Security > Automotive > Blockchain > Virtual and Augmented Reality

> Security > Automotive > Blockchain > Virtual and Augmented Reality

AUGUST 2018 www.computer.org CALL FOR NOMINEES Education Awards Nominations

Taylor L. Booth Education Award Computer Science and Engineering Undergraduate Teaching Award A bronze medal and US$5,000 honorarium are awarded for an outstanding record in computer science and engineering A plaque, certificate and a stipend of US$2,000 is education. The individual must meet two or more of the awarded to recognize outstanding contributions to following criteria in the computer science and engineering field: undergraduate education through both teaching and service and for helping to maintain interest, increase the • Achieving recognition as a teacher of renown. visibility of the society, and making a statement about the • Writing an influential text. importance with which we view undergraduate education. • Leading, inspiring or providing significant education content during the creation of a curriculum in the field. The award nomination requires a minimum of three • Inspiring others to a career in computer science and endorsements. engineering education. Two endorsements are required for an award nomination.

See the award information at: See the award details at: www.computer.org/web/awards/booth www.computer.org/web/awards/cse-undergrad-teaching

Deadline: 1 October 2018 Nomination Site: awards.computer.org

r5p77.indd 77 5/9/18 3:30 PM IEEE COMPUTER SOCIETY computer.org • +1 714 821 8380

STAFF

Editor Managers, Editorial Content Meghan O’Dell Brian Brannon, Carrie Clark

Contributing Staff Publisher Christine Anthony, Lori Cameron, Cathy Martin, Chris Nelson, Robin Baldwin Dennis Taylor, Rebecca Torres, Bonnie Wylie Senior Advertising Coordinator Production & Design Debbie Sims Carmen Flores-Garvey

Circulation: ComputingEdge (ISSN 2469-7087) is published monthly by the IEEE Computer Society. IEEE Headquarters, Three Park Avenue, 17th Floor, New York, NY 10016-5997; IEEE Computer Society Publications Office, 10662 Los Vaqueros Circle, Los Alamitos, CA 90720; voice +1 714 821 8380; fax +1 714 821 4010; IEEE Computer Society Headquarters, 2001 L Street NW, Suite 700, Washington, DC 20036. Postmaster: Send address changes to ComputingEdge-IEEE Membership Processing Dept., 445 Hoes Lane, Piscataway, NJ 08855. Periodicals Postage Paid at New York, New York, and at additional mailing offices. Printed in USA. Editorial: Unless otherwise stated, bylined articles, as well as product and service descriptions, reflect the author’s or firm’s opinion. Inclusion in ComputingEdge does not necessarily constitute endorsement by the IEEE or the Computer Society. All submissions are subject to editing for style, clarity, and space. Reuse Rights and Reprint Permissions: Educational or personal use of this material is permitted without fee, provided such use: 1) is not made for profit; 2) includes this notice and a full citation to the original work on the first page of the copy; and 3) does not imply IEEE endorsement of any third-party products or services. Authors and their companies are permitted to post the accepted version of IEEE-copyrighted material on their own Web servers without permission, provided that the IEEE copyright notice and a full citation to the original work appear on the first screen of the posted copy. An accepted manuscript is a version which has been revised by the author to incorporate review suggestions, but not the published version with copy-editing, proofreading, and formatting added by IEEE. For more information, please go to: http://www.ieee.org/publications_standards/publications/rights/paperversionpolicy.html. Permission to reprint/republish this material for commercial, advertising, or promotional purposes or for creating new collective works for resale or redistribution must be obtained from IEEE by writing to the IEEE Intellectual Property Rights Office, 445 Hoes Lane, Piscataway, NJ 08854-4141 or [email protected]. Copyright © 2018 IEEE. All rights reserved. Abstracting and Library Use: Abstracting is permitted with credit to the source. Libraries are permitted to photocopy for private use of patrons, provided the per- copy fee indicated in the code at the bottom of the first page is paid through the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923. Unsubscribe: If you no longer wish to receive this ComputingEdge mailing, please email IEEE Computer Society Customer Service at [email protected] and type “unsubscribe ComputingEdge” in your subject line. IEEE prohibits discrimination, harassment, and bullying. For more information, visit www.ieee.org/web/aboutus/whatis/policies/p9-26.html.

IEEE Computer Society Magazine Editors in Chief

Computer IEEE Micro IEEE Intelligent Systems Sumi Helal, Lancaster University Lieven Eeckhout, Ghent V.S. Subrahmanian, Dartmouth University College IEEE Software IEEE MultiMedia Diomidis Spinellis, Athens IEEE Computer Graphics Shu-Ching Chen, Florida University of Economics and and Applications International University Business Torsten Möller, University of Vienna IEEE Annals of the History IEEE Internet Computing of Computing M. Brian Blake, Drexel University IEEE Pervasive Computing Nathan Ensmenger, Indiana Marc Langheinrich, Università University Bloomington IT Professional della Svizzera Italiana Irena Bojanova, NIST IEEE Cloud Computing Computing in Science Mazin Yousif, T-Systems IEEE Security & Privacy & Engineering International David M. Nicol, University of Jim X. Chen, George Mason Illinois at Urbana-Champaign University

www.computer.org/computingedge 1 AUGUST 2018 • VOLUME 4, NUMBER 8

THEME HERE 10 13 21 Disillusioning Hacking Power 5G-Enabled Alice and Bob Grids: A Current Cooperative Intelligent Problem Vehicular (5GenCIV) Framework: When Benz Meets Marconi Security 10 Disillusioning Alice and Bob ROLF OPPLIGER 13 Hacking Power Grids: A Current Problem NIR KSHETRI AND JEFFREY VOAS Automotive 18 The Autonomous Vehicle and Its Temptations VINTON G. CERF 21 5G-Enabled Cooperative Intelligent Vehicular (5GenCIV) Framework: When Benz Meets Marconi XIANG CHEN, CHEN CHEN, WUXIONG ZHANG, AND YANG YANG Blockchain 28 Blockchain and the Internet of Things in the Industrial Sector DENNIS MILLER 33 Blockchain-Enabled E-Voting NIR KSHETRI AND JEFFREY VOAS Virtual and Augmented Reality 38 Putting VR/AR to Work AMIT AGRAWAL 42 Real, Unreal, and Hacked MARY BAKER Software 51 Making Sense of Agile Methods BERTRAND MEYER

Departments 4 Magazine Roundup 38 8 Editor’s Note: End-of-Summer Reading Putting VR/AR to Work

Subscribe to ComputingEdge for free at www.computer.org/computingedge. CS FOCUS

Magazine Roundup

Editor: Lori Cameron

marginalized communities— rural Native Americans in the US, Syrian refugees in Jordan, and Congolese refugees in Rwanda—and identifi es several key contributing factors, including aid agencies’ changing priorities, goals, and political concerns, as well as technological, geographic, and cultural challenges. Through novel insights about these contributing factors of digital he IEEE Computer Computer divides, the author generates a Society’s lineup of 13 set of technical, organizational, Tpeer-reviewed technical Now You See It, Now You and policy solutions. magazines covers cutting-edge Don’t: Digital Connectivity topics ranging from software in Marginalized Computing in Science & design and computer graphics to Communities Engineering Internet computing and security, For marginalized communities from scientific applications around the globe, lack of stable Glimpses of Space-Time and machine intelligence to Internet access can result in a Beyond the Singularities cloud migration and microchip “digital divide.” This article Using Supercomputers design. Here are highlights from from the June 2018 issue A fundamental problem of recent issues. of Computer analyzes three Einstein’s theory of classical

4 August 2018 Published by the IEEE Computer Society 2469-7087/18/$33.00 © 2018 IEEE general relativity is the existence of Marie Hicks, professor of history singularities such as the big bang. at the University of Wisconsin All known laws of physics end at Madison, on behalf of the at these boundaries of classical Computer History Museum. space-time. Thanks to recent developments in quantum gravity, IEEE Cloud Computing NEXT ISSUE supercomputers are now playing an important role in understanding The Business Case for Chaos HEALTHCARE the resolution of big bang and Engineering CLOUD COMPUTING black hole singularities. Using While chaos engineering has GRAPHICS/VISUALIZATION supercomputers, explorations of gained currency in the site the very genesis of space and reliability engineering community, INFORMATION TECHNOLOGY time from quantum geometry are service and business owners are revealing a novel picture of what lies often nervous about experimenting ROBOTICS beyond classical singularities and in production. Proving the benefi ts the new physics of the birth of our of chaos engineering to these universe. Learn more in the July/ stakeholders before implementing August 2018 issue of Computing in a program can be challenging. objective weather data with their Science & Engineering. This article, which appears in the own weather-related memories to May/June 2018 issue of IEEE Cloud create a subjective weather record IEEE Annals of the History Computing, presents the business from the Twin Cities community. of Computing case for chaos engineering through Read more in the July/August 2018 qualitative and quantitative tactics, issue of IEEE Computer Graphics Oral History of Dame as well as the benefi ts and tools to and Applications. Stephanie Shirley convince stakeholders that chaos Dame Stephanie (“Steve”) Shirley engineering is necessary and IEEE Intelligent Systems is one of Britain’s most celebrated cost-effi cient. IT pioneers, entrepreneurs, and Adaptive Biometric Systems philanthropists. In 1962, she IEEE Computer Graphics using Ensembles founded a contract programming and Applications With the increased availabil- company exclusively for women, ity of online services, enhanced seeing untapped potential in the Weather Report: authentication mechanisms— large numbers of educated women A Site-Specifi c Artwork including biometric systems—are who had left work to raise children Interweaving Human necessary. However, recent stud- at home. Shirley’s company grew Experiences and Scientifi c ies show that biometric features rapidly and had a successful IPO Data Physicalization can change, affecting recognition in 1996. Since retiring, Shirley has Weather Report is a site-specifi c performance over time. Adaptive spent her time supporting various art installation that entices visi- biometric systems that can auto- IT-related causes and, most tors to examine climate change at matically adapt to the biometric recently, organizations researching human scale, both physically and reference have been proposed to and providing services to those metaphorically. Weather data is deal with this problem. Frequently, with autism. This interview, which displayed using balloons as physi- these systems use query samples appears in the January–March cal pixels that can be touched, classifi ed as genuine to adapt the 2018 issue of IEEE Annals of the part of an eff ort to make objective, biometric reference. Despite good History of Computing, is based scientifi c data graspable by non- results, there are concerns regard- on an oral history conducted by scientists. Visitors contrast the ing their robustness. This article, www.computer.org/computingedge 5 MAGAZINE ROUNDUP which appears in the March/April multiple applications per physi- environments, understands user 2018 issue of IEEE Intelligent Sys- cal host to increase effi ciency. The behavior and context, and triggers tems, investigates using an ensem- resulting interference on shared proper actions for improving the ble of classifi ers to increase these resources often leads to perfor- patient’s quality of life. systems’ robustness. The authors mance degradation and, more explore questions regarding the importantly, security vulnerabili- IEEE Pervasive Computing application of ensembles to adap- ties. Interference can leak important tive biometric systems using one- information about an application, Harnessing the Power of class classifi cation algorithms, and ranging from services placement Patient-Generated Data off er a proposal to automatically to confi dential data such as private The authors of this article from adapt the meta classifi er over time. keys. As a solution, the authors of the April–June 2018 issue of IEEE this article from the May/June 2018 Pervasive Computing report on the IEEE Internet Computing issue of IEEE Micro present Bolt, PervasiveHealth 2017 workshop, a practical system that accurately Leveraging Patient-Generated Data The Web for Underpowered detects the type and characteris- (PGD) for Collaborative Decision Mobile Devices: Lessons tics of applications sharing a cloud Making in Healthcare. They dis- Learned from Google Glass platform based on the interfer- cuss characteristics of PGD, fol- This article examines some of the ence an adversary sees on shared lowed by scenarios demonstrating potential challenges associated resources. the data-sharing practice among with enabling a seamless web patients, clinicians, and caregivers. experience on underpowered IEEE MultiMedia The authors also highlight current mobile devices having display challenges and opportunities, and capabilities such as Google Glass Behavior Analysis through outline a future research agenda from the perspective of web Multimodal Sensing for to envision ways to harness the content providers, devices, and Care of Parkinson’s and power of PGD. networks. Researchers conducted Alzheimer’s Patients experiments to study the impact The analysis of multimodal data IEEE Security & Privacy of webpage complexity, individual collected by innovative imaging web components, and diff erent sensors, Internet of Things AI and the Ethics of application layer protocols while devices, and user interactions Automating Consent accessing webpages on the can provide smart and automatic Artifi cial intelligence (AI) systems performance of the Glass browser. distant monitoring of Parkinson’s collect, process, and generate data They measured webpage load and Alzheimer’s patients and in ways that further exacerbate time, temperature variation, and reveal valuable insights for many long-documented problems power consumption and compared early detection and prevention with online consent, most nota- them to a smartphone. Read more of events related to their health. bly issues of providing adequate about their fi ndings in the May/ This article, which appears in notice, choice, and withdrawal to June 2018 issue of IEEE Internet the January–March 2018 issue users. The unpredictable and even Computing. of IEEE MultiMedia, describes unimaginable use of data by AI sys- a novel system that involves tems is considered a feature, not a IEEE Micro data capturing and multimodal bug. Yet this feature creates prob- fusion to extract relevant features, lems for notifying users as well as Uncovering the Security analyze data, and provide useful assessing when consent might be Implications of Cloud Multi- recommendations. The system required based on potential uses, Tenancy with Bolt gathers signals from diverse harms, and consequences. This Cloud providers routinely schedule sources in health monitoring article, which appears in the May/

6 ComputingEdge August 2018 June 2018 issue of IEEE Security & Rosetta program, was the first to mHealth, telehealth, and eHealth. Privacy, investigates whether these land on and explore a comet. This In the era of extreme automation problems impact morally transfor- article explores the lessons learned and connectivity, digital health is mative consent in AI systems. The from the Philae team’s experiences rapidly changing the healthcare authors argue that while supple- with problems that occurred in industry by presenting effective menting consent with further the hardware and software and in solutions to several healthcare mechanization, digitization, and mission operations control. Read challenges, such as interoperabil- intelligence might improve take- more about András Balázs’ anal- ity and patient satisfaction. This it-or-leave-it notice and choice- ysis of what went wrong in the article, which appears in the May/ consent regimes, the goal for AI July/August 2018 issue of IEEE June 2018 issue of IT Professional, consent should be one of partner- Software. explores this vital area for care ship development between parties, transformation. built on responsive design and IT Professional continual consent. Computing Now Digital Health in the Era of IEEE Software Extreme Automation The Computing Now website Digital health has come a long (computingnow.computer.org) A Comet Revisited: Lessons way over the past few years and features computing news and blogs, Learned from Philae’s has become a giant platform that along with articles ranging from Landing integrates clinical communication, peer-reviewed research to opinion The Philae lander, part of the care coordination, virtual visits, pieces by industry leaders.

CONFERENCES in the Palm of Your Hand

IEEE Computer Society’s Conference Publishing Services (CPS) is now offering conference program mobile apps! Let your attendees have their conference schedule, conference information, and paper listings in the palm of their hands.

The conference program mobile app works for Android devices, iPhone, iPad, and the Kindle Fire.

For more information please contact [email protected]

www.computer.org/computingedge 7 EDITOR’S NOTE

End-of-Summer Reading

s the leaves change and you switch Meets Marconi,” the authors propose a framework out your sunscreen for a scarf, stay on in which 5G is truly integrated into the design of A top of the latest technology trends with intelligent vehicles, fundamentally resolving the ComputingEdge. This issue features research and dilemma between lowering cost and improving think pieces on the topics that matter to you most, safety in self-driving vehicles. from security and self-driving cars to blockchain Blockchain has evolved beyond digital cur- and virtual reality. rency and is being used across industries and Decades ago, researchers introduced the RSA fi elds. In “Blockchain and the Internet of Things public-key cryptosystem and cast “Alice” and in the Industrial Sector” from IT Professional, the “Bob” as replacements for the A and B symbols author describes how blockchain and the Internet used to refer to participants of a cryptographic of Things together will improve effi ciencies, pro- protocol. In “Disillusioning Alice and Bob” from vide new business opportunities, address regula- IEEE Security & Privacy, the author argues that tory requirements, and improve transparency and using symbols to describe and specify crypto- visibility. IEEE Software’s “Blockchain-Enabled graphic protocols is more appropriate because E-Voting” posits that incorporating blockchain human names tend to oversimplify—and thus technology into e-voting systems could reduce obfuscate—the situation. In Computer’s “Hack- voter fraud and increase voter access. ing Power Grids: A Current Problem,” the authors Virtual reality (VR) and augmented reality (AR) look at cyberattacks against power grids and have received a lot of attention in the past few other critical infrastructures, which are increas- years. IEEE Computer Graphics and Applications’ ing in frequency and severity. “Putting VR/AR to Work” studies the current state Major advances are occurring in the auto- of the VR/AR penetration in the enterprise and motive fi eld, especially with self-driving cars. highlights a few examples where these technolo- In IEEE Internet Computing’s “The Autonomous gies have been successful. In IEEE Pervasive Com- Vehicle and Its Temptations,” the author says puting’s “Real, Unreal, and Hacked,” the author that self-driving cars must contend with many covers emerging virtual, augmented, and mixed possibilities, including buggy software, unpre- reality applications and more. dictable behaviors of other cars and pedestrians, Finally, in IEEE Software’s “Making Sense of and malicious actors such as hackers and those Agile Methods,” the author runs agile methods who might abuse this technology. In IEEE Intelli- and practices through his personal friend-or-foe gent Systems’ “5G-Enabled Cooperative Intelligent test and off ers his experiences and opinions about Vehicular (5GenCIV) Framework: When Benz agile development.

8 August 2018 Published by the IEEE Computer Society 2469-7087/18/$33.00 © 2018 IEEE PURPOSE: The IEEE Computer Society is the world’s largest EXECUTIVE COMMITTEE association of computing professionals and is the leading President: �i��i �asa�a�a provider of technical information in the field. President-Elect: �e�ilia Me��a; Past President: Jea��u� �au�i��; First VP, MEMBERSHIP: Members receive the monthly magazine ��: ��e��y �� y��; Second VP, �� e��is J� ��ailey; VP, Computer, discounts, and opportunities to serve (all activities Member & Geographic Activities: �� ; VP, Professional & are led by volunteer members). Membership is open to all IEEE Educational Activities: �� ; VP, Standards Activities: J�� R�s�a�l; members, affiliate society members, and others interested in the VP, Technical & Conference Activities: �ausi Mulle�; 201�� IEEE computer field. Division V ��: �� ; 201��201� IEEE Division V�� : COMPUTER SOCIETY WEBSITE: www.computer.org �e�a� Mil��i�i�� 201� IEEE Division V�� -Elect: �li�a�e�� u�� OMBUDSMAN: Direct unresolved complaints to ombudsman@ computer.org. BOARD OF GOVERNORS CHAPTERS: Regular and student chapters worldwide provide the Term Expiring 201�: �� eMa�le� ��e� �ie��i�� e� ��u�lis� �la�i�i� �e�� opportunity to interact with colleagues, hear technical experts, ��u�e M� M�Milli�� u�i� ��iya�a� ��e�a�� a�e�� and serve the local professional community. Term Expiring 201�: �au�a�� a��i� �eila �e�l��ia�i� �a�i� �� e�� Jill �� AVAILABLE INFORMATION: To check membership status, report ��s�i�� illia� �� u�i �elal� ��i Me��els�� an address change, or obtain more information on any of the Term Expiring 20��: ��y ��e�� J�� J��s�� y��e� �u�� a�i� following, email Customer Service at [email protected] or call ��e�� i�i��i�s �e��a��s� ��es� ��ull� �aya�� a�a�a +1 714 821 8380 (international) or our toll-free number, +1 800 272 6657 (US): EXECUTIVE STAFF • Membership applications Executive Director: Melissa Russell • Publications catalog Director, Governance & Associate Executive Director: Anne Marie Kelly • Draft standards and order forms Director, Finance & Accounting: Sunny Hwang • Technical committee list Director, Information Technology & Services: Sumit Kacker • Technical committee application Director, Membership Development: Eric Berkowitz • Chapter start-up procedures • Student scholarship information • Volunteer leaders/staff directory COMPUTER SOCIETY OFFICES • IEEE senior member grade application (requires 10 years practice and significant performance in five of those 10) Washington, D.C.: 2001 L St., Ste. 700, Washington, D.C. 20036-4928 Phone: +1 202 371 0101 • Fax: +1 202 728 9614 PUBLICATIONS AND ACTIVITIES Email: [email protected] Computer: The flagship publication of the IEEE Computer Los Alamitos: 10662 Los Vaqueros Circle, Los Alamitos, CA 90720 Phone: Society, Computer, publishes peer-reviewed technical content that +1 714 821 8380 covers all aspects of computer science, computer engineering, Email: [email protected] technology, and applications. MEMBERSHIP & PUBLICATION ORDERS Periodicals: The society publishes 13 magazines, 19 transactions, Phone: +1 800 272 6657 • Fax: +1 714 821 4641 • Email: [email protected] and one letters. Refer to membership application or request Asia/Pacific: Watanabe Building, 1-4-2 Minami-Aoyama, Minato-ku, Tokyo information as noted above. 107-0062, Japan Conference Proceedings & Books: Conference Publishing Phone: +81 3 3408 3118 • Fax: +81 3 3408 3553 Services publishes more than 275 titles every year. Email: [email protected] Standards Working Groups: More than 150 groups produce IEEE standards used throughout the world. IEEE BOARD OF DIRECTORS Technical Committees: TCs provide professional interaction in President & CEO: Ja�es Je��e�ies more than 30 technical areas and directly influence computer President-Elect: J�se M�� M�u�a engineering conferences and publications. Past President: �a�e� �a��les�� Conferences/Education: The society holds about 200 conferences Secretary: �illia� �� als� each year and sponsors many educational activities, including Treasurer: J�se�� illie computing science accreditation. Director & President, IEEE-USA: �a��a ��a��y� R��i�s�� Certifications: The society offers two software developer Director & President, Standards Association: ��es� �� i�� credentials. For more information, visit www.computer.org/ Director & VP, Educational Activities: �i��l� M� �i�s�e� certification. Director & VP, Membership and Geographic Activities: Ma��i� �as�iaa�s Director & VP, Publication Services and Products: �a�i� M� �l��a�aly Director & VP, Technical Activities: �usa� ��a��y� �a�� Director & Delegate Division V: J�� al� Director & Delegate Division VIII: �e�a� .JMPKJʊJʉ

revised 03 July 201� REAL-WORLD CRYPTO Editors: Peter Gutmann, [email protected] | David Naccache, [email protected] | Charles C. Palmer, [email protected]

Disillusioning Alice and Bob

Rolf Oppliger | eSECURITY Technologies

n their seminal paper,1 Ron- Figure 1 illustrates Alice and I ald Rivest, Adi Shamir, and Len Bob communicating electroni- Adleman not only introduced the cally. They both use a device (such RSA public-key cryptosystem as a computer system or a smart- but also cast “Alice” and “Bob” as phone) that consists of multiple replacements for the A and B sym- layers of hardware and software. bols used to refer to the participants More specifically, the device con- of a cryptographic protocol. Since sists of hardware modules that run then, cryptographers and security an OS, which hosts application professionals have cast additional software. For Alice to send a mes- characters to refer to protocol par- sage to Bob, there must be mes- ticipants, such as Carl or Dave, or saging software available on either adversaries, such as Eve or Mallory. side of the communication channel. Originally viewed as a side prod- Alice interacts with this software uct of the RSA paper, the notion of on the sending device (the user Alice and Bob prevailed and is now interaction marked in black). The the de facto terminological stan- message is transport-encoded and dard and notation for arguing about sent over some networking facil- cryptographic protocols—be it in ity empowered by some hardware informal descriptions or semifor- and OS functionality (the network mal specifications. interaction marked in gray). The In this column, I challenge this same is true on the recipient side: notation and argue against its fur- Bob isn’t personally receiving mes- ther use. I think it’s more appro- sages. Instead, he’s interacting with priate to use symbols such as A the messaging software installed and B rather than human names on the receiving device and oper- like Alice, Bob, and the rest of the ated on some hardware and OS. The gang, because human names tend picture is highly fractal—it gets to oversimplify—and therefore more involved as you zoom in on obfuscate—the situation. When we the details. say, “Alice sends a message to Bob,” Keeping Figure 1 in mind, let’s we suggest that Alice and Bob revisit the sentence “Alice sends a message to Bob.” Note how it over- ■ are human, simplifies the situation. Instead of ■personally interact, and sending a message to Bob, Alice ■ fully control the messages they prepares the message using applica- send and receive. tion software. She clicks a button to alert the software that the message In reality, however, the situation is is ready to be sent. This click is all more involved, and none of the above Alice does; from that moment on, suggestions is true: neither Alice nor the message is transmitted by the Bob is human, they don’t personally appropriate software and hardware interact, and they don’t fully control components of the sending device. the messages they exchange. Alice can hardly control these

