American Journal of Research, Education and Development 2 ISSN 2471-9986 2019/3
American Journal of Research, Education and Development 3 ISSN 2471-9986 2019/3 CONTENT Artificial Intelligence and future society I. Gerevich János; Imre Négyesi National University of Public Service, Hungary Steps for bluetooth interception Péter Török; János Rikk National University of Public Service, Hungary Software Technological Interpretation of the NATO Military Capability Improvement Process Gerevich János National University of Public Service, Hungary
American Journal of Research, Education and Development 4 ISSN 2471-9986 2019/3 Artificial Intelligence and future society I. Gerevich János; Imre Négyesi National University of Public Service, Hungary Abstract Over the last decade, we have witnessed significant changes in the field of information technology modernization. These changes were basically made possible by the constant evolution of technical solutions and the fact that computing capabilities, which until now seemed unavailable, were becoming more and more accessible to everyone. Initially, research focused on processing Big Data, pointing out that huge amounts of data could not be effectively handled and processed by our previous solutions. Soon, the issue of \"machine learning\" opportunities has intensified, and recently the field of artificial intelligence has received increasing attention, which will pose challenges for every major player currently active in the field of technical science. Subject words: Artificial Intelligence, Intelligence, Artificial Intelligence Ethics
American Journal of Research, Education and Development 5 ISSN 2471-9986 2019/3 Introduction “There is no cure for development,” said János Neumann in the 1950s. Committed advocates of digital literacy use the slogan \"To preserve the values of the past, to adapt to the present, to influence the future.\"1 Along with the quote and the slogan, we can now say that artificial intelligence (AI) is the way forward. The development of the information society requires the effective application of AI systems in all areas of life. Based on the above, it is worth examining the role of AI in everyday life, its effects on society as a whole, and within this framework, the ethical, social and human aspects of AI as a research area. INTELLIGENCE, ARTIFICIAL INTELLIGENCE, ETHICS The starting point can be human intelligence and its definition. Generally speaking, man has sought from ancient times to expand, replace, and continually improve his abilities and abilities obtained from nature by means of artificially created means. Since there are countless definitions, let's look at just one or two examples that best relate to the topic of the article. Among the definitions of intelligence: • Elaine Rich: \"Intelligence is the only common, common quality in human activity that allows us to be better than a computer at any time.\"2 • David Wechsler: \"Intelligence is the aggregated or global ability of an individual to enable him or her to act expediently, to think rationally, and to deal effectively with his or her environment.\"3 The definitions of artificial intelligence are much more technical: • Edit Sántáné Tóth: “Artificial intelligence is a field of computing science that deals with the development of intelligent computer systems. And these are hardware / software systems that are capable of solving complex problems in a 'human way': they solve complex problems through inferences that are inherent in the human way of thinking, solve problems completely independently, or communicate with their environment, learn from their experiences, etc.”4 • Cihan H. Dagli (quoting Barr and Feigenbaum): “Machine intelligence emulates or replicates human stimulus processing (sensory processing) and decision making with computers. Intelligent 1 János Neumann Computer Science Society 2 http://www.cs.utexas.edu/users/ear/ 3 http://www.psych.usyd.edu.au/difference5/scholars/wechsler.html 4 Edit Sántáné-Tóth: Knowledge-based technology, expert systems - Improved and expanded edition, Dunaújváros College Publishing Office, Dunaújváros, 2007.
American Journal of Research, Education and Development 6 ISSN 2471-9986 2019/3 systems must have autonomous learning capabilities and be able to adapt to uncertain or partially known environments.”5 Thus, there is no uniform scientific definition, but it is clear from any of the formulations that in the age of the information society, the development of all sectors of society is decisively influenced by AI. Consequently, both ethical and human aspects must be examined. The societal expectations of artificial intelligence now show a more coherent picture: • Created by man; • Model human thinking; • Be able to assess what is happening in your environment; • Be able to react to what is happening to him/her; • Ability to make optimal decisions. With these principles and definitions in mind, artificial intelligence developments have begun and are ongoing. Finally, let's look at how AIs can be categorized, because testing is required within these classes: Fields of application: • logical games; • theorem proving; • automated programming; • symbolic algebraic computation; • vision, image processing; • robotics; • voice recognition; • natural language processing; • constraint satisfaction; • generating action plans, • expert systems; 5 http://web.umr.edu/~dagli/
American Journal of Research, Education and Development 7 ISSN 2471-9986 2019/3 • artificial neural nets; • data mining; • agents, multi-agents (agents, multi-agents). Application groups: • representation problem; • Knowledge Representation; • knowledge extraction; • learning techniques; • Inference techniques; • search techniques; • evolutionary techniques; • management of uncertainty; • symbolic programming; • Knowledge of recovery. The article also deals with the relationship between AI and ethics, so let's clarify the concept of ethics. In the broad sense of ethics, ethics is nothing more than a rational and rational decision made on the basis of common sense. If we want to examine the relationship between AI and ethics in this form, one may immediately ask what common sense means. The notion of common sense describes a belief or world interpretation that seems rational to most people and testifies to correct judgment, excluding esoteric knowledge. Accordingly, common sense is proportional to the scale and magnitude of the human being, and thus attempts to relate events to human experience. If we take this definition as a basis, we can see that the relationship between AI, man and ethics is an extremely complex issue. Fortunately, however, the definition of the concept may be supplemented by a section that can help to harmonize the concepts. In fact, the concept of ethics can be simplified so that ethics is the solution best considered by the common sense among the given options. The first-generation AI could have been able to \"find\" the best solution, provided it was properly charged. the search database. Of course, we do not examine all areas of ethics. However, we can already say that there are groups within normative ethics, epistemological, ontological, and motivational theory ethics that may raise questions during the creation and use of AIs. (duty ethics, consequence ethics, etc.)
