Many hard drives commonly used in laptop computers can withstand operational shock, it is common to go jogging while editing, and sometimes shoot momentary video while on horseback or riding a mountain bike down the center of a line bumping over every railway tie, and capturing the experience on a hard drive. It is possible to carry enormous amount of hard drive space on your body. Prof Martin has 36GB hard drive installed in his wear. One of his waist bag systems contains 2GB of hard drive space and 512MB of RAM.
WEARABLE COMPUTER: SMART CLOTHING
Abstract — Wearable computers are computers that are worn on the body. This type of wearable technology has been used in behavioral modeling, health monitoring systems, and information technologies and media development. Wearable computers are especially useful for applications that require computational support while the user's hands, voice, eyes, arms or attention are actively engaged with the physical environment. They also do not have the situational awareness that they should have: while they are not being explicitly used, they are unable to remain attentive to possible ways to help the user. Environmental technology in the form of ubiquitous computing, ubiquitous surveillance, and smart spaces, has attempted to bring multimedia computing seamlessly into our daily lives, promising a future world with cameras and microphones everywhere, connected to invisible computing, always attentive to our every movement or conversation. This raises some serious privacy issues. Even if we ignore these issues, there is still a problem of user-control, customization, and reliance on an infrastructure that will not become totally ubiquitous. In response to these problems, a personal, wearable, multimedia computer, with head-mounted camera(s)/display, sensors, etc. is proposed for use in day-to-day living within the surrounding social fabric of the individual. Examples of practical uses include: face identification, way-finding via sequences of freeze-frames, shared visual memory/environment maps, and other personal note-taking together with visual images. Anecdotal personal experiences are reported, and privacy issues are addressed, with a discussion of how personal `smart clothing' has counteracted or at least reached a healthy balance with environmental surveillance.
A Sophisticated Boot Sector Virus
With the basics of boot sectors behind us, let’s explore a
sophisticated boot sector virus that will overcome the rather glaring
limitations of the KILROY virus. Specifically, let’s look at a virus
which will carefully hide itself on both floppy disks and hard disks,
and will infect new disks very efficiently, rather than just at boot
time.
Such a virus will require more than one sector of code, so
we will be faced with hiding multiple sectors on disk and loading
them at boot time. To do this in such a way that no other data on a
disk is destroyed, while keeping those sectors of virus code well
hidden, will require some little known tricks. Additionally, if the
virus is to infect other disks after boot-up, it must leave at least a
portion of itself memory-resident. The mechanism for making the
virus memory resident cannot take advantage of the DOS Keep
function (Function 31H) like typical TSR programs. The virus must
go resident before DOS is even loaded, and it must fool DOS so
DOS doesn’t just write over the virus code when it does get loaded.
sophisticated boot sector virus that will overcome the rather glaring
limitations of the KILROY virus. Specifically, let’s look at a virus
which will carefully hide itself on both floppy disks and hard disks,
and will infect new disks very efficiently, rather than just at boot
time.
Such a virus will require more than one sector of code, so
we will be faced with hiding multiple sectors on disk and loading
them at boot time. To do this in such a way that no other data on a
disk is destroyed, while keeping those sectors of virus code well
hidden, will require some little known tricks. Additionally, if the
virus is to infect other disks after boot-up, it must leave at least a
portion of itself memory-resident. The mechanism for making the
virus memory resident cannot take advantage of the DOS Keep
function (Function 31H) like typical TSR programs. The virus must
go resident before DOS is even loaded, and it must fool DOS so
DOS doesn’t just write over the virus code when it does get loaded.
The Search and Copy Mechanism
Ok, let’s breathe some life into this boot sector. Doing that
is easy because the boot sector is such a simple animal. Since code
size is a primary concern, the search and copy routines are combined
in KILROY to save space.
First, the copy mechanism must determine where it came
from. The third to the last byte in the boot sector will be set up by
the virus with that information. If the boot sector came from drive
A, that byte will be zero; if it came from drive C, that byte will be
80H. It cannot come from any other drive since a PC boots only
from drive A or C.
Once KILROY knows where it is located, it can decide
where to look for other boot sectors to infect. Namely, if it is from
drive A, it can look for drive C (the hard disk) and infect it. If there
is no drive C, it can look for a second floppy drive, B:, to infect.
(There is never any point in trying to infect A. If the drive door on
A: were closed, so it could be infected, then the BIOS would have
loaded the boot sector from there instead of C:, so drive A would
already be infected.)
One complication in infecting a hard drive is that the virus
cannot tell where the DOS boot sector is located without loading
the partition boot sector (at Track 0, Head 0, Sector 1) and reading
the information in it. There is not room to do that in such a simplevirus, so we just guess instead. We guess that the DOS boot sector
is located at Track 0, Head 1, Sector 1, which will normally be the
first sector in the first partition. We can check the last two bytes in
that sector to make sure they are 55H AAH. If they are, chances are
good that we have found the DOS boot sector. In the relatively rare
cases when those bytes belong to some other boot sector, for a
different operating system, tough luck. The virus will crash the disk.
If the ID bytes 55H AAH are not found in an infection attempt, the
virus will be polite and forget about trying to infect the hard drive.
