Standards Focus

SPEEDING PRODUCT ENGINEERING BY MAKING IT EASIER TO EXCHANGE IP

With digital technology making its way into every device, home appliance, and aspect of our working lives, much of product engineering involves reusing existing code for common functions. There’s just no reason for every cell phone or networked toaster to reinvent how a device tells time, for instance.

But behind that simple principle of expediency is a complex world in which there are two different hardware description languages— Verilog, which grew out of industrial uses, and VHDL, which originated in the US Defense Department— and many different ways manufacturers have implemented them. Both languages are defined in approved IEEE standards (IEEE 1800™ for Verilog and IEEE 1076™ for VHDL), but because the standards were created separately, there are semantic differences that have crept into the syntax descriptions between the two languages, making information exchange harder.

Achieving something close to universal interoperability in that world is the goal behind IEEE P1735™, Recommended Practice for Encryption and Management of Electronic Design Intellectual Property (IP). Steven Dovich of Cadence Systems, Working Group Chair for the proposed entity-based standard, says, “Almost any digital circuit out there is using IP from somebody or other for common functionalities. P1735 wants to make it easier for you to just go out and find somebody who’s ‘already got one,’ so you can focus your engineering efforts on your own value-add.”

Security is a particular priority of the standard. “The goal is to coordinate the evolution of technology to enable a robust marketplace of protected IP,” says Dovich. He cites as an example of this the ability of a developer to experiment freely with code on his or her workstation, but to have to return to the owner of the IP to properly license it for manufacturing. “That’s better for both parties than the typical crude level of control where you can’t unlock it at all until you buy the key.”

Because there were already standards for both Verilog and VHDL applications, the Working Group on P1735 wanted to be careful not to step on their boundaries and create conflicting information. The key, Dovich says, was making P1735 a recommended practice, so that the common ground it found between Verilog and VHDL would work its way back into revisions of both standards.

Dovich says even as P1735 awaits its first balloting as a standard, “P1735 has already contributed to industry by helping to resolve ambiguity and get independent vendors to exchange IP effectively. In the course of working out the issues for P1735, vendors who've committed to conforming have achieved that interoperability and proven it out.” Get more information on this Working Group

(Back to top)

ANTI-PHISHING WORK GROUP

IEEE-SA Funds Prizes at APWG’s eCrime Research Summit
Phishing is the practice of trying to trick a customer into compromising his or her own online security and giving cybercriminals access to things like credit card numbers and bank accounts. Even after two decades of widespread internet usage, new phishing techniques often prove effective with unwary customers.

The Anti-Phishing Work Group, an Advanced Corporate Member of IEEE-SA that also provides the Vice-Chair for the Stop-eCrime WG, is at the forefront of fighting phishing scams and all forms of cybercrime, holding the eCrime Researchers Summit, an annual peer-reviewed research conference, in late fall each year. IEEE-SA publishes accepted papers in the IEEE Xplore® Digital Library— and in 2011, for the fifth year in a row, IEEE-SA funded the eCrime Fighter Scholarship Program, underwriting some travel expenses for student authors of accepted research papers and posters to enable them to attend the conference, as well as funding cash awards of $1500 and $500 each for the highest-scored paper and the runner-up.

This year’s winner, presented at the conference in San Diego, was “The Smuggling Theory Approach to Digital Crime,” by Vaibhav Garg, Nate Husted, and Linda Camp of Indiana University. The runner-up was “Controlling Spam and Spear Phishing via Peered Network Overlays and Non-repudiable Traceback,” by Stephen Neville and Michael Horie of the University of Victoria in Canada.

The eCrime Researchers Summit is the main place that researchers into every aspect of electronic crime, from its technical to its legal and sociological aspects, can get together and share knowledge. IEEE-SA is glad to be a partner in helping make us all safer online this way.

Check out the APWG website for more information on this Working Group
Get more information on IEEE-SA Industry Connections

(back to top)

SOFTWARE TAGGANT SYSTEM

Next Generation of Malware Defense Under Development Now; Call for Proposals
Stopping viruses, worms, spyware and other forms of computer malware is one of the biggest priorities in technology. One new line of defense is the proposed IEEE Software Taggant System, and the IEEESA Industry Connections Security Group (ICSG), an IEEE-SA corporate-member-based activity, is announcing a call for proposals to develop and operate the Certificate Authority that would be part of the system. By enabling the identification of specific users of binary “packer” software and the blacklisting of misused license keys, the IEEE Software Taggant System is designed to expose creators of malware and help provide an effective defense against them.

At this time, IEEE-SA is coming to the end of the RFP submission review process and no further submissions are being accepted. IEEE-SA will select the PKI provider within the next few weeks.

