security in computer system
TRANSCRIPT
AGENDA• Overview of Security & Needs• Concepts, Types of Viruses• Different Types of Security• Threats in Network• Hacking, Ethical Hacking• Attacks, services and mechanisms• Security attacks-Types• Security services• Methods of Defense• A model for Internetwork Security
Overview
• What is security?• Why do we need security?• Who is vulnerable?
What is “Security”
Security is state of having1. Freedom from risk or danger; safety.2. Freedom from doubt, anxiety, or fearDefinition:Security is the protection of assets. Three main aspects of security are1. Protection2. Detection3. Reaction.
Why do we need security?
• Protect vital information while still allowing access to those who need it– Trade secrets, medical records, etc.
• Provide authentication and access control for resources– Ex: Bank Identity Card, ATM Card
• Guarantee availability of resources– Must be available all the time
Need for Security
• The Information Age- Internet Highway• Digital Assets- emails, documents• Static Assets- pictures, databases• Assets on Transit- emails(Comm. Networks)
Who is vulnerable?
• Financial institutions and banks• Internet service providers• Pharmaceutical companies• Government and defense agencies• Internet users• Multinational corporations• ANYONE ON THE NETWORK
Different Types of Security-Definitions
• Computer Security - generic name for the collection of tools designed to protect hardware or software modules.
• Network Security - measures to protect data during their transmission
• Internet Security - measures to protect data during their transmission over a collection of interconnected network
• Information Security- All the three areas
Basic Terminologies
• Cryptography– Study of mathematical techniques related to aspects of
information security (Set of techniques)• Cryptanalysis
– The process of breaking the security policies• Cryptology - Cryptography + cryptanalysis• Cryptosystems are computer systems used to encrypt data
for secure transmission and storage
Types of Computer Virus1.Time Bomb2.Logical Bomb3.Worm4.Boot Sector Virus5.Macros Virus
6.Trojan Horse
Types of Viruses
• Time Bomb – Active when time/date comes• Logical Bomb – Active when some action comes• Worm- Self replicating in networks • Boot Sector Virus- During system boot, boot sector virus is
loaded into main memory and destroys data stored in hard disk• Micro Virus- It is associated with application software like
word and excel• Trojan Horse- usually email virus
Launching the attackSteps are1. Vulnerability2. Threat 3. Discovery of Vulnerability4. Exploitation of Vulnerability5. Attack
Attacks, Services and Mechanisms
• Security Attack: Any action that compromises the security of information.
• Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack.
• Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms.
Different Types of Security Attacks
Security Attacks
• Interruption: This is an attack on availability
• Interception: This is an attack on confidentiality
• Modification: This is an attack on integrity• Fabrication: This is an attack on
authenticity
Security Goals
Threats in Networks
In This Section
• What makes a network Vulnerable– Reasons for network attacks
• Who Attacks Networks?– Who are the attackers? Why people attack?
• Threats in Network transmission: Eavesdropping and Wiretapping– Different ways attackers attack a victim
What Makes a Network Vulnerable • How network differ from a stand-alone
environment:– Anonymity
• Attacker can mount an attack from thousands of miles away; passes through many hosts
– Many points of attack• Both targets and origins • An attack can come from any host to any host
– Sharing • More users have the potential to access networked
systems than on single computers
• How network differ from a stand-alone environment:– Complexity of System
• Reliable security is difficult to obtain• Complex as many users do not know what their computers are
doing at any moment
– Unknown Perimeter • One host may be a node on two different networks• Causing uncontrolled groups of possibly malicious users
– Unknown Path • Can have multiple paths from one host to another.
What Makes a Network Vulnerable
Who Attacks Networks1. Challenge – what would happen if I tried this approach
or technique? Can I defeat this network?2. Fame3. Money and Espionage(Spy)4. Organized CrimeIdeology
Hacktivism – breaking into a computer system with the intent of disrupting normal operations but not causing serious damage
Cyberterroism- more dangerous than hacktivism can cause grave harm such as loss of life or severe economic damage
Ethical Hacking
• Ethics: Moral principles that govern a person's or group's behavior
• Hacking: Practice of modifying the features of a system, in order to accomplish a goal outside of the creator's original purpose
• Ethical Hacking: Process of legally hacking the information that is considered to be confidential
Ethical Hacker Vs Hacker
Types of Hackers
How attackers perpetrate attacks?1. Port Scan
For a particular IP address, the program will gather network information. It tells an attacker which standard ports are being used, which OS is installed on the target system, & what applications and which versions are present.
