Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 1

Ebook Security engineering: A guide to building dependable distributed systems (Second Edition) – Part 1 include of the following content: Chapter 1 what is security engineering? chapter 2 usability and psychology, chapter 3 protocols, chapter 4 access control, chapter 5 cryptography, chapter 6 distributed systems, chapter 7 economics, chapter 8 multilevel security, chapter 9 multilateral security, chapter 10 banking and bookkeeping chapter 11 physical protection, chapter 12 monitoring and metering, chapter 13 nuclear command and control, chapter 14 security printing and seals, chapter 15 biometrics.

Security Engineering

A Guide to Building Dependable Distributed

Systems Second Edition

Ross J Anderson

Wiley Publishing, Inc.

Security Engineering: A Guide to Building Dependable Distributed Systems,

Copyright © 2008 by Ross J Anderson All Rights Reserved.

Published by Wiley Publishing, Inc., Indianapolis, Indiana

Published simultaneously in Canada

Limit of Liability/Disclaimer of Warranty:The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose No warranty may be created or extended by sales or promotional materials The advice and strategies contained herein may not be suitable for every situation This work

is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services If professional assistance is required, the services of a competent professional person should be sought Neither the publisher nor the author shall be liable for damages arising herefrom The fact that an organization or Website is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Website may provide or recommendations

it may make Further, readers should be aware that Internet Websites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S at (800) 762-2974, outside the U.S at (317) 572-3993 or fax (317) 572-4002 Library of Congress Cataloging-in-Publication Data

Trademarks: Wiley, the Wiley logo, and related trade dress are trademarks or registered trademarks of John Wiley

& Sons, Inc and/or its affiliates, in the United States and other countries, and may not be used without written permission All other trademarks are the property of their respective owners Wiley Publishing, Inc is not associated with any product or vendor mentioned in this book.

Wiley also publishes its books in a variety of electronic formats Some content that appears in print may not be available in electronic books.

To Shireen

Joseph B Wikert

Project Coordinator, Cover

Contents at a Glance

Part I

Chapter 1 What Is Security Engineering? 3

Chapter 13 Nuclear Command and Control 415

vii

viii Contents at a Glance

Chapter 14 Security Printing and Seals 433

Chapter 16 Physical Tamper Resistance 483

Chapter 19 Electronic and Information Warfare 559

Chapter 21 Network Attack and Defense 633

Part III

Chapter 24 Terror, Justice and Freedom 769 Chapter 25 Managing the Development of Secure Systems 815 Chapter 26 System Evaluation and Assurance 857

What the Brain Does Worse Than the Computer 23Perceptual Bias and Behavioural Economics 24Different Aspects of Mental Processing 26

What the Brain Does Better Than Computer 30

ix

x Contents

Difficulties with Reliable Password Entry 32Difficulties with Remembering the Password 33

Using the Browser’s Password Database 44

Technical Defeats of Password Retry Counters 55

Who Goes There? — Simple Authentication 66

Contents xi

A Typical Smartcard Banking Protocol 87

Sandboxing and Proof-Carrying Code 110

xii Contents

An Early Stream Cipher — The Vigen`ere 131

Random Generators — Stream Ciphers 143Random Permutations — Block Ciphers 144Public Key Encryption and Trapdoor One-Way Permutations 146

Extra Requirements on the Underlying Cipher 166Common Hash Functions and Applications 167

Cryptography Based on Discrete Logarithms 173Public Key Encryption — Diffie Hellman and ElGamal 174

Interaction with Fault Tolerance 194

The Distributed Systems View of Naming 200

Stability of Names and Addresses 208

Restrictions on the Use of Names 210

xiv Contents

The Economics of Security and Dependability 228

The Bell-LaPadula Security Policy Model 242

The Standard Criticisms of Bell-LaPadula 246

More Sophisticated Query Controls 298

Maximum Order Control and the Lattice Model 300

A Telegraphic History of E-commerce 316

The Clark-Wilson Security Policy Model 319

xvi Contents

Online Credit Card Fraud — the Hype and the Reality 348

Taxi Meters, Tachographs and Truck Speed Limiters 397

How Most Tachograph Manipulation Is Done 400

Contents xvii

The Evolution of Command and Control 417

Authorization, Environment, Intent 419Unconditionally Secure Authentication 420

Verifying Positive or Negative Identity Claims 466

FPGA Security, and the Clipper Chip 496

Optical, Acoustic and Thermal Side Channels 542

Multiparty Computation, and Differential Protocol Attacks 552

Attacks on Switching and Configuration 601

Vulnerabilities in Network Protocols 635

Attacks Using Internet Protocols and Mechanisms 638

Distributed Denial of Service Attacks 640

Contents xxi

Trojans, Viruses, Worms and Rootkits 644

Configuration Management and Operational Security 652Filtering: Firewalls, Spam Filters, Censorware and Wiretaps 654