It will go for the second floppy instead.
is easy because the boot sector is such a simple animal. Since code
size is a primary concern, the search and copy routines are combined
in KILROY to save space.
First, the copy mechanism must determine where it came
from. The third to the last byte in the boot sector will be set up by
the virus with that information. If the boot sector came from drive
A, that byte will be zero; if it came from drive C, that byte will be
80H. It cannot come from any other drive since a PC boots only
from drive A or C.
Once KILROY knows where it is located, it can decide
where to look for other boot sectors to infect. Namely, if it is from
drive A, it can look for drive C (the hard disk) and infect it. If there
is no drive C, it can look for a second floppy drive, B:, to infect.
(There is never any point in trying to infect A. If the drive door on
A: were closed, so it could be infected, then the BIOS would have
loaded the boot sector from there instead of C:, so drive A would
already be infected.)
One complication in infecting a hard drive is that the virus
cannot tell where the DOS boot sector is located without loading
the partition boot sector (at Track 0, Head 0, Sector 1) and reading
the information in it. There is not room to do that in such a simplevirus, so we just guess instead. We guess that the DOS boot sector
is located at Track 0, Head 1, Sector 1, which will normally be the
first sector in the first partition. We can check the last two bytes in
that sector to make sure they are 55H AAH. If they are, chances are
good that we have found the DOS boot sector. In the relatively rare
cases when those bytes belong to some other boot sector, for a
different operating system, tough luck. The virus will crash the disk.
If the ID bytes 55H AAH are not found in an infection attempt, the
virus will be polite and forget about trying to infect the hard drive.
It will go for the second floppy instead.
Infecting an EXE File
A virus that is going to infect an EXE file will have to
modify the EXE Header and the Relocation Pointer Table, as well
as adding its own code to the Load Module. This can be done in a
whole variety of ways, some of which require more work than
others. The INTRUDER virus will attach itself to the end of an EXE
program and gain control when the program first starts.
INTRUDER will have its very own code, data and stack
segments. A universal EXE virus cannot make any assumptions
about how those segments are set up by the host program. It would
crash as soon as it finds a program where those assumptions are
violated. For example, if one were to use whatever stack the host
program was initialized with, the stack could end up right in the
middle of the virus code with the right host. (That memory would
have been free space before the virus had infected the program.) As
soon as the virus started making calls or pushing data onto the stack,
it would corrupt its own code and self-destruct.
To set up segments for the virus, new initial segment values
for cs and ss must be placed in the EXE file header. Also, the old
initial segments must be stored somewhere in the virus, so it can
pass control back to the host program when it is finished executing.
We will have to put two pointers to these segment references in the
relocation pointer table, since they are relocatable references inside
the virus code segment.
Adding pointers to the relocation pointer table brings up
an important question. To add pointers to the relocation pointer
table, it may sometimes be necessary to expand that table’s size.
Since the EXE Header must be a multiple of 16 bytes in size,
relocation pointers are allocated in blocks of four four byte pointers.
Thus, if we can keep the number of segment references down to
two, it will be necessary to expand the header only every other time.
On the other hand, the virus may choose not to infect the file, rather
than expanding the header. There are pros and cons for both
possibilities. On the one hand, a load module can be hundreds of
kilobytes long, and moving it is a time consuming chore that can
make it very obvious that something is going on that shouldn’t be.
On the other hand, if the virus chooses not to move the load module,
then roughly half of all EXE files will be naturally immune to
infection. The INTRUDER virus will take the quiet and cautious
approach that does not infect every EXE. You might want to try the
other approach as an exercise, and move the load module only when
necessary, and only for relatively small files (pick a maximum size).
modify the EXE Header and the Relocation Pointer Table, as well
as adding its own code to the Load Module. This can be done in a
whole variety of ways, some of which require more work than
others. The INTRUDER virus will attach itself to the end of an EXE
program and gain control when the program first starts.
INTRUDER will have its very own code, data and stack
segments. A universal EXE virus cannot make any assumptions
about how those segments are set up by the host program. It would
crash as soon as it finds a program where those assumptions are
violated. For example, if one were to use whatever stack the host
program was initialized with, the stack could end up right in the
middle of the virus code with the right host. (That memory would
have been free space before the virus had infected the program.) As
soon as the virus started making calls or pushing data onto the stack,
it would corrupt its own code and self-destruct.
To set up segments for the virus, new initial segment values
for cs and ss must be placed in the EXE file header. Also, the old
initial segments must be stored somewhere in the virus, so it can
pass control back to the host program when it is finished executing.
We will have to put two pointers to these segment references in the
relocation pointer table, since they are relocatable references inside
the virus code segment.
Adding pointers to the relocation pointer table brings up
an important question. To add pointers to the relocation pointer
table, it may sometimes be necessary to expand that table’s size.
Since the EXE Header must be a multiple of 16 bytes in size,
relocation pointers are allocated in blocks of four four byte pointers.
Thus, if we can keep the number of segment references down to
two, it will be necessary to expand the header only every other time.
