IEEE C MPUTEIEEE COMPUTER SOCIETY INDIA SAC Newsletter

JUNE 2016VOLUME 2

Maitri VaghelaJibin SabuChairman

Sujay SreekumarSecretary

Anand Jagadeesh

Message From the SAC Team

It is easy to know about the developments, but it’s not easy for everyone to understand the latest trends and developments in the Computing Industry. When the IEEE Computer Society India Council Student Activities Newsletter was initiated, we had this in mind. We wanted to make sure that those who wish to know more about the present trends and developments in the field of computing should be able to get the information they need together at one place and explained in a way that any person is able to grasp the idea.

The prime step towards any such endeavour is to build a solid team. The sincere hard work and dedication of the team members helped bring out the “IEEE Compute Edition 1.0” in March 2016. Now the IEEE Compute team is releasing the second edition of the newsletter. The articles in IEEE Compute is written and designed by the student volunteers across India, which makes it unique and easy to understand as it has everything less complicated, all that is packed in a simple and elegant design.

The IEEE Computer Society India Council Student Activities Committee is always trying to implement more activities to reach out to students and to help them excel in their educational and technical life. The success of the newsletter is a matter of great pride and gratification for us. We believe that we can refine this newsletter more in the coming editions so that they suit the needs of the student community.

The Chief Editor, Maitri Vaghela is resigning from the team as she is heading to Rochester Institute of Technology, New York for her higher studies. The credit for the success of the newsletter surely goes to the efforts put in by her to form a great team and lead the team in a wonderful way. We will always remain indebted to the efforts and the hard work of this talented volunteer. We wish her all the best and she is sure to climb the ladders of success in the future. We would also like to congratulate each and every member of the Team IEEE Compute for their untiring efforts in bringing the second edition of IEEE Compute to the readers. We wish the team all success in their endeavor.

“Any fool can know. The point is to understand.” - Albert Einstein

The IEEE CS IC SAC Team

Editorial

Editorial messages are always delightful for it marks the end of an exciting journey full of hard work, dedication, meeting a hundred deadlines and the best of all, volunteering for IEEE. And especially, this edition of our newsletter is a lot more special to me, as it marks the end of my journey as the Chief Editor of the newsletter. I wish all the very best to my team, Compute and hope they will achieve new heights through the future editions.

Our newsletter, IEEE Compute, an initiative by IEEE India CS SAC, successfully delivers its 2nd edition. Looking back at the journey, from the day we had our first meeting till date we have grown at an exhilarating rate. Our team now has around 25 members in all divided into Newsletter, Pub-licity and Website department with volunteers spread all over the country.

It’s indeed a proud moment, as our team members have repeated the history by winning one of the most prestigious Richard.E.Merwin scholarships this year as well. I am blessed to have a highly dedicated, hardworking team which always strives to bring out the best for you.

This edition’s theme Security in Cloud Computing, took us in awe as our content writers, after an in depth study into cloud computing have brought out some great articles. The general articles bring to you some exceptional and trending developments. To add some icing to the cake, we have fea-tured two exceptionally good interviews, one from a pioneer in the industry and other an inspiring account of the experience of a student volunteer. I hope the readers will have a good time reading it.

I wish all the best to my team. It’s time to bid adieu, but as they say it’s better, “Until next time” !