10 August 2018 Published by the IEEE Computer Society 2469-7087/18/$33.00 © 2018 IEEE 82 September/October 2017 Copublished by the IEEE Computer and Reliability Societies 1540-7993/17/$33.00 © 2017 IEEE REAL-WORLD CRYPTO Editors: Peter Gutmann, [email protected] | David Naccache, [email protected] | Charles C. Palmer, [email protected]

operations, and she must trust that Alice Bob Disillusioning Alice and Bob all components play by the rules and behave as specified. Obviously, many things can go wrong, and Rolf Oppliger | eSECURITY Technologies many components can misbehave and cheat in various ways. Having Alice (and Bob) follow the protocol is necessary, but not sufficient, to User interaction deliver the message from sender to recipient. Many other components Application software Application software n their seminal paper,1 Ron- Figure 1 illustrates Alice and are involved that must also follow I ald Rivest, Adi Shamir, and Len Bob communicating electroni- the protocol rules. Operating system Operating system Adleman not only introduced the cally. They both use a device (such Alice and Bob have been cast RSA public-key cryptosystem as a computer system or a smart- to explain cryptographic proto- Network interaction Hardware Hardware but also cast “Alice” and “Bob” as phone) that consists of multiple cols. Using such a protocol, Alice replacements for the A and B sym- layers of hardware and software. doesn’t typically send a message in Sending device Receiving device bols used to refer to the participants More specifically, the device con- the clear. Instead, she authenticates of a cryptographic protocol. Since sists of hardware modules that run and/or encrypts it. But it’s very then, cryptographers and security an OS, which hosts application likely not Alice who does the cryp- Figure 1. Alice and Bob communicate electronically, using devices with multiple layers of hardware professionals have cast additional software. For Alice to send a mes- tographic computation but rather and software. characters to refer to protocol par- sage to Bob, there must be mes- some hardware or software module ticipants, such as Carl or Dave, or saging software available on either that operates on her behalf (it can adversaries, such as Eve or Mallory. side of the communication channel. be a hardware security module such Originally viewed as a side prod- Alice interacts with this software as a smartcard, or a cryptographic as active content (for example, mali- The realm of remote Internet uct of the RSA paper, the notion of on the sending device (the user library that runs in software). The cious JavaScript code) to launch voting further clarifies my point. Alice and Bob prevailed and is now interaction marked in black). The same is true for the cryptographic a man-in-the-middle attack and By clicking a button, Alice might the de facto terminological stan- message is transport-encoded and keys that control the cryptographic choose ciphertexts that are sent think she’s casting a vote for a par- dard and notation for arguing about sent over some networking facil- computation. Very likely, it’s not to the server. Here, we’re talking ticular candidate—but this isn’t cryptographic protocols—be it in ity empowered by some hardware Alice who provides these keys but about thousands or even millions always true. If the software man- informal descriptions or semifor- and OS functionality (the network a software module that either stores of ciphertexts that need to be com- aging the voting process on the mal specifications. interaction marked in gray). The the keys or generates them on the fly piled in a specific way and sent to client side is flawed or somehow In this column, I challenge this same is true on the recipient side: by using an automated key exchange the server in a reasonable amount compromised, anything is pos- notation and argue against its fur- Bob isn’t personally receiving mes- and management protocol. The bot- of time. Adversaries must use highly sible and there’s no real way for ther use. I think it’s more appro- sages. Instead, he’s interacting with tom line is that cryptographic com- specialized software to automate Alice to determine whether her priate to use symbols such as A the messaging software installed putations are never done by human such an attack. vote was cast-as-intended and and B rather than human names on the receiving device and oper- users but by supporting modules So, “Alice sends a message to counted-as-cast. Many voting sys- like Alice, Bob, and the rest of the ated on some hardware and OS. The implemented in hardware or soft- Bob” sounds friendly but is illusive. tems work that way and don’t pro- gang, because human names tend picture is highly fractal—it gets ware and specialized for these tasks Above all, it misses the point when vide any guarantee. But there are to oversimplify—and therefore more involved as you zoom in on (note that these modules aren’t even it comes to a technical discussion, cryptographic techniques that can obfuscate—the situation. When we the details. illustrated in Figure 1). as is always the case in applied cryp- empower Alice to verify her vote say, “Alice sends a message to Bob,” Keeping Figure 1 in mind, let’s The same line of argumentation tography. Most of the components end to end (E2E). Technologies we suggest that Alice and Bob revisit the sentence “Alice sends a that applies to a message’s sender that must be in place and cooperate that provide E2E verifiability are message to Bob.” Note how it over- (Alice) and receiver (Bob) also are inherently nonhuman. In fact, going to be important in the future ■ are human, simplifies the situation. Instead of applies to the adversary: it’s almost human users’ roles in such protocols to mitigate the threats and respec- ■personally interact, and sending a message to Bob, Alice never human users who eavesdrop should be as small as possible—the tive risks in remote Internet voting. ■ fully control the messages they prepares the message using applica- and try to manipulate messages but more things users can do, the more send and receive. tion software. She clicks a button to rather highly specialized attack soft- likely something is to go wrong. alert the software that the message ware. If adversaries try to mount a Therefore, a rule of thumb in crypto- o although it might seem a lit- In reality, however, the situation is is ready to be sent. This click is all pass-the-hash attack, for example, graphic protocol and system design S tle pedantic (and most people more involved, and none of the above Alice does; from that moment on, the attack software extracts users’ is to make the user interface as working in the field likely appreci- suggestions is true: neither Alice nor the message is transmitted by the credentials from the local cache. small and intuitive as possible. This ate the difference between a nota- Bob is human, they don’t personally appropriate software and hardware If they try to mount a BEAST-like contradicts the role human names tion and reality), I still think it’s interact, and they don’t fully control components of the sending device. attack against the SSL/TLS proto- play in such protocols’ description more appropriate to use symbols the messages they exchange. Alice can hardly control these cols, the attack software is delivered and specification. like A and B instead of human

names like Alice and Bob. If you agree, then consider joining me in gett ing rid of the cast of characters and using symbols to describe and specify cryptographic protocols. A symbol is bett er suited to be asso- Looking for the ciated with a multiple-component technical device than is a human BEST Tech Job name. Using such symbols might help bring discussions back into the realm of technology, where for You? they really belong.

Come to the Computer Society Jobs Reference Board to meet the best employers 1. R.L. Rivest, A. Shamir, and L. in the industry—Apple, Google, Intel, Adleman, “A Method for Obtaining NSA, Cisco, US Army Research, Digital Signatures and Public-Key Cryptosystems,” Comm. ACM, Oracle, Juniper... vol. 21, no. 2, 1978, pp. 120–126. Take advantage of the special Rolf Oppliger is the founder and resources for job seekers—job owner of eSECURITY Technolo- alerts, career advice, webinars, gies. Contact him at rolf.oppliger templates, and resumes viewed by @esecurity.ch. top employers.

www.computer.org/jobs This article originally appeared in IEEE Security & Privacy, vol. 15, no. 5, 2017.

12 ComputingEdge August 2018 84 IEEE Security & Privacy September/October 2017 EDITOR JEFFREY VOAS CYBERTRUST NIST; [email protected]

Hacking Power Grids: A Current Problem

Nir Kshetri, University of North Carolina at Greensboro Je rey Voas, IEEE Fellow

Cyberattacks against power grids and other critical infrastructures are increasing in head of US Cyber Command, said frequency and severity. Government and that China and “one or two” other industry stakeholders must take more active countries had the ability to take down the entire US power grid and steps to address the problem before a major other critical systems. A report by infrastructure catastrophe occurs. engineering and construction con- sultancy Black & Veatch ranked cybersecurity as the second most yberattacks are increasingly being waged by pressing issue for electric utilities, only behind reliabil- state intelligence services or their proxies ity—this was up from being the sixth- and fourth-highest against other countries’ government institu- concern, respectively, the two previous years., Alarm- tions, corporations, and industrial facilities. ingly, the report indicated that only percent of CNational power grids are emerging as a target of choice electric utilities had integrated cybersecurity systems given their vulnerability and the massive economic and with the “proper segmentation, monitoring and redun- social disruption caused by a widespread and lengthy dancies” needed to deal with cyberthreats, while per- loss of electricity. A recent contingency planning memo cent had no such capabilities. from the Council on Foreign Relations asserted that The US Department of Homeland Security (DHS) has “disabling or otherwise interfering with the power grid labeled critical infrastructure sectors as vital (www in a signi cant way could … seriously harm the United .dhs.gov/critical-infrastructure-sectors). All of these States.” In testimony before a congressional panel in sectors must have electricity, making the energy sec- November , Michael Rogers, director of the NSA and tor a highly attractive target. A study by the US Cyber

r12cyb.indd 91 11/17/17 3:14 PM CYBERTRUST

TABLE 1. Example cyberattacks on power companies and grids. Date Incident February 2011 A Brazilian power plant was infected by the two-year-old Conficker worm, causing the plant’s management systems to freeze up and not display data. June 2011 The anarchic hacking group LulzSec shut down the website of Brazilian energy company Petrobras—Latin America’s largest energy producer—with a distributed denial-of-service attack for part of a day.

2013–2014 A hacker group linked to the Russian government known as Dragonfly or Energetic Bear used a Stuxnet-like Trojan called Havex to compromise the control systems of more than 1,000 energy firms in 84 countries including the US, Germany, France, Italy, Spain, Turkey, and Poland. The goal appears to have been industrial sabotage. December 2015 A hacker team called Sandworm used the BlackEnergy malware package to hijack the control systems of multiple regional power stations in Ukraine, cutting off electricity to about 225,000 people for many hours. Ukrainian officials blamed Russia for what was the world’s first hacker-caused power outage. December Sandworm once again targeted Ukraine’s power grid, this time a transmission facility outside Kiev, knocking out 2016 power in parts of the city and surrounding area for an hour. The perpetrators used Industroyer malware, which enables direct control of circuit breakers and switches. May 2017 WannaCry ransomware infected four billing offices of India’s West Bengal State Electricity Distribution Company, which serve about 800,000 households, and caused bill-payment operations to be suspended for most of a day until backed-up data could be restored. First half of Another Russia-based hacking group, called Dragonfly 2.0 by security researchers, targeted dozens of Western 2017 energy companies, breaking into more than 20 firms’ networks and possibly obtaining operational access to some in the US and Turkey.

Consequences Unit indicated that the targeted a power grid.16 Power-grid Another factor is the lack of incen- costs of a single wave of cyberattacks attacks are also increasing in severity. tivization—at least until recently—to on US critical infrastructures could ESET security researchers regarded implement defenses against cyberat- exceed $700 billion, approximately the Industroyer malware that caused tacks targeting power grids and other the same as that associated with 50 a blackout in Kiev in December 2016 to critical infrastructure.20,21 Although a major hurricanes. be the biggest threat to industrial con- security breach can have catastrophic US military leaders employ sce- trol systems since Stuxnet, which did consequences, existing equipment at nario planning to better understand substantial damage to Iran’s nuclear many facilities is old and expensive the risks of such cyberattacks—for ex- program.17 to replace, and upgrades can disrupt ample, in a confrontation over Taiwan, Malware like Industroyer is partic- service. Many utilities were originally China might try to cut off the electric- ularly dangerous because it enables designed to be isolated from other ity to Fort Bragg, California, to ground hackers to do more than carry out networks to increase resilience; con- US airborne forces.5 In 2007, a Pen - industrial sabotage: it gives them op- sequently, they often rely on outdated tagon cyberdefense analyst testified erational access to power companies’ protocols without established security to Congress that a mass cyberattack networks, which means they can di- mechanisms such as encryption and could leave up to 70 percent of the US rectly control the interfaces used to authentication, or old software with without electrical power for 6 months. send commands to equipment such well-known vulnerabilities such as Another estimate suggested that a loss as circuit breakers, switches, and dis- Windows XP. of 4 percent of power in North America connectors and halt electricity flow at Utilities are also heavily regulated, would disconnect almost two-thirds of will. Such malware could be secretly and implementing new technologies the entire grid in the region.6 planted and exploited at an opportune often requires navigating a lengthy time such as during a conflict.18 and complicated approval process in- POWER-GRID ATTACKS One factor contributing to the vul- volving input from policymakers, gov- As Table 1 shows, there have been nerability of power grids is that in- ernment regulators, and power com- several cyberattacks against power dustrial communication protocols are pany officials. companies and grids over the past de- often standardized across different Finally, a recent European Commis- cade.7–15 These attacks are becoming infrastructures, which limits security. sion report noted that a key challenge more frequent. In 2012, for example, Malware used against one type of in- is the lack of education about cyberat- of 200 or so cyberattacks on US critical dustrial control system can simply be tacks and awareness of their dangers infrastructures, about half of those “tweaked” to attack a power grid.19 among legislators and executives in the

14 ComputingEdge August 2018 92 COMPUTER WWW.COMPUTER.ORG/COMPUTER

r12cyb.indd 92 11/17/17 3:14 PM CYBERTRUST

TABLE 1. Example cyberattacks on power companies and grids. energy industry. It argued for greater 2014 cybersecurity law requires more Equipment suppliers are also more Date Incident coordination among all stakeholders than 200 entities in the energy and engaged. Siemens and ABB, which to gain the necessary technical ex- other critical sectors to boost cyberse- dominate the global market for February 2011 A Brazilian power plant was infected by the two-year-old Conficker worm, causing the plant’s management systems to freeze up and not display data. pertise to design, build, and maintain curity by using certified, domestically power-grid and industrial equipment, smart-grid systems that are secure.22 manufactured products. Businesses are strengthening their products’ cy- June 2011 The anarchic hacking group LulzSec shut down the website of Brazilian energy company Petrobras—Latin America’s largest energy producer—with a distributed denial-of-service attack for part of a day. that fail to comply face fines of up to bersecurity. For example, on its web- COUNTERMEASURES €750,000.26 site for transformers, ABB publishes 2013–2014 A hacker group linked to the Russian government known as Dragonfly or Energetic Bear used a Stuxnet-like Various actors—including policy- Following the 2014 cyberattacks on advisories and alerts about cybersecu- Trojan called Havex to compromise the control systems of more than 1,000 energy firms in 84 countries including makers and government regulators, the US unit of Sony Corporation, Japan rity issues. Siemens monitors cyber- the US, Germany, France, Italy, Spain, Turkey, and Poland. The goal appears to have been industrial sabotage. energy companies, and power-grid actively took steps to enhance cooper- threats and issues warnings for oper- December 2015 A hacker team called Sandworm used the BlackEnergy malware package to hijack the control systems of multiple equipment suppliers—have taken steps ation among the country’s 13 critical ational technology networks, which regional power stations in Ukraine, cutting off electricity to about 225,000 people for many hours. Ukrainian officials blamed Russia for what was the world’s first hacker-caused power outage. to address the growing problem of infrastructure industries, including monitor and control physical devices, power-grid attacks. electricity, by making the Cyber Secu- processes, and events. Siemens also December Sandworm once again targeted Ukraine’s power grid, this time a transmission facility outside Kiev, knocking out 2016 power in parts of the city and surrounding area for an hour. The perpetrators used Industroyer malware, which rity Strategy Headquarters part of the has dedicated endpoint protection enables direct control of circuit breakers and switches. Government initiatives cabinet and establishing the National to stop the execution of malicious 31 May 2017 WannaCry ransomware infected four billing offices of India’s West Bengal State Electricity Distribution In the US, the Department of Energy Center of Incident Readiness and Strat- applications. Company, which serve about 800,000 households, and caused bill-payment operations to be suspended for most (DOE) and DHS, in consultation with of a day until backed-up data could be restored. Obama administration officials and First half of Another Russia-based hacking group, called Dragonfly 2.0 by security researchers, targeted dozens of Western both private- and public-sector ex- 2017 energy companies, breaking into more than 20 firms’ networks and possibly obtaining operational access to some perts, developed the Electricity Sub- Many utilities rely on outdated protocols without in the US and Turkey. sector Cybersecurity Capability Matu- established security mechanisms such as rity Model (ES-C2M2) in 2012 to guide encryption and authentication, or old software the implementation and management with well-known vulnerabilities. of cybersecurity measures and shar- Consequences Unit indicated that the targeted a power grid.16 Power-grid Another factor is the lack of incen- ing of best practices by utility compa- costs of a single wave of cyberattacks attacks are also increasing in severity. tivization—at least until recently—to nies.23 In May 2017, President Trump egy for Cybersecurity (NISC) to work ast cyberattacks were often on US critical infrastructures could ESET security researchers regarded implement defenses against cyberat- issued an executive order outlining ac- with industry to improve cyberde- mounted by criminals seeking exceed $700 billion, approximately the Industroyer malware that caused tacks targeting power grids and other tions for federal agencies to strengthen fenses.27,28 In 2016, the Ministry of economic gain or by disaffected 20,21 P the same as that associated with 50 a blackout in Kiev in December 2016 to critical infrastructure. Although a the cybersecurity of power grids and Economy, Trade, and Industry and the political activists, but state intelli- major hurricanes. be the biggest threat to industrial con- security breach can have catastrophic other critical infrastructures. It in- Japan Electrotechnical Standards and gence agencies and their proxies have US military leaders employ sce- trol systems since Stuxnet, which did consequences, existing equipment at structs the DOE and DHS to work with Codes Committee developed specific emerged as the dominant and most nario planning to better understand substantial damage to Iran’s nuclear many facilities is old and expensive state and local government agencies to cybersecurity guidelines for electric dangerous adversaries. These actors the risks of such cyberattacks—for ex- program.17 to replace, and upgrades can disrupt identify risks to the US power grid and power control systems such as mini- have the resources, personnel, and ample, in a confrontation over Taiwan, Malware like Industroyer is partic- service. Many utilities were originally assess the potential consequences of mizing connections between internal tools to infiltrate government and cor- China might try to cut off the electric- ularly dangerous because it enables designed to be isolated from other cyberattacks.24 networks and the Internet and en- porate networks and launch devastat- ity to Fort Bragg, California, to ground hackers to do more than carry out networks to increase resilience; con- In recent years, US lawmakers have crypting daily network traffic.29 ing attacks. US airborne forces.5 In 2007, a Pen - industrial sabotage: it gives them op- sequently, they often rely on outdated also proposed legislation to study cy- Among the most potentially dam- tagon cyberdefense analyst testified erational access to power companies’ protocols without established security berthreats to the power grid, the im- Corporate initiatives aging cyberattacks are those against to Congress that a mass cyberattack networks, which means they can di- mechanisms such as encryption and pact of a major blackout (especially on Energy providers have responded to power grids and other critical infra- could leave up to 70 percent of the US rectly control the interfaces used to authentication, or old software with the military), and potential solutions, recent power-grid attacks with their structures on which modern institu- without electrical power for 6 months. send commands to equipment such well-known vulnerabilities such as including lower-cost “analog” ap- own initiatives. For example, in Au- tions heavily rely. In the wake of re- Another estimate suggested that a loss as circuit breakers, switches, and dis- Windows XP. proaches that involve taking the grid gust 2012 hacktivists launched a cy- cent alarming incidents, government of 4 percent of power in North America connectors and halt electricity flow at Utilities are also heavily regulated, offline.25 Two pending bills introduced berattack against Saudi Aramco using and industry stakeholders are awake would disconnect almost two-thirds of will. Such malware could be secretly and implementing new technologies in 2017 include S. 79—Securing Energy a virus called Shamoon that erased to the problem, but progress remains the entire grid in the region.6 planted and exploited at an opportune often requires navigating a lengthy Infrastructure Act (www.congress.gov the hard drives of 30,000 comput- slow and incremental. Although it’s time such as during a conflict.18 and complicated approval process in- /bill/115th-congress/senate-bill/79) ers—85 percent of the oil giant’s de- impossible to defend against every POWER-GRID ATTACKS One factor contributing to the vul- volving input from policymakers, gov- and H.R. 3855—Securing the Electric vices—and shut down the company’s cyberthreat, the probabilities of a As Table 1 shows, there have been nerability of power grids is that in- ernment regulators, and power com- Grid to Protect Military Readiness business for two weeks at a cost of over successful attack can be reduced. In several cyberattacks against power dustrial communication protocols are pany officials. Act of 2017 (www.congress.gov/bill $15 million. Following this attack, the addition to mandating stronger cyber- companies and grids over the past de- often standardized across different Finally, a recent European Commis- /115th-congress/house-bill/3855). Saudi Electricity Company increased security, governments should provide cade.7–15 These attacks are becoming infrastructures, which limits security. sion report noted that a key challenge The EU is enacting similar legisla- their cybersecurity investment by 20 additional economic incentives to en- more frequent. In 2012, for example, Malware used against one type of in- is the lack of education about cyberat- tion and in some cases is more aggres- percent, putting special emphasis on ergy providers and power-equipment of 200 or so cyberattacks on US critical dustrial control system can simply be tacks and awareness of their dangers sive than the US by mandating proac- protecting electricity generation and suppliers to implement more robust infrastructures, about half of those “tweaked” to attack a power grid.19 among legislators and executives in the tive measures. For example, France’s transmission.30 measures.

www.computer.org/computingedge 15 92 COMPUTER WWW.COMPUTER.ORG/COMPUTER DECEMBER 2017 93

r12cyb.indd 92 11/17/17 3:14 PM r12cyb.indd 93 11/17/17 3:14 PM CYBERTRUST

REFERENCES New York Times, 30 June 2014; www -access-to-us-power-systems. 1. Council on Foreign Relations, “A .nytimes.com/2014/07/01/technology 19. “‘Industroyer’ Virus Could Bring Cyberattack on the U.S. Power Grid,” /energy-sector-faces-attacks-from Down Power Networks, Researchers Contingency Planning Memorandum -hackers-in-russia.html. Warn,” The Guardian, 13 June 2017; No. 31, 3 Apr. 2017; www.cfr.org/report 11. J. Finkle, “U.S. Government Asks www.theguardian.com/technology /cyberattack-us-power-grid. Firms to Check Networks after ‘Ener- /2017/jun/13/industroyer-malware 2. A. Smith, “China Could Shut Down getic Bear’ Attacks,” Reuters, 2 July -virus-bring-down-power-networks U.S. Power Grid with Cyber Attack, 2014; www.reuters.com/article -infrastructure-wannacry Says NSA Chief,” Newsweek, 21 Nov. /us-cybersecurity-energeticbear/u -ransomware-nhs. 2014; www.newsweek.com/china -s-government-asks-firms-to-check 20. K. Vinton, “Hacking Gets Physical: -could-shut-down-us-power-grid -networks-after-energetic-bear Utilities at Risk for Cyber Attacks,” -cyber-attack-says-nsa-chief-286119. -attacks-idUSKBN0F722V20140702. Forbes, 10 July 2014; www.forbes.com 3. A. Neuhauser, “Cybersecurity among 12. D. Goodin, “First Known Hacker- /sites/katevinton/2014/07/10 Top Energy Industry Concerns,” U.S. Caused Power Outage Signals Trou- /hacking-gets-physical-utilities-at News & World Report, 12 Aug. 2014; bling Escalation,” Ars Technica, 4 Jan. -risk-for-cyber-attacks. www.usnews.com/news/articles 2016; arstechnica.com/information 21. T. Simonite, “Protecting Power Grids /2014/08/12/cybersecurity-among -technology/2016/01/first-known from Hackers is a Huge Challenge,” -top-energy-industry-concerns. -hacker-caused-power-outage MIT Technology Rev., 27 Feb. 2013; 4. “Singapore: The Cybersecurity Act -signals-troubling-escalation. www.technologyreview.com/news Will Improve Security Culture across 13. K. Zetter, “Everything We Know /511851/protecting-power-grids Utilities in Asia—Black & Veatch,” about Ukraine’s Power Plant Hack,” -from-hackers-is-a-huge-challenge. Water & Wastewater Asia, 15 June Wired, 20 Jan. 2016; www.wired 22. European Commission Expert Group 2017; www.waterwastewaterasia .com/2016/01/everything-we-know on the Security and Resilience of .com/en/news-archive/singapore -about-ukraines-power-plant-hack. Communication Networks and In- -the-cybersecurity-act-will-improve 14. K. Zetter, “The Ukrainian Power Grid formation Systems for Smart Grids, -security-culture-across-utilities-in Was Hacked Again,” Motherboard, 10 Cyber Security of the Smart Grids, -asia-black-veatch/963. Jan. 2017; motherboard.vice.com/en_us summary report, 02 Dec. 2011; ec 5. C. Mitchell, “Cyberwar: Not If. Not /article/bmvkn4/ukrainian-power .europa.eu/information_society When. Now.,” Washington Examiner, -station-hacking-december-2016-report. /newsroom/cf/document.cfm?action 29 Sept. 2014; washingtonexaminer 15. “‘WannaCry’ Ransomware: Bengal =display&doc_id=1761. .com/cyberwar-not-if.-not-when Power Distribution Company Hit by 23. US Dept. of Energy and US Dept. of .-now./article/2553470. Cyberattack, Say Officials,” Hindu- Homeland Security, Electricity Sub- 6. N. Kshetri, The Global Cybercrime stan Times, 15 May 2017; www sector Cybersecurity Capability Matu- Industry: Economic, Institutional and .hindustantimes.com/india-news rity Model (ES-C2M2), v1.0, Carnegie Strategic Perspectives, Springer, 2010. /wannacry-ransomware-bengal Mellon Univ., 31 May 2012; energy 7. R. McMillan, “A Power Plant Hack -power-distribution-company-hit .gov/sites/prod/files/Electricity% That Anybody Could Use,” PCWorld, -by-cyberattack-say-officials/story 20Subsector%20Cybersecurity% 4 Aug. 2011; www.pcworld.com -biqMQN5cPKng36cIyho2oJ.html. 20Capabilities%20Maturity% /article/237347/a_power_plant_hack 16. Symantec, Dragonfly: Cyberespionage 20Model%20%28ES-C2M2%29% _that_anybody_could_use.html. Attacks against Energy Suppliers, 20-%20May%202012.pdf. 8. R. McMillan, “Brazilian Government, Symantec Security Response Version 24. K. Shallenberger, “Trump’s Cyber- Energy Company Latest LulzSec Vic- 1.21, 7 July 2014; www.symantec.com security Executive Order Calls for tims,” PCWorld, 23 June 2011; www /content/en/us/enterprise/media Power Grid Assessment,” Utility Dive, .pcworld.idg.com.au/article/391161 /security_response/whitepapers 12 May 2017; www.utilitydive.com /brazilian_government_energy /Dragonfly_Threat_Against_Western /news/trumps-cybersecurity _company_latest_lulzsec_victims. _Energy_Suppliers.pdf. -executive-order-calls-for-power-grid 9. S. Khandelwal, “Dragonfly Russian 17. “Industroyer: Biggest Malware -assessment/442560. Hackers Target 1000 Western Energy Threat to Critical Infrastructure 25. E. Groll, “Preventing a Blackout by Firms,” The Hacker News, 1 July 2014; since Stuxnet,” ESET, 12 June 2017; Taking the Power Grid Online,” For- thehackernews.com/2014/07 www.eset.com/int/industroyer. eign Policy, 10 June 2016; foreignpolicy /dragonfly-russian-hackers-scada 18. A. Greenberg, “Hackers Gain Direct .com/2016/06/10/preventing-a -havex.html. Access to US Power Grid Controls,” -blackout-by-taking-the-power-grid 10. N. Perlroth, “Russian Hackers Tar- Wired, 6 Sept. 2017; www.wired.com -offline. geting Oil and Gas Companies,” The /story/hackers-gain-switch-flipping 26. H. Fouquet and M. Mawad, “France

