounts and medical specialties. Medios EHR Presenting an easy and enormously collection processes, storing the gives the scalable solutions which inexpensive solution, WebPT patients’ documents, customize report are suitable for diff erent practice facilitates therapists to eff ortlessly developments etc. It can be used for sizes. The functionality of the system switch over from paper format a broad range of medical specialties is updated periodically, based to a user-friendly EMR, a cloud- which includes mental health, on the industry and government based environment which allows pediatrics, family medicine, cardiology requirements. therapists, directors and front offi ce chiropractic and podiatry etc. Modernizing Medicine Software staff to get their medical records Waiting Room Solutions • This software is a cloud-based anytime, anywhere, and from • WRS software is a web-based electronic medical record software every web-enabled device. It has EHR developed “by specialists, for system used in more than 500 offi ces instinctive and smooth workfl ow specialists”. This software is certifi ed nationally. It is particularly intended that permits therapists to profi ciently by ONC-ATCB (Offi ce of the National for ophthalmology, optometry, complete compliance and reliable

CSI Communications | December 2013 | 10 www.csi-india.org patients through online and maintain Government and healthcare people are converting the paper-based their medical records electronically. In health records into electronic health records in order to reduce the India, popular medical centers, health healthcare cost, improving the patient care and decreasing the medical organizations and hospitals gradually faults. There are lots of research issues in electronic health records, convert their patient’s paper-based which require an optimal solution. information into electronic records. In future, this will become universal for all hospitals and health care centers. documentation. Front Offi ce Suite of electronic health records are WebPT contains many tools which • Predicting diseases by analyzing At that time, both healthcare providers are essential to run an organized the EHR as well as patients may face diffi culties clinic and a multi-user scheduler is • Extracting knowledge from EHR in a and the possibility of arrival of several included which gives the appointment secure manner new problems. It is the responsibility reminders. • Protecting patient’s privacy of the researchers to predict the future • Identifying similar symptoms of problems by using electronic health PrimeSUITE diseases records and concentrate on developing • PrimeSUITE was developed by • Mining heterogeneous data the new techniques and algorithms for Greenway Medical Technologies • New drug discovery solving those problems. and it is a single-database electronic • Drug analysis health record. It provides a good References • Medical data truth analysis interoperability solution and practice [1] Laurinda B Harman, Ph.D, RHIA, Cathy • Advertisement for healthcare management. It was certifi ed by A Flite, MEd, RHIA, and Kesa Bond, products “Electronic Health Records: Privacy, ONC-ATCB. PrimeSUITE has a • Operation management Confi dentiality, and Security”, American cloud-based environment hence, it • Preventive healthcare Medical Association Journal of Ethics has thousands of care contributors • Population tracking September 2012, Volume 14, Number 9: in major care and more number of • Side-eff ect modeling 712-719. specialties and sub-specialties. • Chronic disease treatment and [2] Michael Smit, Michael M Allister, and RAPID modeling Jacob Slonim, “Privacy of Electronic • RAPID EHR, developed by ACOM, is • Association analysis Health Records: Public Opinion and fully integrated, ONC-ATCB certifi ed Practicalities”. and particularly intended for the By giving the solutions for the above [3] Nathan Tatro, Stacey Larson, and Alan Nessman, “Electronic Health distinctive desires of chiropractic research problems, most of the data Records(EHRs): Navigating Privacy, practices. This software also gives mining researchers are facing the following Confidentiality, and Security Issues”. challenges. appointment scheduling, accurate [4] Nir Menachemi and Taleah H Collum, billing, allowing extremely eff ective • Data incompleteness “Benefits and drawbacks of electronic operation. RAPID Chiropractic • Sequential Modeling health record system”, Dove Press software off ers an entire suite of • Interactive exploration Journal, Risk Management and documentation, monetary and • Information integration Healthcare Policy, 11 May 2011. managerial functions for chiropractic • Verifi cation and validation [5] http://www.ehealthontario.on.ca/en/ehrs offi ces. All the offi ce related works • Privacy preservation [6] http://www.healthit.gov/providers- such as scheduling, billing, managing Conclusion professionals/faqs/what-electronic- and reporting are performed and it health-record-ehr Government and healthcare people also applies paperless procedures. [7] http://www.medappz.com/whatehr.htm are converting the paper-based health [8] http://www.softwareadvice.com/ Research Challenges in EHR records into electronic health records medical/electronic-medical-record- Normally, electronic health records in order to reduce the healthcare software-comparison/ contain heterogeneous types of data, cost, improving the patient care and [9] Naren Ramakrishnan, David A Hanauer, i.e., numerical data, text data, and decreasing the medical faults. There Banjamin J Keller, “Mining Electronic Health image data. In order to analyze the are lots of research issues in electronic Records”, IEEE Computer Society, October data in electronic health records, data health records which require an optimal 2010. mining techniques are used. Some of solution. In developed countries, they [10] Sheng Wang, “Application of Data Mining the significant research problems in have already started to treat their in Health Domain” n

Dr. S Vijayarani has completed MCA, M.Phil. and Ph.D in Computer Science. She is working as an Assistant Professor in the School of Computer Science and Engineering, Bharathiar University, Coimbatore. Her ﬁ elds of research interest are data mining, privacy, security, bioinformatics and data streams. She has published papers in the international journals and presented research papers in international and national conferences. About the Author

CSI Communications | December 2013 | 11 Technical Damayanti Bandopadhyay Trends Senior Strategy Consultant, IBM A Technology Lead Business Model for Pharma – Collaborative Patient Care Executive Summary sharing of information and benefi ting Collaborative care for patients is about Pharmacy and life science industry are from a common pool of data source • Evidence-based and standardized witnessing a gradual change, where which is electronic health records. As care planning decision makers are emerging from big consumers are emerging as the new • Individual engagement and pharma and physicians to consumers, decision makers, pharma companies empowerment payers and equipment manufacturers who and health care providers are focused on • Coordination across boundaries — are empowering the consumers to take developing a business model which will share care, accountability and risk informed decision. shift the focus to a system of healthcare, • Building awareness, information and Reasons may be attributed to the which requires new funding models, education amongst the patients loosing shine of blockbuster drugs and shared risk and greater accountability While the core focus remains outcome on-set of the loss of exclusivity (LoE) to the outcomes. With the penetration based or value based service to patient, or reaching ‘patent cliff s’ era for the of social media, smart phones and there is an inherent gain across all the pharmaceuticals. These forces have access to information; people are taking stakeholders in the ecosystem. compelled the industry to look beyond informed decisions at every step. The With the converging trend in the existing business models for uplifting loosing patents and shrinking margins life science industry there is a growing their revenue. need to be out numbered by eff ective need for entities within the ecosystem The new business models look for innovation, targeted selling through to collaborate. Adjacent players like value based health outcomes, controlling guaranteed results and going beyond insurance, care providers, retailers and costs and reducing disparities across traditional channels. Since Chronic consumer services are entering the space populations have become economic and diseases like cardio vascular, diabetes, of life science to meet the changing social imperatives for governments around RA (Rheumatoid Artheritis), Neuro Pains demands of patients and communities. the world. Collaborative Patient Care etc are which account for about 30% is one How is it Diff erent from Traditional such business model of where the industry of global healthcare expense. There is and alliance partners converge in a a wider need to predict, prevent and Care Collaborative care is conglomeration common platform to secure a commercial address these diseases in patients. of – remote patient monitoring, remote model which can benefi t across the Furthermore, the care-coordination health monitoring, home health value chain. can be extended to vaccines, specialty monitoring, personal health monitoring, This is about establishing a business care. This market space goes beyond personal health and fi tness monitoring, model where pharmaceutical companies, the Rx drugs only. Hence to tap into the telehealth or telemonitoring, and mobile physicians, care providers, patients, new carved blue ocean, players need to health monitoring when a mobile ministries of health and regulatory collaborate for end to end service. bodies, the payers, the medical device manufacturers and medicine wholesalers converge in one platform to mutually Hospitals Predict patients at risk for Patients readmission and take action benefi t and improve health benefi ts for Identify and take pre-emptive patients/ citizen. Self service & warning action to disease outbreaks There is an intermediate layer of alerts Enhance Patient Satisfaction Awareness of chronic Lower Administrative cost * technology/ infrastructure which shall ailments One time Patient networking/ support the ecosystem with information Physicians collaboration on demand model. Also, technology will group Device Wider patient Consult and Referral Service base be used to help automate, standardize Management Providers New market Effective treatment/ PharmaceuticalPhahaharrmaceutical and promote quality outcomes for the CompaniesCompanies segments improved outcomes/ Increased drug and therapy. This will not only ensure sales m-health service treatment of the disease but also wellness, • Analyze Cost of the Wider providers prevention and acute care. Payers Disease collaboration • Risk Assessment & Risk What is Collaborative Patient Care Sharing Demand • Loyalty/ Discount managem Public Health “4x more people over 60 years old that will Programs ent Surveillance • Optimized Drug Cost Cross sell Take strategic be unable to care for themselves by 2050” opportunit decision for • Track Efficacy data for health care –source IBM Market Insights Chronic diseases and Retailers/ Government improve R&D The collaborative care is an emerging Distributors / Regulators business model which is based on mutual

CSI Communications | December 2013 | 12 www.csi-india.org application is used in conjunction with recommendations on therapy from a set probably stock on medicines, look for local a monitoring device. While beneﬁ ts of of practitioners also bring together the physician, try to develop a new comfort RPM are restricted to patient physician world of big pharma under one roof. with his new set up, look for pharmacies relationship; through ‘Collaboration Care’ In a traditional way of patient care, who can supply him the same medicine. model we will be able to transcend across the model is very transactional and point In the new world we integrate all these the traditional boundaries of physician. to point – e.g. a patient with cardio vascular actions seamlessly with least eff ort to the The model will not only enable patients disorder is under regular (periodic) check patient – to be under supervision, the timely and with his regular physician. What happens The whole value chain from detection, optimized (cost) medicine supply, tailored in a situation where he has to be off site to monitoring, to getting medicines, insurance policies, best practices and for a long duration? The patient will shifts to a digital medium, which can be

Source: Gartner September 2013 G00245663

(The above fi gure represents a form of collaboration where the patient leverages seamless fl ow of information and activities) accessed anytime. The requirement for for physicians. These span devices, • Apps for Rx: enabling the prescription new set of medicines is monitored by disease and health management. of an app on a mobile phone but also the local pharmacy/ wholesaler and also It can be used for serious diseases, the accompanying adherence. the Insurance payer is feed with updated as well as wellness programs as • Telehealth: Providing more and information for policy formulation. personal biometric devices become more services remotely by providing The end result would lead to improved more pervasive. the tools and services to manage customer outcomes by - • Population Management: Keeping conditions remotely • Improved patient/physician track of the portion of their patient • Optimized insurance premium interaction – e.g. fi rms like Zoc Doc population that is up-to-date on pricing – based on the patient’s real can play a role in this collaboration vaccines, health checks, etc. and time state of heath world to enable a fuller docket of scheduling them for appropriate patient appointments for doctors. services. This could solve the The Operating Business Model for (ZocDoc gathers supply and demand problems of Patient-centered ‘Collaborative Patient Care’ insights no one else has for healthcare Medical Homes and Accountable “2.5 quintillion bytes of data created every services while helping consumers Care Organizations, as well provide day 1 billion projected annual health-related fi nd open appointment slots) source necessary data input for pharma’s apps downloaded by year 2016” – Forbes research needs. – source IBM Market Insights • Remote device monitoring for doctors: • Family Medical History: Helping There are remote device suppliers healthcare providers take advantage Fundamental to this business model like iBGStar , Ambucor etc, providing of Medicare’s funding of annual is the digital infrastructure – known remote device monitoring services wellness visits. as information and communications

CSI Communications | December 2013 | 13 technology (ICT) – that enables (57%), such as blood pressure, heart rate, across stakeholders – e.g information sharing among healthcare and respiratory rate (source – IDC report alerts and prediction analysis providers, payers and patients and other A Technology Framework for End- to- End for patients who are reporting entities in the ecosystem of life science. Remote Health Monitoring). The concepts a certain symptoms of The complexity of the collaboration can be of remote patient monitoring and tele- chronic ailments, or alerts for managed by ensuring the following things health have shown wider acceptance in diagnosis/ prevention, analysis are in order – the more mature markets. for the physician on the best. This will play a critical role in Process - Processes should seamlessly Enablers of Collaborative Patient Care identifying and preventing the unite patients, clinicians, staff , assets and Technology will have a signifi cant role in occurrence of a disease based information throughout the hospital. supporting and executing the business on early symptoms. Need for Technology - As a critical component, model. With IT emerging as business capability to deliver their data the technology infrastructure is the technology in the world of pharma and and analytics on a software- life science, has a predominant role in foundational building block. It starts as-a-service (SaaS) basis. establishing new business models. Being with robust plans and strategies to store, • Supporting the contact center business enabling partners they can play manage, secure and analyze data of operations for telemedicine, the role of collector, aggregator, analyzer all types; complimented by a medical- remote monitoring (synchronous and support unit. grade network, built on standards and or asynchronous depending on the • Master Data Management for health available infrastructure) best practices that deliberately address records across sources - the unique requirements of a healthcare To a large extent patient’s interest and • Collection and Data adherence to the collaboration care organization. The requirements of aggregation of the longitudinal interoperability, security, availability, network would be driven by the ability record (eHR from the various to predict, prevent a condition based on productivity, and fl exibility are universal, sources – hospitals, care service family history or initial symptoms. and the underlying mission of providing providers, diagnostic centers), safe, high quality patient care must be devices data from the service Conclusion and Road Ahead factored into network design. Intuitive providers, subscribers, social We will see a lot of convergence in the user interfaces are also needed to and web content in a platform life science and pharma ecosystem with help overcome traditional barriers which will support integration the changing focus of business towards to technology adoption by medical from diff erent sources and integrated services and value oriented professionals. storing them in a format which pricing. Generating opportunities for the technology and infrastructure service People – this demands the ability to accept is seamless. Also, integration provider. The scope for which may be from and encourage the concept of operating of the medical device with the a hosted platform for collaboration to high in a non-traditional health care model. A remote monitoring server and health record database power computing technology systems. recent survey by PwC shows that - 88% • Predictive analytics on the Analytics will evolve as the model goes of physicians surveyed would like their data in various slices and on expanding. Initially the focus may be patients to monitor their health. The dices of information which is confi ned to patient well being, disease top 3 biometrics to monitor are weight tailored to the specific need management and awareness. However, (65%), blood sugar (61%), and vital signs there is a strong potential to expand into the territories of disease surveillance which will impact the entire value chain of a pharmaceutical company (from sourcing to distribution strategies being aligned). This kind of environment will foster partnering amongst the related businesses. We are already witnessing some of these trends as white goods and electronics manufacturers like Samsung, Philips are competing with likes of Medtronics or even big pharma’s like Pfi zer, Novartis and J&J transcending the boundaries of innovation drug to partner with their competitors in diff erent markets.

