Security Engineering: A Guide To Building Dependable .
Security EngineeringA Guide to BuildingDependable DistributedSystemsSecond EditionRoss J. AndersonWiley Publishing, Inc.
Security Engineering: A Guide to Building Dependable Distributed Systems,Second EditionPublished byWiley Publishing, Inc.10475 Crosspoint BoulevardIndianapolis, IN 46256Copyright 2008 by Ross J. Anderson. All Rights Reserved.Published by Wiley Publishing, Inc., Indianapolis, IndianaPublished simultaneously in CanadaISBN: 978-0-470-06852-6Manufactured in the United States of America10 9 8 7 6 5 4 3 2 1No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by anymeans, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, orauthorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 RosewoodDrive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should beaddressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317)572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions.Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties withrespect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, includingwithout limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales orpromotional materials. The advice and strategies contained herein may not be suitable for every situation. This workis sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professionalservices. If professional assistance is required, the services of a competent professional person should be sought.Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization orWebsite is referred to in this work as a citation and/or a potential source of further information does not mean thatthe author or the publisher endorses the information the organization or Website may provide or recommendationsit may make. Further, readers should be aware that Internet Websites listed in this work may have changed ordisappeared between when this work was written and when it is read.For general information on our other products and services or to obtain technical support, please contact our CustomerCare Department within the U.S. at (800) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.Library of Congress Cataloging-in-Publication DataAnderson, Ross, 1956Security engineering : a guide to building dependable distributed systems / Ross J Anderson. — 2nd ed.p. cm.Includes bibliographical references and index.ISBN 978-0-470-06852-6 (cloth)1. Computer security. 2. Electronic data processing–Distributed processing. I. Title.QA76.9.A25A54 2008005.1–dc222008006392Trademarks: Wiley, the Wiley logo, and related trade dress are trademarks or registered trademarks of John Wiley& Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without writtenpermission. All other trademarks are the property of their respective owners. Wiley Publishing, Inc. is not associatedwith any product or vendor mentioned in this book.Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not beavailable in electronic books.
To Shireen
CreditsExecutive EditorCarol LongSenior DevelopmentEditorTom DinseProduction EditorTim TateEditorial ManagerMary Beth WakefieldProduction ManagerTim TateVice Presidentand Executive GroupPublisherRichard SwadleyVice Presidentand ExecutivePublisherJoseph B. WikertProject Coordinator,CoverLynsey StanfordProofreaderNancy BellIndexerJack LewisCover Image Digital Vision/Getty ImagesCover DesignMichael E. Trentv
Contents at a GlancePreface to the Second EditionxxvForeword by Bruce SchneierxxviiPrefacexxixAcknowledgmentsxxxvPart IChapter 1What Is Security Engineering?3Chapter 2Usability and Psychology17Chapter 3Protocols63Chapter 4Access Control93Chapter 5Cryptography129Chapter 6Distributed Systems185Chapter 7Economics215Chapter 8Multilevel Security239Chapter 9Multilateral Security275Part IIChapter 10 Banking and Bookkeeping313Chapter 11 Physical Protection365Chapter 12 Monitoring and Metering389Chapter 13 Nuclear Command and Control415vii