Ashka SoniDesigner

Saurabh Patn

i

Designer

Gokul Krishn

an

Designer

Soorya Krishn

a

Content Writ

er

Nimisha BanaPublicist Aditya Ajayku

mar

Proof Reader

Adityaraj SProof Reader

Judy T RajContent Writer

Anand J

Content Writ

er

Megha Ben

Designer

Adwaith A KumarContent Writer Gopika KoranathContent Writer

Apoorva JainContent Writer

Susheel.SContent Writer

Compute Team

Daniel James

Publicist

Romal MistryDesigner

Abhishek PDesigner

Jamal Mohamed HDesigner

Pritika Merry

l Prasad

Content Writ

er

Maitri Vaghe

la

Editor-in-Chie

f

Cherag Sahne

y

Public Relati

on Officer

Visakh Ajith

Content Writ

er

Balu B Raj

Design Mento

r

Abhishek Iyer

Proof Reader

Aswathi HaridasanContent Writer

Akhil Kumar T ADesigner

Sailakshmi P V

Proof Reader

Vanisha Gupta Publicist

Maitreyi Thak

kar

Content Writ

er

Aakanksha AroraContent Writer

9 10

IEEE COMPUTE

11 12

IEEE COMPUTE

13 14

IEEE COMPUTE

IEEE COMPUTE

GRAVITY LIGHT

Cloud Computing is a topic that might be found confusing. Though, it isn’t as confusing as it sounds. In fact most of those who claim of not being able to understand the subject are part of the majority that uses it daily.

n basic terms, cloud comput ing is the phrase use to describe

different scenarios in which comput-ing resource is delivered as a service-over a network connection. Cloud computing is therefore a type of com-puting that relies on sharing a pool of physical or virtual resources, rather than deploying personal hardware or software. It is somewhat synonymous to the term ‘utility computing’ as users are able to tap into a supply of computing resource rather than manage the equipment needed to

generate it themselves much in the same way as the consumer tapping into the national electricity supply, instead of using their own generator.

One of the key characteristics of cloud computing is the flexibility that it offers and one of the ways that flexibility is offered is through scalability. This refers to the ability of a system to adapt and scale to changes in workload.

Cloud technology allows automatic addition and removal of resource as and when it is necessary, thus ensur-ing that the level of resource avail-able is as closely matched to current demand as possible. This is a defin-ing characteristic that differentiates it from other computing models where resource is delivered in blocks, usually with fixed capacities and upfront costs. With cloud com-puting, the end user usually pays for the resource they use and so avoids the inefficiencies and expense of any unused capacity.

There are numerous security issues for cloud computing as it encom-passes many technologies including networks, databases, operating sys-tems, virtualization, resource sched-uling, transaction management, load balancing, concurrency control and memory management. Therefore, security issues for many of these systems and technologies are appli-cable to cloud computing.

As customers transit their appli-cations and data to the cloud, it is critical for them to maintain or, preferably surpass, the level of security they had in their tradi-tional IT environment. This section provides a prescriptive series of steps for cloud customers to evaluate and manage the securi-ty of their use of cloud services, with the goal of mitigating risk and delivering an appropriate level of support. The following steps are discussed below:

1. Ensure effective governance, risk and compliance processes exist.

2. Audit operational and business processes.

3. Manage people, roles and iden-tities.

4. Ensure proper protection of data and information.

5. Enforce privacy policies.

6. Assess the security provisions for cloud applications.

IEEE COMPUTE

SECURITY AND

PRIVACY IN CLOUD

-Maitreyi Thakkar

I

15 16

IEEE COMPUTE

7. Ensure cloud networks and con-nections are secure.

8. Evaluate security controls on physical infrastructure and facilities.

9. Manage security terms in cloud service agreement.

Agencies planning to place personal information in a cloud service should perform a Privacy Impact As-sessment (PIA) to ensure that they identify any privacy risks associated with the use of the service together with the controls required to effec-tively manage them. Cloud services may make it easier for agencies to take advantage of opportunities to share information.

For example, sharing personal in-formation with another agency may be achieved by simply creat-ing user accounts with appropri-ate permissions within a SaaS solution rather than having to im-plement system-to-system inter-face to exchange information. Al-though cloud services have the potential to lower the technical barriers to information sharing agencies must ensure that they appropriately manage access to personal information and comply with the requirements of the Pri-vacy Act 1993.

Service providers typically use pri-vacy policies to define how they will collect and use personal informa-tion about the users of a service. US service provider’s policies usually distinguish between Personally Identifiable Information (PII) and non personal information. However , it is important to note that both are considered personal information under the Privacy Act 1993. Agen-cies must carefully review and con-sider the implications accepting a service provider’s policy.