CSI Communications | December 2013 | 14 www.csi-india.org A very close comparison can be Acknowledgement monitoring-e-visits drawn with IBM’s transformation on I sincerely acknowledge mentoring [2] http://pewinternet.org/Reports/ 2011/ P2PHealthcare.aspx how a large company can shift from a & guidance from Sabyasachi Biswas (IBM Director & Partner) and Diptiman [3] www.informationweek.com product-centric culture to a customer [4] http://pcmh.ahrq.gov/ - agency for health Dasgupta (IBM Executive IT Architect) for research and quality and service centered company. We can authoring this article. expect a gradual change in life science [5] Gartner September 2013 report - References G00245663 industry from pill based model only to [1] http://www .healthcare-informatics.com/ [6] http://techcrunch.com/2012/02/26/ a integrated services based model. article/market-trends-bolster-remote- sxsw-2012 n

Damayanti has 9 years of experience working in consulting and advisory services. She has worked extensively, across industries like life science, ﬁ nancial services, and manufacturing in EU, APAC and North America regions. She completed her PGDM from S.P Jain Center of Education and has done B.E in Electronics Engineering. She has been working with IBM as Senior Strategy Consultant. Currently she is working as a strategy consultant for a large pharma account in IBM, responsible for driving business growth in emerging markets of that account. She is fond of reading and traveling. About the Author

CSI Communications | December 2013 | 15 Technical Tadrash Shah* and Chintan M Bhatt** *Master student, State University of New York Trends **Asst. Professor, CE dept., Chandubhai S. Patel Institute of Technology, CHARUSAT Telemedicine-The New Era of Healthcare Introduction but still the casualties cannot be treated is one in which the diagnosis is done in With the advances in technology that we right at the spot. Telemedicine is good real-time, synchronously. There is no delay witness each passing day, there is not for the developed nations for betterment (theoretically) between the information a dimension of development that can of Medicare services, but for developed sent and read. This results in interactive sustain unless technology is embraced nations it is even more necessary to communication between the parties. by it. Telemedicine is one of the fi nest setup and generate immediate and expert The most common form of real-time gift that technology can present to medical care. telemedicine is the video-conferencing. the human-hood. It encompasses a Here are some examples of There are groups on Facebook where wide range of telecommunications and telemedicine before we delve deeper people put the pictures of the patients information technologies and many into understanding the nitty-gritties and ask the group members to diagnose clinical applications, although the of technology. For example, automatic the disease. This can work best with interactive may be the most common telephone patient monitoring, telephonic dermatology. The expert opinions and medium[1]. As it is usually thought exercise monitoring, image transmissions collective opinions on social network of, telemedicine is not just about in management of neurological helps consultant a lot to make decision the treatment of the patient through emergencies, video-conferencing in and plan of treatment in complicated case. information technology remotely, it has psychiatric services in rural sector, tele- Now for us, the technology enthusiasts, a much wider scope. It encompasses the dermatology for treating skin diseases, it is amazing that how people adopt the health care and treatment of patients, and many more. Most well developed and technology in their perspective when education, information and administrative accepted if the tele-radiology. the technology is not developed for that [3] services[1] – all of these performed in real Telemedicine is classifi ed on the purpose. WhatsApp and Dropbox are not time. Hence, telemedicine is the holistic basis of two factors – meant for the purpose these guys put it approach of medicine over information 1. Type of interaction to use. Hence, if a generic technology can technology. If viewed to be comprising 2. Type of information being transmitted serve such a purpose, it remains to imagine of single technology, it is internet, but how path breaking would it be when a Classifi cation based on types of interaction the underlying technologies include, not specifi c enterprise level application is built includes two methods – “store-and- exhaustively, telephone, radio, facsimile, for telemedicine. forward” and “real-time”. And based upon modem and video. Path breaking Having put all this, it is really the information transmitted it is classifi ed innovations in this arena is the use of important to evaluate telemedicine into text, audio, video, images, etc. Any robotics, virtual reality and artifi cial from the perspectives of technical, type of interactions and information can intelligence for the cogent purpose. clinical, economical, ethical, legal and be combined to yield various models of Having said all this, it is necessary organizational issues. to know that no single technology or telemedicine to suite the requirement. bandwidth is best to suit all the capacities The standard way, even if thought Framework [4] and capabilities of telemedicine. A Health naively, is the “store-and-forward” A general framework for telemedicine is Telematics Policy, a document from World telemedicine. The reports are generated shown in Fig. 1. at a particular location, they are then Health Organization (WHO) states Impediments, Drawbacks and telemedicine motivation as - sent to a server and then forwarded, or e-mailed, to the experts for diagnosis. Considerations “…integrate the appropriate use of health Multimedia data holds a good share As mentioned in the event where telematics in the overall policy and strategy of diagnosis data these days, hence consultant used Dropbox, it can be seen for the attainment of health for all in the 21st multimedia email or a special application that the major concern of data privacy century, thus fulfi lling the vision of the world that can handle multimedia data delivery may be breached if someone peeks in. in which benefi ts of science, technology is used. Heuristically, the store-and- In health care, the data confi dentiality is and public health development are made forward is simplest and cost-eff ective, considered prime. For example the HIPAA equitable available to all people everywhere..” convenient and accessible technology act in United States clearly lays down the Telemedicine addresses two major over the internet platform. The expert policy measures of data privacy of medical problems facing the health care system – has convenient access to the reports sent records of the patient. The patients, inadequate access and uneven resource to him, and can review them and replies doctors and all the hospital staff has to distributions[2]. And in India, both of back with a mail or this specially designed abide by it. Some other concerns are also these problems are widespread as well application. While the “real-time” system important – the standard concern is when as a major concern. Our rural health care systems are not well developed and well … telemedicine is not just about the treatment of the patient through equipped too. The mortality rates during information technology remotely, it has a much wider scope. It encompasses pregnancy are still all time high. The the health care and treatment of patients, education, information and emergency medical care has improved in administrative services – all of these performed in real time. certain states through 108 ambulances,

CSI Communications | December 2013 | 16 www.csi-india.org the network fails the availability of data is lost. Secondly, suppose the algorithms for image compression are not up to the mark then inferior image and video quality may result in incorrect diagnosis. The all of medical and paramedical staff may not be well conversant with these technologies, they must be trained well. International Journal of Allied Health Science and Practice’s Paper in 2004 mentions that “there is a lack of conclusive evidence regarding the clinical eff ectiveness in terms of quality, accessibility, or cost, primarily because it has not been adequately evaluated”[5]. None of these are insurmountable[3]. Another one is, it may reduce the patient-doctor face-to- face interaction which poses potential threat to perfect diagnosis. Fig. 1: Telemedicine Architecture Usefulness of Telemedicine Telemedicine, as has been expressed much initial investment in telemedicine cannot be amalgamated into the fabric throughout the article, is of most use to technology. of clinical practice it is left to health-care the remote and disconnected areas which 6. Improves effi ciency and coordination organizations to produce strategies for its do not have access to best of medical care, of the administration of hospitals. deployment. Also the WHO motivation both infrastructural and human resource. 7. Reduces the communication distance mentioned at the beginning of the article There are many more dimensions to this between experts and consultants, suggests the policy-makers to realize the too which we try to describe as under – as the sharing of reports of patient non-optional alternative to telemedicine. and discussion over the treatment When this is deployed on largest possible 1. With advancement in mobile scales, its effi cacy can be evaluated and technologies, there can be developed becomes online. the systems improved. This acceptance mobile apps which can work in sync At the University of Massachusetts may demand cultural and structural with the ERP system at the hospital. Medical Center, a study of 6,400 patients changes in organizations, but it should Thus, trying to reach wider audience, in seven adult intensive-care units be learnt that when innovations beckon, seeing the outreach of smartphones. monitored by eICU showed substantial structures (whatsoever) must give way. 2. Remote prescription, drug beneﬁ ts in reducing both costs and administration, oversight etc. can be mortality, according to the hospital’s References managed remotely and thus reducing director, Craig Lilly. After the costs of the [1] Telemedicine: Where It Is and Where It’s Going Jim Grigsby, Ph.D, and Jay H the travel, nursing and hospital system were factored in, the hospital was admitting costs. Sanders, MD. able to save $5,000 per case, Dr. Lilly says, [2] Telemedicine and doctor–patient 3. For the ﬁ elds like psychiatry, in large part because the system enabled communication: a theoretical framework telemedicine is the most eff ective, as intensivists in the remote command for evaluation Edward Alan Miller. what is required is usually the video- [3] Introduction to the practice of center to “detect instability and bring new conferencing package only. telemedicine John Craig and Victor treatment to the patient before they would 4. Post-surgical monitoring can be Patterson. have received it in a regular ICU. [4] http://www.tele-medical-health-hipaa- done remotely so that patient may dicom-hl7-pacs.com/telemedical- be allowed to recover in congenial Conclusion telehealth-hipaa-dicom-hL7-pacs- homely environment. The concept is almost as broad as network.html 5. Shortage of medicos and paramedical care itself [1]. All the research [5] Introduction to Telemedicine and Email medicos can be addressed with being done in the direction, telemedicine Consultations, Janet C Stuber. n

Tadrash Shah obtained his bachelor’s degree, B.E. in Computer Engineering from Gujarat Technological University and currently pursuing Master’s Degree at State University of New York - Stony Brook. . He stood ﬁ rst in his college in Degree Engineering. He has published two research papers and a book in his undergraduate level. He is interested in the research in the subjects like Algorithms, High-performance computing and Databases. He has worked and undertook projects at IIT-Gandhinagar, IIT-Bombay and IIM-Ahmedabad.

Chintan M Bhatt received his B.E. and M.Tech. Degrees in 2009 and 2011 respectively from U & P U Patel Dept. of Computer Engineering, CITC (now CSPIT)-Changa (Gujarat University) and Dept. of Computer Engineering, Dharmsinh Desai University-Nadiad. He is a member of CSI, AIRCC (Academy & Industry Research Collaboration Center) and IAENG (International Association of Engineers). His areas of interest include Data Mining, Web Mining, Networking, Security and Software Engineering. About the Authors

CSI Communications | December 2013 | 17 Prof. Krishna Kumar L* and Jimy Joy** Research *Researcher and Professor Front **Master student, Department of Computer Science and Engineering, Nehru Institute of Technology Applications of Zigbee Wireless Frequency for Patient Monitoring System

Medical informatics deals with the human resources. The process of care • To store, organize and report data. creation of usable healthcare information. begins with collecting data and accessing • To incorporate and associate data It calls for tasks similar to database the patient’s current status in comparison from heterogeneous sources. administrators and network specialists, to criteria or expectations of normality. • To provide clinical warnings and but in the medical environment. The At specifi ed intervals, the patients are announcements based on multiple use of information must be optimized reassessed and the eff ectiveness of care is sources of data. to improve the healthcare quality and evaluated. If the reassessment shows that • To function as a tool that health cost reduction. Medical informatics uses the patient no longer needs care, services advisors can use for eff ective decision the knowledge obtained in scientifi c are terminated. making. research for acquisition, processing and The system uses repeated • To measure the degree of illness for interpreting the patient data. It spans observation and measurement of the classifying patients. from computer based patient record to patient’s physiological function and the life Critical signs, such as body image processing. support equipment is used for orienting temperature, blood pressure and sugar Patient Monitoring System (PMS) management decisions, including when to levels can be collected frequently is an application of medical informatics make medicinal treatments and analysis and remotely supervised by medical among its various other applications. of those treatments. Architecture for professionals, achieving a fully effi cient Through combined operations specifi c to Patient Monitoring System is given in caretaking system. The vital signs are the stream of medicinal informatics the Fig. 1. categorized into emergency messages following are done: Patient Monitoring Systems have and regularly collected information and become widely established in hospitals. • Symptomatic labels are applied. the transmission is usually carried out In such units computers are used for the • Medicinal goals are identifi ed with wirelessly. A novel framework for a cost following purposes: timelines for evaluation. eff ective, dynamic and effi cient system is • Medicinal treatments are decided • To obtain the physical data used. This scheme is introduced to cope and practised. continuously. up with the wireless transfer of vital signs The PMS’s are gaining their • To communicate information for with less transmission latency as well as importance in reducing the need for data-generating systems that is control overhead. remotely located. The PMS with a new protocol scheme which shortens the latency of path recovery by initiating route recovery from the intermediate routers of the original GSM Modem path, a ZigBee device is implemented for wireless data transmission over short distance and also a triaxial accelerometer for detecting a fall. Voltage Level ZigBee is an open standard Zigbee Converter technology to address the demands of low-cost, low-power WMNs via short range radio[1]. ZigBee is targeted at applications requiring low data rate and Temperature long battery life. Its mesh networking PIC Pressure Sensor Sensor caters high reliability and wide range. The ZigBee devices can be combined with other technologies to obtain an uninterrupted environment for wireless Accelerometer patient monitoring. ZigBee is used for the transfer of vital signs from sensor nodes to the receptor nodes without any noticeable latency or data loss. The Fig. 1: System Architecture for Pati ent Monitoring System ZigBee devices can also be used for indoor positioning.