American Journal of Research, Education and Development 8 ISSN 2471-9986 2019/3 ARTIFICIAL INTELLIGENCE AND WORKERS (SOCIAL EFFECTS OF ARTIFICIAL INTELLIGENCE) Surveys show that the use of AI is becoming more widespread, with an increasing percentage of employees already using it in some form, and the percentage of use is steadily rising. China and India are leading in this respect, as these two countries have adopted more than twice the number of workplaces that have adopted AI technology, for example France or Japan. The AI has changed people's attitudes to using technology in the workplace and is reshaping corporate governance to find, retain and develop talent. Surveys have shown that most employees are optimistic about using AI and are grateful to be able to work with robots. Nearly a quarter of employees say that working with artificial intelligence is a joy and a pleasure. Surveys are usually conducted in the corporate sector, but their findings and statistics may be useful in other areas as well. Another big fear for people (workers) is that they may lose their jobs. After this study argues in favor of applying AI,6 let's look at how people think, \"What new jobs can artificial intelligence create?\", Using another recent survey. According to research firm Gartner, AI will create 2 million more jobs in the next 5 years than it loses. New jobs would mostly be created in the public service, health and education, while job cuts and the transport sector would be most affected. The expected proliferation of jobs is supported by the fact that in the past, there have been many examples where technological advances have decimated certain occupations, while new ones have been born. Alternatively, the anxiously anticipated decline did not materialize. Email drastically cut back on mail, but at the same time, Internet commerce required new workers for parcel delivery. With the advent of ATMs, cashiers were afraid of their jobs, but as the ATMs reduced operating costs, new branches were opened and more cashiers were needed. Examining the causes, we can conclude that there is one in which humans outperform even the most perfect robots. People are more creative, better at teamwork, better at leadership and social skills. These qualities can significantly increase the chances of human labor in the public sector. (True, robots are faster, more robust and can handle much more work and data.) Because of this difference, robots and humans complement each other well. When they work together, they reinforce each other's good qualities and perform much better than individually. This kind of cooperation also creates new jobs. These facts should also be reflected in the strategy under investigation. Let's look at what types of occupations you can create and what your needs are greater 6 Gartner Research Company, www.gartner.com
American Journal of Research, Education and Development 9 ISSN 2471-9986 2019/3 than today. One such area is to provide the hardware conditions needed for AI to function. In order to teach artificial intelligence, massive amounts of data are needed and somehow collected. For example, building a smart city requires masses of mechanics to incorporate sensors into street lamps. They measure noise, air quality, number of cars in parking lots, etc. There are companies that employ IoT designers and IoT managers to leverage the Internet of Things (IoT).7 Another area requiring such human intervention is the training of AI. Artificial intelligence must be taught how to interact with people. Among other things, to show genuine (seeming) compassion. When in such a situation, the AI gives a template reaction, the trainer corrects it, so the robot slowly learns the right reaction.8 Explaining the results of AI tasks is particularly important in industries where professionals who are unfamiliar with robots, such as healthcare, are working. This creates jobs for professionals who are familiar with the industry and the world of artificial intelligence. Ensure responsible use of a third area AI. Responsible use means, among other things, that robots must not hurt humans, and in particular, they must not violate their privacy rights when processing data. It is up to people to supervise and control this. People in the digital world also need to be guarded against the European Union's General Data Protection Regulation (GDPR), which creates a lot of jobs. AI-assisted jobs that did not exist in this form before. These are jobs that already exist, but for example. help nurses, nurses, AI and remote physicians to diagnose and recommend treatment to patients. Although measured and evaluated by smart watches for slimming and healthy living, there are suggestions, but no motivation, so the latter will be the task of fitness trainers remotely, online. In the world of digital banking, blockchain, robotics consultants, it is becoming increasingly difficult for banking clients to see their fees and manage their own finances, so there will be a need for coaches who can explain to clients. ETHICAL ASPECTS OF USING ARTIFICIAL INTELLIGENCE In the previous section, I have listed the arguments for using AI, but of course we should not neglect to mention the counter-arguments either. Elon Musk, president of Tesla, a successful company, said \"the more advanced a robot is, the less respect it will have for its designer.\" Self- 7 IoT: The Internet of Things 8 For example, the \"personality\" of Microsoft's artificial intelligence, Cortana, is designed to be confident, caring, and helpful, but does not want to become a boss. A team of poets, novelists and playwrights worked on it.
