Category: Internet

Crowd Sourced Intelligence

The members of law enforcement and intelligence communities have tight budgets, overworked schedules, and they do not get paid overtime. Sometimes even if you disagree with the whole concept of government being necessary to spy on all the data to find a few terrorists , you can still agree to agree that both police and intelligence do keep us safe from ISIS or Al Queada or Al-Shabab or Al-JustinBieber*

( *unlike the missiles headed for Portland found by a Serbian sniffer dog)

How can the internet help? It can help the intel communit dance better

Just like Amazon Turk helps in crowd sourcing small tasks, there can be small ways the internet can help. I am talking of crowd sourcing some parts of the data ingestion only ( leads) but not the data analysis ( that is best funded by InQueTel because it will need legal guarantees and contracts.

The new huge volume of leads can then be processed by the new BIG DATA capabilities in real time ( say Palantir like startups can help with better software interfaces on helping analysts understand more data as well as helping decision makers with processing more text/mixed media reports/summaries

Good idea or bad idea? Dumb Idea or Idea that has failed before? Type in the comments.

Overwhelmed with your deadlines in intelligence? Try crowd sourced intelligence using the Internet. Call 1800-AJ now and get an early bird discount of 10% before April 1

RELATED

http://www.defenseone.com/technology/2014/02/long-overdue-return-crowdsourced-intelligence/79094/

About SciCast

SciCast is a research project run by George Mason University and sponsored by IARPA to forecast the outcomes of key issues in science and technology. SciCast is based on the idea that the collective wisdom of an informed and diverse group is often more accurate at forecasting the outcome of events than that of one individual expert.

Unlike other forecasting sites, SciCast can create relationships between forecast questions that may have an influence on each other. For example, we may publish one question about the volume of Arctic sea ice, and another about sea surface temperature. Forecasters can later link the two questions together, and make their forecasts for ice volume depend on sea temperature. Once they are correlated, SciCast will instantly adjust ice forecasts whenever the temperature forecast changes!

How I became a social media expert without spamming people

  • social_media_expertPolite hello gets me more work contracts than aggressive pitches. I am not afraid to say hello, but I always write a crisp two line on why I am saying hello. Short and sweet messaging rules today’s era. Attention span is short. Brevity is the soul of tweet.

 

  • There is no such thing as a free lunch or a free connection. People are getting too many emails asking them for stuff. I dont ask for free advice, jobs, or anything in first three exchanges on a digital medium

 

  • I try to curb my impatience and listen to people. Everyone has an interesting story.

 

  • Internet and Social media change everyday. This will lead to you making mistakes if you are passionate on expanding your network. I make mistakes while learning new things on internet. I learn from mistakes. I make new mistakes next time not repeat them

 

  • everyone dislikes spammers. A spam is an unsolicited email a digital cold call that asks the receiver for his time. yes we all have to build our brand, project our knowledge and sell our services. minimize digital spam.

 

  • Sense of humor helps build connections. If you can make them smile they are on the hook. 1902893_10152395459325658_5599190800305402465_n

 

  • I avoid search engine optimization because I assume people at Google are smarter than me. I use honesty and common sense in my blog writing titles and categories.

 

  • Loving my job and my field of expertise is more important than showing my greed for new contracts or clients. As Warren Buffet said , balance your greed and your fear.

 

  • When someone is unpleasant to me on Internet, I use block button very fast. That is why I try and not lose my temper at all on internet. It is working better as I am growing older

 

  • I am curious to learn new things from new people. 80% of my business has come from my 11000 LinkedIn  connections in past five years.

How does cryptography work?

How does cryptography work?

by Jeroen Ooms

https://cran.r-project.org/web/packages/sodium/vignettes/crypto101.html

This page attempts to give a very basic conceptual introduction to cryptographic methods. Before we start the usual disclaimer:

I am not a cryptographer. This document is only for educational purposes. Crypto is hard, you should never trust your home-grown implementation. Unless you’re a cryptographer you will probably overlook some crucial details. Developers should only use the high-level functions that have been implemented by an actual cryptographer.