2. Social Engineering It gives an external picture of the network to the attacker.
3. Operating System & Application FingerprintingDetermining what commercial application server application is running, what version…
4. Intelligence Gathering all the information and making a plan. e information and making a plan.
Threats In Network Transmission
• Eavesdropping– Overhearing without expending any extra effort– Causing harm that can occur between a sender
and a receiver• Wiretapping
– Passive wiretapping• Similar to eavesdropping
– Active wiretapping• Injecting something into the communication
Wiretapping Communication
CablePacket sniffer – A device that can retrieve all packets of LANInductance – a process where an intruder can tap a wire and read radiated
signals without making physical contact with the cableMicrowave, Wireless
Signals are broadcasted through air, making more accessible to hackersSignals are not usually shielded or isolated to prevent interception
Satellite CommunicationDispersed over a great area than the indented point of receptionCommunications are multiplexed, the risk is small that any one
communication will be interruptedGreater potential than microwave signals
Wiretap Vulnerabilities
Network Security / G. Steffen 28
Threat CategoriesImpersonation
Easier than wiretapping for obtaining information on a networkMore significant threat in WAN than in LAN
SpoofingAn attacker obtains network credentials illegally and carries false conversations
MasqueradeOne hosts pretends to be anotherPhishing is a variation of this kind of an attack.
Session hijackingIntercepting & carrying a session begun by another entity
Man-in-the-Middle AttackOne entity intrudes between two others.
Vulnerability and Attacks
• Exploiting a Vulnerability• Passive Attacks• Active Attacks• Hacking• Social Engineering• Identity Theft
Passive Attacks
Active Attacks
Attacks to Security Goals
Various Security Attacks
• Brute-force Attack• Spoofing Attack• Denial of Service
attack(DoS)• Distributed DoS
Attack(DDoS)
• Authentication attacksI. Dictionary AttackII. Replay Attack-
aquestic attackIII. Password GuessingIV. Password Sniffing
Security Services-Principles of Information Security
• Security Attributes (CI5A)– Confidentiality– Integrity– Availability– Authentication– Authorization– Accounting– Anonymity
Confidentiality
Integrity
Availability
Authentication
Authorization
Non-Repudiation
Accountability
Model for Network Security
Methods of Defence• Encryption• Software Controls (access limitations in a
data base, in operating system protect each user from other users)
• Hardware Controls (smartcard)• Policies (frequent changes of passwords)• Physical Controls
Cryptographic TechniquesCryptography
Some security services can be implemented using cryptography. Cryptography, a word with Greek origins, means “secret writing”.
Steganography
The word steganography, with its origin in Greek, means “covered writing”, in contrast to cryptography, which means“secret writing”.
Basic Terminology• plaintext - the original message • ciphertext - the coded message • cipher - algorithm for transforming plaintext to
ciphertext • key - info used in cipher known only to
sender/receiver • encipher (encrypt) - converting plaintext to
ciphertext • decipher (decrypt) - recovering ciphertext from
plaintext• cryptography - study of encryption
principles/methods• cryptanalysis (code breaking) - the study of
principles/ methods of deciphering ciphertext without knowing key
Basic Terminologies
• Plaintext is text that is in readable form• Ciphertext results from plaintext by applying the
encryption key• Notations:
• M = message, C = ciphertext, E = encryption, D = decryption, k= key
• Encryption Ek(M)=C• Decryption Dk(C)=M
Cipher-Algorithm• Symmetric cipher: same key used for
encryption and decryption– Block cipher: encrypts a block of plaintext at a
time (typically 64 or 128 bits)
– Stream cipher: encrypts data one bit or one byte at
a time
• Asymmetric cipher: different keys used for encryption and decryption
The general idea of Key based cryptography
Traditional CiphersSUBSTITUTION AND TRANSPOSITION.
Substitution ciphersA substitution cipher replaces one symbol with another. If the symbols in the plaintext are alphabetic characters, we replace one character with another.