American Journal of Research, Education and Development 10 ISSN 2471-9986 2019/3 developing robots accelerate the development of a \"super-intelligent machine,\" at the end of which this machine can \"look like spam, filter and wipe people off the face of the earth\" as an unwanted message.9 Astrophysicist Stephen Hawking also shared the view that thinking machines are a threat to our very existence. Hawking told the BBC in a report: \"Full artificial intelligence could be the end of the human race.\"10 Hawking also said that “Such artificial intelligence would instantly personalize itself and re- design itself at an ever-accelerating pace. While we humans, as our development is limited by slow biological evolution, we are inexorably lagging behind and ultimately out of competition. The hub of the machine kills us.”11 These views are quite extremes, but we certainly cannot ignore them. But there is no reason to panic itself, even on these grounds. The potential for development and danger inherent in artificial intelligence is generally exaggerated in all information channels. The world of artificial intelligence applications needs to be linked to robots, which at the moment are still considered \"silly\" mechanical action structures. (Of course, counterexamples can be listed at any time.) The evolution of the human- robot relation may be to seek faster understanding, better understanding, a faster solution, and solutions to seemingly insoluble problems. (Hence it is clear that hybrid (human + AI) solutions can represent the future, where eg understanding is clearly linked to the human element.) Hans-Dietrich Kreft12 eg. In the turn of the millennium, he called the \"humane\" a trend that even the sensory, software, and autonomous systems' world of engineering is to be negotiated solely through its embedded and enriching nature. (Fortunately, several scientists have agreed and followed his views.) SUMMARY, CONCLUSIONS Artificial intelligence is increasingly being disputed. It has been repeatedly proven that it can help work in many areas of society, and despite fears (eg. job losses), the acceptance of AI continues to grow! The purpose of this article was to lay the foundations (concepts used, ethics, social aspects). In the second part of the article, we will focus on the AI strategy and concrete implementation. In conclusion, the development of Hungary's information society and the preservation of our competitiveness is an interest of the whole society, which can only be achieved with full cooperation. This may also be the motto for further research. 9 http://www.vanityfair.com/online/daily/2014/10/elon-musk-artificial-intelligence-fear 10 http://www.origo.hu/techbazis/20141203-hawking-szerint-a-gepagy-vegul-vegez-velunk.html 11 http://www.origo.hu/techbazis/20141009-spamnek-nezik-es-torlik-az-emberiseget-a-robotok.html 12 Humatics Corporation, http://site.humatics.com
American Journal of Research, Education and Development 11 ISSN 2471-9986 2019/3 REFERENCES [1] www.origo.hu/techbazis/20141203-hawking-szerint-a-gepagy-vegul-vegez-velunk.html [2] SHIRAI, Y., TSUJII, J.: Artificial Intelligence (Principles of Applications), Novotrade, Budapest, 1987. [3] SÁNTÁNÉ-TÓTH E.: Knowledge-based technology, expert systems - Improved and expanded edition, Dunaújváros College Publishing Office, Dunaújváros, 2007. [4] JACKSON, P.: Introduction to Expert Systems, Addison-Wesley Pub (SD), Harlow / England, 1998. [5] www.vanityfair.com/online/daily/2014/10/elon-musk-artificial-intelligence-fear [6] www.origo.hu/techbazis/20141009-spamnek-nezik-es-torlik-az-emberiseget-a-robotok.html [7] www.cs.utexas.edu/users/ear/ [8] www.psych.usyd.edu.au/difference5/scholars/wechsler.html [9] www.pbs.org/wgbh/aso/databank/entries/dh05te.html [10] www.cyberbiology.org/sloman.html [11] www.web.umr.edu/~dagli/
Steps for bluetooth interception Péter Török; János Rikk National University of Public Service, Hungary Abstract The most common protocol for the use of BAN1 and WPAN2 is Bluetooth. This can be found in almost every smart device.. Although it is well known and widely used, it has several critical vulnerabilities. The purpose of my research is to investigate how serious this threat is, especially in a peace period in the military environment. The first step is to introduce the real exploit by presenting how data traffic can be intercepted and decoded. In this article, I present a simple non-specific way how to create the proper environment to catch the BT packets. Keywords: information security, Bluetooth, Ubertooth IoT 1 Body Area Network 2 Wireless Personal Area Network
American Journal of Research, Education and Development 13 ISSN 2471-9986 2019/3 Preamble In our days the network of electronic appliances is part of our life. Since nobody wants to be immovable most of these equipments communicate to each other via radio frequency. The ISM3 band has been dedicated to use for these communication and most of the time the 2,4GHz frequency has been used. This frequency is used by Wi-Fi, Drone remote controls, Etc. Although that is very convenient, but also carries certain level of risk too. Since the interception of the wired communication needs a physical access to the system the radio communication does not. Although the BT is an effective protocol it is not particularly safe. Therefore the use of it carries a potential risk. Almost every electronic equipment has a integrated Bluetooth function. That can be a tablet, smart phone earphone, security camera TV, Smart watch, etc. In the military systems this problem can cause even more serious safety problem. Laptop, tablet, wireless microphone, fitness monitoring system are all part of these days digital solder [1]. In the other hand the defence and intelligence can take advantage of the vulnerable of the system in surveillance and investigation [2]. Goal and questions: The purpose of this article is to demonstrate different ways of BT packets capturing. The aim is to use simple, easy to access and user friendly equipment. The questions I try to find answers are, 1,/ Is it possible to separate a BT data stream from the rest 2,/ Can it be use for BT dataflow interception 3,/ Is it possible to gutter useful information from the captured dataflow First of all we analyse the BT protocol’s synthesis. Then we present the hardware we used. We review the software environment in details and describe how the experiment was conducted. In the following article we’ll demonstrate the Technical evaluation in details of the results we got. BLUETOOTH and BLUETOOTH LOW ENERGY The fundamental role of the BT is to provide an efficient and cost effective wireless communication within a short distance. The communication takes place on the 2,4 GHz band. The radio frequency between 2042 MHz and 2480 MHz has been divided into 79 1MHz wide bands. All band have odd and even time slices. Sending and receiving packets take place within these bands. Each and every packet is dispatched on different frequency using the spread spectrum flip. This frequency is determent by the master. It is generated by the BT’s clock using its own special address. 3 Industrial, scientific, medical
American Journal of Research, Education and Development 14 ISSN 2471-9986 2019/3 The slave is automatically adjust itself. The master transmits the packets in even time slices and the slave transmits in odd time slices. Ignoring hose channels which are already used by any other devices. It skips the channels where radio signals are presence. With this method we can eliminate the interference between devices using the same band [3]. The primary goal of the BT.4 version is to ensure the long term use of any given device. That can be achieved by the low energy consumption the device has. In parallel with the low power consumption the output is reduced too. Hence BT4.0 is mainly used in special application like sensors. The function of the BT4.0 is basically the same than the conventional BT. However it has only 40 operational 2MHz bands. A number of higher layer protocol have been replaced. New protocols have been introduced which are capable to handle the communication and transmitted data between devices. Like heart rate monitor which is transmits the pulse in smart watch [4]. Security risk American satellite service provider Strava have published a global heat map. This map shows in colour the position of those persons using the supported applications (Fitbit, Vitoft). While this map has continuous colour areas in the American and European region it shows only colour dots in the Middle East area. And most those dots represent the present of smart watches used by solders in the region. And that is a great security problem. This way the exact location of military base and objects can be determined. Also the route of military convoys. For an example in Singapore critical infrastructures like Defence ministry became analysable. Using the given software, the movement of trainees and other staff who has been used smart watch was outlined. [5] Being in procession such information any commando raid or hit-and-run attack can be planned accurately. Soft points can be determined easily if the personnel is mounted with smart equipment. Obviously all data would be stored on a central server. There is a chance for that all those profile based data will be stolen. Due to an unqualified system administrator, negligence or incidental cyber- attack.
