Car-to-Car Communication System to Get a Massive Road Test

Technology that would allow cars to talk to each other—to help prevent accidents and improve traffic flow—is about to get a real-world road test following new funding from the U.S. Department of Transportation.

Many high-end cars already come with sensors capable of spotting a vehicle in a driver's blind spot, or warning that the car is drifting out of lane. However, these technologies, which use radar, laser, or video sensors, have a limited view. Car-to-car communications could provide even more sophisticated earlier warnings—for example, when a car several vehicles ahead brakes suddenly.

Last month, the DOT awarded $14.9 million to the University of Michigan's Transportation Research Institute to test the technology, known as vehicle-to-vehicle and vehicle-to-infrastructure communication. The system to be tested relies on dedicated short-range radio communication to allow cars to signal one another and receive messages from traffic equipment.

The DOT estimates that 80 percent of serious crashes could be addressed by this technology. "This is the next major safety advancement, one that's comparable to seat belts, air bags, and electronic stability control," said Scott Belcher, president and CEO of the Intelligent Transportation Society of America, a nonprofit founded to promote advanced car technologies.

The technology will be tested in a variety of situations; it will alert the driver when it is unsafe to pass, and when someone is approaching an intersection at a speed that could cause a collision. Each car will be equipped with a radio that signals its speed and direction of travel, as determined by GPS, to other cars. It will also send this information to suitably equipped traffic equipment.

The University of Michigan is partnering with eight automakers, a number of which began working collaboratively to develop a uniform platform for implementing the technology in 1995. These carmakers will provide 64 cars equipped with the radios, while an additional group of ordinary cars will be fit with devices so they can transmit signals, making up a total of roughly 3,000 vehicles. Drivers will be recruited from among the 20,000 employees of the university's medical center.

Peter Sweatman, director of the Transportation Research Institute, says Ann Arbor is an ideal test bed, since it's a concentrated area with only three central thoroughfares out of the city, making it likely that the equipped cars will regularly encounter each other. The driving portion will run for a year, and data will be collected and may be used by the DOT's National Highway Safety Traffic Administration to decide, by 2013, if the technology has enough benefits to be approved. If approved, the technology would be rolled out over 10 years, Sweatman says.

"We believe this will happen in the near future," says Nady Boules, director of electric and controls integration research lab at General Motors.

Jim Keller, senior manager and engineer at Honda Research and Development, adds, "We see this technology as having huge potential in the future to affect safety."

The DOT's Research and Innovative Technology Administration, which is overseeing the program, released the following statement on the project: "This technology has the potential to be a game changer for safety. Research from NHTSA found that combined, vehicle-to-vehicle and vehicle -to-infrastructure technologies have the potential to address about 80 percent of all unimpaired car crash scenarios."

Joe Stinnett, a research engineer in active safety for Ford, is similarly enthusiastic. He says that, in addition to preventing common accidents, the technology could prevent traffic backups by keeping cars in step with one another. But he says one key area that needs to be addressed is security. "People could hack into the system, sitting on a bridge with their laptop transmitting false information," he warns. So a major challenge will be ensuring that the network is secure and that misbehaviors can be identified, he says.

Europe is on a similar track. In January 2011, the European Commission launched a three-year pan-European field test in seven sites across Europe to ensure the interoperability of the system. The effort includes 40 carmakers as well as suppliers, electronic manufacturers, and research institutes.

As vehicle-to-vehicle communication goes mainstream, it could even pave the way for fully autonomous driving. Google has been testing its own self-driving cars in California. So far those cars have logged 160,000 miles, but they rely on costly sensors. Vehicle-to-vehicle communication could allow for autonomous driving that's far less expensive, Belcher says. He expects that some autonomous driving features could appear in commercial fleets within five years. But he doubts that fully autonomous driving will take hold in the foreseeable future for one key reason: "Americans like to control their own cars," he says. (Technologyreview)

Read more »

Posted in: Communications

New Tool Keeps Censors in the Dark

A new approach to overcoming state-level Internet censorship relies, ironically enough, on a technique that security experts have frequently associated with government surveillance.

Current anti-censorship technologies, including the services Tor and Dynaweb, direct connections to restricted websites through a network of encrypted proxy servers, with the aim of hiding who's visiting such sites from censors. But the censors are constantly searching for and blocking these proxies. A new scheme, called Telex, makes it harder for censors to block communications. It does this by taking traffic that's destined for restricted sites and disguising it as traffic meant for popular, uncensored sites. To do this, it employs the same method of analyzing packets of data that censors often use.

"To route around state-level Internet censorship, people have relied on proxy servers outside of the country doing the censorship," says J. Alex Halderman, assistant professor of electrical engineering and computer science at the University of Michigan. "The difficulty there is, you have to communicate to those people where the proxies are, and it's very hard to do that without also letting the government censors figure out where the proxies are."

The Telex system has two major components: "stations" at dozens of Internet service providers (ISPs)—the stations connect traffic from inside nations that censor to the rest of the Internet—and the Telex client software program that runs on the computers of people who want to avoid censorship.

To disguise the destination of the traffic the user wants to send, Telex employs a form of cryptography called "steganography," which is the practice of hiding secret messages within readable messages.

The Telex client software starts by making an outgoing connection to a nonblocked website, encrypting the traffic in the same way that an e-commerce or online banking site does (the address in the browser bar begins with https:// instead of http://). The identity of the censored site is then encoded in a special string, or "tag," that's embedded in the encrypted request. A Telex station at an ISP can examine incoming traffic and detect the presence of these tags, providing it has the right encryption key. The tag would be indistinguishable from random gibberish without the key.

When the Telex station detects an incoming request that includes a tag, it redirects that connection to the site specified in the encrypted message. This behavior resembles a controversial technology called "deep packet inspection" (DPI), which governments and ISPs have used for censorship and for blocking or throttling certain types of Internet traffic, such as peer-to-peer file-sharing.

"DPI has been used notoriously as a means of censorship, but Telex uses DPI in a completely different way," Halderman says. "We're basically turning the concept on its head to create something that's a really powerful anti-censorship tool."

Halderman says the design is such that it doesn't matter if the location of ISPs employing Telex stations are known to the censors. "The key thing is that we want to put the stations at enough points in the Internet so that blocking all the routes that go through those would be tantamount to making the Internet unavailable," he says. "The vision is that if we deploy Telex widely enough, it can make connecting to the Internet for a government that might want to do censorship an all-or-nothing proposition. Either you live with the fact that people can get to sites you want to censor, or you effectively pull the plug entirely."

In a paper on Telex submitted to the Usenix Security Symposium this month, Halderman and others describe in detail how their system would resist attacks by censors.

"We've gotten a lot of comment from people who don't understand the system, who are pointing out ways they believe the system could be defeated, but in almost every case, it's something we've thought about and addressed in the paper," he says, adding that the system was designed to adapt to increasingly sophisticated censorship methods.

"Censored users today have moderate success using normal proxy servers, but what we're seeing is that major countries involved in censorship are adapting quite quickly to that," Halderman says. "For example, China has gotten very effective in blocking Tor, and Iran has also made some quite sophisticated countermeasures against Tor."

Bruce Schneier, a cryptography expert and chief security technology officer at BT, calls Telex "well-thought-out and designed," but says the system would not work without widespread adoption by ISPs around the world.

"There are two ways to deploy this system: ask nicely, or make it a law [for ISPs to implement it]," Schneier says. "It would be great if the governments of the world backed this idea, because in general this sort of thing is why you don't see these technologies widely adopted. No one is willing to pay for them, and no one is going to support them otherwise."

The researchers are working to expand a test Telex network that they've been using for months to surf the Web, and even to watch YouTube videos. They note that the test system works with "acceptable stability and little noticeable performance degradation," and that it performed well in the face of some unexpected stress testing. A researcher accidentally misconfigured one of the Telex stations to act as an open Internet proxy; it wasn't long before the system was being used by outsiders hoping to hide their identities. (Technologyreview)

Read more »

Posted in: Communications

Helping Social Networkers Connect Even More

Facebook's new Messenger app for Android phones and iPhones is designed to let groups of people communicate with one another in real time no matter where they are. It's the first instance in which Facebook has split a core part of its social network from the main product—a move that reflects a shift in how people are using social-media tools.

Messenger lets groups of Facebook users communicate with one another in the moment even if they're using different communication technologies—for example, with one person using instant messaging, another text, and a third e-mail. Messenger taps into Facebook's vast supply of data about contacts and connections, including users' e-mail addresses, instant-message handles, and phone numbers.

Facebook already offers a feature called Groups, which lets people communicate over time about specific topics of interest, and one called Events, which lets them plan social occasions. But these aren't much good when groups want to communicate on the spur of the moment. "Until recently, you couldn't do it in real time," says Lucy Zhang, one of the engineers who built Messenger. Zhang is a cofounder of Beluga, a startup that created group-messaging tools and that was acquired by Facebook in March. Beluga's technology became the core of Messenger.