CSI Communications | December 2013 | 18 www.csi-india.org A new protocol of packet forwarding • Numerous sensors attached to the observed critical parameters of any of the that transmits emergency messages with body of the patient. patient attached to the network. vital signs on a multihop ZigBee network • Microcontrollers as a tool for analog A wireless sensor node is attached is used here. It uses anycast to ﬁ nd the signal interface. to each of the patient. The gateway of the neighbouring data sink. ZigBee Structure • Wireless transmitter and receivers wireless sensor network is attached to is given in Fig. 2. for data transfer. Patient Monitoring System. In case of a Contributing precision in • Network that is wireless and with a critical situation which requires immediate measurements and providing security unique ID for each patient. attention of the doctors and nurses for any in proper warning mechanism give this • A Central Patient Monitoring System, of the patients, the custom software will system a higher level of patient care and basically a PC. instruct the Patient Monitoring System to low cost implementation in hospitals. The sensors are attached to the enable the GSM modem to send a message Thus the patient can carryout his daily body of the patients without causing with the patient ID. The message consists activities in a well-situated atmosphere any discomfort. The Patient Monitoring of current status of the patient’s physical where disturbances of hardwired sensors System monitors physical parameters condition. With the help of the patient ID, are not present. Physical monitoring like body temperature, heart beat rate the doctor can easily distinguish a patient hardware can be easily implemented and blood pressure using the sensors from the others and provide treatment to using simple interfaces of these sensors which are readily available. The analog the patient. with a microcontroller and can eff ectively values that are sensed by diff erent be used for the monitoring of health of a sensors are given to a microcontroller Conlcusion patient. This will allow development of attached to it. The microcontroller Today and in future, health care and such low cost devices based on natural processes these analog values of health human life style choices will become human-computer interfaces. parameters separately and converts into increasingly overlapping, as the critical Patients’ various vital parameters digital values. interrelationships become better are regularly policed by single Patient Each of the sensors attached to a understood. The ability to monitor multiple Monitoring System and reported to the microcontroller with a transceiver will numbers of patients using a centralized doctors, nurses in attendance for timely act as a module. Each module transmits system will help in cutting short the response in case of critical situations. the data wirelessly to the gateway number of manpower and frequent human Components of Patient Monitoring which is attached to the PC of Patient interventions needed for carrying out the System are: Monitoring System. The patient monitoring tasks. The Patient Patient Monitoring System Monitoring System provides a new level which is situated in the of health care and individual attention medical centre is capable for for all categories of patients. This will selecting diff erent patient considerably provide an eff ective remedy ID and allowing the gateway for a lot of challenges faced by the doctors to receive diff erent physical and all other medical professionals. parameter values. The software designed using Reference Graphical User Interface [1] A Reliable Transmission Protocol (GUI) can operate on diff erent for ZigBee-Based Wireless Patient physical parameters of each Monitoring, Shyr Kuen Chen, patient. At any time, the Tsair Kao, Chia-Tai Chan et al, doctors, nurses can log into IEEE Transactions on Information Fig. 2: ZigBee Structure Patient Monitoring System Technology in Biomedicine, Vol. 16, and check the history of the no. 1, January 2012. n

Prof. Krishna Kumar L Received his bachelor degree in 2003 from Bharathiar University, India. He received his master degree in the ﬁ eld of Computer Science and Engineering in 2008 from Anna University, India. He is a researcher; his areas of interest are Artiﬁ cial Intelligence, Data Engineering, Big Data, and Cloud Computing. He has published over 10 research papers in various International and National Journals and Conferences. He is involved in various research, academic, and IT administration activities.

Jimy Joy is a master student in Department of Computer Science and Technology in Nehru Institute of Technology. She graduated from College of Engineering, Munnar in 2011, major in Computer Science and Engineering. Her About the Authors research interests include Cloud Computing and Computer Network.

CSI Communications | December 2013 | 19 Manish Kumar*, Dr. M Hanumanthappa**, Dr. T V Suresh Kumar*** Article *Assistant Professor, Department of Computer Applications, M S Ramaiah Institute of Technology, MSR Nagar, MSRIT Post, Bangalore, Karnataka, INDIA, **Associate Professor, Dept. of Computer Science and Applications, Jnana Bharathi Campus, Bangalore University ,Bangalore, Karnataka, INDIA ***Professor & Head, Dept. of Computer Applications, M. S. Ramaiah Institute of Technology, Bangalore, Karnataka, INDIA

Cyber Weapons Invisible Weapons for Next Generation Warfare

We all have heard stories about war and Stuxnet. Since fi rst reported in July 2010, attackers intend them to, most likely out warriors, which were fought by brave the Stuxnet worm—which some call the of their specifi ed boundaries. soldiers, with the help of deadly weapons, world’s fi rst “cyber weapon”—has spread Stuxnet isn’t just a rootkit that hides arms, ammunitions and battlefi eld tactics. to more than 155 countries, though most itself on Windows, but is the fi rst publicly But in the last decade, the way in which are in Iran. Stuxnet searches for industrial known rootkit that is able to hide injected the countries approach the concept of war control systems, often known as SCADA code located on a PLC.Stuxnet is a large, has changed completely. systems, and if it fi nds these systems on complex piece of malware with many Today we are living in the era in which the compromised computer, it attempts diff erent components and functionalities. technology has major role in our day to to steal code and design projects. It may It was trickily developed with antivirus day life and among all the technologies, also take advantage of the programming evasion techniques, complex process of Information Technology is the key role software interface to upload its own code injection and hooking,networks infection player or you can say a backbone of all to the Programmable Logic Controllers routines, peer-to-peer updates, and a the technlogies. We are more dependent (PLC), in an industrial control system command and control interface on these technologies than ever before, that is typically monitored by SCADA The use of a various propagation most of which is now available to our systems. Stuxnet then hides this code, so techniques has made the Stuxnet to partners, competitors, and adversaries. when a programmer using a compromised spread beyond the initial target. Analytical These technologies are common to all and computer tries to view all of the code on data of the Stuxnet worm attack showed if they are vulnerable, they are vulnerable a PLC, they will not see the code injected (Fig. 1:- Geographic Distribution of to all. Now countries are exploiting these by Stuxnet. Stuxnet) that Iran, Indonesia and India vulnerabilities in the cyberspace for their Stuxnet searches for industrial are the most infected country. As the own benefi ts and that is how the cyberwar control software made by Siemens, called Fig. 1 shows, Iran wasn’t the only country emerges. Simatic. If Simatic software is not on the targeted by the malware. The worm Sophisticated viruses, worms, machine, the worm looks for vulnerable programmers were not able to control trojans or a piece of software code which computers on the network to which the spread. It is not possible to have the is intentionally crafted with the clear it could spread. But if the software is certainty that such kind of malware will objective of gain through exploitation of present and confi gured a certain way, the infect only the targets. vulnerabilities, act as cyber weapons in worm begins its dirty task, intercepting Stuxnet was the fi rst truly devastating this cyber battle fi eld. In principal majority legitimate commands that control devices cyber weapon – but it won’t be the last. The of the countries have accepted Cyberspace such as valves and pressure gauges Stuxnet incident has given an acceleration as the fi fth domain of warfare such as and substituting potentially destructive to the cyber warfare and development of space, land, sea and air, and due to this ones in their place. The ultimate goal of cyber weapons. It has ignited the mind of reason, countries are mass investing in the Stuxnet is to sabotage these facilities many devils to make use of cyber weapons development of cyber weapon capabilities by reprogramming programmable logic as a mass destructor and some time more to strengthen it. Before focusing more controllers (PLCs) to operate as the deadly than nuclear weapons. The cyber on these next generation cyber wepons, fi rst I would like to tell you about the story of the fi rst cyber weapon and how it was discovered. In 2010 a computer security fi rm in Belarus found a very sophisticated, aggressive and self-replicating program on a client’s computer in Iran. The program was designed to attack and sabotage industrial control systems in order to take control of industrial facilities such as power plants, power grids, pipelines, and nuclear plants. This self replicating program was identifi ed as W32.Stuxnet, which was fi rst categorized in July of 2010. Originally Symantec named the detection as W32. Temphid based upon the information Fig. 1: Geographic distribution of Stuxnet originally received but later renamed it

CSI Communications | December 2013 | 20 www.csi-india.org weapons race is speeding up. Almost all least three more malware programs  Steal data required to access user the developed countries are developing existed that used the same Duqu/ accounts of various banking systems. their off ensive cyber capabilities as well as Stuxnet framework; this malware has  Intercept account of social networks, their defenses. The Americans, Russians, yet to be detected. mailing and instant messaging Chinese, other nation states and non- • Wiper: - This Trojan greatly disturbed services. state actors are hard at work on cyber Iran in late April 2012: it destroyed a • miniFlame: -This malicious programis weapons of their own. If there was a war large number of databases in dozens full-fl edged spyware, designed to tomorrow between powerful countries of of organizations. The country’s largest steal information and gain access the world, the fi rst stages would include oil depot was hard hit – its operation to an infected system. miniFlame cyber-attacks with the aim of completely was halted for several days. Wiper’s is a tool for targeting attacks disrupting critical infrastructure. creators successfully did their best with pinpoint accuracy. Although One of the most dangerous eff ects to destroy all the data that could be miniFlame is based on the Flame of the use of a cyber weapon is the used to analyze the incidents and platform, it is implemented as a stand- diffi culty to predict its diff usion. Since their activity. Because of this reason, alone module that can operate both cyber space has no boundaries, we no trace of the malicious program has autonomously, without Flame’s main will never have assurance that a cyber been found. modules being present in the system, weapon will work as planned. This means • Flame: - Flame is a very sophisticated and as a component controlled by that the cyber weapon could also hit toolkit for conducting attacks. It is Flame. Remarkably, miniFlame can in unpredictable way to other systems far more complex than Duqu. It is a also be used in conjunction with or networks that are not considered backdoor Trojan which also possesses Gauss, another spyware program. as targets. In extreme cases it is also some of the characteristic of worms. miniFlame’s primary purpose is to possible that it attacks the nation of the It propagates via local networks or function as a backdoor on infected cyber weapons developer itself. USB drives following instructions systems, enabling attackers to The presence of a cyber weapon in from its master. After infecting directly manage them. cyberspace could also open the possibility the host system, Flame starts to Countries Racing for Cyber Arsenal of a reverse engineering of its source code. execute a complex set of operations. The challenges of developing an eff ective Foreign governments, cyber terrorist, It includes analyzing the network cyber warfare strategy seem to share hacktivists, and cybercriminals could be traffi c, taking screenshots, recording several similarities with the challenges able to detect, isolate and analyze these voice communications, keystroke of developing early nuclear strategies. codes. They may further modify it with logging etc. Flame incorporated a Both were considered novel technologies some more tricks and spread it, which will unique functionality to propagate with vast military applications, and both be diffi cult to mitigate. These worms or itself across a LAN. It intercepted generated a great deal of fear and anxiety agents are diffi cult to be discovered and Windows update requests and lest they be used indiscriminately. Both could operate silently for years, like in the substituted them with its own module technologies promised to completely case of Gauss malware causing serious signed with a Microsoft certifi cate. change how nations fought wars. damages to the victims and also to other Analysis of this certifi cate revealed The majority of countries are entities in cyberspace. a unique cryptographic attack which investing huge to improve their cyber enabled cybercriminals to generate Evolution of Cyber Weapons capabilities. Many of the countries has their own bogus certifi cate that was Before 2012, only two instances of cyber not yet revealed about their strategy indistinguishable from a legal one. weapons Stuxnet and Duqu were known. and ongoing projects, where as some of • Gauss: - Gauss is a another However, further investigation and them has provided details publicly, to sophisticated toolkit for conducting analysis of these two forced the cyber demonstrate their commitment in cyber cyber espionage. The toolkit has community to thoroughly expand the warfare. Fig. 2 shows some statistics a modular structure. It supports whole concept of what cyber warfare related to the total expense of the most remote deployment of a new payload entails. active countries in cyber warfare. China that is implemented in the form of As per the Kaspersky Security and the U.S. have allocated considerable extra modules. The modules which Bulletin, 2012 has brought key revelations investment for the development of new has been found and analyzed so far, in the fi eld of cyber weapons –in terms of cyber technologies. perform the following functions: how cyber weapons are being developed. Analyzing the global expense in  Intercept cookie-fi les and Some of these deadliest worms which acts cyber warfare, it is possible to understand like a cyber weapons are: passwords in the web browser. the economic impact on each nation’s • Duqu: - This spyware program was  Collect system confi guration demonstration of the strategic importance identifi ed in September 2011. Experts data and send it to root system. to adopt a proper cyber strategy and of say that the Duqu was a development  Infect USB storage drives with a course to develop a cyber weapon arsenal. of the Tilded platform, on which module designed to steal data; another deadliest malicious program  Create lists of the contents on Cost Estimation of Cyber Weapons – Stuxnet – had also been developed. a system’s storage drives and It’s quite diffi cult to estimate an exact cost Analyst has also established that at folders; for the development of a cyber weapon

CSI Communications | December 2013 | 21 NATO 2012 Upgrading the cyber defense capabilities and enable the NATO Computer Incident Response 58M € Capabilities to achieve full operational capabilities by the end of 2012 US 2013-2017 With a cyber budget of $1.54 billion from 2013 to 2017, DARPA will focus increasingly on cyber- 1.54B $ off ence to meet military needs UK 2012 Extra Investment to develop deterrents to hostile viruses and hackers 650M £ Israel From 2012 Expense of more than $13 million in the coming years to develop new technologies for cyber 13M $ defense. China China do not have very clear accounting transparency, but its estimated by some of the experts ? that China’s Cyber Security market will expand remarkably in the coming year , from a valuation of $1.8 billion in 2011 to $50 billion by 2020. Iran 2012 On December Tehran announced an ambitious plan to improve its cyber-warfare capabilities 1B $ developing new technologies and creating new team of cyber experts.