A substitution cipher replaces one symbolwith another.
The simplest substitution cipher is a shift cipher (additive cipher).
Example
Use the additive cipher with key = 15 to encrypt the message “hello”.SolutionWe apply the encryption algorithm to the plaintext, character by character:
The ciphertext is therefore “wtaad”.
Transposition ciphers
A transposition cipher does not substitute one symbol for another, instead it changes the location of the symbols
A transposition cipher reorders symbols.
Example
Alice needs to send the message “Enemy attacks tonight” to Bob. Alice and Bob have agreed to divide the text into groups of five characters and then permute the characters in each group. The following shows the grouping after adding a bogus character (z) at the end to make the last group the same size as the others.
The key used for encryption and decryption is a permutation key, which shows how the character are permuted. For this message, assume that Alice and Bob used the following key:
Example
The third character in the plaintext block becomes the first character in the ciphertext block, the first character in the plaintext block becomes the second character in the ciphertext block and so on. The permutation yields:
Continued
Alice sends the ciphertext “eemyntaacttkonshitzg” to Bob. Bob divides the ciphertext into five-character groups and, using the key in the reverse order, finds the plaintext.
Substitution Ciphers
• Mono-alphabetic Cipher- Ceaser Cipher• Poly- alphabetic Cipher- Vigenere Cipher• Multiple letter cipher- Playfair cipher
Caesar Cipher• Earliest known substitution cipher• Invented by Julius Caesar • Each letter is replaced by the letter three positions
further down the alphabet.• Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
• Example: ohio state RKLR VWDWH
Caesar Cipher
• Mathematically, map letters to numbers:a, b, c, ..., x, y, z0, 1, 2, ..., 23, 24, 25
• Then the general Caesar cipher is:c = EK(p) = (p + k) mod 26
p = DK(c) = (c – k) mod 26• Can be generalized with any alphabet.
Polyalphabetic Cipher
• In monoalphabetic cipher the problem was that each character was substituted by a single character
• Cryptanalysts are helped by the fact that they have to see what character would correspond in plaintext for a given ciphertext character
• Polyalphabetic cipher’s goal is to make this process difficult
Polyalphabetic Cipher• In polyalphabetic cipher, each plaintext character
may be replaced by more than one character• Since there are only 26 alphabets this process will
require using a different representation than the alphabets
• Alphabets ‘A’ through ‘Z’ are replaced by 00, 01, 02, …, 25
• We need two digits in this representation since we need to know how to reverse the process at the decryption side
60
Polyalphabetic Cipher• The most common method used is Vigenère cipher• Vigenère cipher starts with a 26 x 26 matrix of
alphabets in sequence. First row starts with ‘A’, second row starts with ‘B’, etc.
• This cipher requires a keyword that the sender and receiver know ahead of time
• Each character of the message is combined with the characters of the keyword to find the ciphertext character
61
Vigenère Cipher Table A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A A B C D E F G H I J K L M N O P Q R S T U V W X Y ZB B A B C D E F G H I J K L M N O P Q R S T U V W X YC C D E F G H I J K L M N O P Q R S T U V W X Y Z A BD D E F G H I J K L M N O P Q R S T U V W X Y Z A B CE E F G H I J K L M N O P Q R S T U V W X Y Z A B C DF F G H I J K L M N O P Q R S T U V W X Y Z A B C D EG G H I J K L M N O P Q R S T U V W X Y Z A B C D E FH H I J K L M N O P Q R S T U V W X Y Z A B C D E F GI I J K L M N O P Q R S T U V W X Y Z A B C D E F G HJ J K L M N O P Q R S T U V W X Y Z A B C D E F G H IK K L M N O P Q R S T U V W X Y Z A B C D E F G H I JL L M N O P Q R S T U V W X Y Z A B C D E F G H I J KM M N O P Q R S T U V W X Y Z A B C D E F G H I J K L
62
Vigenère Cipher Table (cont’d) A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