16 ComputingEdge August 2018 94 COMPUTER WWW.COMPUTER.ORG/COMPUTER

r12cyb.indd 94 11/17/17 3:14 PM CYBERTRUST

REFERENCES New York Times, 30 June 2014; www -access-to-us-power-systems. Demonstrates Security Savoir Faire as -idUSKBN0K20IX20141224. Read your subscriptions 1. Council on Foreign Relations, “A .nytimes.com/2014/07/01/technology 19. “‘Industroyer’ Virus Could Bring It Enforces New Cyber-Security Law,” 29. A. Kuwahata, “Cyber Security Regu- through the myCS This article originallypublications appeared portal at in Cyberattack on the U.S. Power Grid,” /energy-sector-faces-attacks-from Down Power Networks, Researchers Chicago Tribune, 7 Oct. 2014; www lation for Electric Power Systems in Computer,http://mycs.computer.org vol. 50, no. 12, 2017. Contingency Planning Memorandum -hackers-in-russia.html. Warn,” The Guardian, 13 June 2017; .chicagotribune.com/sns-wp-blm Japan,” presentation, 5th Int’l Work- No. 31, 3 Apr. 2017; www.cfr.org/report 11. J. Finkle, “U.S. Government Asks www.theguardian.com/technology -news-bc-france-cyber06-20141006 shop on Cybersecurity, 14 July 2017; /cyberattack-us-power-grid. Firms to Check Networks after ‘Ener- /2017/jun/13/industroyer-malware -story.html#page=1. web.cs.kyushu-u.ac.jp/data/event 2. A. Smith, “China Could Shut Down getic Bear’ Attacks,” Reuters, 2 July -virus-bring-down-power-networks 27. A. Mie, “Ruling Bloc Readies Bill to / 2017/04/a k.pd f. U.S. Power Grid with Cyber Attack, 2014; www.reuters.com/article -infrastructure-wannacry Bolster Cybersecurity amid Growing 30. A. Allison, “The Hidden Value of IT Says NSA Chief,” Newsweek, 21 Nov. /us-cybersecurity-energeticbear/u -ransomware-nhs. Attacks,” The Japan Times, 11 Mar. 2014; Departments,” Middle East Economic 2014; www.newsweek.com/china -s-government-asks-firms-to-check 20. K. Vinton, “Hacking Gets Physical: www.japantimes.co.jp/news/2014 Digest, vol. 57, no. 18, 2013; www -could-shut-down-us-power-grid -networks-after-energetic-bear Utilities at Risk for Cyber Attacks,” /03/11/national/ruling-bloc-readies .meed.com/the-hidden-value-of-it -cyber-attack-says-nsa-chief-286119. -attacks-idUSKBN0F722V20140702. Forbes, 10 July 2014; www.forbes.com -bill-to-bolster-cybersecurity-amid -departments. NIR KSHETRI is a professor of 3. A. Neuhauser, “Cybersecurity among 12. D. Goodin, “First Known Hacker- /sites/katevinton/2014/07/10 -growing-attacks/#.WdMFN8YVjIU. 31. “Siemens India Wins First Cyber management at the Bryan School of Top Energy Industry Concerns,” U.S. Caused Power Outage Signals Trou- /hacking-gets-physical-utilities-at 28. T. Kelly and K. Nobuhiro, “Japan, Security Contract for Power Plant Business and Economics, University News & World Report, 12 Aug. 2014; bling Escalation,” Ars Technica, 4 Jan. -risk-for-cyber-attacks. Wary of North Korea, Works to Automation,” Business Standard, 15 of North Carolina at Greensboro. www.usnews.com/news/articles 2016; arstechnica.com/information 21. T. Simonite, “Protecting Power Grids Secure Infrastructure after Sony June 2017; www.business-standard Contact him at [email protected]. /2014/08/12/cybersecurity-among -technology/2016/01/first-known from Hackers is a Huge Challenge,” Attack,” Reuters, 24 Dec. 2014; www .com/content/b2b-manufacturing -top-energy-industry-concerns. -hacker-caused-power-outage MIT Technology Rev., 27 Feb. 2013; .reuters.com/article/us-northkorea -industry/siemens-india-wins-first JEFFREY VOAS, Cybertrust column 4. “Singapore: The Cybersecurity Act -signals-troubling-escalation. www.technologyreview.com/news -cyberattack-japan/japan-wary-of -cyber-security-contract-for-power editor, is an IEEE Fellow. Contact him Will Improve Security Culture across 13. K. Zetter, “Everything We Know /511851/protecting-power-grids -north-korea-works-to-secure -plant-automation-117061500691 at [email protected]. Utilities in Asia—Black & Veatch,” about Ukraine’s Power Plant Hack,” -from-hackers-is-a-huge-challenge. -infrastructure-after-sony-attack _1.html. Water & Wastewater Asia, 15 June Wired, 20 Jan. 2016; www.wired 22. European Commission Expert Group 2017; www.waterwastewaterasia .com/2016/01/everything-we-know on the Security and Resilience of .com/en/news-archive/singapore -about-ukraines-power-plant-hack. Communication Networks and In- -the-cybersecurity-act-will-improve 14. K. Zetter, “The Ukrainian Power Grid formation Systems for Smart Grids, Rejuvenating Binary Executables ■ Visual Privacy Protection ■ Communications Jamming Policing Privacy ■ Dynamic Cloud Certification■ Security for High-Risk Users Smart TVs ■ Code Obfuscation ■ The Future of Trust -security-culture-across-utilities-in Was Hacked Again,” Motherboard, 10 Cyber Security of the Smart Grids, -asia-black-veatch/963. Jan. 2017; motherboard.vice.com/en_us summary report, 02 Dec. 2011; ec 5. C. Mitchell, “Cyberwar: Not If. Not /article/bmvkn4/ukrainian-power .europa.eu/information_society ADVERTISER INFORMATION When. Now.,” Washington Examiner, -station-hacking-december-2016-report. /newsroom/cf/document.cfm?action 29 Sept. 2014; washingtonexaminer 15. “‘WannaCry’ Ransomware: Bengal =display&doc_id=1761. IEEE Symposium on .com/cyberwar-not-if.-not-when Power Distribution Company Hit by 23. US Dept. of Energy and US Dept. of .-now./article/2553470. Cyberattack, Say Officials,” Hindu- Homeland Security, Electricity Sub- Security and Privacy 6. N. Kshetri, The Global Cybercrime stan Times, 15 May 2017; www sector Cybersecurity Capability Matu- Industry: Economic, Institutional and .hindustantimes.com/india-news rity Model (ES-C2M2), v1.0, Carnegie Advertising Personnel Southwest, California: Strategic Perspectives, Springer, 2010. /wannacry-ransomware-bengal Mellon Univ., 31 May 2012; energy Mike Hughes Debbie Sims: Advertising Coordinator Email: [email protected] 7. R. McMillan, “A Power Plant Hack -power-distribution-company-hit .gov/sites/prod/files/Electricity% Email: [email protected] Phone: +1 805 529 6790 That Anybody Could Use,” PCWorld, -by-cyberattack-say-officials/story 20Subsector%20Cybersecurity% Phone: +1 714 816 2138 | Fax: +1 714 821 4010 4 Aug. 2011; www.pcworld.com -biqMQN5cPKng36cIyho2oJ.html. 20Capabilities%20Maturity% /article/237347/a_power_plant_hack 16. Symantec, Dragonfly: Cyberespionage 20Model%20%28ES-C2M2%29% January/February 2016 March/April 2016 May/June 2016 Vol. 14, No. 1 Advertising SalesVol. Representative 14, No. 2 (Classifieds & Jobs Board) Vol. 14, No. 3 _that_anybody_could_use.html. Attacks against Energy Suppliers, 20-%20May%202012.pdf. Advertising Sales Representatives (display) 8. R. McMillan, “Brazilian Government, Symantec Security Response Version 24. K. Shallenberger, “Trump’s Cyber- Heather Buonadies Energy Company Latest LulzSec Vic- 1.21, 7 July 2014; www.symantec.com security Executive Order Calls for Central, Northwest, Southeast, Far East: Email: [email protected] tims,” PCWorld, 23 June 2011; www /content/en/us/enterprise/media Power Grid Assessment,” Utility Dive, Eric Kincaid Phone: +1 201 887 1703 .pcworld.idg.com.au/article/391161 /security_response/whitepapers 12 May 2017; www.utilitydive.com Email: [email protected] Security & Privacy magazine provides articles Phone: +1 214 673 3742 /brazilian_government_energy /Dragonfly_Threat_Against_Western /news/trumps-cybersecurity with both a practical and research bent by the top Fax: +1 888 886 8599 Advertising Sales Representative (Jobs Board) _company_latest_lulzsec_victims. _Energy_Suppliers.pdf. -executive-order-calls-for-power-grid thinkers in the ﬁ eld. 9. S. Khandelwal, “Dragonfly Russian 17. “Industroyer: Biggest Malware -assessment/442560. Hackers Target 1000 Western Energy Threat to Critical Infrastructure 25. E. Groll, “Preventing a Blackout by Northeast, •Midwest, stay current Europe, on the latestMiddle security East: tools and theories and gainMarie invaluable Thompson practical and David Schissler research knowledge, Firms,” The Hacker News, 1 July 2014; since Stuxnet,” ESET, 12 June 2017; Taking the Power Grid Online,” For- Email: [email protected] Email: [email protected]• learn more about the latest techniques and cutting-edge technology, and computer.org/security thehackernews.com/2014/07 www.eset.com/int/industroyer. eign Policy, 10 June 2016; foreignpolicy Phone: 714-813-5094 Phone: +1 508• discover 394 4026 case studies, tutorials, columns, and in-depth interviews and podcasts for the /dragonfly-russian-hackers-scada 18. A. Greenberg, “Hackers Gain Direct .com/2016/06/10/preventing-a Fax: +1 508 394 information 1707 security industry. -havex.html. Access to US Power Grid Controls,” -blackout-by-taking-the-power-grid 10. N. Perlroth, “Russian Hackers Tar- Wired, 6 Sept. 2017; www.wired.com -offline. geting Oil and Gas Companies,” The /story/hackers-gain-switch-flipping 26. H. Fouquet and M. Mawad, “France

www.computer.org/computingedge 17 94 COMPUTER WWW.COMPUTER.ORG/COMPUTER DECEMBER 2017 95

r12cyb.indd 94 11/17/17 3:14 PM r12cyb.indd 95 11/17/17 3:14 PM

COLUMN: Backspace

The Autonomous Vehicle and Its Temptations

Vinton G. Cerf Self-driving vehicles must contend with many Google possibilities, including the behavior of bad actors.

I drive a Tesla. I work for Google, an Alphabet company. A sister company is Waymo, which is highly advanced in autonomous vehicle technology. What worries me has a lot to do with both the challenges of potentially buggy software but, much more serious, are the temptations to which our fellow human beings may give in. Bugs in software, including machine learning neu- ral networks, can result in unexpected and unpredictable behaviors. Image recognition and clas- sification is a key part of autonomous vehicle navigation. It must classify the images of vehicles and other objects in its surrounding area and make predictions of their immediate future behavior including provisions for the unexpected. A person on a bicycle may swerve into traffic. An in- coming vehicle may try to make a turn before your vehicle enters an intersection. A blockage in the lane that the car is in should trigger either a slow down or an attempt to move out of the lane. All of these potential behaviors have to be accounted for in some measure if an autonomous vehicle is to successfully navigate a public street filled with a combination of traffic, vehicles of various kinds, pedestrians, bicycle or motorcycle riders, Segway riders, scooters and a mix of other objects—some stationery and some in motion. The makers of autonomous vehicles must consider safety to be a highest priority—for passen- gers and for surrounding vehicles, people and objects in view. The ability to test the ensemble of algorithms used to animate self-driving vehicles is paramount—especially to validate behavior for low probability but potentially catastrophic situations like a small child chasing an errant ball into the street or an animal dashing across the road without warning. One important possibility is that fictitious but realistic inputs can be presented to the sensor systems or to the software receiving sensory signals to test whether the software does the “right” thing under all conditions. In addition to my concerns about the functionality and reliability of the software used in autonomous vehicles, I worry about the misbehavior of humans who use these vehicles or, worse, choose to abuse them. It isn’t hard to imagine that some people will find it attractive to vandalize autonomous vehicles because there is no human in the vehicle to observe or defend the vehicle from abuse. I have heard stories about robots that have been abused by humans who seem to en- joy interfering or even damaging them just because they can. The headlines about human drivers who ignore warnings that they need to take control of a supposedly “autonomous” vehicle are examples of deliberate human negligence. We are indeed a strange species! One can also imagine hackers hoping to disrupt the operation of autonomous, communicating vehicles by launching denial of service attacks or sending malware or attempting to penetrate operating systems with the intent of disabling or otherwise confusing a self-driving vehicle.

IEEE Internet Computing Published by the IEEE Computer Society May/June18 2018 August 2018 Published79 by the IEEE Computer Society 1089-7801/18/$33.002469-7087/18/$33.00 ©2018© 2018 IEEE IEEE IEEE INTERNET COMPUTING This article originally appeared in IEEE Internet Computing, vol. 22, no. 3, 2018.

Moreover, since many autonomous vehicles carry a large complement of software, it is common for the makers to want to upgrade or repair errors in the code. By implication, it is vital that the COLUMN: Backspace vehicles be able to correctly reject any new software that cannot be confirmed as to origin or in- tegrity. Digital signatures and signed hash codes over the new software can be used to increase the probability that the download is appropriate and valid. It is not hard to conclude that in addition to correct operation, the makers of self-driving vehicles will need to take into account a vari- ety of challenges, not the least of which are brought about by people who don’t have the best interests of the vehicles or their occupants in mind! The Autonomous Vehicle BIO Vinton G. Cerf is vice president and chief Internet evangelist at Google, and past president and Its Temptations of ACM. He’s widely known as one of the “fathers of the Internet.” He’s a Fellow of IEEE and ACM. Contact him at [email protected].

Vinton G. Cerf Self-driving vehicles must contend with many Google possibilities, including the behavior of bad actors.

IEEE Internet Computing Published by the IEEE Computer Society May/June 2018 79 1089-7801/18/$33.00 ©2018 IEEE May/Junewww.computer.org/computingedge 2018 80 www.computer.org/internet19 IEEE Letters of the Computer Society (LOCS) is a rigorously peer- reviewed forum for rapid publication of brief articles describing high- impact results in all areas of interest to the IEEE Computer Society.

Topics include, but are not limited to: EDITOR IN CHIEF • software engineering and design; Darrell Long - University of California, Santa Cruz • information technology; • software for IoT, embedded, and cyberphysical ASSOCIATE EDITORS systems; Dan Feng, Huazhong University of Science and • cybersecurity and secure computing; Technology • autonomous systems; • machine intelligence; Gary Grider - Los Alamos National Laboratory • parallel and distributed software and Kanchi Gopinath - Indian Institute of Science (IISc), algorithms; Bangalore • programming environments and languages; Katia Obraczka - University of California, Santa • computer graphics and visualization; Cruz • services computing; Thomas Johannes Emil Schwarz - Marquette • databases and data-intensive computing; University • cloud computing and enterprise systems; Marc Shapiro - Sorbonne-Université–LIP6 & Inria • hardware and software test technology. Kwang Mong Sim - Shenzhen University

LOCS offers open access options for authors. Learn more about IEEE open access publishing: Learn more about LOCS, www.ieee.org/open-access submit your paper, or become a subscriber today: www.computer.org/locs EXPERTCYBER-PHYSICAL-SOCIAL OPINION SYSTEMS Editor: Daniel Zeng, University of Arizona and Chinese Academy of Sciences, [email protected]

5G-Enabled Cooperative Intelligent Vehicular (5GenCIV) Framework: When Benz Meets Marconi

Xiang Cheng and Chen Chen, Peking University and Southeast University Wuxiong Zhang and Yang Yang, Chinese Academy of Sciences

ince Karl Benz invented motor cars more than fort and resources to develop self-driving cars. These 130 years ago, automobiles have undergone self-driving cars have attracted an unprecedented S level of media interest, while raising speculation probably the most signifi cant leap from their ances- about the impacts and implications of automated tors—the leap from human-centered to self-driving driving on societal matters such as road safety, pri- operation. Intelligent vehicles (IVs), particularly vacy, traffi c fl ow, energy and environmental issues, those with self-driving capability, are receiving land use, economics of the vehicle industry, and unprecendented attention. A crucial driving force cybersecurity. Several recent traffi c accidents caused in this development is wireless communication by intelligent cars in autopilot driving mode further technology, which has matured since Marconi’s elevated concerns regarding self-driving safety and fi rst demonstration 120 years ago. As IV technol- reliability. Such events have also stimulated research ogy evolves, we believe that these two century- and media emphasis on what led to lethal accidents old technologies will be drastically shaped by and associated with IVs and how safety and reliability fused into each other. This vision henceforth led to of IVs could be effectively improved. Presently, a our proposed 5G-enabled cooperative intelligent widely accepted limitation of IVs is the environment vehicular (5GenCIV) framework. sensing and data processing capability. Therefore, the straightforward solution is to equip the vehicles Background with more accurate sensing instruments, such as From the beginning of intelligent transportation sys- multibeam lidars, microwave radars, and high- tems (ITSs) as a research fi eld in the mid-1980s, IVs resolution cameras, as well as complex data process- have been one of the most signifi cant ITS applica- ing and automatic driving algorithms. Such high-end tions. The ultimate objective of the IV development instrumentation as well as demanding computation is self-driving vehicles. Currently, this is generally will inevitably lead to signifi cantly increased vehicle considered a futuristic concept that remains a far cost, which henceforth hinders the development and reach from actual deployment.1,2 Various research deployment of IVs. As of today, safety guarantee projects have advanced the enabling technologies in and low cost seem to be to contradicting goals that environmental perception and vehicle control and cannot be simultaneously achieved. have produced experimental implementations to In light of these limitations and unresolvable trade- show how automation technologies could be applied offs, information sharing via vehicle-to-everything to road vehicles. These have led to major demonstra- (including vehicle-to-vehicle and vehicle-to-infra- tions in Europe, North America, Japan, and China. structure) communications enabled by wireless tech- Academic research has been ongoing as well, largely nology provides an alternative to empower self-driving out of sight of the general public.3,4 vehicles with beyond visual range (BVR) environ- Recently, several companies, including Google, ment sensing and enhanced data processing capabili- Tesla Motors, and Baidu, have devoted heavy ef- ties, by exploiting the vehicular networks. Currently,

MaY/juNE 2017 1541-1672/17/$33.00 © 2017 IEEE 53 2469-7087/18/$33.00 © 2018 IEEE Published by Publishedthe IEEE Computer by the IEEE Society Computer Society August 2018 21 Intelligence level Self-driving Assisted self-driving safety, and thus ultimately expedite Level 4 the realization and commercialization Level 3 of affordable IVs that are safe and Complete Level 2 reliable. High High-level self-driving Level 1 self-driving Level 0 Half Intelligent Vehicles Assisted self-driving driving The development of IVs can be di- Primary automation vided into two stages: the initial stage for assisted driving, and the ultimate stage for complete self-driving instead of human driving. The National Low Highway Traffic Safety Administra- 2010 2014 2017 2020 2030 tion (NHTSA) divides IVs into five levels (see Figure 1). Figure 1. Five developing levels of intelligent vehicles: primary automation, assisted Self-driving is the development trend driving, half self-driving, high-level self-driving, and complete self-driving. of IVs. From a technical viewpoint, there are two basic self-driving architectures. The first is based on the ve- wireless communication technolo- IoV is merely a means of informa- hicle platform. The on-vehicle sensors gies—including wireless access in ve- tion exchange among IVs, providing perform environment perception and hicular environment (WAVE), UMTS limited BVR environment sensing data fusion, then make decisions and (Universal Mobile Telecommunications capability. control the vehicle via the vehicle ex- System), WiMax (Worldwide Interop- Because of the global success of ecution unit. The second is based on erability for Microwave Access), and commercial 4G LTE mobile commu- Vanet. The vehicle receives environ- LTE (Long-Term Evolution)—offer a nications, the research, standardiza- mental data and roadside information foundation for the development of the tion, and commercialization of 5G mo- via the Vanet. next generation of telematics technol- bile communication systems are being Today, the first architecture is the ogy. Conventional vehicle ad hoc net- developed at academic institutions, in mainstream approach, on which most works (Vanets) are evolving into the industry, and in government sectors. researchers and developers are focus- Internet of Vehicles (IoV). The former Upon the expected overall adoption to ing. With this approach, the environ- focus on information transmission 5G, data exchanges at huge quantities ment information surrounding the ve- among vehicles, whereas the latter in- will be supported with markedly re- hicle is acquired by sensors onboard tegrates humans and vehicles—that is, duced latency and improved reliability. the vehicle. On the basis of this infor- IoV interconnects vehicles and humans Naturally, 5G-enhanced IoV as an em- mation, the vehicle will independently within and around vehicles.5 By us- powering technology for IVs is receiv- accomplish the automatic-driving ing intelligent systems on vehicles and ing increasing attention and research. control, including environment sens- different cyber-physical systems, IoV Unlike the current state of the art, ing, central decision making, and me- combines sensors, vehicles, and mobile in which communications is merely a chanical control. To obtain reliable devices to create a global network sys- means of auxiliary information ex- and comprehensive environment infor- tem. The main target of IoV is to com- change, we propose the 5GenCIV ma tion, the vehicle is often equipped bine multiple users, vehicles, things, framework, in which 5G is truly in- with expensive multibeam lidars, and networks to consistently provide a tegrated into the design of the IVs. microwave radars, and high-resolu- high-quality, controllable, manageable, Not only will the inherent 5G fea- tion cameras. At the same time, the operational, and credible connection. tures be incorporated into the IV sys- vehicle must be equipped with com- The existing IoV can support the tem optimization, but in addition, plex and costly processing and control sharing of only a limited volume of data. the very design of the IV system will units to ensure the safety and reli- Additionally, the reliability and time- be revolutionized from a cooperative ability of automatic driving. These liness of existing IoV services also fall and systematic perspective. This will not only significantly increase the ve- short of satisfying automatic-driving fundamentally resolve the dilemma hicle cost, but also hinder the devel- requirements. As a result, the current between lowering cost and improving opment and adoption of affordable