Now that we got this is out of the way, let’s start hacking 🙂

The XOR operator

The logical XOR operator outputs true only when both inputs differ (one is true, the other is false). It is sometimes called an invertor because the output of x gets inverted if and only if y is true:

# XOR two (8bit) bytes 'x' and 'y'
x <- as.raw(0x7a)
y <- as.raw(0xe4)
z <- base::xor(x, y)
dput(z)
as.raw(0x9e)
# Show the bits in each byte
cbind(x = rawToBits(x), y = rawToBits(y), z = rawToBits(z))
      x  y  z
[1,] 00 00 00
[2,] 01 00 01
[3,] 00 01 01
[4,] 01 00 01
[5,] 01 00 01
[6,] 01 01 00
[7,] 01 01 00
[8,] 00 01 01

In cryptography we xor a message x with secret random data y. Because each bit in y is randomly true with probability 0.5, the xor output is completely random and uncorrelated to x. This is called perfect secrecy. Only if we know y we can decipher the message x.

# Encrypt message using random one-time-pad
msg <- charToRaw("TTIP is evil")
one_time_pad <- random(length(msg))
ciphertext <- base::xor(msg, one_time_pad)

# It's really encrypted
rawToChar(ciphertext)
[1] "(8\xd7ȉ%\u035f\x81\xbb\023\xa2"
# Decrypt with same pad
rawToChar(base::xor(ciphertext, one_time_pad))
[1] "TTIP is evil"

This method is perfectly secure and forms the basis for most cryptograhpic methods. However the challenge is generating and communicating unique pseudo-random y data every time we want to encrypt something. One-time-pads as in the example are not very practical for large messages. Also we should never re-use a one-time-pad y for encrypting multiple messages, as this compromises the secrecy.

Stream ciphers

A stream cipher generates a unique stream of pseudo-random data based on a secret key and a unique nonce. For a given set of parameters the stream cipher always generates the same stream of data. Sodium implements a few popular stream ciphers:

password <- "My secret passphrase"
key <- hash(charToRaw(password))
nonce <- random(8)
chacha20(size = 20, key, nonce)
 [1] 51 c6 c9 45 c6 13 6b 3d 6f 5c e3 ab 9f 16 f2 46 ce cb 19 f3

Each stream requires a key and a nonce. The key forms the shared secret and should only be known to trusted parties. The nonce is not secret and is stored or sent along with the ciphertext. The purpose of the nonce is to make a random stream unique to protect gainst re-use attacks. This way you can re-use a your key to encrypt multiple messages, as long as you never re-use the same nonce.

salsa20(size = 20, key, nonce)
 [1] df 7d 13 ca ea 7c ff 93 e5 b6 fe b6 6b e2 91 14 ed ae 17 eb

Over the years cryptographers have come up with many more variants. Many stream ciphers are based on a block cipher such as AES: a keyed permutation of fixed length amount of data. The block ciphers get chained in a particular mode of operation which repeatedly applies the cipher’s single-block operation to securely transform amounts of data larger than a block.

We are not going to discuss implementation details, but you could probably come up with something yourself. For example you could use a hash function such sha256 as the block cipher and append counter which is incremented for each block (this is called CTR mode).

# Illustrative example.
sha256_ctr <- function(size, key, nonce){
  n <- ceiling(size/32)
  output <- raw()
  for(i in 1:n){
    counter <- packBits(intToBits(i))
    block <- sha256(c(key, nonce, counter))
    output <- c(output, block)
  }
  return(output[1:size])
}

This allows us to generate an arbitrary length stream from a single secret key:

password <- "My secret passphrase"
key <- hash(charToRaw(password))
nonce <- random(8)
sha256_ctr(50, key, nonce)
 [1] 07 01 96 02 7e c7 37 b4 8c b1 6a ec 4e 2d 56 34 7d 39 13 bc 72 e0 19
[24] ad b3 44 0e 9f 88 bb 3d 26 94 aa 66 01 2e bd 46 55 2c 04 99 1e af a9
[47] 91 cd 53 b4

In practice, you should never write your own ciphers. A lot of research goes into studying the properties of block ciphers under various modes of operation. In the remainder we just use the standard Sodium ciphers: chacha20, salsa20, xsalsa20 or aes128. See sodium documentation for details.