American Journal of Research, Education and Development 15 ISSN 2471-9986 2019/3 Picture 1. Activities shown on Kandahar airbase4 1. INSTRUMENTS USED FOR MEASUREMENT. In order to adequately implement the eavesdropping number of instrument have been obtained or provided. Basically the listening device worked only on Linux system. But the software helped to set up the test environment. The hardware allowed of the process effective implementation. (Picture 2) Picture 2. Equipment used in the test 4 https://www.telegraph.co.uk/news/2018/01/28/fitness-tracker-data-reveal-locations-military-bases-personnel/
American Journal of Research, Education and Development 16 ISSN 2471-9986 2019/3 1.1 Software support (Persistent) Kali Linux operating system The case of test environment was a Kali version. This is because under Linux the Ubertooth works only the help of bash. After restarting, changes on operating system are saved. Contrary to CD in persistent mode. Such changes are specific software installation or any system-level configuration. The solution is a two parts portioned pen drive. One part is the boot the other one is the fixed drive. In case of Linux operating system that is an EXT file system. Following these steps we can make a portable operating system avoiding critical errors can be caused by dual operating system. Wireshark The task of the graphic software is to capture packets sent by different interfaces and provide a detailed information. The Ubertooth is an externally connected device. Many people have fallen into the errors they tried to configure the Bluetooth interface within Wireshark. Obviously it did not saw any data traffic. The methods that can be used will be explained in details later in my Examination paper. 1.1 Hardware support, complete with specific software Ubertooth Hardware and associated software elements for intercepting and data capturing. Installation and proper configuration allows a simple command we can carry out the packages to catch and allow the backup of the subsequent analyses. Garmen Fenix 2 BLE based smartwatch, that experiment's initial phase was used. Basically, during my tests I have monitored my own phone synchronisation process with the help of it. Polar M-400 és Polar H7 pulse meter BLE-based smartwatch with heart rate monitor. In my research I looked at these two devices connection and their synchronisation with the smart phone. Later I'll introduce the possibilities of military use of and the limitations. Amazon Firephone smart equipment Bluetooth 4.0 mobile devices with pre-installed POLAR Flow and GARMIN Connect software. The role of the phone was to establish connection with the smart watch via Bluetooth. After the synchronization process is completed, your phone will have all the measured details of the
American Journal of Research, Education and Development 17 ISSN 2471-9986 2019/3 workout those are recorded on the watch. This wiretap and the captured content analysis I present in my next article. 2./ Steps for interception In this subsection I'll show you step-by-step, how to perform the packet capture, starting with the test environment set-up necessary elements all the way to the software to start. 2.1 Linux operating system First we need a Linux operating system. For testing an 8GB flash drive I used, with a pre- configured persistent kali distribution. 2.2 necessary configuration for the operation of Ubertooth As soon as we created the test environment and installed the operating system can start the necessary software installation and configuration. The steps are as follows 1. The first step is to install the necessary software through your Linux terminal [6]. Picture 3. Commands needed for software installation.5 2. In order to get the Ubertooth-one device decode the packets, it is necessary to create a directory for the baseband layer. This baseband library helps you interpret packages received by Ubertooth. Picture 4. LIBTBB configuration6 3. In addition, it is necessary to download the Ubertooth-associated program package, which we integrate into the system with similar installation method. This contains the host code, which effectively we can listen for the packets [6]. 5 https://github.com/greatscottgadgets/ubertooth/wiki/Build-Guide 6 https://github.com/greatscottgadgets/ubertooth/wiki/Build-Guide
American Journal of Research, Education and Development 18 ISSN 2471-9986 2019/3 Picture 5. Ubertooth software configuration7 4. Then we have to check the Ubertooth version (firmware) to be compatible with the previously downloaded software application. To do this, it is necessary to connect the device to the pc. Then with a simple command “ubertooth-util v” we can print the version of connected device. If for example, this is 2015, then you need the update. Here we enter the Ubertooth 2017-03 - r2 library and find it, and then we enter the ubertooth-one-firmware-bin folder and here we're running the „ubertooth-dfu –d bluetooth_rxtx.dfu –r” command. The program immediately detects the device and update to the latest version. Next, you want to another time to run the ubertooth-util v command to make sure the update procedure has been successful [6]. 2.3 Remark The experiment is now centralise on BLE / Bluetooth smart connection. Interception. During my research I’ve also experimented traditional Bluetooth interception. These analyses have been saved for later analysis. The difference was that we had to integrate the required plug-ins in order to be able to read the BT BR/EDR 16 package. In the case of Low Energy this feature has been integrated by default of the Wireshark version 1.12 and after [6]. Picture 6. Necessary for plugin installation steps for traditional BT packet capture8 7 https://github.com/greatscottgadgets/ubertooth/wiki/Build-Guide 8 https://github.com/greatscottgadgets/ubertooth/wiki/Build-Guide
American Journal of Research, Education and Development 19 ISSN 2471-9986 2019/3 2.4 Bluetooth eavesdropping methods More soon as you have completed the necessary configuration processes and tool is properly connected to the pc nothing else to do than to issue the correct commands and watch the packets flow. There are two methods we can carry it out. Both methods based on the Wireshark software, but many aspects different from each other. Both methods based on the Wireshark software, but many aspects different from each other. 2.4.1 the direct interception method The point is, the content of the package you are listen to immediately displayed in the Wireshark interface through the so called Wireshark. I personally don't prefer this version, because in many cases it failed adequately implement the package interception. However I review these process steps in brief [7]. 1./ As a first step, we have to prepare the pipe. Put the “mkfifo /tmp/pipe” command in the command line to implement. 2./ Then open the Wireshark software and the capture options to enter. All available interfaces will be displayed. (18) 3./ Select the manage interfaces option 4./ Select the Pipe tab, with the+ character create a new Pipe. 5./ The next step in the browse option enter /tmp/pipe to the filename. By this the previously created channel will be activated. 6./ After approval, the interface is in access to the pipe, but only for a transitional period. After re starting the program repeat the previous steps. 7./ In the terminal enter the - ubertooth-btl f c tmp pipe - command and the captured packets immediately to the prepared interface will be forwarded to. 1.1.1 the traditional method In the method used after a well-defined command the data can be backed up in an appropriate way for later analysis. To do this we have to do 1./ ubertooth-btl is defined the interception will be directed against BLE device 2./ -f- determine that interception will establish a newly established connection 3./ -p- in the case of all established connections we can see 4./ -r/név.pcap/- saves the captured content to a PCAP file of our choice