54 www.computer.org/intelligent IEEE INTELLIGENT SYSTEMS 22 ComputingEdge August 2018 Intelligence level Self-driving Assisted self-driving safety, and thus ultimately expedite IVs. Additionally, environment sens- 5G applications centered at ultra-high manner. Additionally, thanks to the Level 4 the realization and commercialization ing and automatic driving control data rate support with super-low la- cloud and fog platforms, 5GenCIV Level 3 of affordable IVs that are safe and based on the sole intelligence of an in- tency and superb reliability render a can better exploit the availability of Complete Level 2 reliable. dividual vehicle would inevitably lead promising enabler for self-driving IVs. multi-IV data to facilitate various High High-level self-driving Level 1 self-driving to limitations and safety concerns. More importantly, 5G’s unique fea- learning functions more effectively Half Level 0 Intelligent Vehicles In a nutshell, IVs that depend on in- tures, such as a data-control–separated and efficiently, and thereby lead to Assisted self-driving driving The development of IVs can be di- dividual vehicle sensing and control software-defined network (SDN), flex- self-driving behaviors that better imi- Primary automation vided into two stages: the initial stage face the challenges of high cost and ible network architecture and topol- tate or even surpass human driving. for assisted driving, and the ultimate limited processing capability. A sat- ogy, cloud/fog computing and process- Another key feature of 5G is the stage for complete self-driving in- isfying yet affordable solution largely ing, and application-oriented design, hierarchical coexistence of heteroge- stead of human driving. The National depends on cost reduction of the sens- render it not only a vital supporting neous networks.9 Here, the heteroge- Low Highway Traffic Safety Administra- ing, processing, and control compo- technology for IVs but also an inte- neity refers not only to cells of various 2010 2014 2017 2020 2030 tion (NHTSA) divides IVs into five nents. Therefore, we urgently need a grated part of the IV system. sizes but also to different protocols levels (see Figure 1). more active approach that bypasses Instead of treating communications and standards. As a result, 5GenCIV Figure 1. Five developing levels of intelligent vehicles: primary automation, assisted Self-driving is the development trend these limitations for IVs with im- as only a means of providing informa- can better support the stable high- driving, half self-driving, high-level self-driving, and complete self-driving. of IVs. From a technical viewpoint, proved safety and reliability, yet short- tion, we aspire to merge the design of speed network connectivity of IVs. there are two basic self-driving archi- ened time to market. 5G and IVs. By matching the 5G fea- For example, the control messages of tectures. The first is based on the ve- Due to the drawbacks of the first tures with IV needs, we envision a IVs could be maintained by macro- wireless communication technolo- IoV is merely a means of informa- hicle platform. The on-vehicle sensors architecture, and as Vanet technolo- safer and more reliable IV framework, cell base stations with wide-area gies—including wireless access in ve- tion exchange among IVs, providing perform environment perception and gies mature, the second architecture which we call the 5GenCIV frame- coverage to ensure stable connectiv- hicular environment (WAVE), UMTS limited BVR environment sensing data fusion, then make decisions and is receiving increasing attention and work. The key is to root the design of ity under high mobility, whereas the (Universal Mobile Telecommunications capability. control the vehicle via the vehicle ex- interest. It is already clear that the IVs 5G in the development of the IV sys- exchange of massive data can be en- System), WiMax (Worldwide Interop- Because of the global success of ecution unit. The second is based on beyond level 3 in Figure 1 need to in- tem, so to adapt the former to the va- abled by micro- and femto-cells via erability for Microwave Access), and commercial 4G LTE mobile commu- Vanet. The vehicle receives environ- tegrate these two architectures. Only riety of IV applications. As Figure 2 advanced data dissemination and de- LTE (Long-Term Evolution)—offer a nications, the research, standardiza- mental data and roadside information in this way can the vehicle-acquired shows, the proposed 5GenCIV frame- vice-to-device technology,10 such that foundation for the development of the tion, and commercialization of 5G mo- via the Vanet. sensing information be combined work comprises several key features. low latency and high reliability can next generation of telematics technol- bile communication systems are being Today, the first architecture is the with Vanet-provided knowledge One such feature is that the SDN be guaranteed. ogy. Conventional vehicle ad hoc net- developed at academic institutions, in mainstream approach, on which most about the surroundings to enhance in 5G network architectures features Finally, with 5G, 5GenCIV can works (Vanets) are evolving into the industry, and in government sectors. researchers and developers are focus- the vehicle’s identification capability data-control separation.6 This can send the 3D high-resolution map and Internet of Vehicles (IoV). The former Upon the expected overall adoption to ing. With this approach, the environ- toward ultimate self-driving. How- cope with the network-control issues real-time traffic data to IVs to assist focus on information transmission 5G, data exchanges at huge quantities ment information surrounding the ve- ever, Vanet technology was originally by imposing a centralized control with high-precision localization and among vehicles, whereas the latter in- will be supported with markedly re- hicle is acquired by sensors onboard developed and designed to ensure the plane of individual network devices the corresponding real-time route tegrates humans and vehicles—that is, duced latency and improved reliability. the vehicle. On the basis of this infor- transportation system’s safety and at an external entity. With the devel- planning. This should complement IoV interconnects vehicles and humans Naturally, 5G-enhanced IoV as an em- mation, the vehicle will independently efficiency. Therefore, its design was opment of SDN for IVs, the network the limitations of onboard sensors, within and around vehicles.5 By us- powering technology for IVs is receiv- accomplish the automatic-driving inherently focused on the high-reli- latency could be improved with spe- and thus improve both the reliability ing intelligent systems on vehicles and ing increasing attention and research. control, including environment sens- ability and low-latency transmission cific self-driving operations deployed and robustness of IVs. At the same different cyber-physical systems, IoV Unlike the current state of the art, ing, central decision making, and me- of low-rate data in high-mobility sce- on the centralized control plane. SDN time, this could also alleviate the combines sensors, vehicles, and mobile in which communications is merely a chanical control. To obtain reliable narios. This falls far behind the mas- renders the remote control of IVs by dependency of IVs on expensive on- devices to create a global network sys- means of auxiliary information ex- and comprehensive environment infor- sive data requirements posed by IVs. 5GenCIV a practical possibility. board sensing equipment and thereby tem. The main target of IoV is to com- change, we propose the 5GenCIV ma tion, the vehicle is often equipped Hence, current IVs are merely using Additionally, the coexistence of a lower the vehicle cost, and in turn bine multiple users, vehicles, things, framework, in which 5G is truly in- with expensive multibeam lidars, Vanets for minimum information centralized cloud network architec- shorten the time to market. and networks to consistently provide a tegrated into the design of the IVs. microwave radars, and high-resolu- sharing of limited environment infor- ture and distributed fog/edge net- high-quality, controllable, manageable, Not only will the inherent 5G fea- tion cameras. At the same time, the mation, such as road congestion, traf- works in 5G makes it possible for Key Challenges and operational, and credible connection. tures be incorporated into the IV sys- vehicle must be equipped with com- fic light status, and sudden braking or 5GenCIV to realize IV data storage Opportunities The existing IoV can support the tem optimization, but in addition, plex and costly processing and control lane changing of nearby vehicles. and processing at three levels—cloud, The 5GenCIV framework is at the in- sharing of only a limited volume of data. the very design of the IV system will units to ensure the safety and reli- fog, and onboard (see Figure 3).7,8 tersection and fusion of multiple dis- Additionally, the reliability and time- be revolutionized from a cooperative ability of automatic driving. These 5GenCIV Framework Depending on the data characteristics ciplines, including communications, liness of existing IoV services also fall and systematic perspective. This will not only significantly increase the ve- As a new-generation mobile commu- and latency requirements of different cognition, intelligent control, com- short of satisfying automatic-driving fundamentally resolve the dilemma hicle cost, but also hinder the devel- nication technology, 5G is undergoing IV services, 5GenCIV can arrange their puting, pattern recognition, video requirements. As a result, the current between lowering cost and improving opment and adoption of affordable active development. The envisioned storage and processing in a flexible processing, and sensing technology.

54 www.computer.org/intelligent IEEE INTELLIGENT SYSTEMS MaY/juNE 2017 www.computer.org/intelligent 55 www.computer.org/computingedge 23 OTT MVNO Enterprise

Control cloud API Infrastructure Pipe capabilities Additional services Data information Video Small network Dataﬂow control optimization CDN Business data Open network Mobility IDC DPI Firewall User data management capability

Hardware and Authentication and Virus Other Network data software resources authorization ﬁltering services Connection Network Control Network management, management, resource logic resource allocation mobility management Centralized control

Content storage distribution

Datacenter

Distributed forwarding

Access cloud Forwarding cloud

Figure 2. General framework of 5GenCIV. 5GenCIV integrates the design of 5G and IVs to develop affordable IVs that are safe and reliable.

Naturally, the design and perfection tion control among onboard equip- Low-Latency, High-Mobility of 5GenCIV face various challenges ment, roadside units, and the onboard Communications and offer abundant opportunities for communication platform, a fully dis- While the vehicle is in high-speed self- cutting-edge innovations. tributed system architecture centered driving mode, fast and real-time ex- at the vehicle-road coordination net- change of dynamic information must be Wireless System Architecture for work must be comprehensively de- facilitated among vehicles and between Self-Driving signed. Such an architecture should vehicles and the fog and cloud. Such The service characteristics and user be an open, safe, and highly efficient information includes both small data behavior patterns for the automo- network that features data broadcast, (such as speed, location, and direction bile industry differ from conventional end-to-end dataflow storage, and self- of neighboring vehicles) and big data communications. We need to care- organization, transmission, and con- (such as video of surrounding environ- fully analyze and sort out the specific trol of high-mobility network nodes. ments and/or 3D high-resolution maps). requirements of various vehicles and In the meantime, scalability of such Ultra-low latency typically requires a their services and applications, and a network is also critical to ensuring time delay in the scale of microseconds then design the system architecture. future integration with the smart grid and a data exchange rate of 10 times per To adapt to the real-time communica- when migrating self-driving to elec- second. Mobility enhancement research tion requirements, and to realize the tric vehicles that are the inevitable is henceforth necessary to cope with the information exchange and coordina- trend.11–13 high mobility feature of IVs. In addition,

56 www.computer.org/intelligent IEEE INTELLIGENT SYSTEMS 24 ComputingEdge August 2018 Core networks

OTT MVNO Enterprise rapid and smooth handover between Router cells is necessary for communication re- Cloud Control cloud API liability and quality of user experience Infrastructure Pipe capabilities Additional services Data information Video when the IV moves across cells. The fun- Small network Dataﬂow control optimization CDN Business data damental issue in the aforementioned Open network Mobility IDC DPI Firewall User data management capability investigations is to carry out proper measurement and modeling of the wire- Hardware and Authentication and Virus Other Network data software resources authorization ﬁltering services less communication channels pertinent Edge/fog Edge/fog Edge/fog Network 14,15 Control Connection to the 5GenCIV framework. Based Network management, resource logic management, on this, new and emerging technologies, resource allocation management mobility such as massive multiple-input multiple- Centralized control output, device-to-device, full duplex, nonorthogonal multicarrier, millimeter wave, and visible light communications, can be optimized and adapted Onboard Onboard Onboard Onboard to fit the 5GenCIV framework’s low- Content storage latency, high-mobility massive data distribution Figure 3. Infrastructure of cloud and edge/fog networks in 5GenCIV. This transmission requirements. infrastructure makes it possible for 5GenCIV to realize IV data storage and processing at three levels—cloud, fog, and onboard—based on the data Storage and Processing of IV Data characteristics and latency requirements. 5GenCIV has three levels of storage and processing units—namely, onboard, fog, and cloud (see Figure 4). Datacenter Therefore, one key to successful 5Gen- Distributed forwarding CIV design is the appropriate designa- Self-driving cloud tion of the IV data. According to the Information fusion/processing Access cloud Forwarding cloud Cloud decision respective features of the onboard, AI fog, and cloud storage and processing units, we could delineate the IV 5G 5G Figure 2. General framework of 5GenCIV. 5GenCIV integrates the design of 5G and IVs to develop affordable IVs that are safe networks networks and reliable. data and accordingly allocate the tasks with stringent real-time constraints to Self-driving fog Self-driving fog the onboard units, the complex and Partial information fusion/processing Partial information fusion/processing Fog decision Partial decision Naturally, the design and perfection tion control among onboard equip- Low-Latency, High-Mobility latency-tolerant tasks to the cloud AI AI of 5GenCIV face various challenges ment, roadside units, and the onboard Communications units, and tasks with intermediate re- 5G 5G and offer abundant opportunities for communication platform, a fully dis- While the vehicle is in high-speed self- quirements to the fog units. Thanks networks networks cutting-edge innovations. tributed system architecture centered driving mode, fast and real-time ex- to the powerful processing capability at the vehicle-road coordination net- change of dynamic information must be of 5GenCIV at the fog and cloud side, Remote 5G Sensor Remote (fog/cloud) networks Sensor data (fog/cloud) Wireless System Architecture for work must be comprehensively de- facilitated among vehicles and between complex data analytics that are diffi- decision data Control decision Control Self-Driving signed. Such an architecture should vehicles and the fog and cloud. Such cult or even impossible for processors execution execution Vehicle Local Vehicle Local The service characteristics and user be an open, safe, and highly efficient information includes both small data onboard the vehicle would be a realis- data decision data decision behavior patterns for the automo- network that features data broadcast, (such as speed, location, and direction tic possibility. In the meantime, 5Gen- bile industry differ from conventional end-to-end dataflow storage, and self- of neighboring vehicles) and big data CIV can collectively combine the mas- Intelligent vehicle Intelligent vehicle communications. We need to care- organization, transmission, and con- (such as video of surrounding environ- sive data not only from multiple IVs fully analyze and sort out the specific trol of high-mobility network nodes. ments and/or 3D high-resolution maps). but also from human-operated vehi- Figure 4. Infrastructure of storage, processing, and control in 5GenCIV. 5GenCIV has requirements of various vehicles and In the meantime, scalability of such Ultra-low latency typically requires a cles. This will lead to multilateral ben- three levels of storage and processing units—namely, onboard, fog, and cloud. their services and applications, and a network is also critical to ensuring time delay in the scale of microseconds efits to the learning process of IVs, and then design the system architecture. future integration with the smart grid and a data exchange rate of 10 times per thus enhanced reliability and safety of To adapt to the real-time communica- when migrating self-driving to elec- second. Mobility enhancement research IVs, especially in the envisioned long Data Analytics plex data analytics based on onboard tion requirements, and to realize the tric vehicles that are the inevitable is henceforth necessary to cope with the period during which self-driving and As mentioned earlier, 5GenCIV will sensing data, roadside sensing data, information exchange and coordina- trend.11–13 high mobility feature of IVs. In addition, human-intervened IVs coexist. eventually make it possible to apply com- IV driving history, and human driving

56 www.computer.org/intelligent IEEE INTELLIGENT SYSTEMS MaY/juNE 2017 www.computer.org/intelligent 57 www.computer.org/computingedge 25 behavior in an interactive dynamic and strategic decisions on the vehi- Acknowledgments setup, and therefore bring self-driving cle actions based on the environment This work is supported in part by the Na- into reality. With 5GenCIV, the collec- sensing and the vehicle and road con- tional Natural Science Foundation of China tion and combination of multilevel, mul- dition. At present, this is typically under grants 61622101, 61571020, and 61471008; the Ministry National Key Re- tilateral massive data will be realized achieved by simple state machines, search and Development Project under grant for the first time. In terms of type, these due to the limited computing power 2016YFE0123100; the National 973 Proj- data will include environment monitor- onboard individual IVs. In 5GenCIV, ect under grant 2013CB336700; the open ing data, both within visual range and thanks to the three-level processing research fund of the National Mobile Com- BVR, and vehicle control and operation units at the vehicle, fog, and cloud, munications Research Laboratory under grant 2016D03; Southeast University; and data. In terms of source, these data in- the final decision will be a fusion be- the National Science and Technology Major clude IV data, human-operated vehicle tween the remote decision at the fog Project under grant 2016ZX03001024. data, and roadside-unit data. In terms of and cloud units and the local decision characteristics, these data include real- at the vehicle, as shown in Figure 4. time, history, and predictive data. As Evidently, the decision algorithms at References a result, 5GenCIV will be confronted each of the three processing units, 1. J. Petit and S.E. Shladover, “Potential with massive and diverse data fusion and the proper fusion of the remote Cyberattacks on Automated Vehicles,” and analytics problems. This poses un- and local decisions, would be key IEEE Trans. Intelligent Transporation precedented challenges to data analyt- to the optimum functioning of this Systems, vol. 16, no. 2, 2015, ics methodology and technique research approach. pp. 546–556. and development, and comprises a core 2. E. Ohn-Bar and M.M. Trivedi, “Look- problem toward the ultimate realization ing at Humans in the Age of Self-Driv- of 5GenCIV. Today, both 5G technology and ing and Highly Automated Vehicles,” self-driving intelligent vehicles are re- IEEE Trans. Intelligent Vehicles, vol. 1, Environment Sensing Technology ceiving unprecedented interest from no. 1, 2016, pp. 90–104. 5GenCIV is expected to prove BVR academia, industry, and government 3. K. Jo et al., “Development of Autono- environment information. In other sectors. Innovatively combining their mous Car Part I: Distributed System Ar- words, 5G essentially serves as a vir- respective characteristics and advan- chitecture and Development Process,” tual sensor or telesensor for IVs. On tages, we proposed 5GenCIV in this IEEE Trans. Industrial Electronics, the other hand, there are various on- article. This framework is built on vol. 61, no. 12, 2014, pp. 7131–7140. board sensors, including multibeam the intimate integration of the de- 4. K. Jo et al., “Development of Autono- lidar, millimeter radar, and video sign and development of 5G and IV mous Car Part II: A Case Study on the camera. The optimized fusion of technology at all levels. The featured Implementation of an Autonomous these local and remote heterogeneous properties and network architecture Driving System Based on Distributed sensors with varying resolution and of 5G and its high-reliability, low- Architecture,” IEEE Trans. Industrial latency is yet another key challenge latency transmission can be fully ex- Electronics, vol. 62, no. 8, 2015, in realizing 5GenCIV. Once properly ploited to enable safe and affordable pp. 5119–5132. solved, such an optimized configura- self-driving IVs. 5GenCIV is at the 5. E. Uhlemann, “Connected-Vehicles tion could significantly enhance the intersection and fusion of multiple Applications Are Emerging [Connected environmental awareness of each IV, disciplines and is thus rich in cross- Vehicles],” IEEE Vehicular Technology while transferring the high yet re- disciplinary challenges accompanied Magazine, vol. 11, no. 1, 2016, dundant per-IV equipment cost to by opportunities for scientific and pp. 25–96. the shared roadside facilities via col- technical innovations. The projected 6. D. Kreutz et al., “Software-Defined lection, fusion, and sharing. We be- timeline for the commercialization of Networking: A Comprehensive Survey,” lieve that this is pivotal technology in 5G is around 2020. By then, 5GenCIV Proc. IEEE, vol. 103, no. 1, 2015, bringing safe yet affordable self-driv- should have received dedicated re- pp. 14–76. ing IVs into reality. search and development, leading to 7. Q. Han, S. Liang, and H. Zhang, the commercialization of safe and “Mobile Cloud Sensing, Big Data, and Intelligent IV Control affordable self-driving IVs in special 5G Networks Make an Intelligent and As the kernel functioning unit of IVs, environments such as touring trolleys Smart World,” IEEE Network, vol. 29, the decision center makes judgments and cargo vehicles. no. 2, 2015, pp. 40–45.

58 www.computer.org/intelligent IEEE INTELLIGENT SYSTEMS 26 ComputingEdge August 2018 behavior in an interactive dynamic and strategic decisions on the vehi- Acknowledgments 8. S. Huang et al., “Architecture Harmo- Chen Chen is an associate professor in the Yang Yang is a professor in the Key Lab of setup, and therefore bring self-driving cle actions based on the environment This work is supported in part by the Na- nization between Cloud Radio Access State Key Laboratory of Advanced Optical Wireless Sensor Network and Communica- into reality. With 5GenCIV, the collec- sensing and the vehicle and road con- tional Natural Science Foundation of China Networks and Fog Networks,” IEEE Communication Systems and Networks at tion, SIMIT, Chinese Academy of Sciences tion and combination of multilevel, mul- dition. At present, this is typically under grants 61622101, 61571020, and Access, vol. 3, Dec. 2015, Peking University and also in the National and also at the Shanghai Research Center 61471008; the Ministry National Key Re- tilateral massive data will be realized achieved by simple state machines, search and Development Project under grant pp. 3019–3034. Mobile Communications Research Labora- for Wireless Communications. Contact him for the first time. In terms of type, these due to the limited computing power 2016YFE0123100; the National 973 Proj- 9. F. Gabry, V. Bioglio, and I. Land, “On tory at Southeast University. Contact him at at [email protected]. data will include environment monitor- onboard individual IVs. In 5GenCIV, ect under grant 2013CB336700; the open Energy-Efficient Edge Caching in Het- [email protected]. ing data, both within visual range and thanks to the three-level processing research fund of the National Mobile Com- erogeneous Networks,” IEEE J. Se- munications Research Laboratory under BVR, and vehicle control and operation units at the vehicle, fog, and cloud, lected Areas in Comm., vol. 34, no. 12, Wuxiong Zhang is an associate profes- grant 2016D03; Southeast University; and data. In terms of source, these data in- the final decision will be a fusion be- the National Science and Technology Major 2016, pp. 3288–3298. sor in the Key Lab of Wireless Sensor Net- clude IV data, human-operated vehicle tween the remote decision at the fog Project under grant 2016ZX03001024. 10. X. Cheng, L. Yang, and X. Shen, “D2D work and Communication, SIMIT, Chinese This article originally appeared in Read your subscriptions data, and roadside-unit data. In terms of and cloud units and the local decision for Intelligent Transportation Systems: Academy of Sciences and also at the Shang- IEEE Intelligent Systems, vol. 32, through the myCS pub- characteristics, these data include real- at the vehicle, as shown in Figure 4. A Feasibility Study,” IEEE Trans. Intel- hai Research Center for Wireless Commu- no. 3, 2017. lications portal at http:// time, history, and predictive data. As Evidently, the decision algorithms at References ligent Transportation Systems, vol. 16, nications. Contact him at wuxiong.zhang@ mycs.computer.org. a result, 5GenCIV will be confronted each of the three processing units, 1. J. Petit and S.E. Shladover, “Potential no. 4, 2015, pp. 1784–1793. wico.sh. with massive and diverse data fusion and the proper fusion of the remote Cyberattacks on Automated Vehicles,” 11. X. Cheng et al., “Electrified Vehicles and analytics problems. This poses un- and local decisions, would be key IEEE Trans. Intelligent Transporation and the Smart Grid: The ITS Perspec- precedented challenges to data analyt- to the optimum functioning of this Systems, vol. 16, no. 2, 2015, tive,” IEEE Trans. Intelligent Trans- ics methodology and technique research approach. pp. 546–556. portation Systems, vol. 15, no. 4, 2014, and development, and comprises a core 2. E. Ohn-Bar and M.M. Trivedi, “Look- pp. 1388–1404. problem toward the ultimate realization ing at Humans in the Age of Self-Driv- 12. X. Cheng, R. Zhang, and L. Yang, of 5GenCIV. Today, both 5G technology and ing and Highly Automated Vehicles,” “Consumer-Centered Energy System self-driving intelligent vehicles are re- IEEE Trans. Intelligent Vehicles, vol. 1, (CCES) for Electric Vehicles and Smart Environment Sensing Technology ceiving unprecedented interest from no. 1, 2016, pp. 90–104. Grid,” IEEE Intelligent Systems, vol. 5GenCIV is expected to prove BVR academia, industry, and government 3. K. Jo et al., “Development of Autono- 31, no. 3, 2016, pp. 97–101. environment information. In other sectors. Innovatively combining their mous Car Part I: Distributed System Ar- 13. R. Zhang, X. Cheng, and L. Yang, “En- words, 5G essentially serves as a vir- respective characteristics and advan- chitecture and Development Process,” ergy Management Framework for Elec- tual sensor or telesensor for IVs. On tages, we proposed 5GenCIV in this IEEE Trans. Industrial Electronics, tric Vehicles in the Smart Grid: A Three- the other hand, there are various on- article. This framework is built on vol. 61, no. 12, 2014, pp. 7131–7140. Party Game,” IEEE Comm. Magazine, board sensors, including multibeam the intimate integration of the de- 4. K. Jo et al., “Development of Autono- vol. 54, no. 12, 2016, pp. 93–101. lidar, millimeter radar, and video sign and development of 5G and IV mous Car Part II: A Case Study on the 14. X. Cheng et al., “Envelope Level Cross- camera. The optimized fusion of technology at all levels. The featured Implementation of an Autonomous ing Rate and Average Fade Duration these local and remote heterogeneous properties and network architecture Driving System Based on Distributed of Non-Isotropic Vehicle-to-Vehicle sensors with varying resolution and of 5G and its high-reliability, low- Architecture,” IEEE Trans. Industrial Ricean Fading Channels,” IEEE Trans. latency is yet another key challenge latency transmission can be fully ex- Electronics, vol. 62, no. 8, 2015, Intelligent Transportation Systems, in realizing 5GenCIV. Once properly ploited to enable safe and affordable pp. 5119–5132. vol. 15, no. 1, 2014, pp. 62–72. solved, such an optimized configura- self-driving IVs. 5GenCIV is at the 5. E. Uhlemann, “Connected-Vehicles 15. X. Cheng et al., “Wideband Channel tion could significantly enhance the intersection and fusion of multiple Applications Are Emerging [Connected Modeling and ICI Cancellation for environmental awareness of each IV, disciplines and is thus rich in cross- Vehicles],” IEEE Vehicular Technology Vehicle-to-Vehicle Communication while transferring the high yet re- disciplinary challenges accompanied Magazine, vol. 11, no. 1, 2016, Systems,” IEEE J. Selected Areas in Are Enemy Hackers Slipping through Your Team’s Defenses? dundant per-IV equipment cost to by opportunities for scientific and pp. 25–96. Comm., vol. 31, no. 9, 2013, the shared roadside facilities via col- technical innovations. The projected 6. D. Kreutz et al., “Software-Defined pp. 434–448. Protect Your Organization from Hackers by Thinking Like Them lection, fusion, and sharing. We be- timeline for the commercialization of Networking: A Comprehensive Survey,” lieve that this is pivotal technology in 5G is around 2020. By then, 5GenCIV Proc. IEEE, vol. 103, no. 1, 2015, Xiang Cheng is an associate professor in Takewww.computer.org/silverbullet Our E-Learning Courses in the Art of Hacking bringing safe yet affordable self-driv- should have received dedicated re- pp. 14–76. the State Key Laboratory of Advanced Op- *Also available at iTunes ing IVs into reality. search and development, leading to 7. Q. Han, S. Liang, and H. Zhang, tical Communication Systems and Net- You and your staff can take these courses where you are and at your own pace, the commercialization of safe and “Mobile Cloud Sensing, Big Data, and works at Peking University and also in the getting hands-on, real-world training that you can put to work immediately. Intelligent IV Control affordable self-driving IVs in special 5G Networks Make an Intelligent and National Mobile Communications Research www.computer.org/artofhacking As the kernel functioning unit of IVs, environments such as touring trolleys Smart World,” IEEE Network, vol. 29, Laboratory at Southeast University. Contact the decision center makes judgments and cargo vehicles. no. 2, 2015, pp. 40–45. him at [email protected].