Fig. 2: Cyber warfare expense of countries which depends on many parameters, dedicated for the development of new for purpose of identifying enemies’ but a very valid and realistic estimation off ensive technologies. activities and striking back at them. Japan and the U.S. recently has initiated has been provided by the famous hacker Collective Cyber Defense in the Near Charlie Miller, a independent security “collective cyber defense” to enhance the Future evaluators in his presentation “How capability of the alliance, aiming to make it It’s obvious that early information about to build a cyber army to attack the a foundation for information security and the attack plays a vital role in planning U.S.”Charlie hypothesized a project with information protection more broadly. defending strategy. In order to protect a total duration of two years, involving cyberspace, early detection of cyber- Is India Ready for Cyber Warfare? around 592 professionals that cover attacks is most essential and warnings India has experienced, and continues to various job roles from vulnerability must be shared without delay among undergo, cyber attacks in various forms. analysts to managers. The hypothetical like-minded countries. It is diffi cult to On June 7, 1998, for example, an anti- estimation (Fig. 3) revealed an expense defense against cyber attacks and cyber nuclear group “Milw0rm” reportedly of $45.9 million in annual salary (average espionage through defensive measures hacked into the Bhaba Atomic Research annual salary $77,534) and $3 million alone. So now countries are joining hands Center (BARC) network to protest India’s in equipment. together to strengthen their cyber defense nuclear tests. During the same time period, Despite that the amount appear capabilities. This may be considered as Pakistani hacker groups, such as Death to expensive, if it is compared with the “collective cyber defense.” India, Kill India, Dr. Nuker, and G-force cost of a conventional weapon it is really It will also be necessary to invade Pakistan, openly circulated instructions cheap. For this reason many government attackers’ networks in return as measures for attacking Indian computers. are establishing cyber units, which is of “cyber-counterattacks in self-defense” When the Stuxnet cyber-attack temporarily took down the Iranian nuclear facility, it made few waves in India. Job Roles Units Cost However, shocking details emerged later Vulnerability Analysis 10 Senior, 10 Junior 2,900,00 0$ on that barely a few months after the Exploit Developers 10 Senior, 40 Experienced, 20 Junior 7,300,000 $ computer worm created problems in Iran, critical infrastructure in India too was Bot Collectors 50 Senior, 10 Junior 4,150,000 $ infected by the tactical cyber weapon. Bot Maintainers 200 Senior, 20 Junior 12,900,000 $ If it is to be believed, some of the news articles published on Internet Operators 50 Senior, 10 Junior 5,400,000 $ have also revealed that, there was a Remote Personnel 10 Senior, 10 Junior 400,000 $ massive infection in many of the SCADA Developers 50 Senior, 20 Junior 2,850,000 $ systems controlling the generation and transmission network in western India. Testers 10 Senior, 5 Junior 800,000 $ Investigators pieced together the evidence Technical Consultants 2,000,000 $ and launched a probe into other vulnerable systems that revealed facts that were too Sysadmins 500,000 $ sensitive and complex to be made public. Managers 52 6,200,000$ As the incidence response teams found Fig. 3: Cost estimation of team for cyber weapon development that a majority of the hosts compromised by the Stuxnet attack were from India, a

CSI Communications | December 2013 | 22 www.csi-india.org strenuous eff ort was undertaken to assess Despite the fact that cyber security is one References its motive and origins. However, this of the major threat for India, there seems [1] Aram Roston, “Navy Awards investigation actually resulted in the eye- to be little urgency in devising a National Contracts for Off ensive Cyber opening revelation that India’s industrial Cyber Security Policy in India that could Weapons”-http://www. control systems are susceptible like that provide not just a security blanket against defensenews.com/ of any other nation. It was indeed a matter future attacks but also a framework for [2] Charles Billo and Welton Chang, of grave concern that the only known off ensive capabilities that enables India “Cyber Warfare- Am Analysis of the and documented attempt to compromise to retaliate and launch attacks against Means and Motivations of Selected SCADA (supervisory control and data enemy nations. India contribute as a major Nation States”- Institute For Security Technology Study at Dartmouth acquisition) systems at a widespread human resource as well as knowledge College.- www.ists.dartmouth.edu/ scale had a substantial impact on India, resource for the world in the fi eld of docs/cyberwarfare.pdf including the organizations managing Information Technology, but it seems lack [3] http://resources.infosecinstitute. the utilities like power, hydroelectric and of preparedness in the fi eld of self defense. com/the-rise-of-cyber-weapons- gas, etc. Many of the online news report Conclusion and-relative-impact-on-cyberspace/ has also published about investigative The coming generation will witness the [4] http://www.brookings.edu/research/ researcher Jeff rey Karr analysis, who country-sponsored cyber operations opinions/2013/11/12-cyber-defense- had shocked, when he proved that and cyber warfare. Cyberspace will us-japan-alliance-osawa India’s INSAT 4B satellite was taken change deeply. Governments and [5] http://www.defensenews. down by Stuxnet to serve Chinese com/article/20130709/ private business must be prepared for business interests. DEFREG01/307090008/ the challenges, not underestimating the [6] Kaspersky Security Bulletin 2012 - India is increasingly facing Cyber risks. The country like India has enough Terrorism, Cyber Warfare, Cyber http://www.securelist.com potential to get ready for cyberwar, and [7] Kim Zetter, “World’s First Espionage and Cyber Attacks. The biggest develop his own cyber weapons. As US cyber threat against India is originating Cyberweapon”-http:// army is publicly advertising and asking discovermagazine.com/2011/ in the form of cyber attacks upon their citizens openly to contribute in Indian critical infrastructures. Critical [8] Michael Gallagher, “Web War II: developing the cyber weapons, India too What a future cyberwar will look infrastructure protection in India requires can follow the same approach or establish like”-http://www.bbc.co.uk/news/ a well formulated policy. Presently we have a cyber army, which can empower the magazine-17868789 no critical infrastructure protection policy country with cyber weapons to retaliate, [9] Mukesh Saini, “Preparing for of India. Further, critical ICT (Information defend and attacks in the situation of Cyberwar - A National Perspective”- and Communication Technology) cyber war. India can also think about http://strategicstudyindia.blogspot. infrastructure protection in India is one collective cyber defense with the help of in area that requires special attention of like-minded countries. It’s the time when [10] Pierluigi Paganini, “The Rise of Cyber Indian government. India has to take this issue with utmost Weapons and Relative Impact on Many of the countries have publicly urgency. Otherwise it will be too late, Cyberspace” - http://resources. declared their cyber arsenal and many when other countries will be far ahead infosecinstitute.com/ are developing it. The countries are of us and we will be depending on them [11] Sai Manish, “India is a sitting duck in investing huge fund for developing the for our cyber defense and may need to the cyber battlefi eld”- http://tehelka. cyber weapons and defending techniques. import the cyber weapons from them. com/ n

Manish Kumar is working as Assistant Professor in the Department of Computer Applications, M. S. Ramaiah Institute of Technology, Bangalore, India. His specialization is in Network and Information Security and Computer Forensics. He has worked on the R&D projects related on theoretical and practical issues about a conceptual framework for E-Mail, Web site and Cell Phone tracking, which could assist in curbing misuse of Information Technology and Cyber Crime. He has published many research papers in National, International Conferences and Journals. He is also an active member of various professional societies.

Dr. M Hanumanthappa is currently working as Associate Professor in the Department of Computer Science and Applications, Bangalore University, Bangalore, India. He has over 15 years of teaching (Post Graduate) as well as Industry experience. He is member of Board of Studies /Board of Examiners for various Universities in Karnataka, India. He is actively involved in the funded research project and guiding research scholars in the ﬁ eld of Data Mining and Network Security. He is also an active member of various professional societies.

Dr. T V Suresh Kumar is working as Professor and Head, Department of Computer Applications and Registrar (Academic), M S Ramaiah Institute of Technology, Bangalore. He has delivered lectures at various organizations like Honeywell, SAP Labs, Wipro Technologies, DRDO, Mphasis, Indian Institute of Science (Proﬁ cience), HCL Technologies, L&T Infotech, Nokia and various Universities/Academic Institutions. He is actively involved in R&D projects. He has published several research papers in various National and International Conferences and Journals. About the Authors

CSI Communications | December 2013 | 23 Dr. M S Vijaya* and V Pream Sudha** Article *Associate Prof. and Head, GR Govindarajulu School of Applied Computer Technology, PSGR Krishnammal College for Women, Coimbatore **Asst. Prof., GR Govindarajulu School of Applied Computer Technology, PSGR Krishnammal College for Women, Coimbatore

Research Directions in Social Network Mining with Empirical Study on Opinion Mining Introduction study known as Social Network Analysis neighbors of an entity The growing use of the internet has led to (SNA). Social network analysis examines • Community – Nodes that are the development of networked interaction the structure and composition of links in communicating more often with each environments such as social networks. a given network and provides insights other Social networks have acquired much into its structural characteristics. SNA is • Path length – Nodes that are involved attention recently, largely due to the the study of the evolution of structures in passing information through the success of online social networking sites i.e., how the networks change over time, network and media sharing sites. In such networks, and how information propagates within • Density – Proportion of possible links rigorous and complex interactions the networks. SNA assumes that the that actually exist in the network occur among several diff erent entities, relationships are important and focuses Social Network Mining leading to huge information networks on the structure of relationships. It also Traditional, social network models were with outstanding business potential. includes understanding of the general descriptive, rather than predictive. This Researchers are increasingly interested properties of networks by analyzing was mainly due to insuffi cient data. in addressing a wide range of challenges large datasets collected with the aid of exist in these social network systems. technology. Fortunately, the growth of World Wide Social networks are graph structures Social network analysis has emerged Web has transformed the scenario. whose nodes represent people, as a key technique in modern sociology Large quantities of data are available on organizations or other entities, and and has become a popular topic of study very large social networks from blogs, whose edges represent relationship, in areas like Business and Economics, knowledge-sharing sites, collaborative interaction, collaboration, or infl uence Geography, Information science, fi ltering systems, online gaming, social between entities. The edges in the Organizational studies, social psychology, networking sites, newsgroups, chat rooms, network connecting the entities may Sociolinguistics. For example, SNA has etc. However, handling complex networks have a direction indicating the fl ow from been used in epidemiology to understand with millions of vertices for mining one entity to the other; and a strength the pattern of human contacts that cause interesting patterns on the network and denoting how much, how often, or how the spread of diseases in a population. for a thorough analysis of the properties important the relationship is. Social SNA can be used as a tool for market of the network is not an easy task. The networks need not be always social in analysis based on opinions about products exponential increase in the number of context. Real-world networks like World or brand to market products and services. interacting nodes in these networks Wide Web, electrical power grids, the SNA can also be an eff ective tool for mass endow with highly signifi cant challenges spread of computer viruses, telephone call surveillance - for example to determine for the advanced computing, machine graphs, and co-authorship and citation whether or not a particular individual has learning and data mining community. networks of scientists, customer networks criminal tendencies. Social network mining is a systematic are instances of technological, business, Structural characteristics of social approach used to discover the patterns economic, and biologic social networks. networks can be explored using socio of relationships among entities in social Epidemiological networks, cellular and metrics. Socio metrics are measures networks and to make the invisible fl ows metabolic networks, food webs, are some used to understand the structure of the within an organisation to be visible. In of the examples of biological networks. network, the properties of links, the roles recent years, social network research has Social networks are highly dynamic of entities, information fl ows, evolution been carried out using large quantity of in nature. The network grows and changes of networks, clusters/communities in a data collected from online interactions and quickly over time through the addition network, nodes in a cluster, center node from explicit relationship links in online of new nodes and edges, signifying the of the cluster/network, and nodes on the social network platforms (e.g., Facebook, social structure. The number of degrees periphery etc.,. Some of the commonly LinkedIn, Flickr, Instant Messenger, etc.). grows linearly in the number of nodes. It used measures for analysis are Analyzing the properties of the network has been experimentally shown that when • Centrality – Node’s relative and understanding the dynamics that the network grows, the closeness of the importance within a community. drives the evolution of social network nodes increases, resulting in shrinking • Prestige – Central nodes in the is a challenging problem due to a large diameter of the network. The dynamic, network number of variable parameters. dense, reduced diameter properties of • Prominence – Nodes with the most Currently most networks have graph show that the social network exhibit incoming connections surpassed the dimensions for which it heavy-tailed out-degree and in-degree • Infl uence – Nodes with most outgoing is feasible to perform accurate analysis distributions. connections with traditional data mining methods. The The dynamic property of such large, • Outliers – Nodes with the least increased dimension of social network heterogeneous, multi-relational social connections poses critical importance to the success networks has led to an interesting fi eld of • Clique – How connected are of the social network analysis and mining.

