| |
| |
Preface | |
| |
| |
About the Author | |
| |
| |
Foreword | |
| |
| |
Acknowledgments | |
| |
| |
Legal Notice | |
| |
| |
| |
| |
| |
What Is Security Engineering? | |
| |
| |
Example 1: A Bank | |
| |
| |
Example 2: An Air Force Base | |
| |
| |
Example 3: A Hospital | |
| |
| |
Example 4: The Home | |
| |
| |
Definitions | |
| |
| |
Summary | |
| |
| |
Protocols | |
| |
| |
Password Eavesdropping Risks | |
| |
| |
Who Goes There? Simple Authentication | |
| |
| |
Manipulating the Message | |
| |
| |
Changing the Environment | |
| |
| |
Chosen Protocol Attacks | |
| |
| |
Managing Encryption Keys | |
| |
| |
Getting Formal | |
| |
| |
Summary | |
| |
| |
Research Problems | |
| |
| |
Further Reading | |
| |
| |
Passwords | |
| |
| |
Basics | |
| |
| |
Applied Psychology Issues | |
| |
| |
System Issues | |
| |
| |
Technical Protection of Passwords | |
| |
| |
Summary | |
| |
| |
Research Problems | |
| |
| |
Further Reading | |
| |
| |
Access Control | |
| |
| |
Introduction | |
| |
| |
Operating System Access Controls | |
| |
| |
Hardware Protection | |
| |
| |
What Goes Wrong | |
| |
| |
Summary | |
| |
| |
Research Problems | |
| |
| |
Further Reading | |
| |
| |
Cryptography | |
| |
| |
Introduction | |
| |
| |
Historical Background | |
| |
| |
The Random Oracle Model | |
| |
| |
Symmetric Crypto Primitives | |
| |
| |
Modes of Operation | |
| |
| |
Hash Functions | |
| |
| |
Asymmetric Crypto Primitives | |
| |
| |
Summary | |
| |
| |
Research Problems | |
| |
| |
Further Reading | |
| |
| |
Distributed Systems | |
| |
| |
Concurrency | |
| |
| |
Fault Tolerance and Failure Recovery | |
| |
| |
Naming | |
| |
| |
Summary | |
| |
| |
Research Problems | |
| |
| |
Further Reading | |
| |
| |
| |
| |
| |
Multilevel Security | |
| |
| |
Introduction | |
| |
| |
What Is a Security Policy Model? | |
| |
| |
The Bell-LaPadula Security Policy Model | |
| |
| |
Examples of Multilevel Secure Systems | |
| |
| |
What Goes Wrong | |
| |
| |
Broader Implications of MLS | |
| |
| |
Summary | |
| |
| |
Research Problems | |
| |
| |
Further Reading | |
| |
| |
Multilateral Security | |
| |
| |
Introduction | |
| |
| |
Compartmentation, the Chinese Wall, and the BMA Model | |
| |
| |
Inference Control | |
| |
| |
The Residual Problem | |
| |
| |
Summary | |
| |
| |
Research Problems | |
| |
| |
Further Reading | |
| |
| |
Banking and Bookkeeping | |
| |
| |
Introduction | |
| |
| |
How Bank Computer Systems Work | |
| |
| |
Wholesale Payment Systems | |
| |
| |
Automatic Teller Machines | |
| |
| |
Summary | |
| |
| |
Research Problems | |
| |
| |
Further Reading | |
| |
| |
Monitoring Systems | |
| |
| |
Introduction | |
| |
| |
Alarms | |
| |
| |
Prepayment Meters | |
| |
| |
Taximeters, Tachographs, and Truck Speed Limiters | |
| |
| |
Summary | |
| |
| |
Research Problems | |
| |
| |
Further Reading | |
| |
| |
Nuclear Command and Control | |
| |
| |
Introduction | |
| |
| |
The Kennedy Memorandum | |
| |
| |
Unconditionally Secure Authentication Codes | |
| |
| |
Shared Control Schemes | |
| |
| |
Tamper Resistance and PALs | |
| |
| |
Treaty Verification | |
| |
| |
What Goes Wrong | |
| |
| |
Secrecy or Openness? | |
| |
| |
Summary | |
| |
| |
Research Problem | |
| |
| |
Further Reading | |
| |
| |
Security Printing and Seals | |
| |
| |
Introduction | |
| |
| |
History | |
| |
| |
Security Printing | |
| |
| |
Packaging and Seals | |
| |
| |
Systemic Vulnerabilities | |
| |
| |
Evaluation Methodology | |
| |
| |
Summary | |
| |
| |
Research Problems | |
| |
| |
Further Reading | |
| |
| |
Biometrics | |
| |
| |
Introduction | |
| |
| |
Handwritten Signatures | |
| |
| |
Face Recognition | |
| |
| |
Fingerprints | |
| |
| |
Iris Codes | |
| |
| |
Voice Recognition | |
| |
| |
Other Systems | |
| |
| |
What Goes Wrong | |
| |
| |
Summary | |
| |
| |
Research Problems | |
| |
| |
Further Reading | |
| |
| |
Physical Tamper Resistance | |
| |
| |
Introduction | |
| |
| |
History | |
| |
| |
High-End Physically Secure Processors | |
| |
| |
Evaluation | |
| |
| |
Medium-Security Processors | |
| |
| |
Smartcards and Microcontrollers | |
| |
| |
What Goes Wrong | |
| |
| |
What Should Be Protected? | |
| |
| |
Summary | |
| |
| |
Research Problems | |
| |
| |
Further Reading | |
| |
| |
Emission Security | |
| |
| |
Introduction | |
| |
| |
History | |
| |
| |
Technical Surveillance and Countermeasures | |
| |
| |
Passive Attacks | |
| |
| |
Active Attacks | |
| |
| |
How Serious Are Emsec Attacks? | |
| |
| |
Summary | |
| |
| |
Research Problems | |
| |
| |
Further Reading | |
| |
| |
Electronic and Information Warfare | |
| |
| |
Introduction | |
| |
| |
Basics | |
| |
| |
Communications Systems | |
| |
| |
Surveillance and Target Acquisition | |
| |
| |
IFF Systems | |
| |
| |
Directed Energy Weapons | |
| |
| |
Information Warfare | |
| |
| |
Summary | |
| |
| |
Research Problems | |
| |
| |
Further Reading | |
| |
| |
Telecom System Security | |
| |
| |
Introduction | |
| |
| |
Phone Phreaking | |
| |
| |
Mobile Phones | |
| |
| |
Corporate Fraud | |
| |
| |
Summary | |
| |
| |
Research Problems | |
| |
| |
Further Reading | |
| |
| |
Network Attack and Defense | |
| |
| |
Introduction | |
| |
| |
Vulnerabilities in Network Protocols | |
| |
| |
Defense against Network Attack | |
| |
| |
Trojans, Viruses, and Worms | |
| |
| |
Intrusion Detection | |
| |
| |
Summary | |
| |
| |
Research Problems | |
| |
| |
Further Reading | |
| |
| |
Protecting E-Commerce Systems | |
| |
| |
Introduction | |
| |
| |
A Telegraphic History of E-Commerce | |
| |
| |
An Introduction to Credit Cards | |
| |
| |
Online Credit Card Fraud: The Hype and the Reality | |
| |
| |
Cryptographic Protection Mechanisms | |
| |
| |
Network Economics | |
| |
| |
Competitive Applications and Corporate Warfare | |
| |
| |
What Else Goes Wrong | |
| |
| |
What Can a Merchant Do? | |
| |
| |
Summary | |
| |
| |
Research Problems | |
| |
| |
Further Reading | |
| |
| |
Copyright and Privacy Protection | |
| |
| |
Introduction | |
| |
| |
Copyright | |
| |
| |
Information Hiding | |
| |
| |
Privacy Mechanisms | |
| |
| |
Summary | |
| |
| |
Research Problems | |
| |
| |
Further Reading | |
| |
| |
| |
| |
| |
E-Policy | |
| |
| |
Introduction | |
| |
| |
Cryptography Policy | |
| |
| |
Copyright | |
| |
| |
Data Protection | |
| |
| |
Evidential Issues | |
| |
| |
Other Public Sector Issues | |
| |
| |
Summary | |
| |
| |
Research Problems | |
| |
| |
Further Reading | |
| |
| |
Management Issues | |
| |
| |
Introduction | |
| |
| |
Managing a Security Project | |
| |
| |
Methodology | |
| |
| |
Security Requirements Engineering | |
| |
| |
Risk Management | |
| |
| |
Economic Issues | |
| |
| |
Summary | |
| |
| |
Research Problems | |
| |
| |
Further Reading | |
| |
| |
System Evaluation and Assurance | |
| |
| |
Introduction | |
| |
| |
Assurance | |
| |
| |
Evaluation | |
| |
| |
Ways Forward | |
| |
| |
Summary | |
| |
| |
Research Problems | |
| |
| |
Further Reading | |
| |
| |
Conclusions | |
| |
| |
Bibliography | |
| |
| |
Index | |