The cloud is still new, so the push for effective controls over the protection of information in the cloud is also nascent. Currently there are fewer security solutions for the cloud than there are for securing physical devices in a traditional infrastructure. While the cost of instantiating virtual security appliances is lower in the cloud, the technology is newer.

Cloud services may make it easier for agencies to take ad-vantage of opportu-nities to share infor-mation.

17 18

ccording to Tim Grance, “Cloud computing is a model for enabling conve-nient, on-demand network

access to a shared pool of configu-rable and reliable computing re-sources(e.g., networks, servers, storage, applications or services) that can be rapidly provisioned and released with minimal consumer management effort or service pro-vider interaction”. From the day when the term was introduced, cloud and cloud computing is one of the buzz words that rocked the IT industry very well and gained popu-larity very fast. Due to its massive

scaling capabilities and universal connectivity principles, it is replacing the traditional views of computing and resource sharing and so the cloud security aspect is also gaining importance.

FFor any software developed, three properties must be ensured to con-sider it secure. Dependability, so that the software shall execute pre-dictably and operates correctly under a variety of conditions, includ-ing when under attack or running on a malicious code. Trustworthiness so that the software must contain either few the attacks occurred, if

establishing a user’s identity of who they claim to be. Authorization refers to the privileges granted to individuals or processes that enable them to access resources in the cloud. Auditing consists of mainly two

pprocesses, a system audit, a one-time or periodic evaluation of security, and monitoring, an ongo-ing activity that examines either the system or the users, such as intrusion detection. Accountability is the ability to determine the ac-tions and behaviours of a single in-dividual within a cloud system and to track that particular individual. Along with these factors, certain security design principles are also used like Least privilege, Separa-tion of duties, Defence in depth, Fail safe, Economy of mechanism, Complete mediation, Open design, Least common mecha-nism, Psychological acceptability, Weakest link and Leveraging ex-isting components.

design and implementation of pro-tection mechanisms, design and im-plementation of protection mecha-nisms, so that unintended access paths do not exist or can be readily identified and eliminated. In com-plete mediation, every request by a subject to access an object in a computer system must undergo a valid and effective authorization pro-cedure. For most purposes, an open-access cloud system design that has been evaluated and tested by a myriad of experts provides a more secure authentication method than one that has not been widely assessed. In the concept of least common mechanism, minimum number of protection mechanisms should be common to multiple users, as shared paths can

be a source for unauthorized infor-mation exchange. The user inter-face being more intuitive and easy to use is the prime concern in psy-chological acceptability principle, although there exist complex mechanisms beneath. The weakest components in the cloud should be identified and should be replaced or strengthened. The weakest link principle states this problem. Along with all these, use of the entire po-tential of the resources associated with the cloud is also important.

Building a secure cloud does not end with these principles. Secure development practices like han-

dling sensitive data efficiently, avoid exposure of too much of the operating codes to the end users by better code practices, considering the strength and weaknesses of the language used to code, checking input validation andand avoiding code injections by better coding and above all, physical security of the system should be looked after in order to build a secure cloud computing environment. The security in cloud computing is one of the trending ttopics these days and many organizations are trying to make efficient standards for the cloud computing environments.

23 24

IEEE COMPUTE

25 26

IEEE COMPUTE

27 28

IEEE COMPUTE

29 30

IEEE COMPUTE

There are various methods to solve this problem. They are as follows:

Coin algorithm is basically an algo-rithm formulated to solve the problem of change making, which is actually a real life situation. Therefore, this algo-rithm is closely related to real life in-stances. The change making problem can be stated as how can a given amount of money be made with the least number of coins of given denomi-nations? The application of algorithm is far beyond currency

IEEE COMPUTE

COIN ALGORITHM-Visakh Ajith

31 32

IEEE COMPUTE

For many problems, greedy algorithms fail to produce the optimal solution, and may even produce the unique worst pos-sible solution. One example is the travel-ing salesman problem mentioned above: for each number of cities, there is an as-signment of distances between the cities for which the nearest neighbor heuristic produces the unique worst possible tour.

Therefore these are the methods.

Thus the above methods give us a valid solution to the change making problem.

