If you have ever wondered how security guards can possibly keep an unfailingly vigilant watch on every single one of dozens of television monitors, each depicting a different scene, the answer seems to be (as you suspected): they can't.

Instead, they can now rely on computers to constantly analyze the patterns, sizes, speeds, angles and motion picked up by the camera and determine -- based on how they have been programmed -- whether this constitutes a possible threat. In which case, the computer alerts the security guard whose own eyes may have been momentarily diverted. Or shut.

An alarm can be raised, for instance, if the computer discerns a vehicle that has been standing still for too long (say, a van in the drop-off lane of an airport terminal) or a person who is loitering while everyone else is in motion. By the same token, it will spot the individual who is moving rapidly while everyone else is shuffling along. It can spot a package that has been left behind and identify which figure in the crowd abandoned it. Or pinpoint the individual who is moving the wrong way down a one-way corridor.

Because one person's "abnormal situation" is another person's "hot dog vendor attracting a small crowd," the computers can be programmed to discern between times of the day and days of the week.

Certainly interesting.

ATC is an excellent working example of complex event processing.   Radar and GPS provide the basic sensory information to accurately track and trace the position of each aircraft in the area of responsibility (AOR) of a particular control tower/zone.     Naturally,  sensory information is preprocessed and formatted in such a way that the data can be processed upstream by multiple real-time applications.

Before we look at complex ATC scenarios, such as “potential collision” or “aircraft off approach vector” we must trace and trace individual objects, aircraft-objects, accurately with very high confidence.    In addition to tracking aircraft-objects, there is a database of information about the aircraft (ideally), such as make, model, age, range, passengers and other properties about the aircraft-object.      In addition, there is a state-model for each aircraft, for example the aircraft might be “on the ground”, “approaching the runway”, “cleared for takeoff”, “cruising altitude”, “approaching runway”, “final decent” etc.  

Tracking and tracing individual aircraft is what is generally referred to as “object refinement” in our CEP/EP reference architecture.   The reason we call this function “object refinement” is that system engineers are focused on optimizing the situational knowledge about individual objects.     Sometimes we refer to this function as “track and trace” because that is what we are doing to  each object in the model.  In Marc Adler’s recent shoplifting scenario, Marc was interested in tracking and tracing people in a store using imaging processing techniques to estimate their behavioral patterns.  In the same way, before we can process for scenarios such as “potential shoplifter” or “suspicious criminal gang activity” we must be able to accurately process (track and trace) individual object, such as people or merchandise.

Back to aircraft and ATC, the “complex event processing” begins when we are looking about object-object relationships, in this model, aircraft-to-aircraft, but this is an overly simplistic model, as we have not yet added (to our model) ground features (towers, buildings, power lines), weather (storm cells, wind) and other flying objects (known migratory bird paths, swarms of insects) to our simple model.  

Complex event processing occurs when we are processing multiple objects in our model looking for threats in real-time.     Practically speaking, all ATC applications are CEP applications.  This means that vendors and integrators who build ATC applications are also CEP vendors.   

Editorial Note: CEP/EP has been around for a long time and was not recently invented in the past decade as some “inventors” would like for us to believe. 

As you can imagine, there is considerable “complex event processing” that goes on “behind the scenes” to provide air traffic controllers and pilots situational knowledge into the “friendly skies”.   As you might further imagine, the situation is more complex when the skies are “not so friendly”, for example, in air combat situations.   

Processing myriad objects is not the end of the processing “chain”.  For example, decisions are being made constantly about potential damage, alternative airports, and more.    In our reference model, we refer to this, generally speaking, as “impact assessment” because we must take an estimated detected complex event, for example “aircraft collision,” and estimate potential damage based on numerous factors such as, the amount of jet fuel in the aircrafts and the location of the aircrafts (over a large city or rural area, near a hospital and emergency services).   Regardless of the scenario, an impact assessment is normally required before optimal decisions can be made.

This is true, by the way, for our shoplifting example (the impact is different if a piece of gum is stolen versus a $1,000,000 diamond necklace or weapons-grade nuclear material) and other scenarios and models.  Static data (information about objects) is required for accurate decision processing.  

Impact assessment is not the end of the “knowledge chain”.    Decisions are constantly being made that effect resources.  For example, suggestion an alternative route for an aircraft is a resource management decision.    Turning on and off radar or switching to alternative tracking devices is a resource management function.  In our CEP/EP reference model (based on the JDL data fusion model), we call this “resource management”.   This function includes contacting emergency services and directing them to a potential crash location or sending out a message to instruct all aircraft to stay off a certain radio frequency.  Resource management is critical.

Our simple ATC model today is by no means complete, it just scratches the surface.  In fact, I have a very close friend, Mark Secrist, who is a former Marine fighter pilot and currently a senior captain for American Airlines.   I have asked Mark to read this post and help me further refine this crude “laymans” ATC model (Thanks Mark!).