Symmetric encryption

Symmetric encryption means that the same secret key is used for both encryption and decryption. All that is needed to implement symmetric encryption is xor and a stream cipher. For example to encrypt an arbitrary length message using password:

# Encrypt 'message' using 'password'
myfile <- file.path(R.home(), "COPYING")
message <- readBin(myfile, raw(), file.info(myfile)$size)
passwd <- charToRaw("My secret passphrase")

A hash function converts the password to a key of suitable size for the stream cipher, which we use to generate a psuedo random stream of equal length to the message:

# Basic secret key encryption
key <- hash(passwd)
nonce8 <- random(8)
stream <- chacha20(length(message), key, nonce8)
ciphertext <- base::xor(stream, message)

Now the ciphertext is an encrypted version of the message. Only those that know the key and the nonce can re-generate the same keystream in order to xor the ciphertext back into the original message.

# Decrypt with the same key
key <- hash(charToRaw("My secret passphrase"))
stream <- chacha20(length(ciphertext), key, nonce8)
out <- base::xor(ciphertext, stream)

# Print part of the message
cat(substring(rawToChar(out), 1, 120))
            GNU GENERAL PUBLIC LICENSE
               Version 2, June 1991

 Copyright (C) 1989, 1991 Free Software Foundation, Inc.

The Sodium functions data_encrypt and data_decrypt provide a more elaborate implementation of the above. This is what you should use in practice for secret key encryption.

Symmetric encryption can be used for e.g. encrypting local data. However because the same secret is used for both encryption and decryption, it is impractical for communication with other parties. For exchanging secure messages we need public key encryption.

Public-key encryption and Diffie-Hellman

Rather than using a single secret-key, assymetric (public key) encryption requires a keypair, consisting of a public key for encryption and a private-key for decryption. Data that is encrypted using a given public key can only be decrypted using the corresponding private key.

The public key is not confidential and can be shared on e.g. a website or keyserver. This allows anyone to send somebody a secure message by encrypting it with the receivers public key. The encrypted message will only be readable by the owner of the corresponding private key.

# Create keypair
key <- keygen()
pub <- pubkey(key)

# Encrypt message for receiver using his/her public key
msg <- serialize(iris, NULL)
ciphertext <- simple_encrypt(msg, pub)

# Receiver decrypts with his/her private key
out <- simple_decrypt(ciphertext, key)
identical(msg, out)
[1] TRUE

How does this work? Public key encryption makes use of Diffie-Hellman (D-H): a method which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel. In the most simple case, both parties generate a temporary keypair and exchange their public key over the insecure channel. Then both parties use the D-H function to calculcate the (same) shared secret key by combining their own private key with the other person’s public key:

# Bob generates keypair
bob_key <- keygen()
bob_pubkey <- pubkey(bob_key)

# Alice generates keypair
alice_key <- keygen()
alice_pubkey <- pubkey(alice_key)

# After Bob and Alice exchange pubkey they can both derive the secret
alice_secret <- diffie_hellman(alice_key, bob_pubkey)
bob_secret <- diffie_hellman(bob_key, alice_pubkey)
identical(alice_secret, bob_secret)
[1] TRUE

Once the shared secret has been established, both parties can discard their temporary public/private key and use the shared secret to start encrypting communications with symmetric encryption as discussed earlier. Because the shared secret cannot be calculated using only the public keys, the process is safe from eavesdroppers.

The classical Diffie-Hellman method is based on the discrete logarithm problem with large prime numbers. Sodium uses curve25519, a state-of-the-art D-H function by Daniel Bernsteinan designed for use with the elliptic curve Diffie–Hellman (ECDH) key agreement scheme.

 

 

(Ajay- I really liked this very nice tutorial on cryptography and hope it helps bring more people in the debate. This is just to share this very excellent vignette based on the Sodium package in R)

Code

I read a chapter from How to Win Friends and Influence People as part of my Holiday reading. It is a remarkably well written book and I am trying to summarize a few key early learnings.

  1. Use lucid examples that people can relate to while writing a book.
  2. Base a book based on what works or does not work in real life.
  3. Do not criticize people (Chapter 1)

Since I criticize a lot, that is my new year resolution. To stop changing other people by criticism.

I also started re-reading from one of my favorite authors. Hemigway lived, died and wrote by a code of his own. Some learnings from him

  1. Keep words simple and sentences short
  2. Write a lot
  3. Be passionate
  4. Be honorable

Honor and self respect seems to be the underlying code for Hemingway.

To cap off , I watched this documentary Code I was really horrified how we hackers have been so busy trying to change the world we forgot to address some issues in the hacker culture

  1. We need more ethnic diversity
  2. We need more gender diversity
  3. Diversity brings better creative mix and stable teams

In addition I learnt that balancing funding with creative creation is essential to survival. Well funded creative projects will be better produced than less funded. What is shown more, sells more. (Jo Dikhta hain woh bikta hain)

Well thats all the code. But yes the movie convinced me to try and lift a  finger to help bring more women and African-Hispanic coders in my small way. I hope you try something like that too.

How geeks can help defeat terrorists part 1

There is a lot of money in defeating terrorism by using analytics, much more than in internet ads alone.

I personally don’t think you can make the world safer by collecting data from my Facebook Twitter WordPress or Gmail account- indeed precious resources are diverted into signal intelligence (sigint) when they could have been used in human intelligence ( humint). But signal intelligence interests the lobbyists of the military-industrial complex more than humint does and post Manning and Snowden it would be questionable to increase the number of analysts without a thorough screening. There are no easy solutions to this unfortunately as the  attacks in Paris and California show the limits of signal intelligence.

If you collect data from Internet in bulk- the terrorists will adapt. Now that everyone terrorist and civilian knows data is being collected. Surprise as a key element ahs been lost due to Snowden.

Perhaps of greater utility is for linking databases of law enforcement across the world, and better  interfaces for querying and analyzing huge data  and automated alerts for reminding global law enforcement when they fail to follow up. Better analytics is needed, not more data. That’s just old news and lazy data analytics.

Interface design is key to solving Big Data. I have a huge pile of intelligence reports to read as a decision maker. What kind of data visualisation extracts signal from noise and gives it in a timely automated manner.  They are all just documents and documents.

Thats a Big problem to solve in Big Data Analytics.

Note from Ajay – These are the author’s personal views.

 

Superpowers

India used to be a Superpower but we declined. China was a superpower then it declined. So did Britain. So did Soviet Russia. The United States remains the aging Rocky Balboa of the superpowers, but you can see some decline in influence compared to when Clinton was President.

What do superpowers do?

  • They invest a lot of money in arms and defence
  • They earn a lot of money from trade so they can invest it in arms
  • They put their own interest ahead the interest of their neighbours and competitors
  • They pretend to go to war if you hurt a single citizen, but they themselves do not do much when thousands of their citizens are mal-treated by pollution, by exploitative working conditions, by small arms and guns, by crime, by inequality

Ultimately I think Switzerland is the only superpower. Their superpower lies in not pretending to be super at all.

During trade and now climate negotiations, the past and the present and the future superpowers collide. The needs of the many are more important than the egos of a few politicians , the brilliance of their advisers and the theatrics of a few.

Does the planet need a CEO? Probably yes, and the United Nations has failed to be a superpower or any power at all. It is just a conference holding organization.

The greatest generation that won Word War 2 in the West and defeated Colonialism in the East was succeeded by the Baby Boomer generation that just boomed and consumed. The next generation will pay the price of the past few generations. The country that has the best care of the next generation for a healthy productive workforce for both economic and defence deployment will win the race to be the Superbpower. Thats not a typo. Stop being a superpower and start being a superb power.

In the meantime, I would rather see Matt Damon colonize Mars and Rocky Balbao teach boxing to the nest generation.