(back to top)

IEEE P1667™ AIMS TO ENHANCE SECURITY AND USABILITY FOR STORAGE DEVICES AT THE SAME TIME

The scenario is disturbingly plausible to anyone who travels with sensitive information. You pick up your laptop to board an airplane— and accidentally leave your hard drive behind. And with it, a great deal of personal and business information, exposed to whoever finds it.

That’s just one of the potential issues involved with storage device security. At the other extreme, to guard against data theft on their own premises, businesses increasingly cover USB ports with physical barriers— crippling their own in-house equipment to reduce the chance of unauthorized use. That may be crudely effective, but it has a cost in hassles and lost productivity, too.

What’s needed to solve both of these problems is a way for devices and systems to recognize each other “so a device can know that the system is okay, and the system can know that the device is okay, and they can agree to work together,” says Curtis Stevens of Western Digital.

Western Digital is one of several storage device manufacturers who initially helped lead the effort to develop a common platform for security on storage devices; they've since been joined by flash memory and smart card makers, chipset manufacturers and others. The focus of their efforts is the entity standard IEEE P1667, Standard for Discovery, Authentication and Authorization in Host Attachments in Storage Devices, which aims to add new capabilities to the existing IEEE 1667™-2009 standard to keep up with advances in the industry, by specifying a new Silo Type Identifier (STID) allocation process that uses the IEEE Registration Authority.

“1667 has been widely deployed with Windows USB, and now we’re expanding it to work with SAS, SATA, USB, EMMC, and USB-UAS,” Stevens says. “1667 creates a tunnel to other security protocols. With a common platform, you still have to have some custom software to allow authentication and authorization, but the burden is greatly reduced.” Learn how to participate in the P1667 Working Group

(back to top)

Broadcom Honored for Leadership in IEEE Standards Innovation

Semiconductor company Broadcom was honored in December with the 2011 Corporate Award from IEEE-SA for its outstanding contribution and leadership in IEEE standards innovation. A leader in semiconductor solutions for wired and wireless communications and widely recognized within the industry for its commitment to innovative IP and R&D, Broadcom was honored in the 10th anniversary edition of the award for its participation at all levels of standards development, including serving on the Corporate Advisory Group and as part of many Working Groups on technical standards relating to telecommunications.

On receiving the award, Wael William Diab, Senior Technical Director at Broadcom and a member of the IEEESA CAG, said, "Broadcom engineers take pride in knowing their creative ideas, products and technologies enable people to connect anywhere and we're thrilled to be recognized for our contributions in the advancement of open standards. The IEEE-SA Corporate Award underscores Broadcom's long-standing commitment in partnering with leaders throughout the industry to enable next-generation telecommunication standards and innovation." Get more information on Corporate Awards and how you can submit nominees

(Back to top)

membership update

IEEE-SA Corporate Membership continues to grow. The following entities joined the IEEE-SA Corporate Membership Community since November 2011:

• A123 Systems, AVAST Software
• Chosun University Hospital
• Commtouch Inc.
• EEG Education & Research Inc.
• F-Secure
• International Neuroinformatics Coordinating Facility (INCF)
• Interra Systems India Pvt. Ltd.
• Inventures
• Raisecom Technology
• Verific Design Automation
• wiseSense GmbH

For more information, see IEEE-SA's Corporate Membership, view the directory of IEEE-SA Corporate members, or contact us via email.

(Back to top)

CALL FOR CANDIDATES

Help Drive the Future of Innovation as a Candidate for the IEEE-SA Corporate Advisory Group
Want to play a greater role in shaping the IEEE-SA Corporate Program? The Nominations and Appointments Committee of the IEEE-SA Board of Governors is currently seeking candidates to serve on the 2013-2014 IEEE-SA Corporate Advisory Group (CAG). There are elected (member-at-large) and appointed positions available. Positions start in January 2013 and serve through the end of 2014. In order to serve on the CAG, the following qualifications must be met:

• The time commitment is three meetings in 2013, some of which involve international travel.
• You must be interested in managing the development of industry standards and must hold a strategic position at a company that is a corporate member of the IEEE-SA (or is willing to join) and has paid the appropriate membership dues.
• Attendance is expected at all meetings, with the possibility of participation on additional conference calls, if needed.
• Members must have an email address, web access, a laptop computer and a wireless card to bring to meetings.

These are non-funded positions. Members are expected to fund their own travel. If you would like to be considered for the 2013-2014 IEEE-SA CAG, please provide a brief, one-page bio with complete contact information to Mary Lynne Nielsen.

See more information about the CAG

(Back to top)