American Journal of Research, Education and Development 20 ISSN 2471-9986 2019/3 Picture 7. The BLE package is required if needed to be repaired Experiment During the experiment, I wore the Polar heart rate monitor myself and kept moving to change my heart rate. This accessory communicated with the clock, which continuously indicated my current heart rate. In the end, in order to not only have my advertising packages9, I downloaded an application for my mobile device that is specifically designed for Polar watches. The hourly data was then synchronized with my device, while packets with higher payloads arrived in parallel. The following picture shows the beginning of the packet flow. The two data in the yellow box represent the sending station and the destination. In this case, it is part of the Polar heart rate monitor Bluetooth address LAP, or Lower Address Part, which identifies the device by including this information in the Access Code of the packet it sends. The recipient is Broadcast, meaning that everyone is spreading information about themselves. I marked the Protocol in blue, which confirms that I've actually tested Bluetooth Low Energy. I marked red for package type ADV_NONCONN_IND. This is a non-connectable package that provides status information to the environment. These so-called \"advertising\" packages are generally spread over three channels 37.38 and 39. In our case, channel 37 is circled in black (Picture 8). If we analyze Advertising Data better, we can easily read the full MAC address of the device with it (Picture 9). 9 Sensor-broadcast messages to provide information about the sensor and to ensure visibility and connectivity to central devices (devices with higher hardware specifications, such as smart watches, telephones)
American Journal of Research, Education and Development 21 ISSN 2471-9986 2019/3 Picture 8. Extracting basic information with Wireshark Picture 9. Extracting MAC Address Starting with pack 189, the heart rate monitor starts and broadcasts information in packets (ADV_IND) that already allow for a connection between a peripheral (in our case the heart rate monitor) and a central device (the clock). It constantly sends information about the changed heart rate. Because it is BLE (Bluetooth Low Energy), the GATT10 layer in the top layer is responsible for defining different characteristics and services. These are distinguished by assigning different unique 10 GATT, at the top of the BLE protocol hierarchy, is designed to distinguish between server and client roles. It also stores all the stored characteristics for us. Each feature has characteristics such as Heart Rate Measurement for the Heart Rate service and Body Sensor Location. For practical reasons, it is possible for these values to appear on the device
American Journal of Research, Education and Development 22 ISSN 2471-9986 2019/3 identifiers to different characteristics. And different number combinations for the services. For the heart rate monitor, this is 0x180D. You can obtain these IDs from the official Bluetooth site. The ASCII translation of the hexadecimal values does not match, but when you click on ADVERTISING DATA we get the value we are looking for (Picture 10) [8]. Picture 10. The ID in the captured package and on the official page11 In the next step, I synchronized and paired the clock with the software on my phone. Here I primarily had to connect the two devices. Also shown in the picture (Picture 10) that my central device, that is my phone, sends out a Scan REQ packet and waits for the SCAN RSP from the 11 https://www.bluetooth.com/specifications/gatt/services
American Journal of Research, Education and Development 23 ISSN 2471-9986 2019/3 peripheral device. Practically, my device scans until it finds a device that constantly scatters its data. Once this is done, we will ensure that your broadcast is specific to our device only. Then comes a CONNECT REQ initialization to make a real connection to the peripheral device and transfer data as well. The picture also shows that the source and destination MAC addresses are already different. The CONNECT REQ package also contains channel map information, which shows which channel is busy. Bit '0' indicates the free channel, while bit '1' indicates the busy channel (Picture 11) Figure 10. Combining a Phone-Polar Clock Figure 11. Channel map
American Journal of Research, Education and Development 24 ISSN 2471-9986 2019/3 A synchronization process is then performed. The role of the ATT12 protocol should be emphasized here. It is based on a client-server architecture. Its task is to implement read and write processes between client and server. This is not to be understood in the traditional way, but in our case the server is the clock and the client is the telephone. Practically, the client wants the server to know what values it needs to display. These are stored by the identification numbers provided by the aforementioned GATT. Understandably, for example, if we have an IOT environment, the temperature sensors continuously send data to a central device, such as a digital thermometer, to measure the temperature. The same thing happens during synchronization. It sends data that can be processed by software that is optimized for a particular smart device (Picture 12) [10]. Then the actual data transfer starts. All data in the watch is synchronized to the phone and recorded. After that, we can clearly see our sports activities on the software interface. What is worth noting here is that the packet size does not exceed 50 bytes since L2CAP segments the data range to such sizes? (Picture 13) Here, obviously, there is a packet to packet jump between channels. As a continuation of my research, I would like to deal with the decryption of these types of packages. The extent to which the synchronized data can be decrypted and what critical information can be extracted. Figure 12 ATT and GATT protocols 12 The ATT protocol is responsible for read-write operations that take place between a peripheral device (sensor) and a central device (in our case a smart watch). This allows you to read the required values that are summed up by one of the above protocols, GATT. For example, during testing, the appearance of my ever-changing heart rate in the watch is the result of this. [9]