58 www.computer.org/intelligent IEEE INTELLIGENT SYSTEMS MaY/juNE 2017 www.computer.org/intelligent 59 www.computer.org/computingedge 27

DEPARTMENT: INTERNET OF THINGS

Blockchain and the Internet of Things in the Industrial Sector

SUPPLY CHAIN SOLUTIONS Supply chain use cases are the most common application of blockchain for solving real business problems due to the lack of visibility of shipment data for product or component information as the shipment moves through the supply chain. Shipment delays are often due to intermediaries within the supply chain whose role is approval of paperwork associated with the shipments. Pa- perwork has a tendency to get misplaced or lost, or is awaiting processing as the piles of paperwork grow. What if this paperwork could be digitized on the blockchain? The need for these types of intermediaries could be removed from the supply chain. The blockchain would capture key shipment data emitted from IoT devices attached to products or components as the shipment moves from source to destination. The IoT platform would invoke a transaction for the blockchain that contains the shipment container location and timestamp. The transactions captured in the blockchain would serve as proof of shipment and proof of delivery for container shipments. Shipment delays would be minimized and lead times for materials flowing to manufacturing facilities could be more accurately predicted. Inventory levels at the facilities could be better aligned with just-in-time practices. In Figure 1, location data is captured by IoT sensors that forward the data to an IoT platform. The IoT platform captures location data in the blockchain. Participants in the supply chain in-

clude original equipment manufacturers (OEMs), suppliers, third-party logistics providers, ship- pers, and warehouses. Each participant has visibility to pertinent shipment data in the blockchain DEPARTMENT: INTERNET OF THINGS based on the participant’s role. Logistics management systems are used by manufacturers to query the blockchain for shipment data and provide additional shipment information to the blockchain.

Blockchain and the Internet of Things in the Industrial Sector

Blockchain and the Internet of Things (IoT) are key technologies that will have a huge impact in the next 10 years Dennis Miller for companies in the industrial market. This article de- IBM scribes how these two technologies will improve efficien- cies, provide new business opportunities, address Editors: Phillip A. Laplante, Penn regulatory requirements, and improve transparency and State University; visibility. The IoT allows for real-time capture of data from Figure 1. Blockchain and Internet of Things (IoT) supply chain solution. OEMs: original equipment [email protected] sensors. As the price of sensors and actuators keeps falling, manufacturers; 3PL: third-party logistics. companies in the industrial sector will be able to overcome Ben Amaba, IBM; cost obstacles in adopting IoT platforms. Blockchain will [email protected] enable the sharing of key relevant data captured from the IoT using a distributed, decentralized, shared ledger that is AUTONOMOUS VEHICLE SOLUTIONS available to participants in the business network. According to a study of the top global automakers, we will see a significant number of cars with some self-driving capacity by the early 2020s, with the first cars mostly being luxury cars or part 1 SUPPLY CHAIN SOLUTIONS of commercial fleets. What if a vehicle was totally autonomous in every sense of the word? A vehicle could drive itself Supply chain use cases are the most common application of blockchain for solving real business to refuel or to an electric charging station. Connected car solutions would benefit from a block- problems due to the lack of visibility of shipment data for product or component information as chain and IoT solution due to more timely and visible data captured in the blockchain from vehi- the shipment moves through the supply chain. Shipment delays are often due to intermediaries cle sensors. If sensors on the vehicle detected a repair was needed, the vehicle could within the supply chain whose role is approval of paperwork associated with the shipments. Pa- automatically schedule an appointment and drive to a repair facility. Autonomous vehicle manu- perwork has a tendency to get misplaced or lost, or is awaiting processing as the piles of paper- facturers would have timely access to engine or power train failure information captured on the work grow. What if this paperwork could be digitized on the blockchain? The need for these blockchain and could use this information to determine if failure trends are occurring for the types of intermediaries could be removed from the supply chain. component. The blockchain would capture key shipment data emitted from IoT devices attached to products Customers benefit from the increased level of care from the manufactures and increased con- or components as the shipment moves from source to destination. The IoT platform would in- sumer confidence. Manufacturers, regulators, and suppliers would have appropriate visibility voke a transaction for the blockchain that contains the shipment container location and into component failures on the blockchain and could proactively react to failure trends more timestamp. The transactions captured in the blockchain would serve as proof of shipment and quickly to ensure consumer safety and satisfaction. The vehicle would securely pay for refueling proof of delivery for container shipments. Shipment delays would be minimized and lead times or repairs automatically without direct human intervention. A permanent record of the refueling, for materials flowing to manufacturing facilities could be more accurately predicted. Inventory repairs, and payments would be recorded on the blockchain and shared by participants including levels at the facilities could be better aligned with just-in-time practices. vehicle owners, manufacturers, repair facilities, and financing firms. In Figure 1, location data is captured by IoT sensors that forward the data to an IoT platform. Figure 2 illustrates vehicle sensors emitting data to the IoT platform such as fueling, charging, The IoT platform captures location data in the blockchain. Participants in the supply chain in- parking, and repair events. The IoT platform invokes the appropriate blockchain transaction based on rules tied to the type of received sensor data. An open API integration layer is used by

the refueling, charging, parking, or repair facilities to invoke a transaction on the blockchain when the operation is complete.

Figure 2. Blockchain and IoT autonomous vehicle solution.

MANUFACTURING PLANT ASSET MANAGEMENT A blockchain and IoT solution would enable the prevention and prediction of failures for manufacturing plant equipment. Equipment sensors would detect conditions such as excessive vibra- tion or heat, which might lead to failures or operator injury. Key threshold data captured on the blockchain from the sensors would be used to detect trends for these failures and facilitate proac- tive maintenance and repairs before the failure occurs. The application of analytics and cognitive data generated from the equipment on the factory floor would enable reliability, maintenance, and operations personnel to gain more detailed, accurate insight into asset performance. Regula- tors and suppliers of plant equipment would have visibility into equipment records and could provide timely inspections and certifications to ensure equipment reliability. Third-party repair partners could monitor the blockchain for preventive maintenance and record their work on the blockchain.

CONCLUSIONS AND IMPLICATIONS Blockchain and IoT solutions in the industrial sector will need to address regulatory, legal, and insurance requirements for goods transferred on the supply chain, autonomous vehicles, and manufacturing plant equipment. Safety records and test results will need to be closely monitored by regulators, insurance adjusters, and legal institutions. Regulators will need access to compli- ance and safety records in the blockchain. Insurance adjusters will be interested in safety records as well as equipment failures for risk analysis. Law firms will need access to safety records and equipment failure data from the blockchain for litigation. IoT sensor devices and the IoT platform will need high availability and scalable solutions to handle transaction volumes and five nines uptime requirements. There will be high liability concerns from insurers of autonomous vehicles, and insurance premiums will initially be expensive until the technical framework and safety records for autonomous vehicles has matured.

May/June30 2018 ComputingEdge 17 www.computer.org/itpro August 2018 INTERNET OF THINGS IT PROFESSIONAL

the refueling, charging, parking, or repair facilities to invoke a transaction on the blockchain Despite these implications, the combination of blockchain and the Internet of Things (IoT) will when the operation is complete. bring business value to the industrial sector.

REFERENCE 1. J. Walker, “The Self-Driving Car Timeline – Predictions from the Top 11 Global Automakers,” TechEmergence, blog, 24 August 2017; www.techemergence.com/self- driving-car-timeline-themselves-top-11-automakers.

ABOUT THE AUTHOR Dennis Miller is a solution architect at IBM Corporation. He is certified master IT architect with the Open Group and an ICCP Certified Computing Professional. Contact him at drmil- [email protected].

Figure 2. Blockchain and IoT autonomous vehicle solution. This article originally appeared in IT Professional, vol. 20, no. 3, 2018. MANUFACTURING PLANT ASSET MANAGEMENT A blockchain and IoT solution would enable the prevention and prediction of failures for manufacturing plant equipment. Equipment sensors would detect conditions such as excessive vibra- tion or heat, which might lead to failures or operator injury. Key threshold data captured on the blockchain from the sensors would be used to detect trends for these failures and facilitate proac- tive maintenance and repairs before the failure occurs. The application of analytics and cognitive data generated from the equipment on the factory floor would enable reliability, maintenance, and operations personnel to gain more detailed, accurate insight into asset performance. Regula- tors and suppliers of plant equipment would have visibility into equipment records and could provide timely inspections and certifications to ensure equipment reliability. Third-party repair partners could monitor the blockchain for preventive maintenance and record their work on the blockchain.

May/June 2018 17 www.computer.org/itpro May/Junewww.computer.org/computingedge 2018 18 www.computer.org/itpro31 2019 Richard E. Merwin Award for Distinguished Service CALL FOR AWARD NOMINATIONS Deadline 1 October 2018

ABOUT THE MERWIN AWARD The highest level volunteer service award of the IEEE Computer Society for outstanding service to the profession at large, including significant service to the IEEE Computer Society or its predecessor organizations. ABOUT RICHARD MERWIN Richard Merwin was a pioneer in digital computer engineering who participated in the development of the ENIAC, MANIAC, and STRETCH computers. Despite a busy and productive technical career, Merwin found time to be active in professional SUSAN K. (KATHY) LAND societies, including the IEEE Computer Society, 2017 Richard E. Merwin Award ACM and AFIPS. His generosity of spirit and genuine for Distinguished Service helpfulness was an important element in the progress of the computer profession. For exemplifying true volunteer spirit and commitment to AWARD excellence, for significant and A bronze medal and $5,000 honorarium are awarded. continuing contributions that support the vision and mission PRESENTATION of the IEEE and the Computer The Richard E. Merwin Award is presented at the Society. IEEE Computer Society’s Annual Awards Ceremony. REQUIREMENTS This award requires 3 endorsements. AWARDS HOMEPAGE NOMINATION SUBMISSION www.computer.org/awards Nominations are being accepted electronically www.computer.org/web/awards/merwin CONTACT US [email protected]

r5p17.indd 17 5/9/18 3:19 PM Editor: Giuliano Antoniol Polytechnique Montréal INVITED CONTENT [email protected]

Editor: Steve Counsell Brunel University Editor: Phillip Laplante [email protected] Pennsylvania State University [email protected]

Blockchain-Enabled E-Voting

Nir Kshetri and Jeffrey Voas

From the Editors Please explore the new IEEE Blockchain Initiative at http://blockchain.ieee .org,—Giuliano Antoniol, Steve Counsell, and Phil Laplante

E-VOTING IS AMONG the key pub- each cast ballot to an individual example, in early 2018, Voatz tested lic sectors that can be disrupted by voter and establishes a permanent, its mobile-phone-based system during blockchain technology.1 The idea in immutable record. No bad actor can events such as student government blockchain-enabled e-voting (BEV) engage in nefarious activities because elections; church-group, nonprofit- is simple. To use a digital-currency such activities will be evident on the organization, and union voting, and analogy, BEV issues each voter a ledger or corrected by a peer-to-peer subnational political-party events.6 “wallet” containing a user creden- consensus network.3 To compromise The system has also been used in tial. Each voter gets a single “coin” the network, hackers would need town meetings in Massachusetts.7 representing one opportunity to vote. to successfully hack most of the As Table 1 shows, blockchain- Casting a vote transfers the voter’s blocks (files with transaction re- based solutions have been deployed coin to a candidate’s wallet. A cords) before new blocks were infor corporate, community, city, and voter can spend his or her coin only troduced.3 The blockchain’s audit national voting. For example, in once. However, voters can change trail ensures that no vote has been Russia, the city of Moscow’s Active their vote before a preset deadline.2 changed or removed and that no Citizen program was launched in Here, we argue that blockchains fraudulent and illegitimate votes 2014 and has more than two million might address two of the most prev- have been added.4 users.8 Each year, Moscow neigh- alent concerns in voting today: voter Put simply, blockchains enable borhoods hold up to 5,000 to 7,000 access and voter fraud. the creation of tamper-proof audit meetings.9 As of February 2018, The idea is as follows. Eligible vot- trails for voting. In this article, we 3,450 polls had been conducted users cast a ballot anonymously using highlight some BEV implementa- ing a centralized Oracle database, a computer or smartphone. BEV em- tions and the approach’s potential with 92 million votes cast on diverse ploys an encrypted key and tamper- benefits and challenges. subjects such as what color the seats proof personal IDs. For example, in a new sports arena should be, the mobile e-voting platform of the Recent Examples whether to install driveway access Boston-based startup Voatz employs Initial operational applications of gates in neighborhood yards, and smart biometrics and real-time ID BEV have been for informal, non- whether to hire a new doorkeeper.10 verification. The public ledger ties binding, and consultative voting.5 For Although these examples don’t deal

Table 1. Blockchain-based solutions deployed for voting at the community, to determine blockchain-based plat- Referencescity, and national levels. Opens,” BitccoinExchangeGuide forms’ scalability. 1. J. Demuro, “Here Are the 10 Sectors .com; https://bitcoinexchangeguide Setting The context Remarks Traditional voting emphasizes the That Blockchain Will Disrupt For- .com/digital-home-blockchain-voting authorityThe city of Moscow’sof the state.Active Citizen BEV emphaIn December- 2017,ever,” the TechRadarprogram started Pro, using 16 Jan.The 2018; most popular polls-system-active-citizen-in-moscow were reported to have 137,000 to 10 sizesprogram voter transparency. The aBEV blockchain forhttps://www.techradar.com/news voting and to make the voting 220,000 participants.-opens. In one such case on the Ethereum results publicly auditable. Each question platform, citizens indicated their preferences for temporary process is transparent, decentraldiscussed- by the/here-are-the-10-sectors-that community and put up for relocation if the 10. building M.D. in Castillo, which they “Russia were living Is Leadingwould be ized, and bottom-up. BEV mightvoting not is moved-blockchain-will-disrupt-forever. to the e-voting system using demolished and replacedthe Push by a forbetter Blockchain building. The Democracy,” platform perform well in a society whosea culblockchain.- 2. After B. Dickson, the voting is“Blockchain complete, the Tech reached Could a peak of approximatelyCoinDesk, 2018; 1,000 transactionshttps://www per ture and values exhibit low compatresults- are listedFight on a ledgerVoter containingFraud—and all the These minute. Coun- It’s not clear.coindesk.com/russias-capital whether the platform can handle the 27 previous polls. volume if a higher proportion of Moscow’s 12 million citizens ibility with these values. tries Are Testing It,” VentureBeat,participate in the voting.-leading-charge-blockchain Also, blockchains require much 22 Oct. 2016; https://venturebeat -democracy. energyThe South to Korean perform province ofauthentication The province used.com/2016/10/22/blockchain a blockchain-based The Korean financial-technology 11. B. Kimathi, “Whystartup YouBlock Shouldn’t developed the Gyeonggi-do’s community projects voting system to gather votes on community blockchain platform. and validation, and they’re slow. -tech-could-fight-voter-fraud-and Get Carried Away by Sierra Leone’s projects. 9,000 residents voted. So, using them for national e-voting -these-countries-are-testing-it. Blockchain Elections,” Crypto-Lines, mightThe annual not generalbe practical meeting ofyet. the Shareholders 3. can J. Hall,log in using“Can their Blockchain verified TechnologyThe voting system issues13 Mar. voting-right 2018; https://crypto-lines assets and voting- Estonian tech company LVH Group national online ID and vote at the meeting. token assets to shareholders. A user can spend voting tokens Finally, BEV will shift power away Solve Voting Issues?,” Bitcoin Maga- .com/2018/03/13/blockchain to vote on meeting agenda items if that user owns the related from central actors such as electoral zine, 7 Mar. 2018; https://wwwvoting-right asset. Nasdaq-elections. designed the system. authorities and government agen- .nasdaq.com/article/can-blockchain 12. S. Holder, “Can the Blockchain Tame cies.Sierra27 Leone’sThus, Marchthe technology 2018 general is likelySwiss to startup Agora-technology-solve-voting-issues carried out tallying in This test was consideredMoscow’s a partial Wild deployment Politics?,” of a CityLab, elections two districts. After the voting, a team of blockchain.11 The elections were only verified by blockchain, face resistance from political leadersaccredited observers-cm931347. from different locations not blockchain powered.22 Dec. Agora 2017; provided https://www.citylab an independent vote 28 who benefit from the status quo. manually entered 4. A. approximately Sandre, “Blockchain 400,000 for Votingcount, which was compared.com/life/2017/12/can-the-blockchain with the main tally. ballots into Agora’sand blockchain Elections,” system. Hackernoon, 14 Jan. -tame-moscows-wild-politics/547973. 2018; https://hackernoon.com 13. “A South Korean Province Used lockchain technology is /blockchain-for-voting-and-elections Blockchain Tech for Resident Vot- currently in a nascent state. -9888f3c8bf72. ing,” CCN.com, 8 Mar. 2017; Bwith politicalThere haven’toffices, been blockchains enough an 5. audit.G. Prico,10 PwC“Sierra looked Leone atPilots the pos- Shareholdershttps://www.ccn.com/south-korean of the Estonian tech - coulddistributed-ledger-technology be tailored for that purpose. and sibilityBlockchain-Based that the polling’s Voting for outcome Political nology-province-used-blockchain-tech company LVH Group who blockchain-basedFurthermore, manyapplications Moscow to couldElections,” be manipulated 22 Mar. 2018; by https: internal are -resident-voting.Estonian citizens or Estonian residentssufficiently don’t evaluate have time whether to attend this employees//www.nasdaq.com/article/sierra-leone and external attacks. The e-residents14. “South Korea can now Uses use Blockchain BEV to Tech-make face-to-facetechnology ismeetings. superior So, to meetingscurrent audit-pilots-blockchain-based-voting-for found no reason to be con - corporate-governance-relatednology for Elections,” KryptoMoney, deci- havevoting moved systems. to the Digital Home cerned-political-elections-cm938309. for polls that involved more sions.2 May15 They 2017; can https://kryptomoney log in using their onlineNo platform.full implementation In December of 2017,BEV than 6. B. 300,000 Miller, “Blockchain votes. Voting verified.com/south-korea-uses-blockchain national online ID and vote residentsfor a national began election using ahas blockchain occurred InStartup March Raises 2017, $2.2M,” the South Government Korean at LVH’s-technology-for-elections. annual general meeting. toyet. vote, However, and the weresults argue were that publicly BEV provinceTechnology of Gyeonggi-do, 8 Jan. 2018; employed http: a Estonia’s 15. S. Waterman, e-residency “Nasdaq platform Says Estonia au - auditable.has a future8 Cityin elections officials and believedmight BEV//www.govtech.com/biz/Blockchain system to vote on the Ddabok thenticatesE-Voting e-residentPilot Successful,” shareholders. Cyber- 16 thattransform neighbors voting. should have a con- Community-Voting-Startup-Raises-22M.html. Support Project.13 Nine- EstoniaScoop, plans 25 Jan. to 2017; adopt https://www blockchains venientPolitical environment violence relatedin which to to elec in- thousand7. A. Perala, residents “Voatz Raises voted $2.2 using Million a in a.cyberscoop.com/nasdaq-estonia range of areas such as an fluencetions has their been living common conditions. in Africa The blockchainin Seed Funding,” platform Mobile developed ID World, by e-residency-evoting-pilot. project (which allows officialsand other alsodeveloping believed countries. that a blockBEV- the 9 Jan.Korean 2018; https://mobileidworldfinancial-technology foreign16. K. Aasmae, citizens “Why to establishRipples from a busithis - chaincan ensure would security increase and trust transparency between startup.com/voatz-seed-funding-901093. Block that included smart nessEstonian within Blockchain Estonian Experiment jurisdiction) citizensand reduce and electoral government. violence.12 ItEach can contracts.8. M. Hochstein, The “Moscow’svotes, results, Blockchain and andMay healthcare Be Felt around (securing the World,”health data questionalso produce discussed more by mathematicallythe community otherVoting relevant Platform data Adds were Service stored for in storageZDNet, and 14 allowing Apr. 2016; real-time https://www moni - isaccurate moved toelection BEV. After results. the pollingBecause is a blockchain.High-Rise Neighbors,” No management CoinDesk, or toring.zdnet.com/article/why-ripples-from of patient conditions).17 finished,BEV doesn’t the resultsrequire are managementprovided.9 central15 Mar. authority 2018; https://www.coindesk was involved in In-this-estonian-blockchain-experiment Sierra Leone’s March 2018 fromTo assessa central BEV’s authority, trustworthiness, voting- this .com/moscows-blockchain-votingprocess.14 This was the first general-may-be-felt-around-the-world. elections, Swiss blockchain relatedthe city costs of Moscow will decrease. commissioned Finally, time-platform-adds-service-for-high-rise South Korea applied such a startup17. “How Agora Estonia providedBrought Blockchain a partial BEVthe accounting should reduce firm the PwC cost to of conductpaper- technology.-neighbors. tallyCloser of election to Citizens: results. GovTech11 Agora Case was based elections and increase voter 9. “Digital Home Blockchain Voting Studies,” Cointelegraph, 7 Mar. participation.96 IEEE SOFTWARE | WWW.COMPUTER.ORG/SOFTWARESystem, Active Citizen in |Moscow @IEEESOFTWARE 2017; https://cointelegraph