N N O P Q R S T U V W X Y Z A B C D E F G H I J K L MO O P Q R S T U V W X Y Z A B C D E F G H I J K L M NP P Q R S T U V W X Y Z A B C D E F G H I J K L M N OQ Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R R S T U V W X Y Z A B C D E F G H I J K L M N O P QS S T U V W X Y Z A B C D E F G H I J K L M N O P Q RT T U V W X Y Z A B C D E F G H I J K L M N O P Q R SU U V W X Y Z A B C D E F G H I J K L M N O P Q R S TV V W X Y Z A B C D E F G H I J K L M N O P Q R S T UW W X Y Z A B C D E F G H I J K L M N O P Q R S T U VX X Y Z A B C D E F G H I J K L M N O P Q R S T U V WY Y Z A B C D E F G H I J K L M N O P Q R S T U V W XZ Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
63
Vigenere Cipher
• E.g., Message = SEE ME IN MALL• Take keyword as INFOSEC• Vigenère cipher works as follows:
S E E M E I N M A L L I N F O S E C I N F O------------------------------------- A R J A W M P U N Q Z
64
Vigenere Cipher
• To decrypt, the receiver places the keyword characters below each ciphertext character
• Using the table, choose the row corresponding to the keyword character and look for the ciphertext character in that row
• Plaintext character is then at the top of that column
65
Vigenere Cipher
• Decryption of ciphertext: A R J A W M P U N Q Z-column2
I N F O S E C I N F O-row1 -------------------------------------
S E E M E I N M A L L• Best feature is that same plaintext character
is substituted by different ciphertext characters (i.e., polyalphabetic)
66
Multiple Letter Cipher• Playfair cipher is a multiple letter cipher• Each plaintext letter is replaced by a digram in this
cipher• Number of digrams is 26 x 26 = 676• User chooses a keyword and puts it in the cells of
a 5 x 5 matrix. I and J stay in one cell. Duplicate letters appear only once.
• Alphabets that are not in the keyword are arranged in the remaining cells from left to right in successive rows in ascending order
67
Playfair Cipher
• Keyword “Infosec”I / J N F O S
E C A B D
G H K L M
P Q R T U
V W X Y Z
68
Playfair Cipher• Rules:
– Group plaintext letters two at a time– Separate repeating letters with an x– Take a pair of letters from plaintext– Plaintext letters in the same row are replaced by letters
to the right (cyclic manner)– Plaintext letters in the same column are replaced by
letters below (cyclic manner)– Plaintext letters in different row and column are
replaced by the letter in the row corresponding to the column of the other letter and vice versa
69
Playfair Cipher
• E.g., Plaintext: “CRYPTO IS TOO EASY”• Keyword is “INFOSEC”• Grouped text: CR YP TO IS TO XO EA SY• Ciphertext: AQ VT YB NI YB YF CB
OZ• To decrypt, the receiver reconstructs the 5
x 5 matrix using the keyword and then uses the same rules as for encryption
Transposition Ciphers• consider classical transposition or
permutation ciphers• these hide the message by rearranging the
letter order • without altering the actual letters used• can recognise these since have the same
frequency distribution as the original text • Rail Fence and Vernam Ciphers• Columnar Transposition Techniques
Rail Fence cipher
• write message letters out diagonally over a number of rows
• then read off cipher row by row• eg. write message out as:
m e m a t r h p r y e t e f e t e a t
• giving ciphertextMEMATRHTGPRYETEFETEOAAT
Vernam Cipher
• The only unbreakable stream cipher
– K: a long, non-repeating sequence of random numbers
Exclusive OR Exclusive ORPlaintext Ciphertext PlaintextP PC
K KSecret channel
1 0 =1; 0 1=1
0 0 =0; 1 1=0
Vernam Cipher
• An example of Vernam Cipher– Alice:
– Bob:
1 0 =1; 0 1=1
0 0 =0; 1 1=0
P: 100 010 111 011 110 001…K: 010 011 101 101 010 111…C: 110 001 010 110 100 110…
P: 100 010 111 011 110 001…K: 010 011 101 101 010 111…C: 110 001 010 110 100 110…
Product Ciphers
• ciphers using substitutions or transpositions are not secure because of language characteristics
• hence consider using several ciphers in succession to make harder, but: – two substitutions make a more complex substitution – two transpositions make more complex transposition – but a substitution followed by a transposition makes a
new much harder cipher • this is bridge from classical to modern ciphers
Stegnographic TechniquesGreek Words: STEGANOS – “Covered”GRAPHIE – “Writing”• Steganography is the art and science of writing
hidden messages in such a way that no one apart from the intended recipient knows of the existence of the message.