Batiste confided, somewhat fantastically, that he wanted to blow up the Sears Tower in Chicago, which would then fall into a nearby prison, freeing Muslim prisoners who would become the core of his Moorish army. With them, he would establish his own country.

Somewhat fantastically? What would the Washington Post consider to be truly fantastic? A plan involving Godzilla? Clearly they have some very high standards.

I'm sick of people taking these idiots seriously. This plot is beyond fantastic, it's delusional.

Ted Morgan, the head of Skyhook, explained in an interview that while GPS is certainly the gold standard, and while it works well in stand-alone devices designed for continuous use and navigation, it's not the right choice by itself for mobile devices. It can take 5 or 10 minutes for a GPS-only device to get an accurate fix on the satellites it needs to give you accurate information. (Various shortcuts can provide less accurate information more quickly.)

"This notion of 'tell a user or consumer to stand outside for 30 seconds before they can search for the nearest pharmacy' is pretty silly," Morgan said. He noted that with all the radios now found in newer mobile devices, using several of them produces a fast and much more accurate result. The iPhone 3G, for instance, sports quad-band 2G, tri-band 3G, Bluetooth, Wi-Fi, and GPS chips.

Morgan said that A-GPS (assisted GPS) already combines cell tower information with GPS. A cell phone can be told approximately where it is, and thus instead of cycling through 24 satellites, start with the two that are most directly overhead. This can reduce the time to gain a location to as little as 20 seconds, Morgan said, although any kind of movement usually lengthens the time to 30 to 60 seconds.

Skyhook's system takes advantage of this aspect of A-GPS. They let a GPS system grab onto two satellites quickly to correct data from their Wi-Fi Position System (WPS). Morgan said that this reduces the WPS error by 35 to 40 percent through "weak fixes."

Within cities' concrete canyons, "you can only get a true GPS fix about 70 percent of the time outdoor, but you get two satellites all the time," Morgan said. "In the entire footprint, we're able to use this hybrid technology, even though GPS is only available 70 percent of the time." Outside of metro areas, cell towers can still be used to improve GPS startup times.

Skyhook has continued to expand its European coverage for WPS; they cover about 8,000 cities in the US and Canada, which is roughly 70 percent of the population; "it looks exactly like a cellular coverage map," Morgan said, and includes "any town with five streets in it."

In Europe, their current big push, partly because of their inclusion in the iPhone, they cover 70 percent of population in the current countries--the UK, France, and Germany--but they're now at 50 percent of the population of the rest of Western Europe. They're working assiduously in Japan, Korea, Hong Kong, and Australia as well, and looking into China and India. India has very little Wi-Fi, so they may rely more on cell towers there.

The company also announced a partnership with wireless chip maker CSR today, which is a major providers of Wi-Fi and Bluetooth chips to computer and handset makers. Nearly a year and a half ago, Skyhook partnered with SiRF, the dominant worldwide chip supplier for stand-alone GPS gear, that's also making a push into mobile devices. Skyhook obviously needs a win with a cell chip maker, like Infineon, Broadcom, or Qualcomm, given the XPS technology, to score a place in tens of millions of cell phones beyond the iPhone.

Skyhook's technology most recently appeared in a soon-to-ship model of the Eye-Fi--the Explore. The $130 Secure Digital card with Wi-Fi built in allows you to take pictures with any camera, and have the Wi-Fi signal space recorded for later lookup when you upload photos. The pictures are geotagged with that information. The card can optionally be used with Wayport's 10,000 strong Wi-Fi network in the U.S for $15 extra per month. David Pogue of The New York Times recently wrote up the Eye-Fi Explore.

Note that the iPhone 2G and 3G aren't more powerful than other, similar devices. Symbian platform devices from Nokia and others are in notably short supply in the US, but come in great quantities and varieties elsewhere, and have some pretty impressive computational power; Nokia owns nearly 50 percent of the worldwide smartphone market. Likewise, you can run desktop-to-mobile programs under Windows Mobile that let you have real computer applications repackaged for better use in the smaller form.

But that's not what the iPhone is about. It's a non-compromise device, even when a little compromise might help. The lack of a touch-typist keyboard hinders data entry, but it doesn't restrict any other purpose of the device. The inclusion of those keyboards is a huge compromise for all its competitors, even though it allows those competitors to act more like little computers.

And that's where it's odd for me. The iPhone is much more like a full-blown computer than any smartphone I've used. It might be the superior browser, and the fact that a single company and design vision has ensured the maximum CPU is available for each current task, and that the interface and actions are nearly always consistent across every piece of software. Contrast that with many smartphones that don't just have ugly interfaces, crippled Web browsers, and varying input methods, but also require you to learn a different approach to using nearly every different piece of software on the phone.

Apple isn't about to kill its competitors, but they are providing an odd amount of support for killing a laptop.

