Computer Security: The Ultimate Inside Trader

I went to a talk on computer security. A few interesting case studies were brought up by the lead engineer of the server access and virtualization group at Cisco. Two case studies stuck out to me.

Someone suspected that there was an issue between two electronic trading centers between Asia and the USA, he wouldn’t say exactly where in the US and Asia, or who their client was. Anyway, they did some research in fact they called in their physicists to calculate the curvature of the Earth between the two continents to figure out how fast the data transfer rate should be, then they had their EEs look at the transmission line characteristics. Initially the IT engineer for the trading company told them, that the transfer rate should be 1.5 * the speed of light.

Cisco Engineer: What do you mean that the transfer rate is 1.5 * the speed of light, that’s physically impossible, it defies the laws of physics.
IT engineer: Well, I guess we must have a very robust router.
CE: Your are an idiot.

Eventually, they found that the transactions between one of the servers was being delayed by milliseconds, the packets sent were being slowed down. So, they did some more research, turns out that data connection between the two continents were over a undersea cable (there are a lot of undersea data cables between continent to continent that’s how we transfer data usually, please see attachment). Sidenote: Investment advice buy land in Africa, where the cable interconnect is routed from Asia.

They did more research, and discovered a man-in-the-middle attack, someone actually got access to the undersea cable as it was routed through French Polyonesia in the Pacific Ocean. As a result, the person could intercept the data being transmitted, see what types of trades were being placed (all he needed was those millisecond delays) and have an algorithm to decide whether to buy or sell shares based on what types of trades were being executed. All I have to say for the criminals brilliant, but illegal.

Second thing, power supplies. We often think of computer security in terms of protecting the data inputs and outputs of the computer/system, but what about the power inputs? What happens when Vcc(the input voltage) is not equal to what it’s suppose to be weird stuff starts happening at the logic level. The system might spit out a incorrect calculation, or spill out too much info with over or under voltage. Basically, he said it was very hard to design power supplies that are intolerant to slight signal variations.

In high school physics and basic college electromagnetics, we learn that AC signals are sinusoidal, with some constant amplitude, and when you convert from AC to DC with the use of a transformer and bridge diode rectifier (I’ve attached an oversimplified circuit found on google), you get a constant DC output. As a power professor I had once pointed out, what a fairy tale. For one in real life power is outputted in three phases (not just 1 sinusoidal signal), and two as shown in the plot from wikipedia, you superposition all the waves, then rectify it, no way are you going to get a perfectly constant DC output. You get close, but not close enough. So in short he argued that any input voltage signal variation should be logged no matter how small.


The Limits of Memory

Like many people I attend a lot of meetings, events, and I still attend lecture for classes I’m currently enrolled in at the University of Vermont. In these environments a large volume of information is presented and retaining that information is sometime hard. Scientific research has a good explanation why retaining information is so difficult. A psychological phenomenon known as change blindness dictates that humans can hold onto visual information for about a fractional of a second. For sounds, humans can remember about three seconds worth of information using their auditory loop, a type of memory. [1]

In his book, “Smarter Thinking” Art Markman introduces a concept known as the Role of Three which stipulates that we remember about three distinct and independent pieces of information about an event. He uses a baseball game as an example, when we go to a baseball came (which I coincidental did a few weeks ago) we remember about three things from the game. In my case I remembered the two rain delays, people being excited when the camera panned on them, and the organ player.

Markman gave three tips for making effective presentations, so people remember what you want them to:

  1. Start all presentations with an outline and try to limit the outline to three main items, if you can’t group similar items
  2. During the presentation try and stay focused on the three main items, so people remember the message you are trying to convey
  3. At the end of the presentation, summarize your three key points

[1] Smarter Thinking, Art Markman, Penguin Group 2012