viiiContents at a GlanceChapter 14 Security Printing and Seals433Chapter 15 Biometrics457Chapter 16 Physical Tamper Resistance483Chapter 17 Emission Security523Chapter 18 API Attacks547Chapter 19 Electronic and Information Warfare559Chapter 20 Telecom System Security595Chapter 21 Network Attack and Defense633Chapter 22 Copyright and DRM679Chapter 23 The Bleeding Edge727Part IIIChapter 24 Terror, Justice and Freedom769Chapter 25 Managing the Development of Secure Systems815Chapter 26 System Evaluation and Assurance857Chapter 27 Conclusions889Bibliography893Index997
ContentsPreface to the Second EditionxxvForeword by Bruce SchneierxxviiPrefacexxixAcknowledgmentsxxxvPart IChapter 1What Is Security Engineering?IntroductionA FrameworkExample 1–A BankExample 2–A Military BaseExample 3–A HospitalExample 4–The HomeDefinitionsSummary334679101115Chapter 2Usability and PsychologyIntroductionAttacks Based on PsychologyPretextingPhishingInsights from Psychology ResearchWhat the Brain Does Worse Than the ComputerPerceptual Bias and Behavioural EconomicsDifferent Aspects of Mental ProcessingDifferences Between PeopleSocial PsychologyWhat the Brain Does Better Than Computer171718192122232426272830ix
xContentsChapter 3PasswordsDifficulties with Reliable Password EntryDifficulties with Remembering the PasswordNaive Password ChoiceUser Abilities and TrainingDesign ErrorsOperational IssuesSocial-Engineering AttacksTrusted PathPhishing CountermeasuresPassword ManglersClient Certs or Specialist AppsUsing the Browser’s Password DatabaseSoft KeyboardsCustomer EducationMicrosoft PassportPhishing Alert ToolbarsTwo-Factor AuthenticationTrusted ComputingFortified Password ProtocolsTwo-Channel AuthenticationThe Future of PhishingSystem IssuesCan You Deny Service?Protecting Oneself or Others?Attacks on Password EntryInterface DesignEavesdroppingTechnical Defeats of Password Retry CountersAttacks on Password StorageOne-Way EncryptionPassword CrackingAbsolute LimitsCAPTCHAsSummaryResearch ProblemsFurther onPassword Eavesdropping RisksWho Goes There? — Simple AuthenticationChallenge and ResponseThe MIG-in-the-Middle AttackReflection AttacksManipulating the MessageChanging the Environment636365667073767879
ContentsChosen Protocol AttacksManaging Encryption KeysBasic Key ManagementThe Needham-Schroeder ProtocolKerberosPractical Key ManagementGetting FormalA Typical Smartcard Banking ProtocolThe BAN LogicVerifying the Payment ProtocolLimitations of Formal VerificationSummaryResearch ProblemsFurther ReadingChapter 4Access ControlIntroductionOperating System Access ControlsGroups and RolesAccess Control ListsUnix Operating System SecurityApple’s OS/XWindows — Basic ArchitectureCapabilitiesWindows — Added FeaturesMiddlewareDatabase Access ControlsGeneral Middleware IssuesORBs and Policy LanguagesSandboxing and Proof-Carrying CodeVirtualizationTrusted ComputingHardware ProtectionIntel Processors, and ‘Trusted Computing’ARM ProcessorsSecurity ProcessorsWhat Goes WrongSmashing the StackOther Technical AttacksUser Interface FailuresWhy So Many Things Go WrongRemediesEnvironmental CreepSummaryResearch ProblemsFurther 19121122124125126127127xi
xiiContentsChapter 5CryptographyIntroductionHistorical BackgroundAn Early Stream Cipher — The VigenèreThe One-Time PadAn Early Block Cipher — PlayfairOne-Way FunctionsAsymmetric PrimitivesThe Random Oracle ModelRandom Functions — Hash FunctionsPropertiesThe Birthday TheoremRandom Generators — Stream CiphersRandom Permutations — Block CiphersPublic Key Encryption and Trapdoor One-Way PermutationsDigital SignaturesSymmetric Crypto PrimitivesSP-NetworksBlock SizeNumber of RoundsChoice of S-BoxesLinear CryptanalysisDifferential CryptanalysisSerpentThe Advanced Encryption Standard (AES)Feistel CiphersThe Luby-Rackoff ResultDESModes of OperationElectronic Code BookCipher Block ChainingOutput FeedbackCounter EncryptionCipher FeedbackMessage Authentication CodeComposite Modes of OperationHash FunctionsExtra Requirements on the Underlying CipherCommon Hash Functions and ApplicationsAsymmetric Crypto PrimitivesCryptography Based on FactoringCryptography Based on Discrete LogarithmsPublic Key Encryption — Diffie Hellman and ElGamalKey EstablishmentDigital SignatureSpecial Purpose 161161162163163164165166167170170173174175176178