On a slightly tangential front, Apple CEO Steve Jobs claim that their phone's 3G speed was nearly that of Wi-Fi requires some explanation. Jobs needed a footnote: "compared to typical Wi-Fi hotspots that have about 1.5 Mbps of downstream backhaul." The iPhone is clearly processor limited for how fast it can render Web pages and handle network processing. If you stick an iPhone on a 10 Mbps-backed network via Wi-Fi, the browsing experience isn't very different than on a 1.5 Mbps-backed Wi-Fi hotspot, in my experience with the current phone.

So clearly, there's more optimization to be done and more hardware upgrades to come in order to have a mobile device that can live up to whatever network it generally works on. For the iPhone 3G, Wi-Fi is an alternative, but it's clearly not intended as a superior alternative.

Synopsis:  Blue Box #79: Asterisk vulnerabilities, VoiceCon/VON coverage, eavesdropping, FBI, ZFone, P2P, VoIP security news and more

Welcome to Blue Box: The VoIP Security Podcast #78, a 32-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 15MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was originally recorded on March 27, 2008. Yes, that was over two months ago... we know...

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 
• MANY thanks for all the offers of audio production assistance


• Dan met with Craig Bowser down at VoiceCon, also David Endler, Mark Collier, etc.


• Jonathan met with Dean Elwood, Martyn Davies, etc.


• Four Asterisk vulnerabilities


• The Economist: Bugging The Cloud


• Forbes: How to Make Your Phone Untappable


• VoIP News: VoIP: Who Might Be Spying on Your Communications? (Hint – It’s Not Just the NSA


• VoIP News: Listen Up: 17 Signs That You Are Being Wiretapped


• eChannelLine: Businesses lagging in securing VoIP (also ComputerWeekly.com and news release )


• eChannelLine: Ingate launches enhanced security for VoIP and SIP (also Enterprise VoIPPlanet )


• Voice of VOIPSA: Hacking Zyxel Gateways


• Voice of VOIPSA: Vishing Attacks


• Voice of VOIPSA: FBI VoIP Surveillance Requirements Leaked (also in FierceVoIP and Slashdot )


• Voice of VOIPSA: Hackers Send Thousands of Fake Calls to Deaf People


• SnapVoIP: Unified Communications in Virtual Worlds to Solve ‘Tower of Babel’ for Intelligence Agencies


• Israeli-made Cryptophone attracts world spy agencies pointing to product site


• BlogInfoSec.com: Save The Whales (about a new form of phishing)


• Network Computing: Your Data and the P2P Peril


• NetQoS: VoIP Monitor 1.1 released


• PC World: FaceTime Security Product Scans Skype’s Encrypted IM and news release


• Sipera IPCS Solution for Teleworkers Rated ‘Avaya Compliant’


• Extreme Networks Boosts Security for Converged Voice and Data Networks with New Tools
• Review of the last week's traffic on the VOIPSEC public mailing list 


• Wrap-up of the show


• 32:27 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis:  Blue Box #79: Asterisk vulnerabilities, VoiceCon/VON coverage, eavesdropping, FBI, ZFone, P2P, VoIP security news and more

Welcome to Blue Box: The VoIP Security Podcast #78, a 32-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 15MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was originally recorded on March 27, 2008. Yes, that was over two months ago... we know...

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 
• MANY thanks for all the offers of audio production assistance


• Dan met with Craig Bowser down at VoiceCon, also David Endler, Mark Collier, etc.


• Jonathan met with Dean Elwood, Martyn Davies, etc.


• Four Asterisk vulnerabilities


• The Economist: Bugging The Cloud


• Forbes: How to Make Your Phone Untappable


• VoIP News: VoIP: Who Might Be Spying on Your Communications? (Hint – It’s Not Just the NSA


• VoIP News: Listen Up: 17 Signs That You Are Being Wiretapped


• eChannelLine: Businesses lagging in securing VoIP (also ComputerWeekly.com and news release )


• eChannelLine: Ingate launches enhanced security for VoIP and SIP (also Enterprise VoIPPlanet )


• Voice of VOIPSA: Hacking Zyxel Gateways


• Voice of VOIPSA: Vishing Attacks


• Voice of VOIPSA: FBI VoIP Surveillance Requirements Leaked (also in FierceVoIP and Slashdot )


• Voice of VOIPSA: Hackers Send Thousands of Fake Calls to Deaf People


• SnapVoIP: Unified Communications in Virtual Worlds to Solve ‘Tower of Babel’ for Intelligence Agencies


• Israeli-made Cryptophone attracts world spy agencies pointing to product site


• BlogInfoSec.com: Save The Whales (about a new form of phishing)


• Network Computing: Your Data and the P2P Peril


• NetQoS: VoIP Monitor 1.1 released


• PC World: FaceTime Security Product Scans Skype’s Encrypted IM and news release


• Sipera IPCS Solution for Teleworkers Rated ‘Avaya Compliant’


• Extreme Networks Boosts Security for Converged Voice and Data Networks with New Tools
• Review of the last week's traffic on the VOIPSEC public mailing list 


• Wrap-up of the show


• 32:27 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.