Stapko - Practical embedded security : building secure resource-constrained systems
Here you can read online Stapko - Practical embedded security : building secure resource-constrained systems full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. City: Boston, Amsterdam, year: 2008, publisher: Elsevier/Newnes, genre: Computer. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:
Romance novel
Science fiction
Adventure
Detective
Science
History
Home and family
Prose
Art
Politics
Computer
Non-fiction
Religion
Business
Children
Humor
Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.
- Book:Practical embedded security : building secure resource-constrained systems
- Author:
- Publisher:Elsevier/Newnes
- Genre:
- Year:2008
- City:Boston, Amsterdam
- Rating:5 / 5
- Favourites:Add to favourites
- Your mark:
Practical embedded security : building secure resource-constrained systems: summary, description and annotation
We offer to read an annotation, description, summary or preface (depends on what the author of the book "Practical embedded security : building secure resource-constrained systems" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.
The ONLY book dedicated to a comprehensive coverage of embedded security!
Covers both hardware- and software-based embedded security solutions for preventing and dealing with attacks.
Application case studies support practical explanations of all key topics, including network protocols, wireless and cellular communications, languages (Java and C/++), compilers, web-based interfaces, cryptography, and an entire section on SSL
Stapko: author's other books
Who wrote Practical embedded security : building secure resource-constrained systems? Find out the surname, the name of the author of the book and a list of all author's works by series.
Practical embedded security : building secure resource-constrained systems — read online for free the complete book (whole text) full work
Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Practical embedded security : building secure resource-constrained systems" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.
Font size:
Interval:
Bookmark:
Practical Embedded Security
Building Secure Resource-Constrained Systems
Timothy Stapko
Newnes
Copyright
Newnes is an imprint of Elsevier
30 Corporate Drive, Suite 400, Burlington, MA 01803, USA
Linacre House, Jordan Hill, Oxford OX2 8DP, UK
Copyright 2008, Elsevier Inc. All rights reserved.
Cover image by iStockphoto
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher.
), by selecting Support & Contact then Copyright and Permission and then Obtaining Permissions.
Recognizing the importance of preserving what has been written, Elsevier prints its books on acid-free paper whenever possible.
Library of Congress Cataloging-in-Publication Data
Application submitted
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library.
ISBN: 978-0-7506-8215-2
For information on all Newnes publications
visit our Web site at www.books.elsevier.com
07 08 09 10 10 9 8 7 6 5 4 3 2 1
Printed in the United States of America
Preface
1:37 AM . Hoover Dam, straddling the border of Nevada and Arizona, is quietly generating electricity for millions of Americans. The power plant, having recently been retrofitted with a new, remotely controlled automation system, is devoid of life, except for the blinking lights of the network hubs and automated hardware. Suddenly, the control room is ablaze with light, and the whirring of machines breaks the silence. The enormous floodgates open, a torrent of water rushing forth, sending a wave of destruction toward the unsuspecting communities downstream on the Colorado River. The turbines grind to a halt, plunging the desert into darkness. All the while, a teenager in Florida is laughing in the glow of his computer monitor.
Obviously, no one in his or her right mind would trust the control of Hoover Dam to a system with such gaping vulnerabilities, but the hyperbole of the example above does bring up an important point: as more and more of the world goes online, we are putting more and more trust in the embedded systems that are designed to help us out. Obviously, something like the Hoover Dam would not be automated and connected to the Internet without a large investment in security, if it was automated at all. However, something far simpler, such as a home automation system, would likely not be subject to the same rigorous treatment as a vital hydroelectric power plant. This split between the security requirements of different embedded systems helps to illustrate the challenge of security design for embedded systems engineers. While the cutting edge of security is continually being pushed, low-end hardware and inexpensive systems are often left behind. However, these inexpensive systems are increasingly being networked and used to control more and more vital systems. This leads to an interesting and disturbing problem: Security implementations are often jealously guarded proprietary solutions that sell for thousands of dollars, which is directly at odds with the idea of using inexpensive microcontrollers. There are some options, such as various open-source implementations, but these can be unwieldy and are designed for PCs. If you want to design an inexpensive system and make it secure, there just are not many options.
One of the biggest problems with security in both the Hoover Dam example and home automation is the continual need for updates to keep up with malicious hackers. Anyone with a PC running Microsoft Windows knows about this from the continual stream of updates and patches for various security issues. One way to alleviate the continual update problem is to design security into the system and develop a solid application to begin with. The primary goal of this book is to introduce the users of inexpensive microcontrollers and embedded processors to the basic practical application of security and to provide some tools and pointers to assist in designing more secure applications with limited resources.
Many of the topics discussed in this book are covered in depth in hundreds of academic papers and tomes filled with arcane symbols. If you are interested in the mathematical underpinnings of cryptography, you are going to want to look elsewhere. However, if you work with microcontrollers or inexpensive embedded systems and security has been something of interest but you have been intimidated by it, then this book is for you. Security is a hard problem, and a lot of very smart people have spent a lot of time working on it. The result is that the topic of security has taken on an intimidating air, especially when it comes to cryptography. This book aims to leverage the large body of work already done on security and adapt it for systems that usually arent deemed powerful enough. As you will see, it is possible to implement security for some of even the most modest of architectures, such as porting AES to a PIC and using SSL on an 8-bit microprocessor (both of these are covered in extensive case studies of working implementations).
This book covers the practical side of implementing security for embedded systems, using publicly available and inexpensive proprietary implementations whenever possible. However, just having a cryptographic algorithm does not mean you have security. There are a number of issues to consider when using cryptography. We will cover some of them and hopefully provide some insight into how you can find them on your own.
since the worst problems are necessarily those that you cannot possibly predict. The only way to ensure a high level of security is to make your system as robust as possible, and keep it simple enough to understand so you can at least predict some of the more difficult problems. The fewer legitimate access points into your system you implement, the higher the probability it is safe. The more features and possible outside connections available, the more likely it is that you will have an unintended back door. Legitimate entry points need to be secured using a number of different mechanisms, depending on the desired level of security and the application. These mechanisms range from simple password schemes that provide only a small illusion of security to full security protocols that require vast amounts of computing power. Many of the mechanisms used to protect data in full security protocols, such as cryptography, usually require rather high levels of computing power, since they are based on powerful mathematical algorithms that require millions of calculations to be performed. Most security protocols work under the assumption that only the most powerful hardware is available. The problem with this assumption, of course, is that the most powerful hardware is very often, for economic or other reasons, not available.
Enter the resource constrained system. Embedded systems that utilize low-cost components may not have the resources required to implement one of these true security solutions. Many security protocols, algorithms, and mechanisms are built for the latest and greatest hardwareusually PCs or the most expensive embedded controllers and processors. The vendors will tell you that you need all that power to build a secure system, but the reality is that it really only depends on your application. You may not have access to that kind of power but still need security, so are you simply out of luck? This is why we introduced the chapter with the discussion on hazard tolerance: To build secure systems in a resource-constrained environment, we need to adapt the security or the application so that they work together without bringing the entire system to a halt (potentially a dangerous problem if the device is controlling a large automated punch press, for example). The idea behind this book is that it
Font size:
Interval:
Bookmark:
Similar books «Practical embedded security : building secure resource-constrained systems»
Look at similar books to Practical embedded security : building secure resource-constrained systems. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.
Discussion, reviews of the book Practical embedded security : building secure resource-constrained systems and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.