You Tell Us 2006

Write to us atspectrum@ieee.org.

Cisco and Yahoo's Plan To Damn Spam

PHOTO: CHRISTOPHER HARTING

Back in the 1970s, when e-mail was invented, it seemed everyone online knew everyone else. You could almost count the number of servers on two hands, so trust came to be built into the very guts of the Internet. At the time this openness was very handy, but today it's become one of the biggest problems for the network and its millions of computers. Two consequences: spammers inundate us with so many bogus missives that we end up overlooking or losing important messages daily, and customers are suspicious of e-mail from major companies and brands like PayPal, CitiBank, and Rolex.

If e-mail servers could check to see if an e-mail message really originated with the enterprise in the "From" line, a great deal of spam could be identified and eliminated. A number of schemes have been proposed; the one that's emerging from the pack is called DKIM. The "DK" stands for DomainKeys, which Yahoo Inc., of Sunnyvale, Calif., offered to others and started to use with its own e-mail accounts in 2003. The "IM" stands for Identified Mail, which comes from Internet Identified Mail, a method that San Jose, Calif.–based Cisco Systems Inc. proposed in 2004. The two differed in some details, but each used public-key cryptography to allow a receiving mail server to verify that a message was actually sent from the domain named in the message's "From" line. In June 2005, the two companies released a unified approach and a month later submitted it to the Internet Engineering Task Force, a volunteer-based organization that manages most Internet specifications. Approval is expected but could take up to a year.

Companies that issue millions of e-mail accounts, such as AOL, Comcast, Google, and Verizon, can easily take on the servers and software needed to implement DKIM. Smaller Internet service providers and corporations, though, will have a tougher time justifying that expense. One further complication with DKIM involves alias addresses, such as the ones IEEE members can get that end in "ieee.org." DKIM has a way for these users still to use their alias addresses in the "From" line, but they must add new software to their desktops.

An alternative antispam scheme, called Sender ID, also combines two earlier approaches. One was by Microsoft Corp. The other, called Sender Policy Framework, or SPF, was written by Meng Weng Wong, creator of the Pobox.com e-mail service, from IC Group Inc., in Philadelphia. Though several large firms have implemented Sender ID, support for it seems to be fading [see "Microsoft to Spammers: Go Phish," in this issue]. Even Sender ID's adherents acknowledge the value of the Cisco/Yahoo approach. Wong, who believes the two approaches can coexist, told IEEE Spectrum, "DKIM is super. I look forward to it succeeding." Google is already using both methods for its Gmail service.

So will spam disappear? Hardly. For one thing, much of it comes from so-called zombie machines--naive computers on the Internet that act as unknowing conduits for sophisticated spammers who know how to use them as mail servers. DKIM may, however, make a large dent in the related problem of "phishing"--messages that lure a user into logging onto a counterfeit server that seems to be a bank or other firm that the user does business with. If institutions such as PayPal Inc. and CitiBank Group implement DKIM, and our Internet providers do as well, perhaps people can once again trust messages that purport to be from them.

More information at http://newsroom.cisco.com/dlls/2005/prod_060105d.html.

--Steven Cherry

Information Technology for European Advancement

PHOTO: CUT AND DEAL/INDEXOPEN & RIM

The Information Technology FOR European Advancement program was formed in 1999 to help European companies compete with U.S. firms in the software realm. So what is Europe getting for the hundreds of millions of euros pouring into the program?

We posed that question to more than a dozen R&D funding experts. Few had even heard of ITEA, let alone had any opinion about its success.

When the current ITEA program ends in 2008, 1.2 billion (about US $1.4 billion) and 9500 person-years of R&D will have been invested in 85 projects, involving more than 450 partners from large and small companies, government research centers, and academia, in 23 countries. Funding levels differ from country to country, but in general, local governments provide 35 percent to 40 percent, with the rest coming from Alcatel, Barco, Bosch, Bull, DaimlerChrysler, Italtel, Nokia, Philips, Siemens, Thales, Thomson, and other companies.

The second incarnation of the program, ITEA 2, which will issue a call for projects that are slated to begin next year, probably will cost 3 billion over eight years. The program aims to fund projects that focus on precompetitive applied research into software to help applications inside a cellphone, PDA, or automobile operate with each other. If successful, such software could give key European industries that make such products a leg up on their international rivals.

It remains to be seen how Europeans will gauge whether ITEA is successful, given that there is no funding for research to assess the return on investment, according to Ed Steinmueller, Science and Technology Policy Research Professorial Fellow at the University of Sussex, in Brighton, England.