American Journal of Research, Education and Development 25 ISSN 2471-9986 2019/3 Figure 13. L2CAP fragmentation As a final point, I would like to explain the pairing between the two devices. It is basically made up of 3 parts. In the first, PAIRING REQ and RESP, they exchange information such as I / O capabilities, the size of the encryption key, etc... The second part is authentication, which depends on the first step. This is where the temporary key is generated. It has 3 options, none, a number between 0 and 999999, or a third option is a 128-bit key. It depends on what device we are talking about. For example, a Bluetooth-based Pacemaker or Earphone does not have any graphical interface, so it does not have any kind of authentication procedure. The user is connected and the service they request is operational. The third step is to distribute the different keys through encrypted SMP packets. Conclusion In this article I have outlined the most important aspects of Bluetooth and Bluetooth Low Energy and illustrated two examples of their security bottlenecks. In short, I presented the standard main specifics, and I explained the listening test environment and the necessary steps. The process implementation is not a time consuming process and we can retrieve a large amount of data even in a single interception. This more detailed presentation follows in my article. My main goal was to show you how easy it is to conduct a process that allows you to intercept various critical information in a military environment. In addition, my aspiration is unique, and I wanted to be the first one to
American Journal of Research, Education and Development 26 ISSN 2471-9986 2019/3 publish a scientific article in the subject. The future goal is to get more data so I can decrypt the surveillance, to figure out what's the easiest way to manipulate these values as well as interfering with these processes
American Journal of Research, Education and Development 27 ISSN 2471-9986 2019/3 REFERENCES [1] NÉGYESI I.: „Informatikai rendszerek és alkalmazások a védelmi szférában,” Dunaújvárosi Főiskola Közleményei, (2010), In: Szerk.: Cserny László Informatika Korszerű Technikái Konferencia 2010. Dunaújváros: Dunaújvárosi Főiskola (DF), 2010. p. 1-10.. [2] NÉGYESI I.: A megfigyelés és az információgyűjtés múltja, jelene és jövője, Szakmai Szemle 2009/3, 2009. p. 35-50. [3] TANENBAUM, A. S.; WETHERALL D. J.: Számítógépes Hálózatok Budapest: Panem, 2013. [4] COLLOTTA, M.; LO BELLO, L.; MIRABELLA, O.: An innovative frequency hopping management mechanism for bluetooth-based industrial networks; 2010. p. 45–50. [5] CRILLY, R.: Fitness tracker data ’reveal locations of military bases and personnel’(2019.04.28) https://www.telegraph.co.uk/news/2018/01/28/fitness-tracker-data-reveal-locations-military-bases-personnel/ [6] github.com, Ubertooth/Build Guide (2019.04.30) https://github.com/greatscottgadgets/ubertooth/wiki/Build- Guide [7] PATTISON, J.: Capturing BLE in Wireshark (2019.04.15) https://github.com/greatscottgadgets/ubertooth/wiki/Capturing-BLE-in-Wireshark [8] https://www.bluetooth.com/specifications/gatt/services [9] https://epxx.co/artigos/bluetooth_gatt.html [10] https://github.com/greatscottgadgets/ubertooth/wiki/One-minute-to-understand-BLE-connection-data-package
Software Technological Interpretation of the NATO Military Capability Improvement Process Gerevich János National University of Public Service, Hungary Abstract Software development for military purposes is a special case of military capability development, which is the basic subject of the present article. With a high chance, during the development of various military capabilities, we can see widely applied information systems. Such applications might be system modules, software-based support tools, as well as information and workflow systems as different components of military capability. NATO has created a comprehensive documentation framework for defense systems to support life cycle management and facilitate military capability development. It also handles the related technological challenges and allows applying the possible solutions. In this article, the author gives us an overview of the basic concept of NATO System Life Cycle Management. Finally, we can find some appropriate essential requirements for software technology based on regular military needs. Keywords: military capability, upgrade, maintenance, NATO standard, software, technology
American Journal of Research, Education and Development 29 ISSN 2471-9986 2019/3 Introduction Developing and acquiring military capabilities is a costly process in itself. The North-Atlantic Treaty Organization has also recognized the problem and developed the NATO Systems Lifecycle Management Policy [1] (hereinafter: SLCM Policy). The task of the SLCM Policy is to define a standard process that could guarantee compliance with specific requirements for military capabilities – as the outcome of the investments. Besides, the SLCM Policy emphasizes the need for a regulated framework explicitly because the costs of maintaining military systems after deployment can far exceed initial costs. [1, 2] SLCM is based on international quality management standards, thus facilitating the implementation of timely, cost-effective and affordable projects for contributors. [1, 3-3.1] During the implementation of a NATO Military Capability Development Program (starting now referred to as the NATO Program) the life cycle stages are describing the execution workflow of programs/projects. The related NATO publications include the appropriate processes and documentation templates that the stakeholders have to apply. To meet the strategic security objectives of NATO and to achieve military success requires a sophisticated operational ability which strongly depends on the available skills. The SLCM Policy also states that a lack of regulation and inspection could result in insufficient military capabilities for the Alliance. [2, 1.1] The sufficient operational capability, deployment, mobility, and survivability required to both humans and infrastructure for success. The development of the above discussed capabilities requires military systems, including military software, that have the characteristics listed below. [2, 1.1] The elements of the list are unique attributes and define general military capabilities. However, in the present case, they have been interpreted as requirements for informatics. In the following, we assume that the analyzed military capabilities are implemented by an IT system, especially in the form of Software-as-a-Service (hereinafter: SaaS) kind of system. 1. Efficiency - meet functional requirements at the lowest possible total cost. This expectation can also be interpreted in the case of IT systems. The “Efficiency in Software Development Projects” [3] article could help us to understand the problem more deeply. The document discusses the programming languages, development methods, support tools and project management relations to each other from the efficiency perspective.