Of course, Facebook isn't the only company looking at adding real-time group interaction to its social repertoire. Google Hangouts, which lets up to 10 people video chat together in real time, has been a standout feature of Google's new social network, Google+. Earlier this year at South By Southwest Interactive, a conference known for its prescience about social media, the scene buzzed with talk of companies such as Hurricane Party, Fast Society, and GroupMe, all of which offer tools that help groups of people find each other, share photos, and communicate in real time, at parties and concerts, for example. Beluga would have been there too, except that Facebook had already bought it.

"Social-media tools got you to share yourself—they were all about you—but now people are starting to experiment with what happens when you focus on groups of people," says Matthew Rosenberg, a cofounder of Fast Society. The company has aimed its group-messaging application at younger people out on the town, and has made deals to promote group communication around media events such as showings of the comedy movie Bridesmaids.

Zhang and her team were given deep access to Facebook's platform in order to revamp Beluga's product and make it more powerful. Zhang says she was able to ask Facebook engineers to create the exact tools she needed. The team hooked Beluga up to Facebook's existing text-messaging architecture, as well as to Facebook Chat and e-mail. They designed Messenger's user interface to make it easy to reach people by name, without having to remember phone numbers, e-mail addresses, or other specifics. "What Beluga could never have achieved [on its own] is the integration with the Facebook network and infrastructure," Zhang says.

The team also had to address the social norms around different forms of communication. "We want to change communication so that you don't have to worry about how the other person is receiving the message," Zhang says. But she notes that people behave differently when using sending an instant message than they do when e-mailing or when text messaging, which costs money. Messenger shows the sender whether the recipient is available on a computer or a mobile device, to help users adjust their behavior and expectations.

"Trying to figure out the right way to build the technology has been the focus, but the question now is, What's going to come out of group messaging?" says Rosenberg. He hopes that group-messaging apps can help people enjoy social media without being distracted from the people they're with at the time. "We want to enhance the moment, not take away from it," Rosenberg says.

Now that big players such as Google and Facebook have introduced group-messaging products, startups will have to work harder to compete. Google and Facebook can afford to provide group-messaging services free, to cement users' loyalty and gain more data about how people behave. Startups, to keep their users, will have to provide better features.

GroupMe is hoping to extend its group-messaging tool to provide smart recommendations about how users might structure their social lives, according to cofounder Steve Martocci. Earlier this year, GroupMe acquired a company called Sensobi, which analyzes people's behavior on smart phones to track how well they're keeping up with contacts. GroupMe may eventually offer suggestions on whom to include in a group chat, or event, or point users to groups they have neglected for a while.

Facebook also plans to take its group-messaging capabilities further. Besides adapting Messenger to work globally (by navigating the intricacies of SMS in different countries), Zhang says, the "logical next step" is to make Facebook Groups and Events into real-time experiences.

Read more »

Posted in: Communications

Why Rioters Won't Be Protected by BlackBerry Messaging System

Those involved in the recent rioting and looting in Britain are unlikely to have their identities protected by the BlackBerry Messenger service (BBM), contrary to reports that such data is "untraceable."

While BBM does provide greater privacy than public social-media sites like Twitter and Facebook, British police are still likely to be able to use it to track down those coordinating and participating in the disorder that has taken place over the past four nights. BlackBerry's Canadian manufacturer, Research In Motion (RIM), has refused to answer questions, perhaps because releasing certain information about the degree to which it is cooperating with the authorities could be unlawful.

BlackBerry users can only exchange messages via BBM if they have exchanged their unique PIN codes, which they can do quickly via e-mail, social network, or scanning a QR barcode using a handset's camera. Using BBM is more like sending a text to multiple contacts than posting on a social network.

The network provider's server ceases to be involved once it determines for a user which contacts are logged on and has informed those contacts that the user is available. After that, communications occur directly between users' client software, although BBM messages are routed via RIM's servers.

Media reports have suggested that part of the rioters' and looters' attraction to BBM is its relative security compared to social media or text messaging. However, the widespread use of BBM by teenagers and young adults, including those involved in the violence, is more likely explained by its speed, convenience, and low cost. These attributes have made BlackBerry handsets popular among the age group of those involved in the trouble, accounting for 37 percent of the British teenage market, according to a report released by Ofcom, the independent regulator and competition authority, last week.

BlackBerry has resisted calls to suspend BBM, and some have speculated that the service provides users with a level of technical protection. "It's like text messaging with steroids," said Mike Butcher, a technology journalist and adviser to London mayor Boris Johnson, on the BBC's radio show Today. "You can send messages to hundreds of people, and once it's gone from your phone, it cannot be traced back to you."