ContentsElliptic Curve CryptographyCertificationThe Strength of Asymmetric Cryptographic Primitives179179181SummaryResearch ProblemsFurther Reading182183183Chapter 6Distributed SystemsIntroductionConcurrencyUsing Old Data Versus Paying to Propagate StateLocking to Prevent Inconsistent UpdatesThe Order of UpdatesDeadlockNon-Convergent StateSecure TimeFault Tolerance and Failure RecoveryFailure ModelsByzantine FailureInteraction with Fault ToleranceWhat Is Resilience For?At What Level Is the Redundancy?Service-Denial AttacksNamingThe Distributed Systems View of NamingWhat Else Goes WrongNaming and IdentityCultural AssumptionsSemantic Content of NamesUniqueness of NamesStability of Names and AddressesAdding Social Context to NamingRestrictions on the Use of NamesTypes of NameSummaryResearch ProblemsFurther pter 7EconomicsIntroductionClassical EconomicsMonopolyPublic GoodsInformation EconomicsThe Price of InformationThe Value of Lock-InAsymmetric Information215215216217219220220221223xiii
xivContentsGame TheoryThe Prisoners’ DilemmaEvolutionary GamesThe Economics of Security and DependabilityWeakest Link, or Sum of Efforts?Managing the Patching CycleWhy Is Windows So Insecure?Economics of PrivacyEconomics of DRMSummaryResearch ProblemsFurther vel SecurityIntroductionWhat Is a Security Policy Model?The Bell-LaPadula Security Policy ModelClassifications and ClearancesInformation Flow ControlThe Standard Criticisms of Bell-LaPadulaAlternative FormulationsThe Biba Model and VistaHistorical Examples of MLS SystemsSCOMPBlackerMLS Unix and Compartmented Mode WorkstationsThe NRL PumpLogistics SystemsSybard SuiteWiretap SystemsFuture MLS SystemsVistaLinuxVirtualizationEmbedded SystemsWhat Goes WrongComposabilityThe Cascade ProblemCovert ChannelsThe Threat from VirusesPolyinstantiationOther Practical ProblemsBroader Implications of 6256257257258260261261261262263265266267269Part IIChapter 8
ContentsChapter 9SummaryResearch ProblemsFurther Reading272272272Multilateral SecurityIntroductionCompartmentation, the Chinese Wall and the BMA ModelCompartmentation and the Lattice ModelThe Chinese WallThe BMA ModelThe Threat ModelThe Security PolicyPilot ImplementationsCurrent Privacy IssuesInference ControlBasic Problems of Inference Control in MedicineOther Applications of Inference ControlThe Theory of Inference ControlQuery Set Size ControlTrackersMore Sophisticated Query ControlsCell SuppressionMaximum Order Control and the Lattice ModelAudit Based ControlRandomizationLimitations of Generic ApproachesActive AttacksThe Value of Imperfect ProtectionThe Residual ProblemSummaryResearch ProblemsFurther 98298298299300300301302304305306309310310Chapter 10 Banking and BookkeepingIntroductionThe Origins of BookkeepingDouble-Entry BookkeepingA Telegraphic History of E-commerceHow Bank Computer Systems WorkThe Clark-Wilson Security Policy ModelDesigning Internal ControlsWhat Goes WrongWholesale Payment SystemsSWIFTWhat Goes WrongAutomatic Teller MachinesATM Basics313313315316316317319320324328329331333334xv
xviContentsWhat Goes WrongIncentives and InjusticesCredit CardsFraudForgeryAutomatic Fraud DetectionThe Economics of FraudOnline Credit Card Fraud — the Hype and the RealitySmartcard-Based BankingEMVStatic Data AuthenticationDynamic Data AuthenticationCombined Data AuthenticationRFIDHome Banking and Money LaunderingSummaryResearch ProblemsFurther 58361362363Chapter 11 Physical ProtectionIntroductionThreats and BarriersThreat ModelDeterrenceWalls and BarriersMechanical LocksElectronic LocksAlarmsHow not to Protect a PaintingSensor DefeatsFeature InteractionsAttacks on CommunicationsLessons LearnedSummaryResearch ProblemsFurther 87388388Chapter 12 Monitoring and MeteringIntroductionPrepayment MetersUtility MeteringHow the System WorksWhat Goes WrongTaxi Meters, Tachographs and Truck Speed LimitersThe TachographWhat Goes WrongHow Most Tachograph Manipulation Is Done389389390392393395397398399400