CSI Communications | December 2013 | 24 www.csi-india.org Similarly identifying the most infl uential rate the products. Viral marketing aims form a multirelational social network called nodes in the network is an interesting to optimize the positive word-of-mouth as heterogeneous social network. Each task in social networks because it can eff ect among customers. The customer’s kind of relation may play a distinct role in a exhibit highest business value as these network value is considered as most particular task. The diff erent relation graphs entities can be used for promoting new important for viral marketing. Based on can provide us with diff erent communities. products. The trend in users’ opinion the interactions between customers, The relation that plays an important role towards a certain product or service that viral marketing can produce higher in a community is to be identifi ed in order can be discovered through monitoring the profi ts than traditional marketing such to determine a community with certain growth of network of nodes is another as direct marketing, mass marketing characteristics. This leads to the problem valuable task from a business perspective. which ignores such interactions. Finally of multirelational community mining, Some of the exemplar areas of mining on for example, a data mining task would which involves the mining of hidden social networks are link mining, mining be fi nding the optimal set of customers communities on heterogeneous social customer networks for viral marketing, that maximizes the net profi ts. Viral networks. For example, in WWW, two mining newsgroups, community mining, marketing techniques can also be applied Web pages (objects) are related if there is sub graph detection and opinion mining. to other areas like reducing the spread of a hyperlink between them. A graph of Web Link mining HIV, combating teenage smoking, and page linkages can be mined to identify a community or set of web pages on a Traditionally data mining and machine grass-roots political initiative. particular topic. learning tasks have been carried out using Mining newsgroups using networks a single relation of homogenous objects. Newsgroups are rich sources of openly Opinion Mining The data comprising social networks available discussions on any conceivable The web is a wealthy source of information. is heterogeneous, multirelational, and topic wherein the arguments are mostly Web 2.0 provides ample opportunities to semi-structured, thus a new fi eld of open, frank, and unmodifi ed. Newsgroup express personal experiences and opinions research called link mining has emerged. postings can provide a quick pulse on on almost anything at review sites, forums, Various mining tasks can be performed by any topic. Extracting hidden information discussion groups, blogs etc. A research considering only links - the relationships from newsgroups is another area of says that consumers generated more than between objects. Both object attributes social network mining. A newsgroup 500 billion impressions about products and link information are made use of for discussion on a topic consists of and services, through social media in link mining process and being applied in seed postings, and a large number of 2011. People express their emotions various domains like WWW, business, additional postings that are responses and opinions about various topics like bibliography, and epidemiology. Link to a seed posting or responses to arts, literature, fi nancial markets, about based object classifi cation, object type responses. Responses typically quote individuals, organizations, ideologies, prediction, link type prediction, link explicit passages from earlier postings. and consumer goods. When people existence prediction, link cardinality Such quoted responses form ‘quotation make decisions to buy products or use (number of in links and out links) links’ and create a network in which the services, they search for these opinions prediction, Object reconciliation, group vertices represent individuals and the links instead of searching for facts. 84 percent and subgroup detection, metadata represents “responded-to” relationships. of millennials say that user-generated mining are common link mining tasks. For It is also true that people more frequently content has at least some infl uence on example a typical data mining task is to respond to a statement when they what they buy. Organizations also look predict the edges that will be added to the disagree than when they agree. This up to opinions regarding their products network from a particular time to a given behavior exists in many newsgroups, to be aware of the market trends and future time. based on which, one can eff ectively classify changes. Hence a system to identify and Mining customer networks for and partition authors in the newsgroup classify opinions expressed in electronic viral marketing into opposite groups by analyzing the text and to fi nd valuable and interesting graph structure of the responses. The information is essential. Viral marketing is a new marketing graph structure is constructed by creating Sentiment analysis or opinion mining strategy using social network mining that a quotation link between person i and is the computational study of people’s explores how individuals can infl uence person j if i has quoted from an earlier opinions, appraisals, and emotions toward the buying behavior of others. The basic posting written by j. entities, events and their attributes. principles of viral marketing are social It involves the application of natural profi le gathering, proximity market Community mining language processing, computational analysis, real-time key word density Community mining is one of the major linguistics, and text analytics to identify analysis. The development of social directions in social network analysis. A and extract subjective information in networks like e-mail mailing lists, UseNet community can be defi ned as a group of source materials. groups, on-line forums, instant relay chat objects sharing some common properties. (IRC), instant messaging, collaborative Community mining can be thought of Applications of Opinion mining fi ltering systems, and knowledge-sharing as subgraph identifi cation. In real social According to the Gartner research, sites facilitates mining the buying networks, there always exist various kinds July 2010, a majority of consumers, about pattern of customers for viral marketing. of relationships between the objects. Each 74 percent rely on social networks to guide Such sites allow users to off er opinion relation can be viewed as a relation network purchase decisions, proving that word of about products to help customers to or relation graph and multiple relations mouth propagates faster in the web. The

CSI Communications | December 2013 | 25 applications of opinion mining are huge. document focuses on a single object O in simple yet very powerful algorithms Some of them are and contains opinions of a single opinion with high generalization power on unseen • Brand aff ection monitoring and holder. It determines the semantic data. It attempts to fi nd a hyperplane that fi nding the reach of a product, for orientation of the opinion on the object O separates data by maximizing the margin example how many people have been in each document. Sentence level mining separating the two classes. Here LibSVM exposed to Samsung phones. fi rst identifi es subjective statements in a implementation with C-SVC type and • Identifying public opinions on a document and then fi nds their polarity. RBF kernel is used. In k-nearest neighbor political topic Feature based mining, tries to identify algorithm, an object is classifi ed by the • Comparing 2 diff erent products, the sentiment or opinion orientation majority vote of its neighbors, with the for example, to fi nd the preference expressed by a reviewer for each feature or object being assigned to the class most between Samsung Galaxy S3 and attribute and then groups them. Opinion common amongst its k nearest neighbors. Apple iphone 5. Businesses can utilize mining still poses a lot of challenges The training sub process returns a model this to improve their market strategies. to researchers namely identifying the which is applied to the testing process. • Identifying spam opinions given to language and domain in which opinions This sub process in turn returns a boost products sales or to damage a are expressed, detecting fake reviews, performance vector. The performances product recognizing precise named entities and of the two classifi ers are evaluated and • Predicting about the changing society reliable content. compared. The consistency of K-NN and and trends SVM algorithms are validated using fi ve Implementation using Rapidminer • Identifying opinion leaders metrics. They are accuracy, sensitivity, The illustration used here is the specifi city, positive predictive value, and Components and Types of classifi cation of movie reviews as either negative predictive value and F measure. Opinion Mining positive or negative labels. The IMDB These metrics are computed as follows. Sentiment analysis aims to determine the data set introduced in Pang & Lee, 2004 Accuracy = TP + TN / (TP + TN + FP + FN) attitude of a speaker or a writer with respect is used for this study. This is a set of 200 Sensitivity = TP / (TP + FN) to some topic or the overall contextual fi lm reviews in text format extracted from Specifi city = TN / (TN + FP) polarity of a document. The attitude may www.imdb.com, evenly split into positive PPV = TP / (TP + FP) be his or her view, appraisal, judgement or and negative labels. At fi rst, the textual data NPV = TN / (TN + FN) evaluation on an object, aff ective state, or is preprocessed and transformed into a set F Measure = 2PR / P+R the intended emotional communication. of features which could be used as training where TP - number of true positive There are three basic components in an data for supervised learning algorithms. The instances in the test dataset, TN - number opinion – the opinion holder, the object, preprocessing task consists of tokenization, of true negative instances, FP - number of and the opinion. The person or organization case transformation, stemming, fi ltering false positive instances, FN - number of that holds a specifi c opinion on a particular words by length and removal of stopwords. false negatives, PPV - positive predictive object is the opinion holder and the A word vector containing term presence value, NPV - negative predictive value, object is the entity on which an opinion information is generated from the raw P - precision and R – Recall. The is expressed. Sentiment analysis can be documents. Documents are represented as performance of the two classifi ers in done by four diff erent approaches namely vectors in this space and each document terms of the above measures are shown in lexicon based, supervised, unsupervised is represented as a vector of tf-idf weights. Table 1 and illustrated in Fig. 1. and keyword based methods. The four As the vectors are very high-dimensional, main aspects of the sentiment analysis attributes with high information gain with As the table indicates, the accuracy, problem are Object identifi cation, Feature respect to a class are selected and provided sensitivity and negative predictive value extraction, Orientation classifi cation and for training the classifi er. of SVM are very high indicating that it is Integration. In this study, two classifi cation able to label positive and negative classes There are three diff erent levels in techniques namely support vector eff ectively. kNN also performs fairly well which opinion mining may be done. It can machine (SVM) and kNN are implemented but SVM outperforms it. be done at the document level, sentence using Rapidminer. Rapidminer supports The above graph shows that SVM level or at the feature level. Given a set LibSVM implementation for support exceeds kNN with high precision, recall of evaluative documents D, sentiment vector machine. Support Vector machine and F measure. classifi cation determines whether each is an intelligent computing tool that is document dЄD expresses a positive or being successfully applied to a wide range Conclusion negative opinion (or sentiment) on an of pattern recognition problems. SVM is Social network analysis and mining is object. The basic assumption in sentiment based on strong mathematical foundations a growing research area which brings classifi cation is that each evaluative and statistical learning theory but results together researchers from diff erent fi elds

Classiﬁ er Accuracy Sensitivity Speciﬁ city PPV NPV SVM 85.5 96.5 74.5 79 95.5 k-NN 70 72.5 67.5 69 71

Table 1. Performance of the two classiﬁ ers

CSI Communications | December 2013 | 26 www.csi-india.org networks are being developed. But the gap between the techniques developed by the research community and their deployment in real-world applications is a critical issue, which needs to be addressed. References [1] Marenglen Biba, Social Network Mining – an Overview, International Journal of Social Network Mining. [2] Francesco Bonchi, Carlos Castillo, Aristides Gionis, and Alejandro James, Social Network Analysis and Mining for Business Applications, ACM Transactions on Intelligent Systems and Technology, Vol. 2, No. 3, 2011. [3] Han & Kamber, Data Mining Concepts and Techniques, 2nd edition. [4] http://www.bazaarvoice.com/resources/ research/talking-strangers-millennials- trust-people-over-brands, January 2012. Fig. 1: Precision, Recall and F Measure of the classifi ers [5] http://www.bazaarvoice.com/social- commerce-statistics, June 6, 2011. such as machine learning, data mining, fi ltering systems, online gaming, social [6] “Competitive Strategy In The Age Of The artifi cial intelligence, optimization, graph networking sites, newsgroups, chat rooms, Customer,” Forrester Research Inc., June theory, networks, mobile computing and etc. for research. The ability to collect this 6, 2011. other areas, with the aim of solving real kind of data using technology is a diffi cult [7] http://kdl.cs.umass.edu/data/dblp/dblp- info.html world problems that the dawn of social task and mining such large, complex, [8] http://www.cs.cmu.edu/afs/cs.cmu.edu/ networks has brought into the scientifi c dynamic, heterogeneous, noisy data set project/theo-20/www/data/ fi eld. Large quantities of data are available is highly challenging. New methods and [9] Haizheng Zhang, Marc Smith C Lee Giles, on very large social networks from blogs, algorithms towards solving the wide range John Yen and Henry Foley, Social Network knowledge-sharing sites, collaborative of issues and challenges in mining social Mining and Analysis, SNAKDD 2008. n

Dr. M S Vijaya is Associate Professor and Head at GR Govindarajulu School of Applied Computer Technology, PSGR Krishnammal College for Women, Coimbatore. She has 22 years of teaching experience and 8 years of research experience. She completed her doctoral programme in the area of Natural Language Processing. Her areas of interest include Data Mining, Support Vector Machine, Machine learning, Pattern Recognition, Natural Language Processing and Optimization Techniques. She is a member of CSI, International Association of Engineers (Hong Kong), International Association of Computer Science and Information Technology (IACSIT – Singapore).

Ms. V Pream Sudha is Assistant Professor at GR Govindarajulu School of Applied Computer Technology, PSGR Krishnammal College for Women, Coimbatore. She has 11 years of teaching experience. Her areas of interest are Data Mining, Machine learning, Text mining and Sentiment analysis. She has presented papers in National and International Conference. She has published 5 papers in International Journals, Conference Proceedings and has attended various Seminars, Conferences and Faculty Development Programmes. About the Authors

CSI Communications | December 2013 | 27 A P Raju Article Technical Manager, Corporate Research & Development (CR&D), Electronics Corporation of India Limited, Hyderabad

Multi-Biometrics for Unique Identifi cation Unique identifi cation of an individual is If the matching is between many records Driving License database, Passport Issuing primary objective of any government in vs. many records then it is called Many- Systems, Various Government Schemes, today’s world. Multi-model biometric Many matching used in de-duplication PAN Card Issuing Systems, Access techniques provide a fast, accurate and process. Since the matching depends on control and Authentication Systems and reliable method in establishing the identity threshold scores and quality of biometric e-governance applications etc. of an individual. data, the result may lead to errors. The Fingerprint Biometrics errors recognized are as below. Multi Biometrics It is the oldest and reliable method for Multi-Biometrics is an identifi cation identifi cation. The fi ngerprints are unique technology which uses more than one to each person and can be regarded as a biometric technology such as Facial- sort of signature, certifying the person’s fi ngerprint, Fingerprint-Iris or Facial- identity. According to FBI, the odds of two Fingerprint-Iris for matching. The use of people sharing the same fi ngerprints are Multi-Biometrics takes advantages of the one in 64,000,000,000. Fingerprints diff er capabilities of each biometric technology even for ten fi ngers of the same person. The while overcoming the limitations of a fi ngerprints are diff erent for twins also. single technology. The fi ngerprint images are captured using fi ngerprint scanners. Since accurate The present article aims at defi ning Fig. 1: Biometric process fl ow diagram optimum, accurate and fast de-duplication matching of fi ngerprints depends largely (removal of duplicates) process using on ridge structures, the quality of the multi-model biometrics. It also briefl y Recognition errors fi ngerprint image is of critical importance. describes the various popular biometric There are two basic types of recognition Features, called minutiae points techniques with present & future trends. errors: False Acceptance Rate (FAR) and (ridges, endings, bifurcations and capillary lines) are extracted from the fi ngerprint the False Rejection Rate (FRR). A FAR is Biometrics: An Introduction image. Fingerprint matching is done when a non-matching pair of biometric Biometrics is an automated system between these specifi c features called data is wrongly accepted as a match by of recognizing a person based on template. Fig. 2&3. the system. A FRR is when a matching the person’s physical or behavioral pair of biometric data is wrongly rejected characteristics. Biometrics are sorted into by the system. The two errors are physiological (fi ngerprint, face, iris, palm complementary: When you try to lower prints and hand geometry etc.), behavioral one of the errors by varying the threshold, (signature, voice, gait & key stroke etc.) the other error rate automatically classes. Among them, the most popular increases. There is therefore a balance to Finger Image Finger Image + Minutiae biometric identifi cation systems are based be found, with a decision threshold that Minutiae on fi ngerprint, facial and irises. can be specifi ed to either reduce the risk Fig. 2: Minuti ae extracti on1 A Biometric System of FAR, or to reduce the risk of FRR. A System used for biometric matching is The most common biometric called a Biometric System. This system identifi cation methods are Fingerprint, is scalable, cluster based with parallel Facial, Iris, Hand Geometry and Speech computing capability. The system includes recognition. a sensor for biometric data capture, a Application Areas database, Template extractor & generator The Biometric Systems fi nds applications in and a matching engine. Fig 1. National Scale Voting Systems; Ration cards Verifi cation/Identifi cation Issuing Systems, Border Control Systems, Fig. 3: Sample minuti ae & matching2 The matching between one live record Citizenship Cards, Forensic Systems, and one known stored record is called Verifi cation /Authentication (1 to 1). If the matching is between one record vs all A Multi - Biometric based Identifi cation engine uses fusion of two or the records then it is called identifi cation. more biometric (e.g. facial and fi ngerprint) recognition results; the The system identifi es an individual by identifi cation reliability is very high even when using large databases searching the templates of all the users in with millions of records. the database for a match (One to Many).

CSI Communications | December 2013 | 28 www.csi-india.org Fingerprint Identifi cation technology Using additional biometric method can is reached its advanced stage of dramatically decrease this eff ect. Multi- development. There are some features to biometric systems are capable of utilizing be considered for selecting the optimum more than one modality for enrolment, matching engine. matching and identifi cation. Multi biometric systems represent the To get high accuracy of matching, fusion of two or more biometric modalities. the algorithm should support Template These biometric modalities include generalization, tolerance to rotation, fi ngerprints, faces, voice prints and/or irises. translation & deformation and adaptive Some of the limitations imposed by uni- image filtration. To achieve faster Fig. 4: Facial images modal biometric systems can be overcome matching speed the techniques that by using multi biometric modalities. Test may be considered are ‘Pre-sorted A face does not have as many uniquely results show identifi cation reliability is database’, ‘Global and Local patterns’. measurable features as fi ngerprints and very high even when using large databases The quality of templates plays a crucial eye irises, so facial recognition reliability is with millions of records. The Identifi cation role for matching and for high accuracy slightly lower than these other biometric System based on multi-biometrics is called recognition methods. However, it is still Automated Biometric Identifi cation System and speed. The template with 8 indexes suitable for many applications, especially (ABIS) as shown in Fig. 5. gives high accuracy and slow matching when taking into account its convenience The features considered for speed. The matching with 4-index for user. developing ABIS system are template results in faster speed with Facial recognition can also be used Cluster-Node based scalable low accuracy. together with fi ngerprint recognition or architecture The well-known techniques for another biometric method for developing Facility for fi nding duplicates in one or fi ngerprint matching are Minutiae based more security-critical applications. It is more regions, specifi ed gender and age etc. Pattern Matching, Correlation Based not intrusive, can be done from a distance, Compliance to major biometric Technique, Image Based and Hybrid based. even without the user being aware of standards The most popular are a combination of it. This technique has not yet reached Support for multi-platform and parallel matching Minutiae and Image based. Nowadays, mature stage. Viewing of duplicates with threshold Automated Fingerprint Identifi cation Facial biometric systems are more suited for authentication than for scores, photos and images System (AFIS) is becoming increasingly identifi cation purposes, as it is easy to Biometric Quality Checker popular for large scale applications. change the proportion of one’s face by Confi gurable FAR & FRR The AFIS which can match at 10 to 20 wearing a mask, a nose extension etc. million matches per sec are available in Benefi ts Intelligent combination of scores and the market. Iris Biometrics Iris recognition is a highly mature decisions from each system may provide The quality of the fi ngerprint varies higher-confi dence matching. It provides due to variations in skin and impression technology with a proven track record in a number of application areas. Iris opportunities for full enrolment and can conditions such as scars, humidity, recognition systems used very eff ectively help overcome challenges associated with dirt and non-uniform contact with the all over the world for identifi cation and low-quality enrolments. Other benefi ts fi ngerprint capture device. The quality of access control. This is based on analysis are Enhanced Security, Better Quality partial prints is however the limiting factor. of the iris of the eye, which is the colored of Data, Universality and Easy Search in the Database. Facial Biometrics ring of tissue that surrounds the pupil of the eye. Based on visible features, i.e. Facial Recognition System (FRS) is a type rings, furrows, freckles and the corona, the of biometric that enables identification features with their location information of a person from an image or series of are extracted to form the Iris template, images of his or her face. This technique which is used for matching. is based on analysis of the unique Iris recognition is widely regarded shape, pattern and positioning of facial as the most safe, accurate biometrics features. technology and capable of performing These are passive biometrics and 1-to-many matches at extraordinarily high does not require a persons cooperation, speeds, without sacrifi cing accuracy. Fig. 5: Cluster based ABIS highly complex technology and are largely Multi-Biometrics software based. This biometric system Using Identifi cation routines with only one is able to operate “hands-free”. This is biometric method can result in a higher Present Trends applied to single image, video sequence FAR, which may become unacceptable Research is going on to increase the and 3D image. for applications with large databases. accuracy and speed of matching in

CSI Communications | December 2013 | 29 Various biometric and accuracy comparisons are as shown in Table 1. Biometric Capture Invariance Singularity Acceptance Fingerprint Optical, Capacitive etc. Very good 1:1 Million Good Face Optical or IR Good Unknown Good Iris of eye Optical Very good 1:6 Millions Not good Retina Optical Very good 1:1 Million Not good (invasive) Voice Electro acoustical Not good 1:10000 Good Signature Dynamic (pressure) Not good 1:10000 Very good Hand geometry Optical (IR) Good 1:1000 Very good Two ﬁ nger geometry Optical (IR) 1:1000 Very good Very good Veins of hand Optical (IR) Good Unknown Very good

Table 1 Various Biometrics3 common biometric identifi ers face, Thermograms technologies ready for what is being fi ngerprint & irises, signature verifi cation This is based on the theory that heat expected of them? There are still etc. Advanced research is also going on to patterns of parts of the body are unique to technical, Legal and private challenges to develop biometric identifi cation systems every human being. These are expensive overcome. Accuracy vs. Speed for one-to- based on Vein Pattern, Sweat Pores, because of the thermal imaging sensors. many matching is a greater challenge for Fingernail Bed, Hand Grip, Brain Wave big databases. There is a need to improve Gait & Key Strokes feature extraction and matching for low Pattern, Footprint and Foot Dynamics. Gait biometric technique objective is quality biometric images. Some more matching techniques that to recognize a person in any condition are early stage of development are DNA, using standard cameras. In Key strokes Conclusion Retina recognition, Thermograms, Gait, the rhythms with which one types at a Today Governments are accountable to Keystroke, Ear recognition, Skin refl ection, keyboard are suffi ciently distinctive to their citizens for providing quick & reliable Lip motion & Body odour. form the basis of the biometric technology services. This can only be achieved by DNA known as keystroke dynamics. using Information Technology & Electronic based Systems. Multi-Biometric Systems DNA also known as ultimate identifi er. Ear Recognition can provide the platform for Election Because DNA Identifi es information from Research shows that the shape, Commissions to prevent bogus voting, every cell in the body in a digital form. characteristics of the ear is unique to Governments to ensure unique citizenship It is not yet fully automated, slow and every individual. Ear recognition uses the Cards, Driving Licenses for ensuring shape of the ear to perform identifi cation. expensive. The limitation is Identical twins cash transfer, Rations & Other amenities It might be recognized from a distance. have the same DNA. Privacy issues may to reach the poor & needy citizens of arise since DNA contains information about Lip Motion & Body Odour a country. These systems are used to race, paternity, and medical conditions for Lip motion of an individual is suffi ciently check illegal entry of foreigners to provide certain diseases. Due to this DNA is not distinct. The Lip motion characteristics unique PAN numbers, unique passport, considered in conventional biometrics. are used for identifi cation. It also helps Social Security No’s etc. Retina Recognition identifi cation associated with speaker References Every individual have unique pattern of recognition. The people with diff ering [1] www.cse.unr.edu/~bebis/CS790Q/Lect/ blood vessels that emanate from the optic immunity genes produce diff erent body Chapters_3_4.ppt nerve and disperse throughout the retina of odors. This theory is used in biometric [2] http://www.uh.edu/engines/epi2529.htm eyes. These patterns never changes. Retina system based on body odour. [3] http://www.teleconseil.ch/english/ introduction.html#1 Recognition Systems are developed based Future http://www.fingerprint-it.com/_sol_ on unique retina patterns. No two retinas Human Body as the password. But verilook.html are the same, even in identical twins. the question is – Are the biometric n

AP Raju is Technical Manager at Corporate Research & Development (CR&D), Electronics Corporation of India Ltd. in Hyderabad. He Completed his BTech (CSE) from AU College of Engineering, Andhra University, Visakahapatnam, AP and MS (Software Systems) from BITS, Pilani. His areas of interest are Image Processing, Biometric Identiﬁ cation Systems & Voter Registration Systems. He is Lifetime member of Indian Nuclear Society (INS), Associate Member of Computer Society of India and Member of IEEE. About the Author

CSI Communications | December 2013 | 30 www.csi-india.org Wallace Jacob Article Sr. Asst. Prof., Tolani Maritime Institute, Talegaon Dabhade, Pune, Maharashtra