For example, a greedy strategy for the traveling salesman problem (which is of a high computational complexity) is the fol-lowing heuristic: "At each stage visit an un-visited city nearest to the current city". This heuristic need not find a best solution, but terminates in a reasonable number of steps; finding an optimal solution typically requires unreasonably many steps.

The applications of the algorithm is far wider than just solving this change making problem. The "optimal denomi-nation problem" is a problem for people who design entirely new currencies: What denominations should be chosen for the coins in order to minimize the av-erage cost of making change—i.e., the average number of coins needed to make change? The version of this prob-lem assumed that the people making change will use the minimum number of coins (from the denominations available). One variation of this problem assumes that the people making change will use the "greedy algorithm" for making change, even when that requires more than the minimum number of coins. Most current currencies use a 1-2-5 series, but

some other set of denominations would require fewer denominations of coins or a smaller average number of coins to make change or both. Thus the applica-tion reaches far beyond just the coin change problem.Till now we have seen all the solution to coin change problem. We saw different solving methods which were simple dy-namic programming , dynamic pro-gramming with probabilistic convolu-tion tree, linear programming and greedy method. Each and every method had an advantage and a disadvantage. Every solutions given above cannot solve all the cases coming under this problem. There are some cases whose optimal solution cannot be derived from these methods.

33 34

41 42

IEEE COMPUTE

43 44

IEEE COMPUTE

IEEE COMPUTE

GRAVITY LIGHT

Over 2 billion people on earth don't have electricity but there are innova-tions coming up in technology to help them. Most of them live in rural or remote areas that are off the electrical grid but others can't afford elec-tricity because they're poor and live on less than $2 a day.

nventors and scientists have been working on this problem

and have created effective, inex-pensive, simple inventions that don't require electricity. Gravi-tyLight has been developed to provide clean, reliable and safe light, enabling people to break free from the economic, health and environmental hazards of kerosene lamps.

Multiple award winning inventor Emily Cummins created an inex-pensive, simple, natural biologi-cal cooler that refrigerates per-ishable foods and medicine.

The latest simple invention to address this electricity problem comes from co-inventors Jim Reeves and Martin Riddiford. They spent almost four years developing their award winning GravityLight™, which is a light

that requires no electricity, no batteries or solar dependency to operate. Instead it uses the force of gravity to create light.

A weight is connected to the end of a rope that loops through the light casing. The light is hung from any structure or tree. You pull on the rope to lift the weight to the casing.

When you let go of the rope the weight gradually falls and pulls the rope through gears that turn a small generator to power LEDS on the light.

The light shines for about 25 minutes and it only takes 3 sec-onds to pull the rope to restart the cycle again.

To demonstrate the feasibility of their invention they decided to raise funds for field testing. They launched a crowd fund-ing campaign on Indiegogo to raise $55,000 but received close to $400,000.

Jim acknowledges that the success and support for the campaign was helped by an unexpected endorsement from Bill Gates who tweeted, "GravityLight is a pretty cool in-novation which could be a source of cheap light in devel-oping markets."

I

-Aakanksha Arora

45 46

“Prove that you are not a robot”. Do you recognise this sentence? Yes, it is the same line of text preceding an image with distorted text, graphics or connective logic followed by a text input box. All of us might have encountered this one when bowsing sites, submitting forms or atleast while creating email accounts. We are talking about the great CAPTCHA.

test to differentiate between Computers and Humans .This term was coined by Luis von Ahn, Manuel Blum, Nicholas J. Hopper, and John Langford. The CAPTCHA is a type of challenge response test used in computing to determine whether or nonot the user is human the most common type being invented in 1997 by Mark D. Lillibridge, Martin Abadi, Krishna Bharat, and Andrei Z. Broder.

This form of CAPTCHA requires that the user to type the letters of a dis-torted image, sometimes with the addition of an obscured sequence of letters or digits that appears on the screen. A user has to spend about an average of 10 seconds to sosolve a CAPTCHA. The test is nor-mally administered by a computing system.