• This can be achieved by concealing the existence of information within seemingly harmless carriers or cover
• Carrier: text, image, video, audio, etc
Evolution of Steganography 440 BC• Histiaeus, who shaved the head of his most trusted slave
and tattooed a message on it. After his hair had grown the message was hidden. The purpose was to instigate a revolt against the Persians.
• Demeratus sent a warning about a forthcoming attack to Greece by writing it on a wooden panel and covering it in wax.
World War II• Invincible inks • Null ciphers (unencrypted messages): • Microdot Technology -Shrinking messages down to the size of a dot became a popular method. Since the microdot could be placed at the end of a sentence or above a j or an i.Disadv: Time, complex, not secure etc
Steganographic System
cover: cover is the original picture, audio or video emb : embedded secret message
fE: steganographic function "embedding"fE-1: steganographic function "extracting"key: parameter which controls the hiding process of
the secret messagestego: resultant file that contains hidden message
Modern Steganography Techniques
Masking and Filtering: Is where information is hidden inside of a image using digital watermarks that include information such as copyright, ownership, or licenses. The purpose is different from traditional steganography since it is adding an attribute to the cover image thus extending the amount of information presented.
Algorithms and Transformations: This technique hides data in mathematical functions that are often used in compression algorithms. The idea of this method is to hide the secret message in the data bits in the least significant coefficients.
Least Significant Bit Insertion: The most common and popular method of modern day steganography is to make use of the LSB of a picture’s pixel information. Thus the overall image distortion is kept to a minimum while the message is spaced out over the pixels in the images. This technique works best when the image file is larger then the message file and if the image is grayscale.
Steganography Techniques• Substitution methods(Steganography in Images)
Bit plane methods Palette-based methods
• Signal Processing methods(Steganography in Images) Transform methods
• Steganography in Audio• Steganography in Text
Stegano-system Criteria
• Cover data should not be significantly modified ie perceptible to human perception system
• The embedded data should be directly encoded in the cover & not in wrapper or header
• Embedded data should be immune to modifications to cover
Places to Hide Information:Steganography
• Images• Audio files• Text• Video We focus on Images as cover media.
Though most ideas apply to video and audio as well.
Steganography in Images
Way images are stored:• Array of numbers representing RGB values for each pixel• Common images are in 8-bit/pixel and 24-bit/pixel format.• 24-bit images have lot of space for storage but are huge
and invite compression• Proper selection of cover image is important. • Best candidates: gray scale images ..• Cashing on limitations of perception in human vision
Steganography: Bit plane Methods
• Image: replace least significant bit (LSB) of image intensity with message bit
• Replace lowest 3 or 4 LSB with message bits or image data (assume 8 bit values)
• Data is hidden in “noise” of image• Can hide surprisingly large amounts of data this
way• Very fragile to any image manipulation
Least Significant Bit• Consider a 24 bit picture• Data to be inserted: character ‘A’: (10000011)• Host pixels: 3 pixel will be used to store one character of 8-bits• The pixels which would be selected for holding the data are chosen on the
basis of the key which can be a random number.• Ex: 00100111 11101001 11001000
00100111 11001000 11101001 11001000 00100111 11101001
Embedding ‘A’ 00100111 11101000 1100100000100110 11001000 1110100011001001 00100111 11101001
• According to researchers on an average only 50% of the pixels actually change from 0-1 or 1-0.
+ =
http://www.cl.cam.ac.uk/~fapp2/steganography/image_downgrading/
8-bit (256 grayscale) images.