Automated Teller Machines: A Business Model

Introduction as well as lease is under the ownership of sixteen sq feet may be required for John Shepherd-Baron is credited with of a service provider and not under the installing an ATM. The maintenance of an inventing world’s fi rst automatic cash ownership of a bank. The connectivity, ATM may be around Rs. one lakh every machine. The fi rst automatic teller machine cash handling and management are the month including electricity and security was installed at a branch of Barclays Plc in responsibilities of the sponsor bank. The costs. If on an average a person withdraws a north London suburb on June 27, 1967. ATM is named under the brand of the Rs. one thousand a day, and the ATM While cash vending machines were once sponsor bank but the ATM machine is not owner gets 2% of the transaction, then a novelty, they have now become a part owned by the bank. The owner of the ATM assuming 260 transactions per day over of everyday life. There are now more than machine would receive a fee from the a period of 30 days the overall revenue 1.7 million ATMs across the globe, according bank whose ATM card is used. works out to Rs. 1,56,000, indicating a to the ATM Industry Association[1]. As On September 26, 2012, Hughes profi t of nearly Rs. 56,000/- per month. of November 2011, according to National Communications India had issued a Over a period of nearly three years the Payments Corporation of India, the total statement that it would set up 5000 owner of the ATM will be able to cover number of ATMs in India stood at 86,793. ‘brown-label ATMs’ in the country[6]. This his initial investment (investment on land, The ATM industry in India is projected to indicates that there is a market for brown- building, purchasing the ATM machine, witness a CAGR of over 18% by 2013[2], label ATMs. transportation charges). There can be a and India needs one million ATMs[3]. The few days such as weekend days, festival White-Label ATMs days, etc. when the ATM transactions national average on each ATM being White-label ATMs (or WLAs) are the 260 transactions per day[4], of course, might be more than the number of ATMs deployed by third parties who transactions on other days of the week. depending on the location as well as make their machines available to bank The owner of the ATM can defi nitely earn the bank. customers and earn money through ‘per through the surcharge being levied on From the early ATMs (also known transaction’ charge. The Reserve Bank each transaction and there can be users as Automated Banking Machines – ABM, of India has decided to allow white- who might use their credit card also thus cash machine, cashpoint, cashline, hole [7] label ATMs which can be set up in increasing the ATM owner’s revenue. in the wall) which could only accept cash residential complexes, hospitals, bus The idea of ATM can be replicated to deposits, the functionality provided by stops, railway stations, etc. This implies the disbursement of coins to members ATMs has shown enormous changes. It that the business of buying and setting of the public also. There have been many may not be an exaggeration to say that up ATMs is now legal. White-Label ATMs instances when shortage of coins has ATM is a mini-bank in itself. In Japan, the thus help in bringing technology to the been reported from several pockets of ATMs can accept deposits of notes and masses (penetrating the rural areas), the country. coins, sort the accepted currency, and ensuring transparency and enabling rapid The latest developments in the issue the currency to new customers, transformation. According to RBI rules, fi eld of ATMs include ATMs which can thus requiring only occasional topping the money in the ATM will belong to the help consumers in purchasing jewelry. [5] with more money . It is only a matter of bank; the vendor or owner of the ATM will The product options are displayed on time when such features will be available maintain the set-up and get a commission the touch screen and the customer can in the ATMs of our country. With the on each transaction. make payment through his/her credit/ number of services being provided by debit card. Thus ATMs can be used for ATMs increasing, it is envisaged that the Scope ATMs are sold by Ezee Rupee a Canada- several purposes. use of ATMs should see an increase. From Setting up an ATM can also provide the concept of ATM owned by banks, the based ATM manufacturing company. How much does an ATM cost? This depends employment to at least two security world has moved to Brown-Label and on the type of ATM a person wishes to personnel, besides helping in earning White-Label ATMs. This article explores purchase. For instance, Class 1 Armored money through advertising. the concept of Brown-Label and White- ATMs, Indoor ATMs, Through-the-wall In fact, the Government of India Label ATMs. ATMs, etc. are available. A good ATM can take measures for allocating ATMs Brown-Label ATMs with colour screen can be purchased to fi nancially needy people who are diff erently-abled or perhaps handicapped, Traditionally ATMs were owned by banks. in the range of Rs. 3 lakhs to 3.5 lakhs[8] so that such people can have a source of In a brown-label ATM, the hardware (shipment costs excluded). A space earning and be fi nancially sound. It may not be an exaggeration to say that ATM is a mini-bank in itself. Parameters Which can be Taken In Japan, the ATMs can accept deposits of notes and coins, sort the into Consideration accepted currency, and issue the currency to new customers, thus Already having a business: If a person requiring only occasional topping with more money. already has a business, then he can make use of the existing resources and realize

CSI Communications | December 2013 | 31 of the United Bank of India weighing about A digital wallet is a chip inside a cellphone that uses wireless “nearfi eld 800 kg and containing Rs. 7.60 lakhs was communications” technology. Money can easily be transferred using stolen from Chikhli, Pune on 04 July 2011. the digital wallet technology. On June 28 2011, an ATM of ICICI bank located at Chakan was stolen and on an increase in his revenues. A person may markets such as China or Korea. While October 27, 2009 a gang of suspects had also start a business of selling, distributing China has close to 85 ATMs per million stolen the ATM of Union Bank of India[12]. and servicing ATMs. people, India has only about 62 ATMs Cloning: There have been cases of card- per million people. As reported in RBR’s Population: Population density can be cloning rackets[13]. ATM owners will ‘Global ATM Market and Forecasts 2011- important while setting up an ATM. A have to take special precautions to avoid 2016’ in the Asia-Pacifi c region during higher density might help in more usage. cloning of cards. 2010, China saw the greatest absolute Per capita income: The per capita income growth with the addition of 57,000 new Global ATM Alliance: refers to a joint varies from state to state and city to city ATMs (growth rate of 26%). The second venture of some of the giant international and sometimes within diff erent areas of largest absolute growth was in India banks which allows their customers to the same city. It might be more viable to where the installed base grew by 15,000 use their ATM cards at the ATMs of other set up ATMs in a city or a state or an area machines (growth rate of 26%)[10]. banks in the list without having to pay an with higher per capita income. Industrial International ATM access fee. Owning Education: A new course on ATM – Dangers areas and IT hubs are some of the best ATM of a bank which is part of the Global and Risks, needs to be introduced which places to install ATMs. It might also be ATM Alliance might be more lucrative. educates about possible scams which feasible to set up ATMs at places were might be carried out through ATM. It New ATMs: A new EcoATM has been urbanization is taking place. Educational might become as big a market as the developed with a receptacle where a institutes, factories, departmental stores, cellphone market or the computer games mobile can be placed. The ATM has a car parks, super markets, railway stations development market. Entrepreneurs camera which takes pictures of the device. and hospitals are some of the ideal places utilizing the idea of owning ATMs can also The user can also connect the device to where an ATM should be installed. This start such courses which can be a means of the many cables provided with the ATM would also help in reducing commuting further earnings and spreading awareness. so that the machine can fi gure out if the costs and alleviating traffi c problems. handset’s internals are working. When Future research: It is possible that in the Risk: There have been a few cases, in cities the analysis is complete, the ATM gives near future ATMs might be developed like Pune, Gurgaon and Noida, where a quote on the spot, based on what a which might even keep track of the ATMs have been stolen. Therefore an network of hundreds of electronics- identifi cation number printed on currency ATM might require more add-on security recycling companies are willing to pay for notes. If such developments take place features, implying an increase in initial it[14]. Based on the number of handsets in then the menace of counterfeit notes investment and maintenance costs. There use nowadays, purchasing the EcoATM is might be handled to a large extent. There have also been cases of a bank being a viable proposition. have been cases where ATM users have overtaken by other bank or a bank being claimed that they retrieved counterfeit Limitation: There is a lot of bureaucracy closed wherefore the ATM owner may notes from an ATM and the bank refutes and the play of power and politics which have to look for another bank willing to such claims. It is also possible that the may act as deterrent to people who make hire his/her services. manufacturers might be able to produce want to adopt the ATM business model. Competition: e-wallets or digital wallets, more cost-effi cient ATMs in the days to Conclusions and the use of credit cards or debit cards come. There also is a possibility of shift Owning an ATM can be profi table in a at merchant establishments, and online to the wireless system in which case the cash-dominated country like India. If banking, mobile banking being used for cost of maintenance of ATMs is likely to the number of successful transactions payments or transfer of money pose a come down and the process of installation per day exceeds three hundred and each signifi cant threat. As of date, there is less might also become simpler. Scientist transaction is of more than Rs. 1000/- competition in the ATM market. However, at a Delhi based Institute for Genomics the owner should be able to beak-even the danger of competition from digital and Integrative biology have introduced in three years time as per the current wallets exists. A digital wallet is a chip a credit card-sized health data card that study. The total ATM cards issued in inside a cellphone that uses wireless “near- enables access to a card-holder’s genetic India are estimated to grow at a 4-year fi eld communications” technology[9]. [11] information . The capability to read from CAGR of 22.7% to reach 672.9 million in Money can easily be transferred using a health-card is likely to be integrated 2015, according to the AM Mindpower the digital wallet technology. The digital with the already existing capabilities of Solutions report[15]. With the number of wallet is already in wide use in Japan and an ATM. With such developments more ATM cards increasing every year and also may soon spread to other countries. number of ATMs will be required. the ATM being put to more and more uses, Penetration Levels: India still has a long Theft of ATM: It is possible that some such as purchasing jewelry, EcoATM, way to go in terms of reaching the levels insolvents might cover the CCTV camera etc discussed above, it might be fruitful of ATM penetration in other emerging and steal the ATM. For instance, an ATM proposition to own a White-Label ATM.

CSI Communications | December 2013 | 32 www.csi-india.org References industry-and-economy/info-tech/ com/20120215/features01.shtml, June [1] “ATM Inventor passes away at 84”, The hughes-comm-to-set-up-5000-brown- 25, 2013, 1115 hours. Times of India, May 21, 2010, pg. 17. label-atms/article2487740.ece, June 25 [11] “Get Well Soon card”, Geo, June 2011, pp. [2] http://computer.financialexpress. 2013, 1145 hours. 38. com/20120215/features01.shtml, June [7] http://economictimes.indiatimes.com/ [12] “800-kg ATM with Rs. 7 lakh stolen”, The 25, 2013, 1110 hours. RBI_to_allow_pure_whitelabel_ATMs/ Times of India, July05 2011, pg. 3. [3] Gupta Suchandana, “Man buys ATM on articleshow/1015668.cms, Dec 30 2010, [13] Narayan Pushpa, “ICICI recalls cards on Dhanteras”, The Times of India, Nov 04 1230 hours. cloning scare”, The Times of India, October 2010, pg. 1. [8] http://www.livemint.com/Companies/ 23, 2011, pg. 12. [4] Gupta Suchandana, “Man buys ATM on NPvpHGPbt4VKYvsQH0T0eM/ATM- [14] “This ATM takes your old mobiles, hands Dhanteras”, The Times of India, Nov 04 operators-struggle-to-pass-on-higher- back cash”, The Times of India, Jan 15 2012, 2010, pg. 10. capital-costs.html, Jun 25 2013, 1015 hours. pg. 16. [5] Shroff F T, “Modern Banking Technology, [9] “Digital Wallets”, New Scientist, 14 May [15] http://www.dnaindia.com/money/ Northern Book Centre, 2007, pg. 61. 2011, pp. 34. 1713771/report-atms-a-costly-affair-for- [6] http://www.thehindubusinessline.com/ [10] http://computer.financialexpress. banks, Jun 25 2013, 1030 hours. n

Wallace Jacob is a Senior Assistant Professor at Tolani Maritime Institute, Induri, Talegaon-Chakan Road, Talegaon Dabhade, Pune, Maharashtra. He has contributed articles to CSI Communications especially in the Programming. Tips section under Practitioner Workbench. About the Author

CSI Communications | December 2013 | 33 Practitioner Wallace Jacob Workbench Sr. Asst. Prof., Tolani Maritime Institute, Talegaon Dabhade, Pune, Maharashtra Programming.Tips() » Fun with 'C' Programs – Using Escape Codes The function clrscr() can be used to clear main() [Addendum: Is there any diff erence the screen. But for using the clrscr() { between 723, 0723, and 0x723 in a 'C' function the conio.h header ﬁ le is to be char str[]="Computer Science"; Program? included which is normally not provided printf("\033[2J"); /* in order to clear the with standard libraries. Nonetheless one 723 is an integer in the decimal number screen */ can always use the system (const char system. 0723 is an integer in the octal *command) function, for instance system printf("\x1b[7;16H"); number system and 0x723 is a number (“clear”) (in UNIX/LINUX platforms) printf("%s", str); in the hexadecimal number system. to clear the screen. But there is still return 0; The program below exemplifies the another way of clearing the screen, hiding } point: or showing the cursor, changing the If the user wants that the output should Program listing two background and/or foreground colour of appear with a slow blinking eff ect, then the the output, etc. This article explores the following statement can be used: #include use of a few escape sequences which can be used to carry out certain such printf("\x1b[5m"); main() aforementioned tasks. For a faster blinking eff ect the escape sequence to be used is: \x1b[6m. { The following statement can be used to int n1, n2, n3; clear the screen. To set the foreground colour to red, \ x1b[31m escape code can be used; and to printf("\x1b[2J"); n1 = 723; achieve the bold eff ect, \x1b[31;1m can be n2 = 0723; \x1b[2J is the escape code. The escape used. The general format for changing the n3 = 0x723; sequences begin with the character ESC colour is \x1b[km, where k is in the range (decimal 27, octal 033 and hexadecimal of 30 to 37 for foreground colour and 40 to printf("\nn1=%d,n2=%d,n3=%d", 1b). Thus, the following statement can also 47 for background colours. n1,n2,n3); be used to clear the screen: The table below lists a few escape codes: printf("\033[2J"); return 0; \x1b[7m For reverse-video eff ect } If the user wishes to print “Computer \x1b[30;1m For bold eff ect Science” on the 7th row and 16th column, A sample output is as follows: \x1b[40;1m For printing on a black then the following code snippet can be n1=723,n2=467,n3=1827 ] used background n \x1b[nA Move the cursor n lines up Program listing one \x1b[nB Move the cursor n lines #include down