ContentsTampering with the SupplyTampering with the InstrumentHigh-Tech AttacksThe Digital Tachograph ProjectSystem Level ProblemsOther ProblemsThe Resurrecting DucklingPostage MetersSummaryResearch ProblemsFurther Reading401401402403404405407408412413414Chapter 13 Nuclear Command and ControlIntroductionThe Evolution of Command and ControlThe Kennedy MemorandumAuthorization, Environment, IntentUnconditionally Secure AuthenticationShared Control SchemesTamper Resistance and PALsTreaty VerificationWhat Goes WrongSecrecy or Openness?SummaryResearch ProblemsFurther hapter 14 Security Printing and SealsIntroductionHistorySecurity PrintingThreat ModelSecurity Printing TechniquesPackaging and SealsSubstrate PropertiesThe Problems of GluePIN MailersSystemic VulnerabilitiesPeculiarities of the Threat ModelAnti-Gundecking MeasuresThe Effect of Random FailureMaterials ControlNot Protecting the Right ThingsThe Cost and Nature of InspectionEvaluation MethodologySummaryResearch ProblemsFurther 50451451453454454455xvii
xviii ContentsChapter 15 BiometricsIntroductionHandwritten SignaturesFace RecognitionBertillonageFingerprintsVerifying Positive or Negative Identity ClaimsCrime Scene ForensicsIris CodesVoice RecognitionOther SystemsWhat Goes WrongSummaryResearch ProblemsFurther 82Chapter 16 Physical Tamper ResistanceIntroductionHistoryHigh-End Physically Secure ProcessorsEvaluationMedium Security ProcessorsThe iButtonThe Dallas 5000 SeriesFPGA Security, and the Clipper ChipSmartcards and MicrocontrollersHistoryArchitectureSecurity EvolutionThe State of the ArtDefense in DepthStop LossWhat Goes WrongThe Trusted Interface ProblemConflictsThe Lemons Market, Risk Dumping and EvaluationSecurity-By-ObscurityInteraction with PolicyFunction CreepSo What Should One Protect?SummaryResearch ProblemsFurther 13513514514515516517517518518520520520Chapter 17 Emission SecurityIntroductionHistory523523524
ContentsTechnical Surveillance and CountermeasuresPassive AttacksLeakage Through Power and Signal CablesRed/Black SeparationTiming AnalysisPower AnalysisLeakage Through RF SignalsActive AttacksTempest VirusesNonstopGlitchingDifferential Fault AnalysisCombination AttacksCommercial ExploitationDefensesOptical, Acoustic and Thermal Side ChannelsHow Serious are Emsec Attacks?GovernmentsBusinessesSummaryResearch ProblemsFurther 41542544544545546546546Chapter 18 API AttacksIntroductionAPI Attacks on Security ModulesThe XOR-To-Null-Key AttackThe Attack on the 4758Multiparty Computation, and Differential Protocol AttacksThe EMV AttackAPI Attacks on Operating SystemsSummaryResearch ProblemsFurther Reading547547548549551552553554555557557Chapter 19 Electronic and Information WarfareIntroductionBasicsCommunications SystemsSignals Intelligence TechniquesAttacks on CommunicationsProtection TechniquesFrequency HoppingDSSSBurst CommunicationsCombining Covertness and Jam ResistanceInteraction Between Civil and Military Uses559559560561563565567568569570571572xix
xxContentsSurveillance and Target AcquisitionTypes of RadarJamming TechniquesAdvanced Radars and CountermeasuresOther Sensors and Multisensor IssuesIFF SystemsImprovised Explosive DevicesDirected Energy WeaponsInformation WarfareDefinitionsDoctrinePotentially Useful Lessons from Electronic WarfareDifferences Between E-war and I-warSummaryResearch ProblemsFurther 92593Chapter 20 Telecom System SecurityIntroductionPhone PhreakingAttacks on MeteringAttacks on SignalingAttacks on Switching and ConfigurationInsecure End SystemsFeature InteractionMobile PhonesMobile Phone CloningGSM Security MechanismsThird Generation Mobiles — 3gppPlatform SecuritySo Was Mobile Security a Success or a Failure?VOIPSecurity Economics of TelecommsFrauds by Phone CompaniesBilling MechanismsSummaryResearch ProblemsFurther 23624625627630631632Chapter 21 Network Attack and DefenseIntroductionVulnerabilities in Network ProtocolsAttacks on Local NetworksAttacks Using Internet Protocols and MechanismsSYN FloodingSmurfingDistributed Denial of Service Attacks633633635636638638639640