He thinks that ITEA managers might not be able to distinguish between projects that explore truly novel technologies and those that could result in merely incremental improvements. But Steinmueller says that this is just speculation on his part. "It is not possible to provide reliable or defensible evidence for such a conclusion without systematic program-level assessment." He adds that the United States and Japan have similar difficulties in assessing the return on investment of R&D funds.

Most ITEA projects have Web sites, but many of them are devoid of useful information. For instance, about all we learn from the AMEC (Ambient Ecologies) site, http://www.amecproject.com, is that the project defines the architectural framework and develops the methodologies, tools, and design methods "for people involvement, which will facilitate a user-centred evolution to this new Ambient Intelligent environment."

Other projects, such as ObjectWeb http://www.objectweb.org, an open-source software community that is developing middleware--software that sits between operating systems and applications and helps the nodes communicate efficiently--have active Web sites and are clearly thriving well beyond the termination of ITEA funding.

More information at http://www.itea-office.org. Also check out a Philips Research–sponsored list of links to European R&D projects at http://www.hitech-projects.com/euprojects.

--Harry Goldstein

The 8-hour Laptop

PHOTO: PETER BEAVIS/GETTY IMAGES

A laptop PC that runs on a single battery charge throughout a long flight would seem to be good news for road warriors, and the prize might soon be at hand. Matsushita Electric Industrial Co. and Intel Corp. announced in August that they would join together to create one.

Matsushita, of Osaka, Japan, is leveraging its technology for lithium-ion batteries, which are not only capacious but fast on the draw, going from dead to three-quarters charged in a minute or so. Intel, of Santa Clara, Calif., plans to add electronic tricks akin to those in its Centrino mobile technology to make more economical use of battery output. It has reported running a PC on a Matsushita Panasonic battery for up to 12 hours in the lab, although right now the two companies are shooting for just 8 hours on the road.

To every silver lining there is a black cloud. "If they want to run all day, they'll probably take away things--the infrared port, the CD-ROM," says IEEE Fellow Nick Tredennick, the editor of Gilder Technology Report. "Also, it's not clear there's a market for an all-day laptop now that everybody's moving to PDAs."

And, of course, the guys who get to fly the farthest nonstop are precisely the ones who rate a first-class seat with an electric outlet. And for them, a PDA may be more than enough: they never type anything longer than what they can manage with their thumbs.

More information at http://intel-news.notlong.com.

--Philip E. Ross

Fingerprint ID for Wireless Keys

PHOTO: PRIVARIS

The typical fingerprint ID unit is either affixed to the thing it guards--such as an entryway or a computer--or draws its power and communications link through a USB port. But Fairfax, Va., start-up Privaris Inc. wants to move the fingerprint guardian away from the gate and put it into your pocket. The ID unit consists of a small fingerprint scanner placed in a battery-powered device that fits like a fob on a key chain. Best of all, it can communicate wirelessly with either RFID readers or Bluetooth radios.

A typical use for the Privaris device is as an RFID key to control access to a building. You put your finger onto the fob's sensor, and software determines whether it really is your finger. If the sensor recognizes your finger, an LED lights and the device emits its "Open Sesame" signal. Place the fob within a few centimeters of the RFID reader and the door will unlock. The advantage of the biometric sensor in this scenario, in case you missed it, is that someone who steals your key still can't get into the building. The advantages of putting the sensor in a wireless device are its convenience and its compatibility with existing RFID readers.

Privaris's innovation is not in the sensor itself, which is made by a leading fingerprint sensor company, AuthenTec Inc., of Melbourne, Fla. Instead the smarts lie in fitting all the processing power needed to interpret the fingerprint sensor's data into something the size of a key-chain fob, according to Michael M. Kohnoski, Privaris's chief operating officer.

Privaris has also thought through a number of potential vulnerabilities. Because all the fingerprint recognition happens inside the device itself, no data describing your fingerprint, which would be a nice prize for an identity thief, will ever be transmitted through the air or over a network. Sniffing the wireless signal won't get a thief anywhere either, because the Bluetooth signal is encrypted, and the RFID signal has such a short range that a person would have to be indecently close to pick it up. A thief also can't steal a Privaris fob and reprogram it, because the fob can be reprogrammed only by the machine that originally set it up, Kohnoski explains. And that would be safely behind the door the thief is trying to breach.

Fingerprint recognition systems can err in two ways. There are false positives, as in: "I'm not Joe, but thanks for letting me into his office," and false negatives, as in: "I'm Joe. Why won't you let me in my office?!"