CSI Communications | December 2013 | 34 www.csi-india.org Practitioner Umesh P and Silpa Bhaskaran Workbench Department of Computational Biology and Bioinformatics, University of Kerala Programming.Learn("R") » Handling Files in R For handling computational tasks, R interacts with the fi le systems R also provides various fi le manipulation functions. Descriptions and this requires the reading and writing of data to or from the of some of them are given in the table 2: fi les. In the current issue, we are discussing about the mechanisms in R to handle fi les. file.create Creates a fi le with the fi lename given as argument. Unless (fi lename) the path is set, we have to input the entire path in the In R package, all the fi le systems are organized as directories. argument. If the fi le is successfully created it provides the As a primary requirement to read data from a fi le or write data logical output TRUE and FALSE if vice versa. to a fi le, the path of that fi le within the directory must be known. Generally there would be a working directory while R is running. file.exists Checks whether a fi le with the fi lename as in argument (fi lename) exists in that directory. If the fi le exists then TRUE is The function getwd ( ) returns a string which is the path of the displayed and FALSE if vice versa. current working directory. For example, > getwd( ) file.access Checks the permission to access a fi le. The mode value (filename, can be 0, 1, 2, or 4 based on the requirement to test for [1] “C:/Users/Student/Documents” mode=0) existence, execute, write, and read respectively. Will This path is the default location to read or write fi les in R. We can return 0 if permitted and -1 for failure. also set the directory as we wish by using the setwd ( ) function fi le.edit Will open the fi le in a text editor for editing purposes. with the particular path as argument within double quotes. For (fi lename) example see the below statements. > setwd("D:/Program Files/R/R-2.12.0") fi le.rename Will rename fi le1 with fi le2. Will return TRUE if renamed (fi le1, successfully and FALSE if vice versa. > getwd( ) fi le2) [1] "D:/Program Files/R/R-2.12.0" fi le.remove Remove the fi le named in the argument. Will return TRUE Using the setwd ( ) function will enable us to avoid entering the (fi lename) if successfully removed, and FALSE if cannot be removed. full path of the fi le in that directory each time we use the fi le. After setting the path, we can open the fi le to read or write or both. Table2: File manipulati on functi ons in R We can achieve this within R using the function fi le ( ). Its syntax is as below: > setwd("D:/Program Files/R/R-2.12.0") fi le(fi lename, open=”r”) > fi le.create("fi le1.txt") Here the ‘fi lename’ should be the name of the fi le to be opened. The [1] TRUE argument ‘open’ takes the mode in which the fi le should be opened, as input. The various fi le opening modes in R and its description are > fi le.exists("fi le1.txt") given in table 1. Some examples are also given in Fig. 1. [1] TRUE "r" or "rt" Open to read in text mode > fi le.exists("fi le2.txt") "w" or "wt" Open to write in text mode [1] FALSE "a" or "at" Open to append in text mode > fi le.access("fi le1.txt", mode=4) "rb" Open to read in binary mode fi le1.txt "wb" Open to write in binary mode 0 "ab" Open to append in binary mode > fi le.rename("fi le1.txt","samplefi le.txt") "r+", "r+b" Open to read and write [1] TRUE "w+", "w+b" Open to read and write, truncate fi le > fi le.exists("fi le1.txt","samplefi le.txt") "a+", "a+b" Open for reading and appending [1] FALSE TRUE Table 1: Various fi le opening modes in R > fi le.remove("samplefi le.txt") [1] TRUE > fi le.exists("samplefi le.txt") [1] FALSE The above set of examples shows the usage of the above discussed fi le manipulation commands. We hope with this issue you could get an overview on the fi le handling mechanisms in R. Next issue will discuss the fi le input and output functions provided by the package. Have a nice time! Fig.1: Usage of fi le opening modes in R n

CSI Communications | December 2013 | 35 Krishnakumar Iyer CIO Perspective Currently CEO of MindIT (www.mindit.co.in)

Managing Technology » Opportunity Qualifi cation Executive Summary has to ‘pick its battles’ with the highest reversed only if there is compelling and Qualifying opportunities has been the likelihood of a win. The need for qualifying information/evidence. every opportunity becomes paramount bugbear between Sales and Pre Sales Tier 3 opportunities need to have a very functions. The white paper examines a given the limited resources available. simple checklist based qualifi cation few questions like : Are all Opportunities the Same ? process. Responses need to be in large • Why do we need to qualify Opportunities can be classifi ed into 3 types : volumes and therefore win ratios also opportunities ? • Strategic (Tier 1) – these are likely to be low. • How does Qualifi cation help ? opportunities which are large, likely • Will there be a happy balance to be complex and will catapult the Opportunity qualifi cation is a dynamic between aggressive Sales pursuits organization to the next level process and requires close collaboration and eff ective Bid responses ? • Operational (Tier 2) – these are between Sales and Pre Sales. • Is there a one standard way to opportunities which are in the ‘sweet qualify opportunities ? spot’ and the organization expects to Winning mantras : The Battle Royale Between Sales and have a high %age of wins Tier 1 opportunities require high ‘Pre Sales • Transactional (Tier 3) – these are eff ectiveness supported by an effi cient Bid team Let us agree – Selling or Sales is a tough opportunities which are routine and job. Every Sales person goes through require minimal eff orts to respond Tier 2 opportunities require medium multiple rejections before closing that to them. eff ectiveness combined with an effi cient ‘dream deal’ ! Given the above, does every opportunity response. need to have the same level of rigor for While pursuing every opportunity Tier 3 opportunities is all about is in the interest of Sales, this may put qualifi cation ? effi ciency. tremendous pressure on the Pre Sales Is There a ‘One Size Fits All’ Approach team to support these opportunities. Given that the Pre Sales resources are to Opportunity Qualifi cation ? Qualify vigorously so that you know why fi xed, which opportunity to pursue Clearly ‘one size fi ts all’ approach cannot you are winning or Losing. becomes a battle royale between Sales be taken with Opportunity qualifi cation. and Pre Sales. Since every opportunity Let us examine them in the context of Can Sales and Pre Sales Ever Reach comes with a degree of uncertainty, there diff erent types of opportunities : Harmony ? is no clear science by which decisions can Tier 1 opportunities typically have long Sales and Pre Sales can reach agreement be taken on a pursuit. End result is that gestation cycle and by very nature are if both have the same objective of winning Pre Sales may respond with not adequate expected to be complex. The client more in the marketplace. A few high level motivation possibly leading to an under environment and the marketplace are steps recommended are : prepared Bid/Proposal. A possible loss in a state of fl ux (not to mention our • Pre Sales draws up the process and here will contribute further to the chasm competitors also contributing to the criteria for opportunity qualifi cation between Sales and Pre Sales ending up in fl uidity) and therefore opportunities such • Pre Sales walk through and neither function being eff ective. as these require nurturing. Opportunity collaborates with appropriate qualifi cation needs to be continuous based stakeholders in the Sales organization What is the Need for Opportunity on emerging information. A decision for to agree and/or amend the process. Qualifi cation ? a ‘GO/NO GO’ is more likely to emerge • Once agreed Sales commits to the Every organization would like to pursue around the time an RFP is issued or the process opportunities in line with their business client asks formally for Proposals. • Pre Sales creates a highly responsive strategy AND the ones where they have organization in line with the Strategic the best chance to win. Remember the Tier 2 opportunities comparatively have goals of the organization. This should capacity of the Pre Sales team is fi xed a short gestation cycle. Sales is likely to include SLAs for Bid/Proposal so pursuing all opportunities will lead have suffi cient information on the client responses. to tremendous stress on the system and ‘pain and gain’ scenarios and therefore be • Implement the process and review losses too. in a position to drive the Proposal strategy. An early call can be made on the GO/ with Sales every quarter. The reality- it is impossible to pursue n all opportunities and the organization NO GO decision. The decision should be

Krishnakumar Iyer (KK) comes with 28+ years of deep IT experience across India, USA, Australia and Singapore. He has worked with world class organizations like IBM, PricewaterhouseCoopers, Siemens and Mastek. KK has performed in a wide spectrum of roles from large Client Account Management, Consulting, Technology Lead, Pre Sales and Organization Process Head. KK has lead many large ERP and Outsourcing deals. He is certiﬁ ed at APMP-Foundation™ Level by the Association of Proposal Management Professionals (www.apmp.org) About the Author

CSI Communications | December 2013 | 36 www.csi-india.org Krishna Chaitanya Telikicherla* and Harigopal K B Ponnapalli** Security Corner *Research Associate, Security and Privacy Research Lab, Infosys **Principal Research Analyst, Infosys, India

Information Security » Demystifying Cross-Site Request Forgery (CSRF)

Abstract: This article is the sixth in the series of articles, focusing on security of the web platform. In our previous articles, we have learnt that cross site interactions form one of the prominent features of the web and they could be genuine as well as malicious. In this article will discuss about Cross Site Request Forgery (CSRF), a dangerous web attack which builds on the loopholes of the web platform. We will explain how CSRF works, some of the adverse consequences it can cause and popular defenses to be followed to mitigate the attack.

Introduction by a green bar (in which a genuine remote server) as well as a malicious Cross Site Request Forgery (CSRF) is webpage from G is loaded) and the other request (e.g., an HTTP request for deleting one of the most popular web application denoted by a red bar (in which a malicious bank account of the logged-in user). One attacks, which is being consistently listed webpage from E is loaded). The workfl ow quick conclusion could be – If the genuine in OWASP Top Ten[1] since 2007. By design explains a general browsing scenario site mandates authentication, then cross of the web platform, web applications where a user opens multiple websites origin requests can be blocked. This inherently suff er from CSRF vulnerabilities in multiple browser instances. Steps 1-4 assumption is fl awed since, even if the and additional layers of security, as show a user logging in at a genuine site user is authenticated on the genuine site, explained later, have to be incorporated to (e.g., a bank, social networking site etc.) browsers attach user’s authentication defend against CSRF attacks. in one browser instance or tab. Steps 5-8 credentials (e.g., cookies) with every Visualizing a cross origin HTTP show a user (unintentionally) opening a HTTP request made to the genuine site, request malicious site in another browser instance irrespective of where the request originated The workfl ow in Fig. 1 helps in visualizing or tab. Step-9 shows a cross origin HTTP from. This “feature” is built into browsers a cross origin HTTP request, which is the request triggered by the page loaded from by design, without which browsers will root cause of a CSRF attack. “http://evil.tld” to the genuine server G. prompt for authentication for every cross The fi gure shows four entities – A [Note: “tld” stands for Top Level Domain origin request, thereby aff ecting usability user (U), a client (C), a genuine server e.g., “.com”, “.org” etc.] adversely. Imagine a user logging in at (G) and an attacker controlled server Facebook in one tab and hitting a “Like” (E). Any normal web browser can be The Problem with Cross Origin button on another website, which takes the considered as a client. In the workfl ow, Requests user to Facebook login page (though the the client/browser is shown to have two The request in Step-9 could be a genuine user is already authenticated to Facebook open instances (or tabs) - one denoted request (e.g., loading an image from a in a previous tab).

Fig. 1: Workﬂ ow depicting a cross origin HTTP request

CSI Communications | December 2013 | 37 Therefore, by design, browsers do not forms do not automatically trigger HTTP website” hyperlink in the “external links” diff erentiate (in other words, browsers are requests. In these cases, the attacker can section. We have captured the network confused) between same origin (genuine) either lure the victim to click on these traffi c using Chrome’s inbuilt developer and malicious cross origin requests. Since targets or can to use JavaScript to click tools (invoked by pressing “F12” key on HTTP requests going to a genuine server them programmatically. For example, the the keyboard). When the HTTP request on can be forged by an attacker’s site and JavaScript code “document.forms[0]. OWASP home page is inspected, it shows submitted as malicious requests, the submit()” can be used to automatically Referer header which points to the URL of resulting cross site (origin) attack is called submit a form in a webpage. Wikipedia’s OWASP page. Cross-site Request Forgery (Note that Though JavaScript cannot be used to While Referer check can be used to the terms ‘Cross-site’ and ‘Cross-origin’ trigger cross origin HTTP requests via prevent CSRF, it is not always reliable. Since are used interchangeably in the context AJAX, it can be used to open cross origin some URLs contain sensitive information of CSRF). Browsers do not know if the URLs via popups and redirecting windows, (e.g., sensitive search query), Referer request is triggered intentionally by a as shown in Listing 2, thereby indirectly header is known to cause privacy leaks. user on the genuine site or if it is triggered triggering cross origin requests. Due to this, it is stripped by certain security unintentionally by code on attacker’s tools and proxies, because of which servers of the latest browsers. The primary requests triggered by scripts (i.e., AJAX) distinction from Referer header is that, by enforcing Same Origin Policy, but Listi ng 2: Triggering CSRF using JavaScript Origin header does not contain the do not restrict HTML elements such as complete URL, but contains only the images, scripts, forms etc., to do the same. Forging HTTP POST requests “origin” of the requesting page (e.g., only “http://wikipedia.org” in the Referer This is by design and this “feature” is used HTTP POST requests can be triggered only header example in Fig. 2). With this, it by attackers to launch CSRF attacks. In by HTML

element and hence it is overcomes the privacy leaks problem of the examples shown in the next sections, used to trigger CSRF for POST requests. In Referer header. One small caveat is that we take the example of two ﬁ ctitious the code in Listing 1 which shows a form, Origin header is set to null if the request websites – http://bank and http://evil. A setting the value of “method” attribute is initiated by hyperlinks or popups, hypothetical funds transfer functionality to “POST” will make it a CSRF vector for since they are considered as standard on the bank’s website will be abused by HTTP POST requests. the evil site via CSRF. mechanism to navigate from one website Preventing CSRF to another, without trust. If Origin header Forging HTTP GET requests Over the years, security researchers have is required in such cases, developers need HTTP GET requests can be easily forged made several proposals in the form of to convert hyperlinks in the page to HTML via several vectors. Below are some of server side checks, proxy based solutions, forms with GET method. Origin header them: browser based defenses etc., to defeat is gaining acceptance by both browser CSRF attacks and each of them have vendors as well as web developers and is certain limitations. While completely the suggested method to perform server eradicating CSRF is still an active area of side checks for CSRF mitigation. are widely used by web developers to The other most widely used industry best Click here to win your prize! defend against CSRF. practice is to use random tokens (a.k.a CSRF tokens). The idea here is simple and When browsers trigger HTTP requests, they include a “Referer” header in HTTP sent as part of every web response served initiated the request. Since the URL subsequent request from browser will send

contains “origin”, servers can check the token automatically to the web server. whether the request was initiated by On receipt of the token, the web server will Listi ng 1: Triggering CSRF using HTML elements a whitelisted origin or not, thereby check if it is same as the one it has sent preventing any damage. earlier. Usually these CSRF tokens will be Similar to vector shown in Listing 1, For example, consider the screenshot placed as part of cookies, URLs, hidden other HTML elements such as