3498 IEEE SOFTWAREComputingEdge | WWW.COMPUTER.ORG/SOFTWARE | @IEEESOFTWARE August 2018 INVITED CONTENT

one of the accredited observers that government-issued photo identifica- Finally, with BEV, individual provided an independent count for tion cards.21 BEV can improve this votes will be publicly available, while comparison. Agora described Sierra situation. For instance, Voatz ac- voters are masked behind an en- Leone’s elections as a “use case” cepts 10 different official documents crypted key. This offers greater pri- rather than a “full implementation” including driver’s licenses, state vacy and security than traditional of BEV.18 IDs, and passports to verify voter ballot boxes and could reduce voter Finally, Nasdaq has built and identity.22 suppression. Bad actors can’t iden- operated four web-based user inter- BEV can increase the speed with tify voters and therefore can’t target faces for BEV.15 A BEV system issues which votes are tallied. For ex- them.3 voting-right assets and voting-token ample, Agora reported that it pub- assets for each shareholder in a com- lished election results on its website Challenges pany. A user can spend voting tokens five days before the official manual Governments and other stakehold- to cast votes on each meeting agenda counts ended.16 ers will need to address several item if that user owns the related BEV can eliminate ambiguities. major challenges before blockchains voting-right asset. For example, in the 2017 Virginia see widespread use for e-voting. Al- House of Delegates election, the though blockchains are good at pro- Opportunities and Benefits winner was chosen from paper bal- viding security and accuracy, public BEV provides the following oppor- lots placed in a bowl. One vote ini- confidence and trust are necessary tunities and benefits. tially wasn’t counted because that ingredients for BEV’s success. Block- To address voter tampering, voter made confusing marks on the chains’ complexity might hinder blockchains generate cryptographi- ballot.6 Such ambiguity is less likely mainstream public acceptability of cally secure voting records. Votes are to arise with BEV. BEV. 27 Broadband access and digital recorded accurately, permanently, se- BEV can promote greater trans- user skills are also concerns. curely, and transparently.5 So, no one parency and clarity to voters. As of In 2016, the nonprofit Democ- can modify or manipulate votes.19 2017, 23 countries in had adopted racy Earth Foundation used a block- Furthermore, blockchains preserve online voting.23 Current online-voting chain to give Colombian expatriates participants’ anonymity while still processes might be complicated for a voice in the 2016 peace plebiscite being open to public inspection. Al- some voters. It’s not easy to know that was conducted to ratify the though nothing is totally secure, whether a vote was cast as intended agreement to terminate the conflict tampering is nearly impossible with or whether it was counted as cast.23 between the Colombian government blockchains. As we already noted, blockchain and FARC guerillas.28 According BEV might promote more voter results are publicly auditable. to the foundation, a main challenge participation. For instance, corpo- Some security systems in elec- in the deployment blockchain is the rate annual general meetings can be tronic- and online-voting platforms technology’s immaturity. costly events with low shareholder were possibly developed decades ago Let’s now consider software qual- participation. With increasing cross- and are vulnerable to tampering.24 ity. Estimates have suggested that, border investments, companies face Consider the WINVote touchscreen on average, there are from 15 to pressure to increase investor engage- machines made by Advanced Vot- 50 defects per 1,000 LOC.29 ment. BEV is a flexible solution that ing Solutions, which went out of For Ethereum, the blockchain-based enables secure, cost-effective voting business in 2015.25 WINVote ma- distributed-computing platform used to facilitate shareholder participa- chines were used in the 2016 US by Moscow’s Active Citizen pro- tion and voting from a distance.20 elections even though they hadn’t gram (which features smart con- Also, improved identity verifi- had a security patch since April tracts), the number might be twice cation can help increase access and 2014. A security expert found that that. This might be attributed to participation. For example, ac- anyone within a half-mile of a vot- Ethereum’s immaturity. The Econo- cording to a federal court in Texas, ing machine could have altered votes mist quoted a blogger who said that 608,470 registered voters lacked ver- without detection. Blockchains’ de- Ethereum contracts are “candy for ification identification.21 Approxi- centralized nature makes attacks hackers.”29 Also, sufficient observa- mately 11 percent of US citizens lack more difficult.26 tions haven’t yet been accumulated www.computer.org/computingedge JULY/AUGUST 2018 | IEEE SOFTWARE 9735 INVITED CONTENT

to determine blockchain-based plat- References Opens,” BitccoinExchangeGuide forms’ scalability. 1. J. Demuro, “Here Are the 10 Sectors .com; https://bitcoinexchangeguide Traditional voting emphasizes the That Blockchain Will Disrupt For- .com/digital-home-blockchain-voting authority of the state. BEV empha- ever,” TechRadar Pro, 16 Jan. 2018; -system-active-citizen-in-moscow sizes voter transparency. The BEV https://www.techradar.com/news -opens. process is transparent, decentral- /here-are-the-10-sectors-that 10. M.D. Castillo, “Russia Is Leading ized, and bottom-up. BEV might not -blockchain-will-disrupt-forever. the Push for Blockchain Democracy,” perform well in a society whose cul- 2. B. Dickson, “Blockchain Tech Could CoinDesk, 2018; https://www ture and values exhibit low compat- Fight Voter Fraud—and These Coun- .coindesk.com/russias-capital ibility with these values.27 tries Are Testing It,” VentureBeat, -leading-charge-blockchain Also, blockchains require much 22 Oct. 2016; https://venturebeat -democracy. energy to perform authentication .com/2016/10/22/blockchain 11. B. Kimathi, “Why You Shouldn’t and validation, and they’re slow. -tech-could-fight-voter-fraud-and Get Carried Away by Sierra Leone’s So, using them for national e-voting -these-countries-are-testing-it. Blockchain Elections,” Crypto-Lines, might not be practical yet. 3. J. Hall, “Can Blockchain Technology 13 Mar. 2018; https://crypto-lines Finally, BEV will shift power away Solve Voting Issues?,” Bitcoin Maga- .com/2018/03/13/blockchain from central actors such as electoral zine, 7 Mar. 2018; https://www -elections. authorities and government agen- .nasdaq.com/article/can-blockchain 12. S. Holder, “Can the Blockchain Tame cies.27 Thus, the technology is likely to -technology-solve-voting-issues Moscow’s Wild Politics?,” CityLab, face resistance from political leaders -cm931347. 22 Dec. 2017; https://www.citylab who benefit from the status quo.28 4. A. Sandre, “Blockchain for Voting .com/life/2017/12/can-the-blockchain and Elections,” Hackernoon, 14 Jan. -tame-moscows-wild-politics/547973. 2018; https://hackernoon.com 13. “A South Korean Province Used lockchain technology is /blockchain-for-voting-and-elections Blockchain Tech for Resident Vot- currently in a nascent state. -9888f3c8bf72. ing,” CCN.com, 8 Mar. 2017; B There haven’t been enough 5. G. Prico, “Sierra Leone Pilots https://www.ccn.com/south-korean distributed-ledger-technology and Blockchain-Based Voting for Political -province-used-blockchain-tech blockchain-based applications to Elections,” 22 Mar. 2018; https: -resident-voting. sufficiently evaluate whether this //www.nasdaq.com/article/sierra-leone 14. “South Korea Uses Blockchain Tech- technology is superior to current -pilots-blockchain-based-voting-for nology for Elections,” KryptoMoney, voting systems. -political-elections-cm938309. 2 May 2017; https://kryptomoney No full implementation of BEV 6. B. Miller, “Blockchain Voting .com/south-korea-uses-blockchain for a national election has occurred Startup Raises $2.2M,” Government -technology-for-elections. yet. However, we argue that BEV Technology, 8 Jan. 2018; http: 15. S. Waterman, “Nasdaq Says Estonia has a future in elections and might //www.govtech.com/biz/Blockchain E-Voting Pilot Successful,” Cyber- transform voting. -Voting-Startup-Raises-22M.html. Scoop, 25 Jan. 2017; https://www Political violence related to elec- 7. A. Perala, “Voatz Raises $2.2 Million .cyberscoop.com/nasdaq-estonia tions has been common in Africa in Seed Funding,” Mobile ID World, -evoting-pilot. and other developing countries. BEV 9 Jan. 2018; https://mobileidworld 16. K. Aasmae, “Why Ripples from this can ensure security and transparency .com/voatz-seed-funding-901093. Estonian Blockchain Experiment and reduce electoral violence. It can 8. M. Hochstein, “Moscow’s Blockchain May Be Felt around the World,” also produce more mathematically Voting Platform Adds Service for ZDNet, 14 Apr. 2016; https://www accurate election results. Because High-Rise Neighbors,” CoinDesk, .zdnet.com/article/why-ripples-from BEV doesn’t require management 15 Mar. 2018; https://www.coindesk -this-estonian-blockchain-experiment from a central authority, voting- .com/moscows-blockchain-voting -may-be-felt-around-the-world. related costs will decrease. Finally, -platform-adds-service-for-high-rise 17. “How Estonia Brought Blockchain BEV should reduce the cost of paper- -neighbors. Closer to Citizens: GovTech Case based elections and increase voter 9. “Digital Home Blockchain Voting Studies,” Cointelegraph, 7 Mar. participation. System, Active Citizen in Moscow 2017; https://cointelegraph

3698 IEEE SOFTWAREComputingEdge | WWW.COMPUTER.ORG/SOFTWARE | @IEEESOFTWARE August 2018 INVITED CONTENT

.com/news/how-estonia-brought- blockchain-closer-to-citizens -govtech-case-studies. 18. D. Finnan, “Sierra Leone’s Electoral NIR KSHETRI is a professor of management at the Bryan School of Commission Distances Itself from Business and Economics, University of North Carolina at Greensboro. Use of Blockchain during Polls,” RFI, Contact him at [email protected]. 18 Mar. 2018; http://en.rfi.fr/africa /20180319-sierra-leones-electoral -commission-distances-itself-use -blockchain-during-polls. 19. K. Leary, “Blockchain Might Be about to Change the Way We Vote,” JEFFREY VOAS was a cofounder of Cigital and is an IEEE Fellow. World Economic Forum, 13 Sept. Contact him at [email protected]. 2017; https://www.weforum.org /agenda/2017/09/blockchain-could -be-about-to-change-how-you-vote, AUTHORS THE ABOUT 2017. 20. R. DeMarinis, “Is Blockchain the Answer to E-Voting? Nasdaq Believes So,” Nasdaq, 23 Jan. 2017; http: //business.nasdaq.com/marketinsite /2017/Is-Blockchain-the-Answer-to -E-voting-Nasdaq-Believes-So.html. 24. P. Marley and J. Stein, “Russians 28. C. van Ooijen, “How Blockchain 21. S. Horwitz, “Getting a Photo ID So Tried to Hack Election Systems of 21 Can Change Voting: The Colombian You Can Vote Is Easy. Unless You’re States in 2016, Officials Say,” USA Peace Plebiscite,” Forum Network, Poor, Black, Latino or Elderly,” Today, 22 Sept. 2017; https://www 20 Dec. 2017; https://www.oecd Washington Post, 23 May 2016; .usatoday.com/story/news/nation -forum.org/users/76644-charlotte https://www.washingtonpost.com -now/2017/09/22/wisconsin-one -van-ooijen/posts/28703-how /politics/courts_law/getting-a-photo -20-states-targeted-russian-hacking -blockchain-can-change-voting-the -id-so-you-can-vote-is-easy-unless -elections-systems-2016/694719001. -colombian-peace-plebiscite. -youre-poor-black-latino-or-elderly 25. K. Zetter, “Virginia Finally Drops 29. “Not-So-Clever Contracts,” Econo- /2016/05/23/8d5474ec-20f0 America’s ‘Worst Voting Machines,’” mist, 28 July 2016; https://www -11e6-8690-f14ca9de2972_story Wired, 17 Aug. 2015; https://www .economist.com/news/business .html?noredirect5on&utm_term .wired.com/2015/08/virginia-finally /21702758-time-being-least-human 5.233edc07152e. -drops-americas-worst-voting -judgment-still-better-bet-cold 22. E. Kuebler, “Making Voting, Elec- -machines. -hearted. tions Both Secure and Accessible with 26. B. Barrett, “America’s Electronic Blockchain Technology,” Bitcoin Voting Machines Are Scarily Easy Magazine, 11 Jan. 2018; https: Targets,” Wired, 2 Aug. 2016; //bitcoinmagazine.com/articles/making https://www.wired.com/2016/08 This article originally appeared in -voting-elections-both-secure-and /americas-voting-machines-arent IEEE Software, vol. 35, no. 4, 2018. -accessible-blockchain-technology. -ready-election. 23. D. Lohrmann, “Can Blockchain 27. P. Boucher, What If Blockchain Technology Secure Your Vote?,” Technology Revolutionised Voting?, Government Technology, 29 Apr. European Parliamentary Research 2017; http://www.govtech.com/blogs Service, 2016; http://www.europarl Read your subscriptions /lohrmann-on-cybersecurity/can .europa.eu/thinktank/en/document through the myCS publications portal at -blockchain-technology-secure-your .html?reference5EPRS_ATA http://mycs.computer.org -vote.html. (2016)581918. www.computer.org/computingedge JULY/AUGUST 2018 | IEEE SOFTWARE 9937

DEPARTMENT: Tools and Products

Putting VR/AR to Work

Amit Agrawal Kleene Closure Consulting Virtual Reality (VR) and Augmented Reality (AR) have Editor: Amit Agrawal received a lot of attention in the last few years. This [email protected] article studies the current state of the VR/AR penetration in the enterprise and highlights a few examples where these technologies have been successful.

As virtual reality (VR) and augmented reality (AR) technologies endeavor to find their place in the consumer space, their contribution to the enterprise is becoming increasingly clear. The benefits accrued are (a) cost reduction and faster times to market by reducing the need to develop physical prototypes and finding defects early, (b) the ability to inexpensively study and address human–machine interface (HMI) issues, and (c) easy enterprise-wide collaboration and training. Upskill Technologies, working with GE, used Google Glass to demonstrate performance improvement of a user undertaking equipment maintenance tasks by 34%, in a first-time use of the technology.1 Other case studies from Boeing, GE Healthcare, and other firms have shown productivity improvements on an average of 32%. To put this in perspective, productivity growth in the US has averaged 0.5% from 2011 to 2016, compared to 3% from 1996 to 2005. Other notable examples include the use of Hololens at Japan Airlines to provide supplemental training for engine mechanics and flight crew trainees as well as Bechtel and Industrial Training International (ITI) partnering to train workers on operating cranes in VR. We detail the expected future advancements below.

REDUCED COST AND FASTER TIME TO MARKET Building physical prototypes is expensive and time-consuming; replacing them with virtual prototypes allows for several iterations for the cost of a single prototype. This not only reduces cost but also makes iterations more efficient, thereby providing a faster time to market. As Jacques Delacour, CEO of OPTIS, a virtual prototyping company, puts it, “The goal is to have zero physical prototypes.” Autodesk (Inventor, VRED), ESI Group (IC.IDO), and OPTIS (OMS2, SPEOS, Thea RT) all provide functionalities for VR in the enterprise, especially in the automotive and aerospace industries. Among these, OPTIS stands out for its focus on physically accurate simulations. For example, it treats light as multi-spectral energy rather than three-color channels, does a physically accurate simulation of light transport, and then maps the resulting energy into the device range by accurately simulating the human perceptual system. Among other things, it models

• The polarization of light required for simulation of glare.

IEEE Computer Graphics and Applications Published by the IEEE Computer Society 38 August 2018 Published by the IEEE Computer Society 0272-1716/18/$33.002469-7087/18/$33.00 ©2018© 2018 IEEE IEEE January/February 2018 115 IEEE COMPUTER GRAPHICS AND APPLICATIONS

• An average of about a 100 channels for light modeling, which can be decreased or increased depending on requirements. DEPARTMENT: Tools and Products • Mapping of high dynamic range energy information into the device range by simulating human perception. For example, OPTIS models glare depending on the person’s age and can predict who will be able to read the displays.

This year, OPTIS launched light painting with Theia-RT 2017 (see Figure 1). Putting VR/AR to Work

As virtual reality (VR) and augmented reality (AR) technologies endeavor to find their place in the consumer space, their contribution to the enterprise is becoming increasingly clear. The ben- Figure 1. Theia-RT speeds up lighting design: designers paint the desired lighting, and the system efits accrued are (a) cost reduction and faster times to market by reducing the need to develop automatically figures out the parameters of the lighting system. (Photo credit: OPTIS.) physical prototypes and finding defects early, (b) the ability to inexpensively study and address human–machine interface (HMI) issues, and (c) easy enterprise-wide collaboration and training. Upskill Technologies, working with GE, used Google Glass to demonstrate performance im- ENABLING NEW APPLICATIONS provement of a user undertaking equipment maintenance tasks by 34%, in a first-time use of the technology.1 Other case studies from Boeing, GE Healthcare, and other firms have shown Another area of advancement in AR/VR includes novel applications where none existed before productivity improvements on an average of 32%. To put this in perspective, productivity or were even possible. growth in the US has averaged 0.5% from 2011 to 2016, compared to 3% from 1996 to 2005. An example in this category is Aeroglass (http://glass.aero; see Figure 2), which provides a solu- Other notable examples include the use of Hololens at Japan Airlines to provide supplemental tion to pilots’ unique need to visualize terrain, navigation, traffic, instruments, weather, and air- training for engine mechanics and flight crew trainees as well as Bechtel and Industrial Training space information, with access to vital safety procedures and protocols—all within the confines International (ITI) partnering to train workers on operating cranes in VR. of a cockpit. We detail the expected future advancements below.

IEEE Computer Graphics and Applications Published by the IEEE Computer Society 0272-1716/18/$33.00 ©2018 IEEE www.computer.org/computingedge 39 January/February 2018 115 January/February 2018 116 www.computer.org/cga TOOLS AND PRODUCTS

This solution can be used with various head-mounted displays (HMDs) including Osterhout De- sign Group’s smart glasses (http://www.osterhoutgroup.com/products) and Epson Moverio, among others. The app won the best app of the Auggie Awards (http://events.bizzabo.com/AWE2017/page/1007706/2017-auggie-awards) at the Augmented World Expo this year. Similarly, 8ninths developed a Holographic Workstation for stock trading2 (see Figure 3) for Citi Traders on the Hololens platform, which clearly demonstrates viable visualization and collaboration possibilities as the technology becomes more widely available.

Figure 3. Stock trading using AR. The stock trader (top) looks at the visualization of stocks to find a desirable trade. He then discusses it with his client (bottom) who views the close-up of the visualization and gives a go-ahead to proceed with the trade.

IMPROVED IMMERSION A third area of advancement in AR/VR is the ability to provide better immersive experience by having a larger field of view, an untethered experience, or a multi-sensory experience, especially haptics. Even though the advancements in this area are primarily being driven by consumer VR/AR, the results will benefit the enterprise, especially when dealing with HMI. In VR, a large field of view is extremely important to provide immersion. Among the current players, HTC Vive provides the best field of view with a horizontal field of view at 100°. Two new players are VR Union (http://vrunion.com; headset: Claire VR) with a field of view of 170°, and Star VR (http://www.starvr.com) with a 210° horizontal and 130° vertical field of view. See the sidebar, “Further Resources,” at the end of the article for links to more tools and products in this area.

CONCLUSION Whether VR/AR succeeds in the consumer space—and we certainly hope that it does—it is clear that it is here to stay in the enterprise.

40 ComputingEdge August 2018 January/February 2018 117 www.computer.org/cga TOOLS AND PRODUCTS IEEE COMPUTER GRAPHICS AND APPLICATIONS

This solution can be used with various head-mounted displays (HMDs) including Osterhout De- REFERENCES sign Group’s smart glasses (http://www.osterhoutgroup.com/products) and Epson Moverio, among others. The app won the best app of the Auggie Awards 1. M. Abraham and M. Annunziata, “Augmented Reality Is Already Improving Worker Performance,” Harvard Business Review, 2017; https://hbr.org/2017/03/augmented- (http://events.bizzabo.com/AWE2017/page/1007706/2017-auggie-awards) at the Augmented reality-is-already-improving-worker-performance. World Expo this year.

2 2. I. Kar, “Citigroup Wants to Bring Microsoft’s Hololens and Augmented Reality to Similarly, 8ninths developed a Holographic Workstation for stock trading (see Figure 3) for Citi Stock Trading,” Quartz, 2016; https://qz.com/650872/citigroup-wants-to-bring- Traders on the Hololens platform, which clearly demonstrates viable visualization and collabora- microsofts-hololens-and-augmented-reality-to-stock-trading. tion possibilities as the technology becomes more widely available.

Figure 3. Stock trading ABOUT THE AUTHOR using AR. The stock trader Amit Agrawal is the principal at Kleene Closure Consulting. His research interests include (top) looks at the machine learning and its applications, serious games, and non-photoreal rendering. Agrawal visualization of stocks to received a PhD in Geometric Modeling from the Institute of Robotics and Intelligent Sys- find a desirable trade. He tems at the University of Southern California. Contact him at [email protected]. then discusses it with his client (bottom) who views the close-up of the SIDEBAR: FURTHER RESOURCES visualization and gives a A few companies provide add-ons to existing HMDs to make an untethered experience possible. go-ahead to proceed with Notable among these at the time of writing this article are TPCast (http://uploadvr.com/tpcast- the trade. wireless-vive-impressions), DisplayLink (http://www.displaylink.com/vr), and Sixa (http://www.tomshardware.com/news/sixa-rivvr-wireless-vr-tested,34064.html; Rivvr). The challenge is compressing the data streams, maintaining a low latency, while preserving a good experience. HP addresses the problem by putting the workstation in a backpack (HP Z VR Back- pack G1 Workstation; http://www8.hp.com/h20195/v2/GetDocument.aspx?docname=4AA7- 0460ENUC). Even though a few companies are exploring full body suits for haptics (for example, AxonVR [http://axonvr.com], Synesthesia suit [http://www.wired.com/2015/12/rez-infinite-vr-suit/], Rap- ture Vest [http://www.vrdb.com/hardware/rapture-vest], and Teslasuit [https://teslasuit.io/]), for the enterprise Go Touch VR (http://www.wareable.com/vr/go-touch-vr-haptic-finger-accessory- 7765), Tactical Haptic (http://www.roadtovr.com/tactical-haptics-2-2-million-seed-investment- grant-haptic-vr-controller), and Omnipulse (http://venturebeat.com/2017/05/14/cornells-haptic- skin-gives-vr-a-more-human-touch/) technologies may be the ones to watch because they may provide a better problem–solution fit. IMPROVED IMMERSION A third area of advancement in AR/VR is the ability to provide better immersive experience by having a larger field of view, an untethered experience, or a multi-sensory experience, especially This article originally appeared in haptics. Even though the advancements in this area are primarily being driven by consumer IEEE Computer Graphics and VR/AR, the results will benefit the enterprise, especially when dealing with HMI. Applications, vol. 38, no. 1, 2018. In VR, a large field of view is extremely important to provide immersion. Among the current players, HTC Vive provides the best field of view with a horizontal field of view at 100°. Two new players are VR Union (http://vrunion.com; headset: Claire VR) with a field of view of 170°, and Star VR (http://www.starvr.com) with a 210° horizontal and 130° vertical field of view. See the sidebar, “Further Resources,” at the end of the article for links to more tools and products in this area.

CONCLUSION Whether VR/AR succeeds in the consumer space—and we certainly hope that it does—it is clear that it is here to stay in the enterprise.

www.computer.org/computingedge 41 January/February 2018 117 www.computer.org/cga January/February 2018 118 www.computer.org/cga

DEPARTMENT: NOTES FROM THE COMMUNITY

Real, Unreal, and Hacked

Mary Baker This installment of Notes from the Community covers HP Labs emerging virtual, augmented, and mixed reality Editor: applications; security and privacy issues related to Mary Baker [email protected] Internet of Things devices; and talking fish.

This department offers a summary of interesting news and research in pervasive and mobile computing, with content drawn from submissions to a shared community on the social news site Reddit, at www.reddit.com/r/pervasivecomputing. We encourage you to join our subreddit and spread the news of this site to others, so that together we can build a sustainable online community for all aspects of pervasive and ubiquitous computing.

This quarter I present contributions from the pervasive computing community around two main themes: a brave new world of virtual reality (VR), augmented reality (AR), and mixed reality (MR) applications; and the disturbing reality of our current world of network-connected devices.

MIXED, AUGMENTED, AND VIRTUALIZED From the many VR, AR, and even MR links submitted to our subreddit, it’s clear these technologies are moving into the mainstream. Training, shopping, and entertainment experiences figure prominently, and their quality is improving. In the past, many VR experiences took you through someone else’s storyline in dark, lonely, and sinister spaces while wearing an uncomfortable headset and trying not to trip over real cords that don’t exist virtually. This situation is getting better, and perhaps sometime soon we can all escape to bright, airy, and comfortable unreal places where we’ll never feel the need to clean a dirty counter or pick up a family member’s dis- carded socks. AR applications are likewise advancing, although sometimes I think I’d prefer a de-augmented reality so that I can exist in my usual places, but with all the dirt and clutter whisked away.

Black Friday Walmart, the world’s biggest retail store, trains about 150,000 employees every year at its 200 US Walmart Academy training centers. Part of this training is instructing employees how to interact with customers in different scenarios and manage situations such as a Black Friday crush. In partnership with STRIVR, Walmart will be supplementing this instruction with VR experiences for everyone from baggers to store managers via Occulus Rift headsets, gaming PCs, and 360-degree video with on-screen cues that require the student to make decisions.1 STRIVR has developed training for college and professional athletic programs, and the partnership with Walmart came about when a senior director of operations at Walmart observed a college football

IEEE Pervasive Computing Published by the IEEE Computer Society January–March42 2018 August 2018 Published104 by the IEEE Computer Society 1536-1268/18/$33.002469-7087/18/$33.00 ©2018© 2018 IEEE IEEE IEEE PERVASIVE COMPUTING

team using STRIVR’s VR system. If you already find some VR experiences unnerving, imagine being stuck in a VR Black Friday crowd! At least it wouldn’t be lonely. DEPARTMENT: NOTES FROM THE COMMUNITY

Benched Disney’s Magic Bench2 takes a different approach: instead of being instrumented, the user enters an instrumented environment. This avoids the isolating requirement for headsets and instead pro- motes a shared experience. The experience is triggered when people sit on the bench (see Figure Real, Unreal, and Hacked 1), and different numbers of people trigger different experiences.

