Arduino Yun as a possible Mesh Extender Platform

Posted by: Dr Paul
Posted in: Dr Paul Gardner-Stephen

Regular readers of this blog will know that we have been looking at a variety of hardware options for the Serval Mesh Extender.
The Serval Mesh Extender is a device that combines ad-hoc WiFi meshing with long-range license-free UHF packet radio to allow the easy formation of mesh networks spanning useful distances. Typically the UHF packet radio has a range about ten times greater than WiFi. This means that in ordinary suburban and urban areas we get a range of a block or two, and in open rural areas the range can be in the kilometres.
We run our award winning Serval Mesh software over the top, providing an easy to use communications system that lets you use your cell phone without cellular coverage, for example, during a disaster, or when you and your friends are near one another outside of the range of your native network. For example, if you are at an international gathering and don’t want to pay $4 a minute for the privilege of calling someone a few hundred metres away.
The challenge with the Mesh Extender design is that we haven’t had the budget to design our own device from the ground up. As a result we have been using existing hardware platforms, and trying to adapt them to accept the excellent RFD900UHF packet radios we source from RFDesign (their link margin is probably about 10dB better than competing radios that we are aware of).
This means that we have been doing things like modifying TP-LINK MR3020 wireless routers to build prototypes. While it works, the process is far from satisfactory, and the physical steps take a couple of hours per unit, which makes the effective unit price very high, despite the low cost of the MR3020 unit itself.
This is where the Arduino Yun is very exciting for us. It has all of the functionality of the MR3020 in the form of the mesh-friendly Atheros processor and WiFi system-on-a-chip running Linux, and of course being an Arduino it has plenty of connectivity options for us to connect to the RFD900, which just uses RS232 serial. As an added bonus the Yun has a microsd slot, so we don’t need to use a USB memory stick for mass storage, which actually makes a noticable impact on power consumption. The larger flash on the Yun is also welcome, as the 4MB flash on the MR3020 is, frankly, a pain to work with.
While we are still working on the integration, the prospect is there for the Yun to save us a lot of time, and hence cost, in making future prototypes, and the Yun board itself could be the basis for a customised PCB that exactly meets our needs, and allows us to just plug the radio module directly onto the PCB.  Here you can see the Yun connected to an RFD900 radio ready for integration testing:

In short, the Yun is opening a new opportunity for us to innovate faster, more affordably, and with a better result.

Lets use Thingometrics instead of Biometrics

Posted by: Dr Paul
Posted in: Dr Paul Gardner-Stephen

One of these pebbles could be your next password, and this is a much better idea than using your fingerprint as a password.  Sound crazy? Then read on.

Image in the public domain

It is entirely possible that a hundred people have thought of this before, and if so, my apologies.

Much ado is made of biometrics from time to time,  most recently on the latest iPhone.

Most of the attention focuses on how wonderful it is to be able to use your thumb, eye-ball or some other body part to identify yourself.

Many companies are formed based on the assumption that biometrics are secure, and are generally speaking A Good Idea.

However, as we have been reminded by the Chaos Computer Club (CCC) in Germany breaking the biometric authentication on the iPhone in less than two days using common household ingredients and just a photo of the fingerprint.

The CCC sum up many of the major problems with biometrics in their post:

“We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you canĀ“t change and that you leave everywhere every day as a security token”, said Frank Rieger, spokesperson of the CCC. “The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access.” Fingerprint biometrics in passports has been introduced in many countries despite the fact that by this global roll-out no security gain can be shown.

There are a few salient points in the above that are so important that they require repeating, as well as some important consequences. Please excuse the all caps, but these are really important points that need to be made again and again, because industry, government and individuals continue to be badly deluded as to the value and sensibility of biometrics as an authentication or access control.

1. You leave your fingerprint EVERYWHERE.  Despite the fact that we tell people to keep their passwords secret, the biometrics movement encourages people to use a password that is IMPOSSIBLE to keep secret.

2. Because you leave your fingerprint “password” everywhere, you don’t know when someone has captured and compromised your password.  So you continue to acting like your fingerprint is secure, and so does your phone, your passport and everything else that depends on it.

3. If you do discover that someone is doing something naughty with your supposedly secret fingerprint password, YOU CANT CHANGE YOUR FINGERPRINTS.

4. Because of all of the above your fingerprint is of more value to naughty people who want to defraud you than it is to you.  