The rate of false positives for the Privaris unit can be set from 1 in 1000 to 1 in 100 000, depending on the application or your level of paranoia. But increasing security comes at the cost of a slightly longer delay between when you put your finger on the sensor and when the device recognizes you--going from less than a second to about 1.5 seconds.

It's the false negatives that bother the average user, because they can cause long queues at entryways as people repeatedly try and fail to get ID systems to recognize them. Privaris doesn't track false negatives but says they shouldn't happen if there was a good "enrollment," when the separate set-up machine read your fingerprint scan and downloaded the data into your wireless device.

More information at http://www.privaris.com.

--Samuel K. Moore

Broadband Over Power Lines

PHOTO: PETE MCARTHUR

Delivering Internet service over power lines is an idea so simple you have to wonder why it has taken so long to develop. The consumer gets access to a new broadband vendor and has the house wired for data with no additional effort.

Many companies, particularly in Europe, have been taking the idea for a test drive, and now it has arrived in the United States. In July, IBM Corp. and CenterPoint Energy, of Houston, announced a pilot broadband-over-power-line (BPL) project in a Houston neighborhood. Interestingly, CenterPoint emphasized that it cared as much for BPL's potential for monitoring and controlling its own power networks as for any extra revenue it might get by providing Internet service. Such command and control have been particularly valued since the power outages in the Northeastern United States and Canada in 2003.

Also testing the waters are Google, which has invested in the technology, and Intel, Cisco, and others, which have joined in writing standards. At least one pilot project, sponsored in Pittsburgh by Duquesne Light Co., goes only halfway to the customer: its lines take the signal to a wireless transmitter in the neighborhood.

What's not to like? Well, there's the entrenched competition of DSL and cable; the cost of infrastructure, much of it exposed to the elements on telephone-pole perches; and the political opposition of police departments and amateur radio operators. Such opponents say they fear BPL will broadcast into their own bands, drowning them out.

More information at http://www.ibm-news.notlong.com.

--Philip E. Ross

Silicon Photonics

Moore's Law may shrink the distance that electrons travel between transistors, but it does little to speed their journey between chips. That bottleneck may well be broken by Luxtera Inc., a company in Carlsbad, Calif., formed by California Institute of Technology researchers who found a way to get signals in and out of chips on the backs of light waves.

Luxtera, whose name is meant to evoke the Latin words for "light" and "earth," controls costs by working in bulk silicon, using the CMOS technology into which most of the industry's capital is sunk. It has sculpted a laser, waveguide, and modulator into a tightly coupled silicon package that can be hooked up without any neurosurgical skill at all. You just snap a fiber-optic bundle into a jack.

Luxtera claims that its chip handles 10 gigabits per second and that faster speeds are in the offing. If so, broadband could become as cheap as dirt, and you'd be able to download feature-length movies in minutes.

Why, then, didn't this marvel make our winner list? Because Luxtera's got a tough competitor, Intel Corp., hot on its heels. And it remains to be seen who will come out on top.

More information at http://www.luxtera.com.

--Philip E. Ross

A Desktop Supercomputer

PHOTO: CLEARSPEED

The supercomputer industry is hotter than ever--and that's hot in the literal sense. Most high-powered systems today have hundreds or thousands of processors that drain lots of energy and dissipate enormous heat. How do you expand your machine if the computer room is full and the electric bill is going through the roof?

English chip-design firm ClearSpeed Technology PLC, in Bristol, may have a solution. It created a special coprocessor that can significantly improve a computer's number-crunching capability. The company put two of the coprocessors on a circuit board that fits the PCI-X slot available in many PCs and servers. The board sustains 50 billion floating-point operations per second (50 gigaflops) while dissipating only 25 watts. By comparison, a conventional Intel Xeon processor can sustain about a tenth of that--5 or 6 gigaflops--while generating nearly 100 watts.

What's more, you can install many ClearSpeed boards in a single computer. "Say you add four boards--that gives you 200 gigaflops," says Simon McIntosh-Smith, the company's director of architecture and applications. "Typically, you'd need a big rack of servers, and now you can have that performance on your desktop."

Some programs, like the popular Matlab and Mathematica, readily work with the ClearSpeed boards, but other applications may need to be adapted--and the tweaks may be costly and time-consuming.

ClearSpeed doesn't discuss the board's price tag, saying only that the cost will be between US $1000 and $10 000. Its technology has captured the interest of big names like IBM, Intel, AMD, and Sun, but when the boards become available early this year, will they sell?

More information at http://www.clearspeed.com.

--Erico Guizzo