MIXED, AUGMENTED, AND VIRTUALIZED Figure 1. On Disney’s Magic Bench, an elephant hands a visitor a golden sphere. (Source: From the many VR, AR, and even MR links submitted to our subreddit, it’s clear these technolo- Dorothea Rueger of Disney Research; used with permission.) gies are moving into the mainstream. Training, shopping, and entertainment experiences figure prominently, and their quality is improving. In the past, many VR experiences took you through The bench is instrumented with sensors and haptic feedback that enables users to “feel” when a someone else’s storyline in dark, lonely, and sinister spaces while wearing an uncomfortable character sits beside them. Because the experience is strictly associated with the bench, the sys- headset and trying not to trip over real cords that don’t exist virtually. This situation is getting tem doesn’t have to track a user in the space. Magic Bench combines streams from a depth-sens- better, and perhaps sometime soon we can all escape to bright, airy, and comfortable unreal ing camera and an RGB camera in real time to capture a 3D model of the scene into which the places where we’ll never feel the need to clean a dirty counter or pick up a family member’s dis- characters can be inserted. This means that users can move both in front of and behind the ani- carded socks. AR applications are likewise advancing, although sometimes I think I’d prefer a mated characters, which they couldn’t do if the characters were just superimposed on top of a de-augmented reality so that I can exist in my usual places, but with all the dirt and clutter video of the scene. The user experiences the interactions by looking at a display, akin to looking whisked away. in a mirror. The researchers call this a third-party point-of-view experience, and it’s a bit like storytelling in real time with users as characters in the story they’re seeing. Black Friday For those who’ve experienced Magic Bench, I invite feedback about whether it’s disconcerting Walmart, the world’s biggest retail store, trains about 150,000 employees every year at its 200 to see other characters on the bench in the display, and then turn your head to see empty space beside you on the real bench. Some of the researchers’ photos show people with heads turned to US Walmart Academy training centers. Part of this training is instructing employees how to in- gaze at characters beside them, which seems perhaps confusing. On the other hand, this could teract with customers in different scenarios and manage situations such as a Black Friday crush. In partnership with STRIVR, Walmart will be supplementing this instruction with VR experi- hardly be more bizarre than some of the experiences I’ve had with real characters on benches at theme parks. ences for everyone from baggers to store managers via Occulus Rift headsets, gaming PCs, and 360-degree video with on-screen cues that require the student to make decisions.1 STRIVR has developed training for college and professional athletic programs, and the partnership with Walmart came about when a senior director of operations at Walmart observed a college football

IEEE Pervasive Computing Published by the IEEE Computer Society January–March 2018 104 1536-1268/18/$33.00 ©2018 IEEE January–Marchwww.computer.org/computingedge 2018 105 www.computer.org/pervasive43 NOTES FROM THE COMMUNITY

A Better Place to Sit Speaking of benches, as well as sofas and chairs, the main use for Apple’s ARKit (developer.apple.com/arkit) seems to be cluttering up public spaces with virtual furniture. My favorite example is Scott Stein’s tweet “Excuse me, I’m just laying out IKEA furniture on a subway platform” complete with a video of the experience (twitter.com/jetscott/status/910187172648677381). Oth- ers have tried to cram virtual furniture into elevators, which in the case of Dami Lee’s attempt seems to cause rolling chairs to take off flying.3 For those of us living in tiny spaces, this app could truly prove useful, as we’ll be able to determine, without driving around to furniture stores and steering past couples arguing about TV stands, that there truly is no such thing as a cabinet that fits in any room of our homes. If we just add large-scale sharing to this app we’ll have the new Pokémon Go.4 “Quick, catch that flying Ektorp!” On some Augmented Errors occasions, reality is On some occasions, reality is better left unaugmented, especially when the technology misbehaves. Henry Everett’s tweet “Getting some er- better left rors in #ARKit today” is a hilarious example of how not to manage error messages in AR—or anywhere else, really. See unaugmented, twitter.com/henryeverett/status/897798154401329152 for his short video of populating an otherwise reasonable office space with streams especially when the of unhelpful notifications. This echoes the more imaginary (but equally convincing) AR dysfunction predicted by Keiichi Matsuda in technology his Hyper-Reality video covered in a previous edition of this department.5 The possible combinations of real and unreal are fascinating. In misbehaves. this case, real error messages become unreal objects in a real scene.

THE INTERNET OF TROUBLE We continue to see a parade of news reports on new Internet of Things (IoT) exploits and hacked systems, and I include a few of them here. One particularly troubling point is that however much we would like to see the scope of exploits diminish over time, it doesn’t seem to be happening, as indicated by the large number of devices susceptible to the BlueBorne attack described below. [In fact, between the time of writing this column and going to press, even larger-scale vulnerabilities have come to light, including the Wi-Fi KRACK attack (www.krackattacks.com) and the pernicious Meltdown and Spectre vulnerabilities (meltdownattack.com). Even the fitness-track- ing world learned that the Strava heat map of user activity can give away the locations of military bases (www.wired.com/story/strava-heat-map-military-bases-fitness-trackers-privacy). It’s too late to cover these disasters here, but they reinforce the perception that IoT exploits are actually increasing, not diminishing.]

Exercise-Free Fitness Researchers recently published work on vulnerabilities they found in Fitbit fitness trackers that allow attackers to obtain users’ private data or inject false data into fitness records.6 This latter attack means that people can claim to have performed more fitness activity than they actually engaged in, leading to insurance fraud and other malfeasance. One takeaway from this work is that security by obscurity isn’t much security at all. The researchers provide five suggestions for securing future products, some of which Fitbit is already incorporating. First, device firmware should consistently enforce end-to-end encryption between trackers and remote servers. Second, error and status notifications shouldn’t reveal additional information related to the contents of real protocol messages—this flaw allows reverse-engineering the protocol by indicating what’s expected in a message. Third, messages should be signed with an individual signature subkey derived from the device key. Fourth, hardware-supported memory readout protection is important or it becomes possible to modify activity data in the tracker’s memory directly, despite

January–March44 2018 ComputingEdge 106 www.computer.org/pervasive August 2018 NOTES FROM THE COMMUNITY IEEE PERVASIVE COMPUTING

A Better Place to Sit end-to-end encryption. Fifth, the system should include fraud-detection measures such as check- Speaking of benches, as well as sofas and chairs, the main use for Apple’s ARKit (developer.ap- ing for unusual fitness activity from an account. ple.com/arkit) seems to be cluttering up public spaces with virtual furniture. My favorite example is Scott Stein’s tweet “Excuse me, I’m just laying out IKEA furniture on a subway platform” complete with a video of the experience (twitter.com/jetscott/status/910187172648677381). Oth- Capture by Bluetooth ers have tried to cram virtual furniture into elevators, which in the case of Dami Lee’s attempt Armis recently announced security vulnerabilities via Bluetooth affecting Windows, iOS (prior seems to cause rolling chairs to take off flying.3 For those of us living in tiny spaces, this app to version 10), Linux, and Android operating systems—essentially anything a user is likely to could truly prove useful, as we’ll be able to determine, without driving around to furniture stores run on a smartphone or desktop.7 As of this writing, patches and updates are available for Win- and steering past couples arguing about TV stands, that there truly is no such thing as a cabinet dows, Linux, and some Android phones. In addition, there are uncountable Bluetooth-enabled that fits in any room of our homes. If we just add large-scale sharing IoT devices that are susceptible. Armis calls the attack vector leading to these vulnerabilities to this app we’ll have the new Pokémon Go.4 “Quick, catch that flying BlueBorne, and it lets bad actors take over control of the target device, access private data and Ektorp!” networks, and infect adjacent devices by performing remote code execution and man-in-the-middle attacks. Target devices don’t need to be paired to the attacker’s device or even be in “discov- On some erable” mode. The attacks can take place simply by being near an attacker and only take about Augmented Errors 10 seconds, and the targeted device’s user might remain entirely una- occasions, reality is On some occasions, reality is better left unaugmented, especially when ware. Unless you can update your system, it’s currently wisest to turn off Bluetooth whenever you don’t really require it. the technology misbehaves. Henry Everett’s tweet “Getting some er- better left rors in #ARKit today” is a hilarious example of how not to manage er- An attacker needs to determine the targeted device’s MAC address, Unless you can ror messages in AR—or anywhere else, really. See unaugmented, which isn’t difficult. Bluetooth connections are encrypted, but the twitter.com/henryeverett/status/897798154401329152 for his short packet headers are in plaintext and include enough information to de- update your video of populating an otherwise reasonable office space with streams especially when the rive the MAC address. If the device offers no Bluetooth traffic at all to of unhelpful notifications. This echoes the more imaginary (but sniff, then it can still be possible to guess the MAC address by sniffing system, it’s equally convincing) AR dysfunction predicted by Keiichi Matsuda in technology Wi-Fi traffic, as Wi-Fi MAC addresses are unencrypted and are often his Hyper-Reality video covered in a previous edition of this depart- the same as the Bluetooth MAC address or differ only in the last digit. currently wisest to ment.5 The possible combinations of real and unreal are fascinating. In misbehaves. Once the attackers have the MAC address, they can send Bluetooth this case, real error messages become unreal objects in a real scene. unicast packets to the device, ultimately opening up the attack surface turn off Bluetooth due to problems in several areas of the unnecessarily complex Blue- tooth stack. whenever you don’t THE INTERNET OF TROUBLE really require it. We continue to see a parade of news reports on new Internet of Things (IoT) exploits and hacked systems, and I include a few of them here. One particularly troubling point is that however much Speaking of Patches we would like to see the scope of exploits diminish over time, it doesn’t seem to be happening, Vulnerabilities such as BlueBorne highlight the need for manufactur- as indicated by the large number of devices susceptible to the BlueBorne attack described below. ers to provide regular patches and updates for their products. This is one of the main points in ACM’s recent policy statement on IoT secu- [In fact, between the time of writing this column and going to press, even larger-scale vulnerabil- rity and privacy.8 The policy calls for considering the entire product lifecycle, from requirements ities have come to light, including the Wi-Fi KRACK attack (www.krackattacks.com) and the to end-of-life, and mentions many important issues such as changes of ownership and abandoned pernicious Meltdown and Spectre vulnerabilities (meltdownattack.com). Even the fitness-track- and legacy components. Unfortunately, the document provides little detail on how to address ing world learned that the Strava heat map of user activity can give away the locations of mili- these issues. For instance, it suggests that technically limited IoT components should make use tary bases (www.wired.com/story/strava-heat-map-military-bases-fitness-trackers-privacy). It’s of advances in “lightweight” cryptography, but it doesn’t describe how to handle legitimate ef- too late to cover these disasters here, but they reinforce the perception that IoT exploits are actu- forts to recover control over large numbers of misbehaving legacy devices that are cryptograph- ally increasing, not diminishing.] ically secured and to which people no longer have the keys. As another example, patches and software updates are critical but are also a vulnerability themselves, as we’ll see next. Exercise-Free Fitness Researchers recently published work on vulnerabilities they found in Fitbit fitness trackers that Locked out of House and Internet allow attackers to obtain users’ private data or inject false data into fitness records.6 This latter One point that inevitably comes up in discussions about IoT security is the large-scale attack attack means that people can claim to have performed more fitness activity than they actually path through software updates of devices. An attacker who can push an update can take over, engaged in, leading to insurance fraud and other malfeasance. One takeaway from this work is break, or disable all of the targeted products. A recent event9 shows that this problem doesn’t that security by obscurity isn’t much security at all. The researchers provide five suggestions for even require an attacker—a company can accidentally do this to its own products. Smart lock securing future products, some of which Fitbit is already incorporating. First, device firmware manufacturer LockState pushed a software update intended for one model of Internet-connected should consistently enforce end-to-end encryption between trackers and remote servers. Second, locks to a different model, causing the receiving devices to suffer a fatal error. The approxi- error and status notifications shouldn’t reveal additional information related to the contents of mately 500 affected locks can no longer be updated over the air, preventing customers from real protocol messages—this flaw allows reverse-engineering the protocol by indicating what’s locking or unlocking them the “smart” way. This is particularly problematic for Airbnb hosts expected in a message. Third, messages should be signed with an individual signature subkey who remotely set locks for guests. Customers can return part of the lock for a firmware update or derived from the device key. Fourth, hardware-supported memory readout protection is im- get a replacement lock, but this takes several days. In the meantime, the “dumb” method of a portant or it becomes possible to modify activity data in the tracker’s memory directly, despite physical key will still work the lock.

January–March 2018 106 www.computer.org/pervasive January–Marchwww.computer.org/computingedge 2018 107 www.computer.org/pervasive45 NOTES FROM THE COMMUNITY

Hearing Ghostly Voices Researchers from Zhejiang University report that smart assistants such as Siri, Google Now, Samsung S Voice, Huawei HiVoice, Cortana, some vehicle systems, and Amazon Alexa can be controlled via ultrasonic frequencies, which means mischief makers can secretly issue commands to the devices without requiring a network connection to them.10 The researchers’ attack takes spoken voice commands and modulates them to ultrasonic frequencies so people can’t hear them. Because audio-enabled devices employ low-pass filters to screen out unwanted sound, it’s surprising that the authors can cause the devices to demodulate and recognize the speech. How- ever, the nonlinearity of electric microphones means they can produce distortions that in turn generate new frequencies. A crafted input signal will then be down-converted and the baseband signal recovered. The end result is that device owners might not hear when others issue commands that cause their devices to visit malicious websites, initiate calls, or turn on audio and video recording of the environment. One defense is to turn off the “always-on” aspect of the voice assistants, but this defeats their purpose. The researchers suggest several fixes including using microphones that don’t allow signals outside the audible range and adding a module in front of the low-pass filter to detect the modulated voice commands.

Hearing TV Voices It’s not just inaudible commands we should worry about around our digital assistants. Very audible commands from media over which you don’t have fine-grained control can also cause problems. Broadcast TV is one such example, as viewers of the first episode of the 21st season of South Park recently found out. The episode features a story concerning whether and how digital assistants should take the place of human ones. Any viewers with an Amazon Echo in hearing range received early-morning alarms and Cartman-style gross items added to their shopping lists.11 Do you know any Echo owners you’d like to troll? Do they have an audible answering machine in the same room as their Echo? Should you give them a call?

SECURITY AND PRIVACY ISSUES The arrival of so many new Internet-connected devices with sensors raises a host of privacy questions. What should be private, if anything, in public spaces? What counts as a private space now, and how much should third parties be able to learn about that space and those in it? How can consumers find out if a company has told them everything they need to understand their level of privacy with a product? How can people determine the degree to which they can be tracked and observed, especially if it’s possible for devices to “see” and “hear” them without the need for traditional cameras and microphones? The stories we include here all touch on some of these questions, although they don’t all provide answers.

Sensing the Neighborhood A company called Flock has developed a sensor that records the license plate of every passing car. The sensor is intended for monitoring neighborhood crime, and one person has already been convicted due to evidence captured by the device. The offender drove into a monitored area, stole a bike, put it into the back of his car, and drove off. The device captured his vehicle’s plates and his face, visible through the open window, as well as the bike which was visible in the open trunk. On public streets this kind of data collection seems to be legal, according to Albert Gidari, director of privacy at Stanford Law School’s Center for Internet and Society.12 However, it also raises the issue of whether one person’s desire for security can acceptably infringe on others’ desire to be forgotten in public, a concept somewhat related to the right to erasure in the EU’s Gen- eral Data Protection Regulation.13 It might no longer be achievable or even reasonable to aspire to anything other than complete visibility and recording in public spaces. Perhaps that has always been the case, and it’s merely that the scope and ease of such recording has increased dra- matically. Flock devices are available for $50 per household, and according to the company the data will only be available to “neighborhood leaders.”

January–March46 2018 ComputingEdge 108 www.computer.org/pervasive August 2018 NOTES FROM THE COMMUNITY IEEE PERVASIVE COMPUTING

Hearing Ghostly Voices Sensing Your Home Researchers from Zhejiang University report that smart assistants such as Siri, Google Now, If you have an Amazon Echo from before 2017, don’t let any strangers sneak up on it. Re- Samsung S Voice, Huawei HiVoice, Cortana, some vehicle systems, and Amazon Alexa can be searcher Mark Barnes recently revealed an exploit for rooting a pre-2017 Echo and turning it into controlled via ultrasonic frequencies, which means mischief makers can secretly issue com- an always-on microphone that doesn’t require a wake-up word to record audio. To do this, the mands to the devices without requiring a network connection to them.10 The researchers’ attack attacker first uncovers some small metal connectors, one of which enables the device to read data takes spoken voice commands and modulates them to ultrasonic frequencies so people can’t hear from an SD card. Then the attacker can load software such as a modified bootloader from the SD them. Because audio-enabled devices employ low-pass filters to screen out unwanted sound, it’s card, making it possible to install malware of choice. The exploit requires physical access to the surprising that the authors can cause the devices to demodulate and recognize the speech. How- device, but not all devices are placed where only trusted people will ever have access to them.14 ever, the nonlinearity of electric microphones means they can produce distortions that in turn generate new frequencies. A crafted input signal will then be down-converted and the baseband signal recovered. The end result is that device owners might not hear when others issue commands that cause their devices to visit malicious websites, initiate calls, or turn on audio and Spotting You video recording of the environment. One defense is to turn off the “always-on” aspect of the Amazon announced several new versions of the Echo in time for the 2017 winter holidays, in- voice assistants, but this defeats their purpose. The researchers suggest several fixes including cluding their smart alarm clock called the Echo Spot. With it you can do all the usual Alexa using microphones that don’t allow signals outside the audible range and adding a module in things, but what makes this device interesting is that it includes a display and a camera so that front of the low-pass filter to detect the modulated voice commands. people can make video calls from their beds. Author Tom Warren hypothesizes that the device is “a very clever way of making you comfortable with having a camera in your bedroom. It’s also a camera that will probably be pointing directly at your bed.”15 Warren goes on to suggest that Hearing TV Voices consumers will be okay with this now, when they might not have been in the past, because “privacy concerns and social norms are now being broken down through devices like the Echo It’s not just inaudible commands we should worry about around our digital assistants. Very audi- Spot.” As evidence, the author points out that people are no longer concerned about buying lap- ble commands from media over which you don’t have fine-grained control can also cause prob- tops with webcams. Given the number of laptops I still see today with taped-over webcams, and lems. Broadcast TV is one such example, as viewers of the first episode of the 21st season of even phones kept in covers partly for the same reason, I’m not sure this is true. Warren also as- South Park recently found out. The episode features a story concerning whether and how digital serts that the chance of hackers targeting your device are very low, because “security has also assistants should take the place of human ones. Any viewers with an Amazon Echo in hearing progressed alongside camera advancements.” Such devices bring up fascinating discussion range received early-morning alarms and Cartman-style gross items added to their shopping points about what types of sensors people find comfortable in what lists.11 Do you know any Echo owners you’d like to troll? Do they have an audible answering kinds of spaces and for what purposes, as well as how much brand machine in the same room as their Echo? Should you give them a call? name affects their degree of trust. It doesn’t require a SECURITY AND PRIVACY ISSUES Spotting You without a Camera The arrival of so many new Internet-connected devices with sensors raises a host of privacy camera to “see” It doesn’t require a camera to “see” what people are doing if you can questions. What should be private, if anything, in public spaces? What counts as a private space hack a device in their vicinity that includes speakers and a micro- now, and how much should third parties be able to learn about that space and those in it? How what people are phone. University of Washington researchers have demonstrated a so- can consumers find out if a company has told them everything they need to understand their nar technique using a smartphone that can identify nearby people’s level of privacy with a product? How can people determine the degree to which they can be doing if you can activities, even through walls.16,17 The speakers generate sound pulses, tracked and observed, especially if it’s possible for devices to “see” and “hear” them without the which can usually be obfuscated by simultaneously playing music, need for traditional cameras and microphones? The stories we include here all touch on some of hack a device in that then bounce off of people in the area and are received through the these questions, although they don’t all provide answers. microphone. The researchers analyzed the received sound to recognize their vicinity that body positions and repetitive motions such as walking or arm waving, as far as six meters from the phone. While this story is an example of includes speakers Sensing the Neighborhood seeing without a camera, a previous Notes from the Community article A company called Flock has developed a sensor that records the license plate of every passing included stories about hearing without a microphone.18 and a microphone. car. The sensor is intended for monitoring neighborhood crime, and one person has already been convicted due to evidence captured by the device. The offender drove into a monitored area, stole a bike, put it into the back of his car, and drove off. The device captured his vehicle’s plates Finding All of Us and his face, visible through the open window, as well as the bike which was visible in the open Most of us know that carriers can and do track individual cell phones, but what if a carrier trunk. On public streets this kind of data collection seems to be legal, according to Albert Gidari, wanted to track all of the cell phones using their networks? Because people frequently have their director of privacy at Stanford Law School’s Center for Internet and Society.12 However, it also cell phones on them, this would mean a carrier could know where every user is almost all of the raises the issue of whether one person’s desire for security can acceptably infringe on others’ de- time. “The HFT Guy” describes how simple it is to track “everyone that lives, breathes and sire to be forgotten in public, a concept somewhat related to the right to erasure in the EU’s Gen- wears a cell phone” with existing technology even if you have no physical access to the devices, eral Data Protection Regulation.13 It might no longer be achievable or even reasonable to aspire you can’t modify their hardware or software, and the users are beyond your control—that is, you to anything other than complete visibility and recording in public spaces. Perhaps that has al- can’t get them to do, opt into, or consent to anything.19 He explains that even though you have to ways been the case, and it’s merely that the scope and ease of such recording has increased dra- balance a desire for precision in time and place with other goals such as feasibility, scalability, matically. Flock devices are available for $50 per household, and according to the company the reliability, and cost, it could be done with “an intern and 6 months.” He guides us through the data will only be available to “neighborhood leaders.”

January–March 2018 108 www.computer.org/pervasive January–Marchwww.computer.org/computingedge 2018 109 www.computer.org/pervasive47 NOTES FROM THE COMMUNITY IEEE PERVASIVE COMPUTING

existing technologies and math in sufficient detail to make a compelling case that “the most awe- some mass surveillance system ever invented is out there already and quite easy to use.” REFERENCES 1. L. Matney, “Walmart Is Bringing VR Instruction to All of Its U.S. Training Centers,” Standardized Protections TechCrunch, 2017; techcrunch.com/2017/05/31/walmart-is-bringing-vr-instruction-to- all-of-its-u-s-training-centers. Given these privacy concerns, it might be a relief to know that organizations are working to de- 2. K. McIntosh et al., “Magic Bench—A Multi-User & Multi-Sensory AR/MR Platform,” velop protections for consumers. One is Consumer Reports, which has a history of developing Proc. ACM SIGGRAPH 2017 VR Village, 2017; essential safety protocols, such as a protocol for crash-testing child car seats that considers actual www.disneyresearch.com/publication/magic-bench. consumer experiences. To achieve its goal of creating a new open source privacy and security 3. D. Lee, “Ikea Place Is an AR App That Lets You Put Furniture on the Street,” The standard for IoT devices, Consumer Reports is partnering with leading companies and experts in Verge, blog, 2017; www.theverge.com/2017/9/20/16339006/apple-ios-11-arkit-ikea- areas such as data tracker blocking, company privacy policies, and software security testing.20 place-ar-app. There are many thoughtful points in their new draft standard. One notable proposal is checking 4. M. Baker and J. Manweiler, “Living a Life of Light and Imaginary Creatures,” whether a company correctly tells consumers exactly what information it is collecting, how it Pervasive Computing, vol. 15, no. 4, 2016, pp. 10–13. uses it, and whether the company will delete all of that information if a user closes an account. 5. M. Baker and J. Manweiler, “Views of Current and Future Technology,” Pervasive Another point reinforces the idea of ownership: owners should be able to alter, fix, or resell a Computing, vol. 16, no. 2, 2017, pp. 9–13. device even if it has copyrighted hardware and software components. The entire standard can be 6. H. Fereidooni et al., “Breaking Fitness Records without Moving: Reverse Engineering and Spoofing Fitbit,” Research in Attacks, Intrusions, and Defenses, Springer, 2017. viewed at GitHub (github.com/TheDigitalStandard), where Consumer Reports encourages peo- 7. B. Seri and G. Vishnepolsky, The Dangers of Bluetooth Implementations: Unveiling ple to make suggestions or even branch off and experiment with other proposals. “What matters Zero Day Vulnerabilities and Security Flaws in Modern Bluetooth Stacks, for now isn’t that every detail is correct,” the organization states. “The important thing is for the white_paper, Armis, 2017; idea of a digital consumer-protection standard to take hold.” go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper-1.pdf. 8. Statement on Internet of Things Privacy and Security, ACM US Public Policy Council and ACM Europe Council Policy Committee, 2017; www.acm.org/binaries/content/assets/public- policy/2017_joint_statement_iotprivacysecurity.pdf. 9. D. Goodin, “Update Gone Wrong Leaves 500 Smart Locks Inoperable,” Ars Technica, 2017; arstechnica.com/information-technology/2017/08/500-smart-locks-arent-so- smart-anymore-thanks-to-botched-update. 10. G. Zhang et al., “DolphinAttack: Inaudible Voice Commands,” Proc. 2017 ACM Conf. Computer and Communications Security (CCS 17), 2017; endchan.xyz/.media/50cf379143925a3926298f881d3c19ab-applicationpdf.pdf. 11. S. Huff, “The ‘South Park’ Season Premiere Set off Everyone’s Amazon Echo, and Here Are the Internet’s Greatest Reactions,” Maxim, 2017; www.maxim.com/entertainment/south-park-season-premiere-sets-off-amazon-echo- units-2017-9. 12. D. Lee, “Sensor Tracks Who Is Driving in your Neighbourhood,” BBC News, 2017; www.bbc.com/news/technology-41008141. 13. The Right to Erasure (the Right to Be Forgotten), UK Information Commissioner’s Office, 2018; ico.org.uk/for-organisations/data-protection-reform/overview-of-the- gdpr/individuals-rights/the-right-to-erasure. 14. A. Greenberg, “A Hacker Turned an Amazon Echo into a ‘Wiretap,” Wired, 2017; www.wired.com/story/amazon-echo-wiretap-hack. 15. T. Warren, “Amazon’s Echo Spot Is a Sneaky Way to Get a Camera into Your Bedroom,” The Verge, 2017; www.theverge.com/2017/9/28/16378472/amazons-echo- Figure 2. Brian Kane’s talking smart fish. (Source: Brian Kane; used with permission.) spot-camera-in-your-bedroom. 16. M. Nickelsburg, “UW Researchers Discover How to Hack into Smartphones and TVs to Track Body Movements,” GeekWire, 2017; www.geekwire.com/2017/uw- researchers-discover-hack-smartphones-tvs-track-body-movements. CONCLUSION 17. R. Nandakumar et al., “CovertBand: Activity Information Leakage Using Music,” To end on a lighter note, you can now purchase a perhaps-not-so-beloved Big Mouth Billy Bass Proc. ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, vol. 1, no. 1, 2017; musicattacks.cs.washington.edu/activity-information-leakage.pdf. compatible with Amazon’s Alexa.21 The fish connects by Bluetooth and will respond to what 18. M. Baker and J. Manweiler, “From Working through Glass to Cheating the Cheaters,” Alexa is doing, so you can see the fish “dance” and lip sync to music. However, the fish itself J.Pervasive Computing, vol. 16, no. 4, 2017, pp. 12–16. doesn’t actually seem to incorporate the speakers, as did Brian Kane’s wonderful Arduino ver- 19. What Does It Really Take to Track a Million Cell Phones?, blog, The HFT Guy: A 22 sion (see Figure 2). Kane’s fish, a demo intended to teach students at the Rhode Island School Developer in London, 2017; thehftguy.com/2017/07/19/what-does-it-really-take-to- of Design about rapid prototyping, is even more convincing (and the video is addictive). Protect- track-100-million-cell-phones. ing connected fish from BlueBorne and other attacks should be a top priority—we definitely 20. Consumer Reports to Begin Evaluating Products, Services for Privacy and Data want to maintain control over our fishy conversations. Security, report, Consumer Reports, 2017; www.consumerreports.org/privacy/consumer-reports-to-begin-evaluating-products- services-for-privacy-and-data-security.