TOP SECRET
Sacrificing 2 bits of cover to carry 2 bits of secret image
Original Image Extracted Image
Sacrificing 5 bits of cover to carry 5 bits of secret image
Original Image Extracted Image
Palette-based Methods• Palette manipulation means changing the way the
color or grayscale palette represents the image colors
• Bit methods are used in palette manipulation schemes
• Data hidden in “noise” of image• Often radical color shifts occur - can tip off that
data is hidden• Use grayscale to overcome color shift problem
Sample palettes
Red color shade
variations
Drastic & Subtle shade
variations
Gray Scale shade
variations
Message: 0 1 1 0 0 1 0 1 0 1 1 1 0 1 0 1 0 1 0 0 0 1 1 1 1
Randomly chosen pixel with color
Find the color in the sorted palette
Sorted palette
Replace the LSB of the index to color C1 with the message bit
The new index now points to aneighboring color C2
Replace the index of the pixel in the original image to point to thenew color C2.
index = 30 = 00011110
00011110
00011111
C1
C1
C2
Signal Processing Methods-Transform Methods
• Discrete Cosine Transform• Discrete Wavelet Transform• Discrete Fourier Transform• Mellin-Fourier Transform
Discrete Cosine Transform
The forward equation, for image A, is
Nyv
NxuyxavCuC
Nvub
N
x
N
y 2)12(cos
2)12(cos),()()(2),(
1
0
1
0
Nyv
NxuvubvCuC
Nyxa
N
u
N
v 2)12(cos
2)12(cos),()()(2),(
1
0
1
0
The inverse equation, for image B, is
Discrete Fourier Transform
The formulae for the DFT and its inverse are
1
0
1
0
2exp2exp),(),(N
x
N
y Nvyj
NuxjyxavuF
1
0
1
02
2exp2exp),(1),(N
u
N
v Nvyj
NuxjvuF
Nyxa
Steganography in Audio
• Low Bit Coding– Most digital audio is created by sampling the signal and
quantizing the sample with a 16-bit quantizer. – The rightmost bit, or low order bit, of each sample can
be changed from 0 to 1 or 1 to 0 – This modification from one sample value to another is
not perceptible by most people and the audio signal still sounds the same
Steganography in Audio
• Phase Coding– Relies on the relative insensitivity of the human
auditory system to phase changes – Substitutes the initial phase of an audio signal with a
reference phase that represents the data – More complex than low bit encoding, but it is much
more robust and less likely to distort the signal that is carrying the hidden data.
Steganography in Audio
• Direct Sequence Spread Spectrum– Spreads the signal by multiplying it by a chip,
which is a maximal length pseudorandom sequence
– DSSS introduces additive random noise to the sound file
Steganography in Audio
• Echo Data Hiding– Discrete copies of the original signal are mixed
in with the original signal creating echoes of each sound.
– By using two different time values between an echo and the original sound, a binary 1 or binary 0 can be encoded.
Steganography in Text
• Soft Copy Text– Encode data by varying the number of spaces
after punctuation – Slight modifications of formatted text will be
immediately apparent to anyone reading the text
Steganography in Text
• Soft Copy Text– Use of White Space (tabs & spaces) is much
more effective and less noticeable– This is most common method for hiding data in
text
Steganography in Text
• Soft Copy Text– Encode data in additional spaces placed at the
end of a lineF o u r s c o r e a n d
s e v e n y e a r s a g o
o u r f o r e f a t h e r s
Steganography in Text
• Hard Copy Text– Line Shift Coding
• Shifts every other line up or down slightly in order to encode data
– Word Shift Coding• Shifts some words slightly left or right in order to
encode data
Steganography in Text-Null Cipher
• Message sent by a German spy during World war-I:
PRESIDENT’S EMBARGO RULING SHOULD HAVE IMMEDIATE NOTICE. GRAVE SITUATION AFFECTING INTERNATIONAL LAW. STATEMENT FORESHADOWS RUIN OF MANY NEUTRALS. YELLOW JOURNALS UNIFYING NATIONAL EXCITEMENT IMMENSELY.
Pershing sails from NY June I.
Reference• Asoke K Talukder, Manish Chaitanya, Architecting Secure Software
System, Aeurbach Publication, 2008• Howard M, Lipner S, The Security Development Lifecycle, Microsoft
Press, 2006• Frank Swiderski, Window Snyder, Threat Modeling, Microsoft Press,
2004 • John Viega, Gary McGraw, Building secure Software, How to Avoid
Security problems in the Right Way, Addison-Wesley 2001 • Tom Gallagher, Bryan Jeffries, Lawrence Landauer, Hunting Security
Bugs, Microsoft Press, 2006 • Ross Anderson, Security Engineering: A guide to Building dependable
Distributed systems, John wiley, 2001.