In a statement, BlackBerry said it would cooperate with the authorities, but the company has refused to answer specific questions since then.

"We feel for those impacted by recent days' riots in London," said Patrick Spence, the company's managing director of global sales and regional marketing. "We have engaged with the authorities to assist in any way we can. As in all markets around the world where BlackBerry is available, we cooperate with local telecommunications operators, law enforcement, and regulatory officials."

Police can require RIM to hand over data under section 49 of the U.K.'s Regulatory of Investigatory Powers Act, allowing them to analyze the flow of messages and track down the specific BlackBerry handsets from which the inflammatory messages originated. Since individuals need a service plan to use BBM, the police can then trace users' identities via their network provider.

Cell-phone operators in Britain keep location data from handsets, as well as call and text records, for at least a year so that they can comply with RIPA requests from law enforcement agencies. Another less-well-known provision, section 54 of the same act, prevents those responding to RIPA requests from revealing that they are doing so.

So BlackBerry's refusal to answer specific questions, which has led to reports suggesting that messages cannot be traced and that techno-savvy teenagers had outwitted the police by using BBM, is more likely evidence that the company is cooperating.

While RIM has not disclosed whether its U.K. servers archive messages, most industry experts and lawyers believe that they do this to comply with RIPA, and that the police are already sifting through the data to help them identify and track down those involved in the recent violence. (Technologyreview)

Read more »

Posted in: Communications

Why Bing "Likes" Facebook

A massive upgrade to Microsoft's Bing search engine—or "decision engine," as the company calls it—includes a number of new features, including two with the potential to take Internet search to the next level.

For many types of searches, Bing now behaves less like a traditional page-of-results search engine and more like an interactive app that lets you manipulate aspects of your search on the fly. Bing now also incorporates a "social search" feature that looks through recommendations made by your Facebook friends to deliver more refined, personalized results.

"It used to be that with search, we tried to create the equivalent of a library card catalog for the Web," says Stefan Weitz, Bing's director at Microsoft. "That was what we could do with the technology. Now, it's more like walking up to a librarian and saying, 'I'm thinking of taking a trip to the Bahamas in January. What resources should I use to plan it?'"

In fact, Bing now responds to travel-related searches by generating a Web-based application for finding and booking flights and lodging, rather than simply returning a list of relevant Web pages. Type "San Juan Puerto Rico" into Bing and it will present an in-page widget that lets you book a flight from what Bing deduces is the airport nearest you. Bing will also present the price of the lowest round-trip fare as a large, friendly link, and will warn you with an up arrow if "fares are rising." Other categories of search that produce a more interactive experience include those relating to music, clothes shopping, and consumer electronics.

Overall, Weitz says, the goal is to move away from what some search developers now derisively call "ten blue links" in order to help users reach their goal that began with a search—for instance, to book a flight without worrying about missing a better deal available somewhere on one of many travel sites.

What is probably Bing's bigger upgrade is the new social search feature, which uses data from your Facebook social circle to provide personalized search results. Thanks to a deal with Facebook, Bing automatically recognizes your Facebook account (assuming you've logged in recently) and searches through content that your Facebook friends have recommended by clicking the "Like" button found on many Web sites.

Microsoft's alliance with Facebook could give it a key advantage over Google in the race to provide a better search experience. Google has also sought to improve its results by tapping information from users' social sphere, but its own social networking services have not been adopted anywhere near as widely as Facebook, so the information to which Google has access is relatively limited. In contrast, Facebook provides Bing with an ever-growing data mine of friends' links. This is important because while Bing has rapidly grown to second place behind Google in the search market, the market analytics company Hitwise reports that Google's market share is holding fast at about 70 percent of Internet searches. Instead of stealing traffic from Google, Bing has pushed other search providers off the playing field. Hitwise's latest report claims that all other services now add up to less than five percent of the search market.

Bing "has the potential to make every search results page personal and distinct," says Search Engine Land contributing editor Greg Sterling. "Ironically, Google's PageRank [the algorithm that enabled Google to provide much better search results when it launched in 1998] was social and used link authority [the number of in-bound links a page has]—a kind of social consensus—to determine the order of results."

Sterling says that links no longer carry the same social weight. Nowadays they're often generated by software, in order to improve a page's search ranking. And search-engine optimization experts try various tricks to push a page up Google's ranking. The same goes for Bing's standard search results. (Search Engine Land has an exhaustive list of all new Bing features announced last week.)