January–March48 2018 ComputingEdge 110 www.computer.org/pervasive August 2018 January–March 2018 111 www.computer.org/pervasive IEEE PERVASIVE COMPUTING

REFERENCES 1. L. Matney, “Walmart Is Bringing VR Instruction to All of Its U.S. Training Centers,” TechCrunch, 2017; techcrunch.com/2017/05/31/walmart-is-bringing-vr-instruction-to- all-of-its-u-s-training-centers. 2. K. McIntosh et al., “Magic Bench—A Multi-User & Multi-Sensory AR/MR Platform,” Proc. ACM SIGGRAPH 2017 VR Village, 2017; www.disneyresearch.com/publication/magic-bench. 3. D. Lee, “Ikea Place Is an AR App That Lets You Put Furniture on the Street,” The Verge, blog, 2017; www.theverge.com/2017/9/20/16339006/apple-ios-11-arkit-ikea- place-ar-app. 4. M. Baker and J. Manweiler, “Living a Life of Light and Imaginary Creatures,” Pervasive Computing, vol. 15, no. 4, 2016, pp. 10–13. 5. M. Baker and J. Manweiler, “Views of Current and Future Technology,” Pervasive Computing, vol. 16, no. 2, 2017, pp. 9–13. 6. H. Fereidooni et al., “Breaking Fitness Records without Moving: Reverse Engineering and Spoofing Fitbit,” Research in Attacks, Intrusions, and Defenses, Springer, 2017. 7. B. Seri and G. Vishnepolsky, The Dangers of Bluetooth Implementations: Unveiling Zero Day Vulnerabilities and Security Flaws in Modern Bluetooth Stacks, white_paper, Armis, 2017; go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper-1.pdf. 8. Statement on Internet of Things Privacy and Security, ACM US Public Policy Council and ACM Europe Council Policy Committee, 2017; www.acm.org/binaries/content/assets/public- policy/2017_joint_statement_iotprivacysecurity.pdf. 9. D. Goodin, “Update Gone Wrong Leaves 500 Smart Locks Inoperable,” Ars Technica, 2017; arstechnica.com/information-technology/2017/08/500-smart-locks-arent-so- smart-anymore-thanks-to-botched-update. 10. G. Zhang et al., “DolphinAttack: Inaudible Voice Commands,” Proc. 2017 ACM Conf. Computer and Communications Security (CCS 17), 2017; endchan.xyz/.media/50cf379143925a3926298f881d3c19ab-applicationpdf.pdf. 11. S. Huff, “The ‘South Park’ Season Premiere Set off Everyone’s Amazon Echo, and Here Are the Internet’s Greatest Reactions,” Maxim, 2017; www.maxim.com/entertainment/south-park-season-premiere-sets-off-amazon-echo- units-2017-9. 12. D. Lee, “Sensor Tracks Who Is Driving in your Neighbourhood,” BBC News, 2017; www.bbc.com/news/technology-41008141. 13. The Right to Erasure (the Right to Be Forgotten), UK Information Commissioner’s Office, 2018; ico.org.uk/for-organisations/data-protection-reform/overview-of-the- gdpr/individuals-rights/the-right-to-erasure. 14. A. Greenberg, “A Hacker Turned an Amazon Echo into a ‘Wiretap,” Wired, 2017; www.wired.com/story/amazon-echo-wiretap-hack. 15. T. Warren, “Amazon’s Echo Spot Is a Sneaky Way to Get a Camera into Your Bedroom,” The Verge, 2017; www.theverge.com/2017/9/28/16378472/amazons-echo- spot-camera-in-your-bedroom. 16. M. Nickelsburg, “UW Researchers Discover How to Hack into Smartphones and TVs to Track Body Movements,” GeekWire, 2017; www.geekwire.com/2017/uw- researchers-discover-hack-smartphones-tvs-track-body-movements. 17. R. Nandakumar et al., “CovertBand: Activity Information Leakage Using Music,” Proc. ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, vol. 1, no. 1, 2017; musicattacks.cs.washington.edu/activity-information-leakage.pdf. 18. M. Baker and J. Manweiler, “From Working through Glass to Cheating the Cheaters,” J.Pervasive Computing, vol. 16, no. 4, 2017, pp. 12–16. 19. What Does It Really Take to Track a Million Cell Phones?, blog, The HFT Guy: A Developer in London, 2017; thehftguy.com/2017/07/19/what-does-it-really-take-to- track-100-million-cell-phones. 20. Consumer Reports to Begin Evaluating Products, Services for Privacy and Data Security, report, Consumer Reports, 2017; www.consumerreports.org/privacy/consumer-reports-to-begin-evaluating-products- services-for-privacy-and-data-security.

January–Marchwww.computer.org/computingedge 2018 111 www.computer.org/pervasive49 NOTES FROM THE COMMUNITY

21. K. Leswing and M. Weinberger, “Big Mouth Billy Bass with Dance to Music from an Amazon Echo,” Business Insider, 2017; www.businessinsider.com/amazons-alexa- billy-big-mouth-bass-2017-9. 22. B. Koerber, “Man Hacked His Alexa to Speak out of a Singing Fish, and It’s Horrifying,” Mashable, 2016; mashable.com/2016/11/04/big-mouth-billy-bass-alexa- /#1hQ1EZsMDiql.

ABOUT THE AUTHOR Mary Baker is a senior research scientist at HP Labs. Contact her at [email protected].

This article originally appeared in IEEE Pervasive Computing, vol. 17, no. 1, 2018.

January–March50 2018 ComputingEdge 112 www.computer.org/pervasive August 2018 Editor: Cesare Pautasso University of Lugano INSIGHTS [email protected] Editor: Olaf Zimmermann University of Applied Sciences of Eastern Switzerland, Rapperswil [email protected] Making Sense of Agile Methods

Bertrand Meyer

From the Editors Bertrand Meyer runs agile methods and practices through his personal friend-or-foe test. Find out more about his experiences and opinions about the hype, ugly, good, and even brilliant aspects of agile! —Cesare Pautasso and Olaf Zimmermann

SOME 10 YEARS ago, I realized I fails. It didn’t help that the tone of methods, addressing a frequently had been missing something big in most published discussions on ag- heard request for a comprehensive, software engineering. I had heard ile methods (with a few exceptions, no-frills, news-not-editorial descrip- about Extreme Programming (XP) notably Balancing Agility and Dis- tion of agile concepts. The second early, thanks to a talk by Pete cipline: A Guide for the Perplexed1) goal was analytical: offering an as- McBreen at a summer school in 1999 was adulatory. Sharing your passion sessment of agile boasts. and another by Kent Beck himself at for a novel approach is commend- These boasts are impressive. TOOLS USA in 2000. But I hadn’t able, but not a reason to throw away The title of a recent book by one paid much attention to Scrum. When your analytical skills. A precedent of the creators of Scrum prom- I took a look, I noticed two strik- comes to mind: people (including ises “Twice the Work in Half ing discrepancies in the state of agile me) who championed object-oriented the Time.”3 Wow! I’ll take a produc- methods. programming a decade or so earlier tivity improvement of four any time. The fi rst discrepancy was be- might at times have let their enthu- Another book by both of the meth- tween university software engineer- siasm show, but we didn’t fail to dis- od’s creators informs us, “You have ing courses, which back then (things cuss cons along with pros. been ill served by the software in- have changed) often didn’t cover dustry for 40 years—not purposely, agility, and the industry buzz, which Beyond the Boasts and Good but inextricably. We want to restore was only about agility. Intentions the partnership.”4 No less! (Was any As I started going through the ag- The natural reaction was to apply a software used in producing that ile literature, the second discrepancy rule that often helps: when curious, statement?) emerged: an amazing combination teach a class; when bewildered, write The agile literature has a certain of the best and the worst ideas, plus a book. Thus was Agile! The Good, adolescent quality (“No one else un- much in between. In many cases, the Hype and the Ugly born.2 (Also derstands!”), but ideas aren’t born in when faced with a new methodologi- see the edX online course Agile a vacuum. I quickly realized that the cal approach, a person can quickly Software Development; www.edx.org agile movement was best understood deploy what in avionics is called /course/agile-software-development as evolution rather than revolution. Identifi cation Friend or Foe (IFF): -ethx-asd-1x-0.) My fi rst goal was Although you wouldn’t guess it from will it help or hurt? With agile, IFF to provide a concise tutorial on agile some of the agile proclamations, the

software engineering community the entire agile literature, practic- Review”8). The truth is that pair implement them as we go.” A sure the same breath as completely rea- but not so long ago was the norm) of didn’t wait until the Agile Manifesto ing agile methods, and qualifying as programming is an interesting prac- way to disaster. sonable ideas—in agile texts. As I splitting the task into large chunks (agilemanifesto.org) to recognize the a proud Certified Scrum Master, if tice, to be used on occasion, typically User stories themselves also fall come to the Good and the Brilliant, leading to separate subprojects, and importance of change; every text- I thought the approach was worth- for a tricky part of the development into the Ugly. They are a good way it’s useful to include an example of trying to reconcile them months book emphasizes the role of the less.) But you need a constantly alert requiring competence from two dif- to validate requirements by ensuring a technique that, depending on how down the road. The splitting is easy; “soft” in “software.” For example, IFF to sort out the best and worst ferent areas, but there’s no reason that the requirements handle com- you use it, qualifies as part of either it’s the reconciliation that can be a my 1995 book Object Success,5 a agile ideas. to impose it as the sole mode of de- monsense user interaction scenarios, the worst or the best. nightmare. Divergent assumptions, presentation of object technology velopment. It’s also easy to misuse but an insufficient basis for speci- I mentioned that, at the beginning often implicit, preside over the de- for managers, advocated design- Sorting Out the Agile Ideas by confusing it with mentoring, an fying requirements. A user story of the last decade, agile methods had sign of the various components and ing for change and stressed the pre- The final chapter of Agile! The entirely different idea. describes one case; piling up case found their way into industry but not propagate into the depths of each of eminence of code over diagrams and Good, the Hype and the Ugly sum- Other examples of the Indiffer- over case doesn’t give you a specifi- academia. Students learn their trade them, rendering them incompatible. documents. For these issues as well marizes the book’s analysis by listing ent include the role of open spaces cation. What it gives you is a system not just from courses but also from The only remedy is to catch such di- as for some of the other agile ideas— items in each of the three categories, (although office layout deserves at- that handles the user stories—the ex- summer internships in industry. In vergence right away. the importance of tests, the necessity complementing the Good with the tention, some of the best software act planned scenarios—and possibly one of my first classes as a newly Although iterative development of an iterative process—the agile subcategory of the truly Brilliant. was developed in garages), self- nothing else. minted professor in 2002, I gave a isn’t an agile invention, agile made contribution was not to invent con- Here are a few significant examples organizing teams (different projects In Agile! The Good, the Hype lecture on software design. A third- it the default and particularly pro- cepts but to convince industry to in each category. and different contexts will require and the Ugly, I cite at length the year student came to me afterward moted the use of short iterations. adopt them. different styles of project manage- work of Pamela Zave from AT&T, and asked why I was still teaching (“Short” has evolved to mean in- In looking at matters such as sup- The Hype ment), and the charming invention who has for decades studied feature- such nonsense. Everyone knows, he creasingly shorter. Just a few years port for requirements change, I en- Let’s start with the Hype, which can of planning poker. based design of telecommunication said, that nowadays no one does de- ago, promoting six-week sprints countered yet another discrepancy: also be called the Indifferent: ideas systems. (A collection of Zave’s re- sign; we just produce “the simplest sounded audacious. Today we’re between grand intentions and timo- that have been oversold even though The Ugly search papers on requirements and thing that can possibly work” and hearing about one-week or some- rous advice. It’s great for the Agile their impact is modest. An example More worrying are the agile recom- other topics is at www.research.att then refactor. I was stunned (not times one-day sprints. This isn’t Manifesto to “welcome change,” but is pair programming: the practice mendations that fall into the Ugly .com/people/Zave_Pamela/custom having realized how far XP ideas even taking into account the spread producing changeable software is a of developing software in groups of category. Perhaps the most damag- /indexCustom.html.) The problem had percolated). of DevOps processes with their technical issue, not a moral one. It two people, one at the keyboard and ing is the widespread rejection of with individual features is that they He was wrong: no magic process rapid fine-grain interleaving of is hard to reconcile such lofty goals one standing by, speaking out their “Big Up-Front Everything”: up-front interact with each other. Such in- can, through refactoring, turn bad development, testing, and deploy- with the deprecation of software thought processes to each other. XP requirements, up-front design. For a teractions, often subtle, doom any design into good. Refactoring junk ment.) Continuous integration and techniques that actually support prescribes pair programming as the typical example, see “Agile Design: method that tells you to build a sys- yields junk. Understood this way, continuous testing are natural com- change: information hiding, deemed standard practice. One use of pair Intentional yet Emergent.”9 The ra- tem by just implementing feature af- refactoring would fall into the Ugly. plements to this core idea. These and ineffective in Leading Lean Soft- programming is as a source of re- tionale is understandable: some proj- ter feature. Everything will look fine Yet refactoring also belongs to the a number of other agile precepts are ware Development,6 and design for search papers: you can measure and ects spend too much time in general until you suddenly discover that the Good by teaching us that we should truly Good. extension and reuse, pooh-poohed compare the outcome (development preliminary discussions, a phenom- next user story conflicts with previ- never be content with a first software in Extreme Programming Installed.7 time and number of bugs) of two enon sometimes called analysis pa- ously implemented ones, and you version simply because it works. In- Finally, the Brilliant (Full citations appear in Agile! The groups working on the same topic, ralysis, and we should strive instead have to go back and rethink every- stead, we should apply the systematic I mentioned that some of the Good Good, the Hype and the Ugly, sec- one with pair programming and the to start some actual coding early. thing. Although no universally ac- habit of questioning our designs and deserves an upgrade to Brilliant. tions 4.4.4 and 4.4.5.) other using traditional techniques. This healthy reaction doesn’t jus- cepted answer exists to the question looking into what could be done bet- Here are just two examples. Both There are more eyebrow-raising Such studies are relatively easy to tify swinging the pendulum to the of how best to write requirements, ter. In other words, whatever the stu- are ideas that figure in the agile lit- agile pronouncements, but we conduct using student projects in other extreme. No serious engineer- object-oriented analysis, which looks dent thought, the right approach is erature, although with less emphasis shouldn’t let them obscure the ag- a university software engineering ing process can skip an initial step past individual scenarios to uncover to work hard, up front, on producing than others that, to me at least, are ile school’s major contributions. Af- course. of careful planning. It is good to put the underlying data abstractions, is a a good design—and later on to make less significant. ter all, marketing buzz goes only so These studies, of which there limits on it but irresponsible to re- good start (see chapter 27 of Object- it even better through refactoring. The first deserves substantial dis- far; developers and managers, driven are many, show that pair program- move it. The project failures I tend Oriented Software Construction10). Some other positive contributions cussion, but I will just state it: no mostly by pragmatic considerations, ming has no significant advantage to see nowadays in my role as a con- of agile methods are for everyone to branching. Repeat after me: branch- haven’t embraced agile ideas— or disadvantage compared to other sultant (or project rescuer) are often Toward the Good see, because agile ideas have already ing is evil. The second appears in more accurately, some agile ideas— techniques such as code inspection due to an application of this ag- Rejections of up-front tasks and reli- exerted a major influence on soft- Scrum texts, but without a name; I without good reasons. (For my part, (for example, see “Two Controlled ile rule: “We don’t need no stinkin’ ance on user stories for requirements ware development. Most visibly, no call it the Closed-Window Rule. It I wouldn’t have spent the better part Experiments Concerning the Com- requirements phase; we’re agile. are examples of the harmful advice project in its right mind would go states that the list of tasks for an it- of four years reading more or less parison of Pair Programming to Peer Let’s just produce user stories and you’ll find proffered—sometimes in into the scheme (which looks crazy, eration (a sprint, which, as noted, is

5292 IEEE SOFTWAREComputingEdge | WWW.COMPUTER.ORG/SOFTWARE | @IEEESOFTWARE August 2018 MARCH/APRIL 2018 | IEEE SOFTWARE 93 INSIGHTS INSIGHTS

92 IEEE SOFTWARE | WWW.COMPUTER.ORG/SOFTWARE | @IEEESOFTWARE www.computer.org/computingedge MARCH/APRIL 2018 | IEEE SOFTWARE 9353 INSIGHTS

ABOUT THE AUTHOR 4. K. Schwaber and J. Sutherland, Soft- ware in 30 Days: How Agile Manag- ers Beat the Odds, Delight Their BERTRAND MEYER is a professor of software engineering at Politecnico Customers, and Leave Competitors di Milano and Innopolis University. Contact him at bertrand.meyer@inf in the Dust, John Wiley & Sons, .ethz.ch. 2012. 5. B. Meyer, Object Success: A Manag- er’s Guide to Object Orientation, Its Impact on the Corporation and Its Use for Reengineering the Software Process, Prentice Hall, 1995. short) can’t grow. No matter who re- advantage of the Good and Brilliant. 6. M. Poppendieck and T. Poppendieck, quests an addition—queen, hero, or Industry, which usually has its feet Leading Lean Software Develop- laborer—everyone will be told “no.” solidly on the ground, understood ment, Addison-Wesley, 2010. The proposed functionality will have this situation early. Despite some 7. R. Jeffries, A. Anderson, and C. to wait until the next sprint. agile proponents’ absolutist claims Hendrickson, Extreme Programming There’s an escape mechanism (an (adopt every single one of my pre- Installed, Addison-Wesley, 2001. exception in programming-language cepts, or else …), every project I’ve 8. M. Müller, “Two Controlled Experi- terms): if the addition is truly essen- seen embraces a subset of the chosen ments Concerning the Comparison of tial, you can cancel the sprint and method’s ideas, rejecting those that Pair Programming to Peer Review,” start afresh. This possibility will ad- don’t fi t its culture or needs. J. Systems and Software, vol. 78, dress truly urgent cases but is so ex- Agile methods are no panacea. no. 2, 2005, pp. 166–179. treme as to be used only rarely. The Like most human endeavors, they 9. M. Cohn, “Agile Design: Intentional beauty of the Closed-Window Rule have their dark side, but that hasn’t yet Emergent,” blog, 4 Dec. 2009; is that it brings stability to software prevented them from improving the www.mountaingoatsoftware.com projects, preventing the constant in- practice of software development /blog/agile-design-intentional-yet fl ux of supposedly good ideas that dis- in concrete ways. In any case, they -emergent. rupt the development. Some of those don’t invalidate the knowledge of 10. B. Meyer, Object-Oriented Software ideas might not look so good when software engineering accumulated Construction, 2nd ed., Prentice Hall, you wake up sober the next morn- over the preceding decades. Some of 1997. ing; the Closed-Window Rule fosters their benefi cial insights contradict a process of attrition and selection in specifi c elements of this traditional which only the fi ttest ideas survive. wisdom, but for the most part they These survivors won’t have that complement and expand it. long to wait. The rule would be un- Agile is not a negation of what This article originally appeared in workable with the long steps of old- came before. It is one more brick in IEEE Software, vol. 35, no. 2, 2018. style project development, but with a the patient construction of the mod- typical one-month sprint, the aver- ern software engineering edifi ce. age delay will be two weeks, during which the ideas will get the oppor- References tunity to mature. Few suggestions 1. B. Boehm and R. Turner, Balanc- of added functionality are so critical ing Agility and Discipline: A Guide that they cannot wait two weeks. for the Perplexed, Addison-Wesley, 2003. 2. B. Meyer, Agile! The Good, the Hype enefi tting from agile meth- and the Ugly, Springer, 2014. Read your subscriptions ods is a matter of spot- 3. J. Sutherland, Scrum: The Art of Do- through the myCS publications portal at ting and rejecting the Ugly, ing Twice the Work in Half the Time, B http://mycs.computer.org ignoring the Hype, and taking Random House, 2015.

5494 IEEE SOFTWAREComputingEdge | WWW.COMPUTER.ORG/SOFTWARE | @IEEESOFTWARE August 2018 IEEE Computer Society Harlan D. Mills Award Call for Software Engineering Award Nominations

Established in memory of Harlan D. Mills to recognize researchers and practitioners who have demonstrated long-standing, sustained, and impactful contributions to software engineering practice and research through the development and application of sound theory. The award consists of a $3,000 honorarium, plaque, and a possible invited talk during the week of the annual International Conference on Software Engineering (ICSE), co-sponsored by the IEEE Computer Society Technical Council on Software Engineering (TCSE). Deadline for 2019 Nominations: 1 October 2018 Past Recipient: Pamela Zave “For groundbreaking use of formal methods in the development of telecommunication software and for Nomination site: enduring contributions to software engineering theory.” awards.computer.org The award nomination requires at least 3 endorsements. Self-nominations are not accepted. Nominees/nominators do not need to be IEEE or IEEE Computer Society members.

r5p31.indd 31 5/9/18 3:21 PM SkillChoice™ Complete Now with expanded libraries and an upgraded platform! Valued at $3,300! 3,000+ MENTORSHIP X online courses 28,000+ BOOKS 6,000+ Practice VIDEOS Exams 15,000+ Books24x7 titles

OVER 20x as many resources as before

One membership. Unlimited knowledge.

Did you know IEEE Computer Society membership comes with access to a high-quality, interactive suite of professional development resources, available 24/7?

Powered by Skillsoft, the SkillChoice™ Complete library contains more than $3,000 worth of industry-leading online courses, books, videos, mentoring tools and exam prep. Best of all, you get it for the one low price of your Preferred Plus, Training & Development, or Student membership package. There’s something for everyone, from beginners to advanced IT professionals to business leaders and managers.

The IT industry is constantly evolving. Don’t be left behind. Join the IEEE Computer Society today, and gain access to the tools you need to stay on top of the latest trends and standards.

Learn more at www.computer.org/join.

ACCESS TO SKILLSOFT IS AVAILABLE WITH

stay connected.

Keep up with the latest IEEE Computer Society publications and activities wherever you are. Follow us: | @ComputerSociety, @ComputingNow

| facebook.com/IEEEComputerSociety, facebook.com/ComputingNow

| IEEE Computer Society, Computing Now

| youtube.com/ieeecomputersociety

| instagram.com/ieee_computer_society