5. All of this is bad, because it creates economic incentives for bad people to STEAL YOUR FINGERPRINT, or worse STEAL YOUR RETINA.

6. In case you think that practically perfect fingerprint cloning on real fingers is impossible consider the following: It is well known that bricklayers often abrade their fingerprints completely, showing that making a “blank finger” is trivial.  All that remains is to engrave the blank finger with the target’s finger print, e.g., using laser micro-surgery techniques.  I’m not saying that this would be trivial, but it is hopefully apparent that there are major problems facing fingerprint based identification, even if it advances to actually requiring a live person attached to the finger print.

We also know that normal passwords are both annoying and also have their own security problems. (Although at least you can give your password to someone and retain binocular vision and the ability to hold cutlery, and then get a new password to replace the old one.)

So, what should we do?

We should try to do something that will not make the biometrics lobby too upset, so that they don’t push back with more lies and patently false claims about the security or sensibility of biometrics.

One way of doing this could be coming up with a scheme that can leverage the accurate object and surface imaging technologies that these companies have created, and allow them to rapidly transition focus from the largely counterproductive biometrics field.  In other words, lets leave them room to still make money and be prosperous.

Enter the idea of thingometrics instead of biometrics.

Basically, lets stop scanning body parts, and instead scan simple objects.

Simple objects can be easily chosen that:

1. are hard to clone from a photograph (unlike finger prints),
2. don’t leave the means to reproduce them on surfaces everywhere. That is are more rivalous than not, instead of the practically nonrivalous nature of fingerprints.
3. can be given to a forceful attacker without having to hand over any body parts
4. can be easily replaced if ever compromised

Things like sea shells, small pebbles, a crumpled mass of stiff wire, or any other morphically stable robust object would be good candidates.  Attach them to your physical key ring for convenience. You could even use one of your existing physical keys for extra convenience (which always comes at a cost to security).

Need to change your password? Just go outside and find a new rock, or better yet take a monthly work-mandated trip to the beach to find your new password.

It would be quite possible to make a 3D printer to produce a pseudo-random object with a keyring attachment point if you want an more environmentally sensitive source of things to metric.

If you want to be super-paranoid you could reduce the residual risk of someone comprehensively imaging your password object from a distance by making the interior of it the password part.  Again, 3D printers would be your friend here, or if you have a handy supply of geodes would make for a password with street cred among your geologist friends.  If used with dedicated imaging sensors the complex interior need never be visible from the outside at all.

Oh yes, and with thingometrics you can easily implement some helpful security protocols.  For example, you can register anti-passwords, in the form of other objects that when presented cancel the authority of an other thingometric password, analogous to revocation certificates in PKI systems.

You might carry one anti-password with you, and one or more in a safe remote place so that if you lose (or are robbed) of your thingometric passwords anti-passwords you can easily cancel the stolen password (or instruct someone remotely to do so on your behalf).

You can also physically destroy a thingometric password if you are worried about it being captured, and because well chosen thingometric passwords are closer to being rivalous, you can have better confidence that no one else has obtained the password if you still hold the original.

3D printers and the like represent risks, but nothing is perfect, and the risks are much lower than with fingerprint biometrics which as previously noted leave sufficient imprint everywhere for people using relatively easy technologies like those developed by the CCC.

Thingometrics has the extra advantage that it could be implemented using the camera on a smart-phone, without needing to have an extra sensor.  At most, you might want a second camera for stereoscopic vision.   So not only is thingometrics safer for you, and more secure for your data, it can also be cheaper to implement.

It also means that it would be much easier to support in free and open software and operating systems, because there are no more funny closed drivers and firmware than normal.

So let’s think about what would be needed to implement thingometrics in practice.

1. Some good image mapping algorithms, that can capture the shape and texture of an object in front of a camera to develop a detailed enough 3D image.

2. Some good image matching algorithms that can detect (or reject) an object being held in front of the camera.

And, er, that’s about it really*.

I suspect that suitable technologies exist in part or in full in the academic literature and elsewhere, and that creating a functional system could be implemented fairly readily* by a skilled and dedicated team.

If you go for a dedicated sensor and the inside-out key idea described above, then this becomes much, much, simpler to do. It could probably be implemented in a semester by a good student (any volunteers? I’m happy to supervise. You don’t have to be in Australia, either.)