On the other hand, the virus may choose not to infect the file, rather
than expanding the header. There are pros and cons for both
possibilities. On the one hand, a load module can be hundreds of
kilobytes long, and moving it is a time consuming chore that can
make it very obvious that something is going on that shouldn’t be.
On the other hand, if the virus chooses not to move the load module,
then roughly half of all EXE files will be naturally immune to
infection. The INTRUDER virus will take the quiet and cautious
approach that does not infect every EXE. You might want to try the
other approach as an exercise, and move the load module only when
necessary, and only for relatively small files (pick a maximum size).
An Outline for a Virus
In order for a virus to reside in a COM file, it must get
control passed to its code at some point during the execution of the
program. It is conceivable that a virus could examine a COM file
and determine how it might wrest control from the program at any
point during its execution. Such an analysis would be very difficult,
though, for the general case, and the resulting virus would be
anything but simple. By far the easiest point to take control is right
at the very beginning, when DOS jumps to the start of the program.
control passed to its code at some point during the execution of the
program. It is conceivable that a virus could examine a COM file
and determine how it might wrest control from the program at any
point during its execution. Such an analysis would be very difficult,
though, for the general case, and the resulting virus would be
anything but simple. By far the easiest point to take control is right
at the very beginning, when DOS jumps to the start of the program.
JAPANESE SIGNALING CONVENTIONS
Although the spoken Japanese and Chinese languages differ, they share a common written language. Written Japanese, which originated in the ninth century, was derived from Chinese and uses ideographs. The written language was simplified by introducing the kana phonetic system, containing 48 basic syllables. Of the two kana versions developed, hirigana and katagana, the latter was favored for telegraphic communications due to the ease of reproducing its kana symbols.
In order to write Japanese using the Roman alphabet A,B,. . .,Z, each kana symbol is assigned a Roman letter counterpart Romaji. The Hepburn Romaji system used by Japan during World War II still remains in use today. The Hepburn-frequencies {f(t)} of the letters A,B, . . .,Z derived from a sample of Romanized Japanese is given in Table 7.1. The sample’s index of coincidence s2
P25
t¼0 f 2(t) ¼ 0:0819 is much larger than the value s2 0.06875 for English. The letters L, Q, and X do not occur in the Romanized Japanese text.
A new cipher machine was introduced by the Japanese Foreign Office in 1930. Designated RED by the United States, Angooki Taipu A would soon be followed by other colors of the rainbow – PURPLE, CORAL, and JADE. The diagnosis and cryptanalysis of RED by the Army Signal Intelligence Service started in 1935 and was completed in one year.
RED was replaced in 1940 by Angooki Taipu B, designated PURPLE; its cryptanalysis was completed just before the bombing of Pearl Harbor. Intelligence gleaned from PURPLE traffic gave the United States a decisive edge in World War II.
In order to write Japanese using the Roman alphabet A,B,. . .,Z, each kana symbol is assigned a Roman letter counterpart Romaji. The Hepburn Romaji system used by Japan during World War II still remains in use today. The Hepburn-frequencies {f(t)} of the letters A,B, . . .,Z derived from a sample of Romanized Japanese is given in Table 7.1. The sample’s index of coincidence s2
P25
t¼0 f 2(t) ¼ 0:0819 is much larger than the value s2 0.06875 for English. The letters L, Q, and X do not occur in the Romanized Japanese text.
A new cipher machine was introduced by the Japanese Foreign Office in 1930. Designated RED by the United States, Angooki Taipu A would soon be followed by other colors of the rainbow – PURPLE, CORAL, and JADE. The diagnosis and cryptanalysis of RED by the Army Signal Intelligence Service started in 1935 and was completed in one year.
RED was replaced in 1940 by Angooki Taipu B, designated PURPLE; its cryptanalysis was completed just before the bombing of Pearl Harbor. Intelligence gleaned from PURPLE traffic gave the United States a decisive edge in World War II.
CRYPTOGRAPHIC SYSTEMS
When a pair of users encipher the data they exchange over a network, the cryptographic transformation they use must be specific to the users. A cryptographic system is a family
T ¼fTk: k [ K} of cryptographic transformations. A key k is an identifier specifying a transformation Tk in the family T . The key space K is the totality of all key values. In some way the sender and receiver agree on a particular k and encipher their data with the enciphering transformation Tk.
Encipherment originally involved pen-and-pencil calculations. Mechanical devices
were introduced to speed up encipherment in the eighteenth century, and they in turn were replaced by electromechanical devices a century later. Encipherment today is often implemented in software ; Tk is an algorithm whose input consists of plaintext x and key k and with ciphertext y as output.
T ¼fTk: k [ K} of cryptographic transformations. A key k is an identifier specifying a transformation Tk in the family T . The key space K is the totality of all key values. In some way the sender and receiver agree on a particular k and encipher their data with the enciphering transformation Tk.
Encipherment originally involved pen-and-pencil calculations. Mechanical devices
were introduced to speed up encipherment in the eighteenth century, and they in turn were replaced by electromechanical devices a century later. Encipherment today is often implemented in software ; Tk is an algorithm whose input consists of plaintext x and key k and with ciphertext y as output.
Subscribe to:
Posts (Atom)