ContentsSpamDNS Security and PharmingTrojans, Viruses, Worms and RootkitsEarly History of Malicious CodeThe Internet WormHow Viruses and Worms WorkThe History of MalwareCountermeasuresDefense Against Network AttackConfiguration Management and Operational SecurityFiltering: Firewalls, Spam Filters, Censorware and WiretapsPacket FilteringCircuit GatewaysApplication RelaysIngress Versus Egress FilteringArchitectureIntrusion DetectionTypes of Intrusion DetectionGeneral Limitations of Intrusion DetectionSpecific Problems Detecting Network KITopologySummaryResearch ProblemsFurther ReadingChapter 22 Copyright and DRMIntroductionCopyrightSoftwareBooksAudioVideo and Pay-TVTypical System ArchitectureVideo Scrambling TechniquesAttacks on Hybrid Scrambling SystemsDVBDVDHD-DVD and Blu-rayAACS — Broadcast Encryption and Traitor 678679679680681688689690690691693697698701701xxi
xxiiContentsBlu-ray and SPDCGeneral PlatformsWindows Media Rights ManagementOther Online Rights-Management SystemsPeer-to-Peer SystemsRights Management of Semiconductor IPInformation HidingWatermarks and Copy Generation ManagementGeneral Information Hiding TechniquesAttacks on Copyright Marking SchemesApplications of Copyright Marking SchemesPolicyThe IP LobbyWho Benefits?Accessory ControlSummaryResearch ProblemsFurther ReadingChapter 23 The Bleeding EdgeIntroductionComputer GamesTypes of CheatingAimbots and Other Unauthorized SoftwareVirtual Worlds, Virtual EconomiesWeb ApplicationseBayGoogleSocial Networking SitesPrivacy TechnologyAnonymous Email — The Dining Cryptographers and MixesAnonymous Web Browsing — TorConfidential and Anonymous Phone CallsEmail EncryptionSteganography and Forensics CountermeasuresPutting It All TogetherElectionsSummaryResearch ProblemsFurther 751753755757759764764765Part IIIChapter 24 Terror, J
Tom Dinse Production Editor Tim Tate Editorial Manager Mary Beth Wakefield Production Manager . Attacks on Password Storage 56 One-Way Encryption 56 Password Cracking 57 Absolute Limits 57 CAPTCHAs 59 Summary 60 . Virtualization 111 Trusted Computing 111 Hardware Protect
Materials Science and Engineering, Mechanical Engineering, Production Engineering, Chemical Engineering, Textile Engineering, Nuclear Engineering, Electrical Engineering, Civil Engineering, other related Engineering discipline Energy Resources Engineering (ERE) The students’ academic background should be: Mechanical Power Engineering, Energy .
work/products (Beading, Candles, Carving, Food Products, Soap, Weaving, etc.) ⃝I understand that if my work contains Indigenous visual representation that it is a reflection of the Indigenous culture of my native region. ⃝To the best of my knowledge, my work/products fall within Craft Council standards and expectations with respect to
Careers in Engineering Guide the brighter choice. Contents ABOUT LSBU 4–5 BUILDING SERVICES ENGINEERING 6–7 CHEMICAL AND PETROLEUM ENGINEERING 8–9 CIVIL ENGINEERING 10–11 ELECTRICAL AND ELECTRONIC ENGINEERING 12–13 MECHANICAL ENGINEERING 14–15 MECHATRONICS ENGINEERING 16–17 PRODUCT DESIGN ENGINEERING 18–19 An engineering degree is a big challenge to take on. There is no denying .
akuntansi musyarakah (sak no 106) Ayat tentang Musyarakah (Q.S. 39; 29) لًََّز ãَ åِاَ óِ îَخظَْ ó Þَْ ë Þٍجُزَِ ß ا äًَّ àَط لًَّجُرَ íَ åَ îظُِ Ûاَش
Collectively make tawbah to Allāh S so that you may acquire falāḥ [of this world and the Hereafter]. (24:31) The one who repents also becomes the beloved of Allāh S, Âَْ Èِﺑاﻮَّﺘﻟاَّﺐُّ ßُِ çﻪَّٰﻠﻟانَّاِ Verily, Allāh S loves those who are most repenting. (2:22
OLE MISS ENGINEERING RECOMMENDED COURSE SCHEDULES Biomedical engineering Chemical engineering Civil engineering Computer engineering Computer science Electrical engineering General engineering Geological engineering Geology Mechanical engineering Visit engineering.olemiss.edu/advising for full course information.
AVG Internet Security 9 ESET Smart Security 4 F-Secure Internet Security 2010 Kaspersky Internet Security 2011 McAfee Internet Security Microsoft Security Essentials Norman Security Suite Panda Internet Security 2011 Sunbelt VIPRE Antivirus Premium 4 Symantec Norton Internet Security 20
Slack’s security team, led by our Chief Security Officer (CSO), is responsible for the implementation and management of our security program. The CSO is supported by the members of Slack’s Security Team, who focus on Security Architecture, Product Security, Security Engineering and Opera