American Journal of Research, Education and Development 30 ISSN 2471-9986 2019/3 2. Deployability – is an attribute of an IT system which describes the complexity of the preparations and operations required to achieve the fully functional state of the given IT system or service. The analyzed system is well deployable if the required processes are repeatable countless times, and the result allows the system health check. Nowadays, the continuous deployment (CD) technique is applied in the IT industry to achieve the best deployment measures. [4] 3. Robustness, survival ability – this attribute can also be interpreted for a software-based service, for its modules and components which describe the health of the entire system. The inspected IT service is robust if it can perform the required functions of the system even under heavy load. At the same time, the failure of single system components does not mean the collapse of the entire system. The appropriate automated testing techniques are the most useful tools to achieve high robustness. [5] 4. Reliability – error-free, continuous operation and good quality with the intended usage of the IT system. Unfortunately, “software reliability cannot be directly measured, so other related factors are measured to estimate software reliability and compare it among products.” [6] On the other hand, it is possible to introduce relevant measurement factors which can show the maturity level of the system from the reliability perspective. 5. Maintainability – this attribute of an IT system describes the ability of the system to be modified and developed. An IT system has good maintainability skills if the implementation of the required changes is supported with standard processes and the upgrade process execution can be done with low risk. Today, maintainable software is one of the biggest challenges in software engineering. There are different measurement techniques [7] to calculate this attribute for software-based services. However, the system characteristics must be taken into account when the applied methods are under selection. 6. Sustainability – guarantees the availability of the system/service for an extended period or the whole life cycle of it. Despite the changes in the environmental, technological, economical, political and legal aspects, the given system can meet the requirements and perform the specified functions during their entire lifetime. The definition of sustainability for a software project can have special interpretations from the production to the usage with different emphases. [8]
American Journal of Research, Education and Development 31 ISSN 2471-9986 2019/3 7. Interoperability – ability to develop bidirectional interfaces with other systems or embed existing modules or components into the system. To reach this goal, well-defined interface descriptions, open source code or open standards [9] might help the implementation. During the analysis of SLCM Policy, we succeeded to find additional relevant and characteristic software technological requirements. The stakeholders must keep the listed principles throughout the whole lifecycle of defense systems from the initial planning until retiring in the case of SaaS like services. The SLCM Policy uses the System-of-Interest (hereinafter: SOI) expression for the systems/sub-systems that are created during military capability development. However, a new military capability development program could mean multiple system development in parallel, so that engineers can execute SOI developments in the same timeframe. The System Life Cycle (hereinafter: SLC) term covers the whole development process from the conceptional design through the development and deployment until the system retirement. Though, the integrated and cost-effective defense capability development tool is SLCM itself which requires the participants to collaborate effectively and efficiently. One of the essential principles of the NATO SLCM Policy is to implement the appropriate collaboration and interoperability between the NATO systems and member countries. The efficient and effective use of national and NATO resources is vital for the sustainability of the Alliance's military operations. The use of civil standards provides a strong pillar to achieve this goal, as it allows cooperation with industry and economic actors. The application of the approved techniques by industry and the utilization of new technologies in the defense systems offer excellent opportunities for participant companies in military capability development. Achieving functional and qualitative indicators that meet military expectations is only possible through an integrated system approach. To support the integrated system approach at different execution levels NATO Standardization Office gives us several document types. NATO Standardization Agreement (shortly: STANAG) NATO Allied Administrative Publication (shortly: AAP) NATO Allied Quality Assurance Publication (shortly: AQAP) In addition to the principles, there are also essential requirements for military capability development in the SLCM Policy from a research perspective. [2, (6)] The document states the
American Journal of Research, Education and Development 32 ISSN 2471-9986 2019/3 purpose and objectives of SLCM as follows: „the main goal of SLCM is to efficiently and effectively deliver, use and maintain NATO capabilities”. [2, (6.1)] The following list contains the analysis of the military expectations from the software technology view. \"Have a common understanding of all aspects of SLCM, including operational and logistic requirements, affordability, time, schedule, quality and risk.\" [2, (6.1.1)] – This is a requirement for general military system development. Still, with some modifications, it can also be interpreted as a project management requirement for software development: affordability, time, schedule, quality and risk factors need to be explained together for military IT system developments. \"Create integrated and seamless business management practices that extend from initial concept through to retirement\". [2, (6.1.2)] – The latter requirement sets out general expectations, but it is possible to accept it in the same way as a project management requirement for software development. „Establish effective collaboration between all stakeholders, with clearly defined responsibilities, throughout the life cycle”. [2, (6.1.3)] – For software development projects this requirement is applicable without any changes. \"Facilitate technology insertion, mid-life updates and address obsolescence based on life cycle considerations.\" [2, (6.1.4)] – An expectation that can also be interpreted as a requirement for software technology. \"Define and apply an integrated systems approach to the development, use and support of systems, that meets specified requirements to minimise acquisition time, maximise effectiveness, and minimise life cycle costs.\" [2, (6.1.5)] – The first half of the requisite until the expectation of meeting the requirements can be considered as a realistic goal for software technology. However, the second part of the request related to acquisition time, effectiveness and costs, which are tough to meet together. The associated economic problem [10] is beyond the frame of this paper. Sadly, no single silver bullet exists to solve it. \"Acquire systems that meet operational and logistic requirements, optimize internal and external interfaces, address integrated logistics and in-service support, and minimize production, in- service and disposal impacts to the environment.\" [2, (6.1.6)] – The stated requirement covers mostly physically existing military capabilities, so its further discussion is not necessary.