So, here is the challenge: Let’s get a bunch of us together to implement thingometrics, and give the world a better alternative to biometrics.  I’ve registered the domain names.  Now we just need the team.

Paul “I want to keep my thumbs” Gardner-Stephen.

* Which isn’t to say that there wouldn’t still be quite a bit of work. Everything is relative, after all.

Mesh Extender assembly

Posted by: Dr Paul
Posted in: Dr Paul Gardner-Stephen

Following our crowd-funding campaign we have funds to build a number more mesh extenders, and get them out to some early adopters as well as to NZ Red Cross.  So the last few days have been a bit of a production line while we get the hardware assembled.

The worst part of the assembly is getting the lids of the MR3020 routers, which left me with a broken pocket knife and sore fingers for a couple of days.  Basically the lids are cemented to the main body of the case, and you have to break each point of cemented bond, without breaking the lid.  Some are much easier than others, depending, presumably, on the amount of cement used.  We had one lid cracked out of the ten units made.

Then it was soldering the radios and router PCBs together:

The cases are down with the engineering workshop services to get the holes drilled for the radio connectors, and some of the internal ribbing ground off so that the radio can sit flush with the inside of the case.

Otherwise, it has been teaching, and sorting out some of the local tax arrangements for the contributions from Australians in our crowd funding campaign.  If you put an Australian shipping address and requested a perk, then you will get a GST-inclusive tax invoice.  We won’t be out of pocket with GST, because we budgeted for it, and also the GST on all the hardware will more than make up for the GST we have to pay on Australian contributions.

Our focus is now on fixing a couple of late issues with the mesh extender firmware so that it works at least for meshms over UHF radio.  Optimising the throughput for larger files will happen overtime, and be delivered as over-the-mesh updates.

Avoiding jet-lag completely, and other body-clock hacks.

Posted by: Dr Paul
Posted in: Dr Paul Gardner-Stephen

Jet-lag is not fun.  Nobody likes jet-lag.

But for me, the situation is more acute.

First, I live in Australia, so travelling almost anywhere involves substantial time-shifts. I still remember my surprise when going to a conference in China and realising that: (a) I wasn’t jet-lagged; and (b) everyone else was instead. Such is the effect of living in Australia.

Second, I have a young family at home, and also teach at a University.  This means that most of my trips have to be kept to the absolute minimum duration.  Take my two most recent trips:

Trip 1: Adelaide -> Washington DC -> Amsterdam -> Adelaide in 9 days, including a complete 24-hour time shift, and heading East all the way, which is reputed to be the worst direction for jet-lag (a subject I’ll comment on later).

Trip 2: Adelaide -> London -> Adelaide in 95 hours. That’s right, I wasn’t even gone for four whole days. But I had to be fully in the London timezone immediately for meetings two hours after landing, and then on the one whole day I was there because I was presenting a grand-final pitch at the Global Security Challenge.  I then had to be back in Adelaide time straight away on returning, because I was rostered on at church, and then had a meeting that afternoon.

If I had tried these trips three years ago, it would have been jet-lag city.  Fortunately since then I have learned progressively more about an excellent and (for me at least) easy way to beat jet-lag before it even happens.

This is the fasting method of which there are lots of descriptions online, including this one.  But I want to add to the record, first by confirming that for me it works, and second, outlining my simplified approach, and some comments about one of the causes of killer week-long jet-lag that has been revealed by the discovery of the ability of the hunger clock to override the circadian body clock.  But first the method:

The method

1. Before departing, set watch to destination timezone.
2. Don’t eat after 16h00 in destination time zone.
3. Try to sleep as much as you can on the plane so that you aren’t sleep deprived on arrival (which is distinct from jet-lag, but no more fun). Pack an eye-mask or use the one they supply on board.  If you can manage it, snooze all the way on a 24 hour flight, with the odd movie etc to keep you occupied if you like.  The sleep part isn’t important for the jet-lag, however, just your sleep deprivation, for reasons I will soon explain.
4. Do eat at 08h00 or similar sensible breakfast time in destination time zone.

When I say don’t eat, I mean don’t eat. Nothing. No fruit. No Juice. No oysters, roast turkey, custard pies or anything. Only water.