The discussions about inventing methods to make text illegible to computers were first done in order to transfer sensitive information across computer networks and mail servers. They used combinations of symbols like $ for S and @ for A. The topictopic gained importance when bots or automated programs, that were used to perform certain activities of which some had malicious inten-tions, came into being. Think of a sit-uation where the automated codes create fake emails, participating in online polls and also bypassing password authentications thereby compromising a system's security. The technology of CAPTCHA was invented to prevent any unwanted “bots” from getting into parts of the

IEEE India, with the aim of providing the members a collaborative environment for creativity and productivity as well as the resources to advance their knowl-edge and professional training, conducted the All India Computer Society Stu-dent –Young Professional Congress (AICSSYC) 2015 from 20th -22nd December 2015 at Netaji Subhas Institute of Technology, New Delhi. The congress, with the theme of “Going digital, Growing potential”, was packed with interesting talks and exciting events, and witnessed the participation of over 200 delegates from different sections of India.

AICSSYC 2015

The scientists at the Google's devel-opment centres recently developed algorithms that could be used to read text out of the images of streets the street view provided. Then some of them had a question in their mind. Can this algorithm be usedused in order to solve CAPTCHA. The continuous tests on this topic proved that the algorithm could solve most of the commonly avail-able CAPTCHAs with close to 90 percentage of accuracy. The algo-rithm that was created to read address plates on buildings hence pushed the greatest tests ever de-signed to prevent bots from attack-ing computer systems into the state of Obsolete. Another company claimed to have broken the reCAPT-CHA, the Google variant of the traditional CAPTCHA back in 2003.

Both the algorithms are currently kept locked by the respective owners. But think of a situation when the products from these com-

ness Etiquette by Ms. Mira Swarup Gulati. Following this was the Student Branch Pre-sentations where representatives of different IEEE Student Branches were given the opportunity to share the achievements of their branch. Later, Prof. San Murugesan (Di-rector, BRITE Professional Services) spoke on the IT sector as an emerging part of the modern world. This was followed by various cultural performances, and a DJ session after dinner

DAY 2

: The day began with an informative session by Mr. Alok Goel (Managing Director, SAIF Partners) who gave valu-able advice to all the budding entrepreneurs regarding all the challenges encountered in a start-up. This was followed by a very interactive talk on the importance of internships in a young professional’s career by Mr. Sarvesh Agrawal (CEO, Internshala). Following a short ttea break, Mr. Eric Berkowitz (Director of Membership, IEEE Computer Society) discussed the membership procedure and details of IEEE Computer Society and later Mr. Roger Fujii (2016 IEEE Computer Society Presi-dent) talked about the functioning and organizational structure of the same. Next was an extremely interac-tive session session on Corporate Grooming and Business Etiquette by Ms. Mira Swarup Gulati.

CONGRESS PROCEEDINGS

DAY 1

After the icebreaking session and inaugural ceremony that included the felicitation of the numerous dignitaries pres-ent at the event, Mr. Ramakrishna Kappagantu, Director IEEE R10, gave all an overview of the activities of IEEE R10 and the various events that have been organized in the past few years. Following this, Dr. Prerna Gaur (Branch Counsellor, IEEE NSIT), Mr. Roger Fujii (President, IEEE CompuComputer Society), Mr. Eric Berkowitz (Director of Mem-bership, IEEE Computer Society) and Mr. San Murugesan (Director, BRITE Professional Services), Prof. Yogesh Singh (Director, NSIT) spoke on the event and its theme and gave their valuable opinion on the concept of digitalization. Next was an extremely inspirational talk by Prof. Anil Kumar Gupta (Founder, Honey Bee Network), on the abundance

of new ideas in our country and of poor execution of the same. This was followed by felicitation of the Richard E. Merwin Scholars ( Vaibhav Vats (Delhi Section), Aravind-han Anbazhagan (Madras Section), and Vinod Sharma (Madras Section)). The first day concluded with a vote of thanks by Mr. Vaibhav Vats (SSR, IEEE Delhi Section) who ex-pressed his gratitude to all those who helped in making the Congress successful.