When Google debuted in 1998, its PageRank-scored results were the best way to find the most relevant Web pages for a given search term. Other algorithms—which relied on keywords—were easily fooled by pages containing lots of keywords. But search-engine optimization, or SEO, is now, by many estimates, a billion-dollar industry. It devotes massive resources to cross-linking hundreds of sites that purport to recommend particular pages. Some marketers also buy links from popular sites, undermining Google's attempt to rank pages honestly.

Weitz likes to use the example of restaurant reviews to illustrate social search. If you're looking for a Thai restaurant in San Francisco, for example, you may be more likely to enjoy those already approved by your Facebook friends than to visit those that have the highest Google ranks. But social search doesn't work for everything. If you want to research, say, medication prescribed by your doctor, you're unlikely to find many Facebook likes for the best choices. Nor will friends' likes help students much with their homework. But for specific categories of searches, especially consumer purchase decisions, Weitz says friends' likes have substantial weight. "It's much harder to game 'Likes,'" Sterling says. "Thus they could carry greater trust."

Beyond beating link spam, your friends' preferences and recommendations may also provide a better guide to what you, as an individual, really want to find. If, for example, you're shopping for a new pair of shoes, the most valuable search results may not be the most linked-to pages on the Internet but, rather, what your best friends want to be seen wearing. (Technologyreview)

Read more »

Posted in: Communications

Researchers Hack Mobile Data Communications

Researchers plan to show today how to break the encryption that protects information sent over the General Packet Radio Service (GPRS), a standard commonly used to send data to and from mobile devices, and from other devices such as smart meters. This breach makes it possible to listen in on data communications such as e-mail, instant messages, and Web browsing on smart phones, as well as updates from automated industrial systems.

The researchers, who will make their announcement at the Chaos Communication Camp, a hacker event taking place near Berlin, Germany, previously cracked the Global System for Mobile Communications (GSM), which is used to carry calls among 80 percent of the world's mobile phones. GPRS is an older technology that often supplements GSM, for example when faster 3G connections are unavailable. Smart phones, including the iPhone, use GPRS when operating on Edge networks (when the network connection says "E" rather than "3G"). Phones that don't support 3G use GPRS all the time. Both GSM and GPRS are used worldwide, though in the United States some major carriers, including Verizon and Sprint, use a competing standard.

Phones might be the most familiar devices affected by the research, says Karsten Nohl, founder of Security Research Labs, a Berlin-based research consultancy that conducted the work. But the standard is also used in some cars, automated industrial systems, and electronic tollbooths. "It carries a lot of sensitive data," Nohl says.

Security researchers haven't looked at the GPRS standard much in the past, Nohl says, but since more and more devices are using GPRS, he believes the risk posed by poor security is growing.

Nohl's group found a number of problems with GPRS. First, he says, lax authentication rules could allow an attacker to set up a fake cellular base station and eavesdrop on information transmitted by users passing by. In some countries, they found that GPRS communications weren't encrypted at all. When they were encrypted, Nohl adds, the ciphers were often weak and could be either broken or decoded with relatively short keys that were easy to guess.

The group generated an optimized set of codes that an attacker could quickly use to find the key protecting a given communication. The attack the researchers designed against GPRS costs about 10 euros for radio equipment, Nohl says.

GPRS has not suffered very many security problems in the past, says Jukka Nurminen, a professor of data communications at Aalto University in Finland who spent 25 years at the Nokia Research Center. If the researchers have truly achieved what they claim, Nurminen says, many mobile communications could be much less secure. Depending on mobile operator and subscription plan, some devices maintain a GPRS connection at all times, particularly those whose users access e-mail and instant message applications from their phones.

However, Nurminen adds, it might be possible to mitigate the risk by encrypting communications when they are sent, using common e-mail and Web-browsing tools. He notes that GPRS security is also affected by regulations in different countries, and that some laws undermine security by requiring governments to be able to break into communications if necessary.

The GSM Association, a London-based organization representing mobile operators, handset makers, and other industry interests, regulates GPRS as well as GSM. The organization says it is reviewing Nohl's research but has not yet learned enough to comment.

Nohl says companies will be negligent if they ignore the risks. He suggests that mobile applications take steps now to use encryption such as SSL, which already protects much of the sensitive information sent over the Internet. Nohl hopes that cellular network companies will require better authentication among devices and base stations communicating over GPRS. He also believes the ciphers used by the standard should be upgraded. (Technologyreview)

Read more »

Posted in: Communications