Why you can’t even eat a little bit during the fast

The reason it is really, really, important that you don’t eat during that 16 hour period is that your body needs to switch to “hungry mode”, and get the idea that during that time there is no food coming. If you eat anything, no matter how small, during the fasting period, it is basically game over, go to jail, do not collect $200. Try again tomorrow, it’s still better than having jet-lag for a week.

Why you need to eat breakfast at the right time

The reason it is really important to then eat a good breakfast at the right time, is that is the moment when your body clock shifts. Yup, your body clock shifts however many hours in the process of eating that breakfast.  Your hunger clock presses the reset button on your normal circadian body clock.

Now, there is a trick to this: Don’t eat breakfast at the time you want to wake up, because you will begin to wake two hours before the time you ate breakfast. I can’t remember where I read about this little fact, but once I realised it, suddenly a number of problems I had with the method previously made sense, and I was able to sort them out, largely by not giving in and eating at 05h30 or 06h00 instead of a couple of hours after I wanted to actually wake up.

Basically your body tries to be wide awake at breakfast time, whenever that is.  So if you have breakfast at 06h00 you will wake at 04h00, which was exactly the sort of problem I was having when I first tried this method.  Once I sorted that out, it worked beautifully for me.

How to have the worst jet-lag ever: eat in the middle of the night

Once I realised how that the hunger clock resets the circadian rhythm, and has this 2-hour preamble built into it, the jet-lag horror stories of several friends suddenly made sense: They got up in the middle of the night due to jet-lag, went out and partied, or ate something and watched a movie and then went back to bed.  Every time they did this, they encouraged their body clock to move 2-hours back.  I now believe that their horror stories of week-long jet-lag suddenly made a whole lot more sense. 

How to wake up early every morning if you are “not a morning person”

It also started to occur to me that many people who claim to be “night people” on the basis that they have trouble getting up “early” in fact are poor or late breakfasters.  It might be for many (I don’t claim all) that if they force themselves to eat a substantial breakfast within 2 hours of their rising time that they might be able to pull their body clock forward that little bit, and keeping it there.  This is only conjecture, since I am basically a morning person.  I welcome people reporting their experiences.

Honourable Mention at the Global Security Challenge Grand Final

Posted by: Dr Paul
Posted in: Dr Paul Gardner-Stephen

Earlier in the year we entered the Serval Project into the Global Security Challenge.

The theme for this year’s challenge was cyber-security, something that we felt was a good fit for the Serval Mesh, with its encrypted-by-default operation, ease of use, and applicability to a wide range of situations.  

The recent revelations of wide-spread wire-tapping by the NSA, GCHQ and others has only served to reinforce the relevance of a secure digital mobile communications platform that never gives unencrypted access to your communications to carriers or other organisations that might be pressured by agencies like the NSA.

So it was very pleasing when we were named finalists last month and invited to pitch at the grand final that was held yesterday here in London.

The grand final itself was an interesting event, with a diverse range of finalists from the UK, the USA, Israel, Sweden, Canada and Spain, and of course ourselves as the sole representative from the Southern hemisphere.  We were also unique in that we were the only social enterprise present.

Each finalist had six minutes to give a pitch, and then a ten minute question and answer session with the judges.  These were combined with the material that we had already submitted to determine the winner of each category.

The day was divided into pre-revenue and post-revenue companies.  I am not sure that they knew quite how to place us, because while we have received over a million dollars in philanthropic funding, we haven’t made any commercial sales.

They had to make a decision, and that was to place us in the post-revenue category.  This placed us in the category with a number of innovative start-ups who are already active in the market place, and with business models and solutions that are well aligned with the existing security industry, and representing a formidable field for us to compete against.

So it was very pleasing when it was announced that we had come a close second place in our category. So close in fact, that they took the unusual step of awarding us an Honourable Mention, which apparently is not something that they normally do.  You can get an idea of how unusual this is by the handwritten annotation of honourable mention on the certificate:

While it would have been nice to win outright, it was an amazing affirmation for us to be named in the list of the ten most promising security related endeavours, and then to be recognised in this unusual way.

This is now the third time in the last three months that we have been recognised for our innovation in secure communications, following winning the communications category of The Technology Challenge for Atrocity Prevention, and being the only non-US entity accepted to present at a recent DARPA symposium on secure mesh networks.

Of course, none of this would have been possible without our team, or the support of Flinders University, the Shuttleworth Foundation, the New America Foundation, the NLnet Foundation and the Awesome Foundation and our many individual donors and volunteers.