American Journal of Research, Education and Development 33 ISSN 2471-9986 2019/3 The NATO AAP documents are describing the relationship between SLCM and the previously mentioned AQAP standard family. AAP-20 [11] defines the life-cycle model with stages. The AAP- 48 [12] document contains the extension of the life cycle model to workflow level. This publication defines the processes, associates them with each stage, as well as the documentation templates are associated with the processes and the available applicable AQAP standards. Figure 1: NATO SLCM components (by the editor) Based on Figure 1, we can see that the SLCM is using three different levels of supporting documents. The first general level is the SLCM Policy, followed by the AAP-20 and AAP-48 publications together to support the life cycle stages and processes. Finally, the SLCM Document Library provides specialized documentation templates for the various military capability development programs. These document templates can be used for software development projects as well if the applied methodology allows it.
American Journal of Research, Education and Development 34 ISSN 2471-9986 2019/3 Conclusions As a result of the analysis of SLCM Policy, we found twelve requirements related to software technology. First, we identified some new requirements for IT developments which have real meaning in software technology. Later, we found additional expectations for project management and technology; their interpretation can also be used for software intensive military capability development projects. These results serve as criteria for future software development standards not only for armed forces. Requirements for Software Technology 1. Efficiency 2. Deployability 3. Robustness 4. Reliability 5. Maintainability 6. Sustainability 7. Interoperability Project Management Requisites 1. Affordability, time, schedule, quality and risk factors need to be explained together for IT system developments. 2. Apply integrated and seamless business management practices that extend from initial concept through to retirement. [2, 6.1.2] 3. Strive for effective collaboration between all stakeholders, with clearly defined responsibilities, throughout the life cycle. [2, 6.1.3] Tech expectations 1. It is necessary to allow the technological extension, lifetime modifications, and management of obsolescence. 2. Software development projects need to define an integrated system approach that supports utilization, facilitates compliance.
American Journal of Research, Education and Development 35 ISSN 2471-9986 2019/3 References: [1] NATO Policy for Systems Life Cycle Management. Note by the Secretary General, 2006. 01. 13., North Atlantic Council, p. 1. http://www.army.cz/assets/files/7284/policy.pdf (accessed: 2019.11.15.) [2] NATO Policy for Systems Life Cycle Management, ANNEX 1, C-M(2005)0108, 2006. 01. 13., pp. 1-1–1-3 http://www.army.cz/assets/files/7284/policy.pdf (accessed: 2019.11.15.) [3] Aneesh Chinubhai: Efficiency in Software Development Projects. In: International Journal of Software Engineering and Its Applications Vol. 5 No. 4, October, 2011 pp. 171-179 https://pdfs.semanticscholar.org/1d43/513975d8b5d1af932f98ff983b78cfeaaa10.pdf (accessed: 2019. 11. 20) [4] Pilar Rodrígueza, Alireza Haghighatkhaha, Lucy Ellen Lwakatarea, Susanna Teppolab, Tanja Suomalainenb, Juho Eskelib, Teemu Karvonena, Pasi Kuvajaa, June M. Vernerc, Markku Oivoa: Continuous Deployment of Software Intensive Products and Services: A Systematic Mapping Study. http://jultika.oulu.fi/files/nbnfi-fe201902185288.pdf (accessed: 2019. 11. 21) [5] Ali Shahrokni & Robert Feldt: A Systematic Review of Software Robustness. Department of Computer Science & Engineering, 2013, Chalmers University of Technology, Gothenburg, Sweden http://www.robertfeldt.net/publications/shahrokni_2013_sysrev_robustness.pdf (accessed: 2019. 11. 23) [6] Jiantao Pan: Software Reliability. Carnegie Mellon University. Dependable Embedded Systems. 1999 https://users.ece.cmu.edu/~koopman/des_s99/sw_reliability (accessed: 2019. 11. 23) [7] Malhotra, Ruchika & Chug, Anuradha: Software Maintainability: Systematic Literature Review and Current Trends. International Journal of Software Engineering and Knowledge Engineering. 26. pp. 1221-1253. (2016) https://www.researchgate.net/publication/309522651_Software_Maintainability_Systematic_Literature_Review _and_Current_Trends (accessed: 2019. 11. 27) [8] Birgit Penzenstadler. What does Sustainability mean in and for Software Engineering? January 2013 Conference: 1st International Conference on ICT for Sustainability (ICT4S) https://www.researchgate.net/publication/255949741_What_does_Sustainability_mean_in_and_for_Software_E ngineering/link/00b49520e7541932dd000000/download (accessed: 2019. 12. 02) [9] Fernando Almeida1, José Oliveira and José Cruz: OPEN STANDARDS AND OPEN SOURCE: ENABLING INTEROPERABILITY, International Journal of Software Engineering & Applications (IJSEA), Vol.2, No.1, Jan. 2011 http://airccse.org/journal/ijsea/papers/0111ijsea01.pdf (accessed: 2019. 12. 20) [10] NEWELL M. W., GRASHINA M. N.: The Project Management Question and Answer Book. NY, USA, AMACOM, 2003. p. 8. [11] NATO STANDARD AAP-20 Edition C Version 1 2015. 10. NATO STANDARDIZATION OFFICE (NSO) [12] NATO STANDARD AAP-48 Edition B Version 1, 2013. 03. NATO STANDARDIZATION AGENCY (NSA)
Search
Read the Text Version
- 1 - 36
Pages: