You are previewing Practical Embedded Security.
O'Reilly logo
Practical Embedded Security

Book Description

The great strides made over the past decade in the complexity and network functionality of embedded systems have significantly enhanced their attractiveness for use in critical applications such as medical devices and military communications. However, this expansion into critical areas has presented embedded engineers with a serious new problem: their designs are now being targeted by the same malicious attackers whose predations have plagued traditional systems for years. Rising concerns about data security in embedded devices are leading engineers to pay more attention to security assurance in their designs than ever before. This is particularly challenging due to embedded devices’ inherent resource constraints such as limited power and memory. Therefore, traditional security solutions must be customized to fit their profile, and entirely new security concepts must be explored. However, there are few resources available to help engineers understand how to implement security measures within the unique embedded context. This new book from embedded security expert Timothy Stapko is the first to provide engineers with a comprehensive guide to this pivotal topic. From a brief review of basic security concepts, through clear explanations of complex issues such as choosing the best cryptographic algorithms for embedded utilization, the reader is provided with all the information needed to successfully produce safe, secure embedded devices.

•The ONLY book dedicated to a comprehensive coverage of embedded security!
•Covers both hardware- and software-based embedded security solutions for preventing and dealing with attacks.
•Application case studies support practical explanations of all key topics, including network protocols, wireless and cellular communications, languages (Java and C/++), compilers, web-based interfaces, cryptography, and an entire section on SSL.

Table of Contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Preface
  6. Chapter 1: Computer Security Introduction and Review
    1. What Is Security?
    2. What Can We Do?
    3. Access Control and the Origins of Computer Security Theory
    4. Security Policies
    5. Cryptography
    6. Data Integrity and Authentication
    7. Wrap-Up
    8. Recommended Reading
  7. Chapter 2: Network Communications Protocols and Built-in Security
    1. Low-Level Communications
    2. Transport and Internet Layer Protocols
    3. Other Network Protocols
    4. Wrap-Up: Network Communications
  8. Chapter 3: Security Protocols and Algorithms
    1. Protocol Madness
    2. Standardizing Security—A Brief History
    3. Standardized Security in Practice
    4. Cryptography and Protocols
    5. Other Security Protocols
  9. Chapter 4: The Secure Sockets Layer
    1. SSL History
    2. Pesky PKI
    3. PKI Alternatives
    4. SSL Under the Hood
    5. The SSL Session
    6. SSL in Practice
    7. Wrap-Up
  10. Chapter 5: Embedded Security
    1. Networked Embedded Systems and Resource Constraints
    2. Embedded Security Design
    3. The KISS Principle
    4. Modularity Is Key
    5. Pick and Pull
    6. Justification
    7. Wrap-Up
  11. Chapter 6: Wireless
    1. Wireless Technologies
    2. Bluetooth
    3. ZigBee
    4. Wireless Technologies and the Future
    5. Wrap-Up
  12. Chapter 7: Application-Layer and Client/Server Protocols
    1. Introduction
    2. The World Wide Web
    3. Web-Based Interfaces
    4. Server-Side HTTP Web Interfaces
    5. HTTP Client Web Interfaces
    6. Combination Client/Server HTTP Applications
    7. Console Applications
    8. File Transfer Protocol
    9. Email, DNS, DHCP, and SNMP
    10. Wrap-Up
  13. Chapter 8: Choosing and Optimizing Cryptographic Algorithms for Resource-Constrained Systems
    1. Do We Need Cryptography?
    2. Hashing–Low Security, High Performance
    3. To Optimize or Not to Optimize …
    4. Choosing Cryptographic Algorithms
    5. Tailoring Security for Your Application
    6. Wrap-Up
  14. Chapter 9: Hardware-Based Security
    1. High Performance in Silicon
    2. Wrap-Up: Security and Hardware
  15. Chapter 10: Conclusion—Miscellaneous Security Issues and the Future of Embedded Applications Security
    1. Programming Languages and Security
    2. Dealing with Attacks
    3. The Future of Security
    4. Wrap-Up
  16. Chapter 11: PIC Case Study
    1. Microchip PIC with Ethernet Controller
    2. PIC Example Application—Secure LED Blinking
  17. Chapter 12: Rabbit Case Study
    1. Rabbit 4000 CPU with Dynamic C
    2. The History of Rabbit
    3. Software on the Rabbit
    4. Rabbit Case Study—Internet Enabled Vending Machine
    5. Putting It All Together
    6. The PC Side
    7. Wrap-Up: A Secure Rabbit
  18. Source Listings
  19. Index