Practical Embedded Security: Building Secure Resource-Constrained Systems (Embedded Technology) [Paperback]

Timothy Stapko (Author)

Book Description

Publication Date: September 14, 2007 | ISBN-10: 0750682159 | ISBN-13: 978-0750682152 | Edition: 1

The great strides made over the last decade in the complexity and network functionality of embedded systems have significantly enhanced their attractiveness for use in critical applications such as medical devices and military communications. However, this expansion into critical areas has presented embedded engineers with a serious new problem: their designs are now being targeted by the same malicious attackers whose predations have plagued traditional systems for years. Rising concerns about data security in embedded devices are leading engineers to pay more attention to security assurance in their designs than ever before. This is particularly challenging due to embedded devices' inherent resource constraints such as limited power and memory. Therefore, traditional security solutions must be customized to fit their profile, and entirely new security concepts must be explored. However, there are few resources available to help engineers understand how to implement security measures within the unique embedded context. This new book from embedded security expert Timothy Stapko is the first to provide engineers with a comprehensive guide to this pivotal topic. From a brief review of basic security concepts, through clear explanations of complex issues such as choosing the best cryptographic algorithms for embedded utilization, the reader is provided with all the information needed to successfully produce safe, secure embedded devices.

.The ONLY book dedicated to a comprehensive coverage of embedded security!
.Covers both hardware and software-based embedded security solutions for preventing and dealing with attacks
.Application case studies support practical explanations of all key topics, including network protocols, wireless and cellular communications, languages (Java and C/++), compilers, web-based interfaces, cryptography, and an entire section on SSL

Editorial Reviews

From the Back Cover

Finally, embedded engineers have their own single-volume resource for defending their designs against would-be hackers!


*Covers both hardware- and software-based embedded security solutions for preventing and dealing with attacks
*Focuses on publicly available or low-cost security options
*Case studies detail securing 8-bit PIC and Rabbit microprocessors

This book builds upon the basics of computer security and optimizes it for embedded systems. Often embedded systems are resource-constrained systems and therefore, may not have the power to implement robust security systems. The author takes on this problem guiding embedded designers, programmers, and engineers on how to build secure, low-cost, and resource-constrained systems.

Various techniques and tools are provided to the reader including:

*Designing embedded-specific security protocols
*Recognizing and dealing with attacks
*Common pitfalls when trying to optimize security
*A discussion of hardware alternatives
*C and other languages and their strengths and weaknesses
*A look at low-level networking protocols: TCP/IP, UDP, PPP, and Ethernet
*An entire chapter on Secure Socket Layers (SSL)
*Strategies for choosing algorithms and protocols for a particular platform
*Working with wireless networking protocols: Bluetooth, ZigBee, and 802.11
*Client/server applications detailed

Product Details

• Paperback: 284 pages
• Publisher: Newnes; 1 edition (September 14, 2007)
• Language: English
• ISBN-10: 0750682159
• ISBN-13: 978-0750682152
• Product Dimensions: 9.2 x 7.5 x 0.7 inches
• Shipping Weight: 1.4 pounds (View shipping rates and policies)
• Average Customer Review: 4.0 out of 5 stars  See all reviews (1 customer review)
• Amazon Best Sellers Rank: #660,238 in Books (See Top 100 in Books)
  • #84 in Books > Computers & Technology > Hardware > Microprocessors & System Design > Embedded Systems

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

2 of 2 people found the following review helpful:

4.0 out of 5 stars Should be required reading for Embedded Developers, November 1, 2008

By 

P. Mathis "Homeschooling Rocks!" (Kennesaw, GA USA) - See all my reviews
(REAL NAME)   

This review is from: Practical Embedded Security: Building Secure Resource-Constrained Systems (Embedded Technology) (Paperback)

I've spent 14 years as a Firmware Engineer in Telecom and Industrial Controls. While we do our best to make bug-free products, it is rare that time and effort are spent securing these devices. Most systems attempt to use "security through obscurity", which we all know only goes so far.

The Embedded development paradigm is quite different from PC programming - our resources are very limited; most of the products I've developed have had memory (RAM and Code) measured in kilobytes, not like today's PCs with gigabytes to burn!

This book covers the basics of how to secure a device with such limited resources. First the book covers the general concepts involved in security. Next it goes into the various protocols and how they are attacked and defended. The last two chapters cover specific examples on a PIC processor and on a Rabbit processor. These two parts fit exactly into the middle of the range of embedded processors used today.

The author speaks freely of the limitations of each of the current protocols. His writing is clear and makes for an interesting read (quite an accomplishment on a topic that could be quite acedemic!).

I gave the book "only" 4-stars because the Sample Programs are not provided on CD nor is there an obvious link to source code on the web. While the material is a port of OpenSSL (which is available), it would have saved readers time re-typing the sample source code.

Otherwise, I find this to be a great start to making my designs more secure!