General Limitations of Intrusion Detection 662Specific Problems Detecting Network Attacks 664

Attacks on Hybrid Scrambling Systems 693

xxii Contents

Other Online Rights-Management Systems 706

Aimbots and Other Unauthorized Software 732

Anonymous Email — The Dining Cryptographers and Mixes 747

Confidential and Anonymous Phone Calls 751

Steganography and Forensics Countermeasures 755

Contents xxiii

The Psychology of Political Violence 772The Role of Political Institutions 774

Censorship by Authoritarian Regimes 798

Peer-to-Peer, Hate Speech and Child Porn 801

Differences between Europe and the USA 810

The Complacency Cycle and the Risk Thermostat 820

Incompetent and Inexperienced Security Managers 823

xxiv Contents

Lessons from Safety-Critical Systems 829

Control Tuning and Corporate Governance 838Evolving Environments and the Tragedy of the Commons 839

Corruption, Manipulation and Inertia 878

Preface to the Second Edition

The first edition of Security Engineering was published in May 2001 Since then

the world has changed

System security was one of Microsoft’s lowest priorities then; it’s now one

of the highest The volume of malware continues to increase along with thenuisance that it causes Although a lot of effort has gone into defence — wehave seen Windows NT replaced by XP and then Vista, and occasional servicepacks replaced by monthly security patches — the effort put into attacks hasincreased far more People who write viruses no longer do so for fun, but forprofit; the last few years have seen the emergence of a criminal economy thatsupports diverse specialists Spammers, virus writers, phishermen, moneylaunderers and spies trade busily with each other

Cryptography has also moved on The Advanced Encryption Standard isbeing embedded into more and more products, and we have some interestingdevelopments on the public-key side of things too But just as our algorithmproblems get solved, so we face a host of implementation issues Side channels,poorly designed APIs and protocol failures continue to break systems Appliedcryptography is harder than ever to do well

Pervasive computing also opens up new challenges As computers andcommunications become embedded invisibly everywhere, so problems thatused to only afflict ‘proper computers’ crop up in all sorts of other devices too.What does it mean for a thermometer to be secure, or an air-conditioner?

The great diversity of intelligent devices brings with it a great diversity

of interests and actors Security is not just about keeping the bad guys out,but increasingly concerned with tussles for power and control DRM pits thecontent and platform industries against consumers, and against each other;accessory control is used to tie printers to their vendors’ cartridges, but leads

xxv

xxvi Preface to the Second Edition

to antitrust lawsuits and government intervention Security also interacts withsafety in applications from cars through utilities to electronic healthcare Thesecurity engineer needs to understand not just crypto and operating systems,but economics and human factors as well

And the ubiquity of digital devices means that ‘computer security’ is nolonger just a problem for a few systems specialists Almost all white-collarcrime (and much crime of the serious violent sort) now involves computers

or mobile phones, so a detective needs to understand computer forensics just

as she needs to know how to drive More and more lawyers, accountants,managers and other people with no formal engineering training are going tohave to understand system security in order to do their jobs well

The rapid growth of online services, from Google and Facebook to massivelymultiplayer games, has also changed the world Bugs in online applicationscan be fixed rapidly once they’re noticed, but the applications get ever morecomplex and their side-effects harder to predict We may have a reasonablygood idea what it means for an operating system or even a banking service to

be secure, but we can’t make any such claims for online lifestyles that evolveall the time We’re entering a novel world of evolving socio-technical systems,and that raises profound questions about how the evolution is driven and who

is in control

The largest changes, however, may be those driven by the tragic events ofSeptember 2001 and by our reaction to them These have altered perceptionsand priorities in many ways, and changed the shape of the security industry.Terrorism is not just about risk, but about the perception of risk, and aboutthe manipulation of perception This adds psychology and politics to the mix.Security engineers also have a duty to contribute to the political debate Whereinappropriate reactions to terrorist crimes have led to major waste of resourcesand unforced policy errors, we have to keep on educating people to ask afew simple questions: what are we seeking to prevent, and will the proposedmechanisms actually work?

Ross Anderson

Cambridge, January 2008

In a paper he wrote with Roger Needham, Ross Anderson coined the phrase

‘‘programming Satan’s computer’’ to describe the problems faced by security engineers It’s the sort of evocative image I’ve come to expect fromRoss, and a phrase I’ve used ever since

computer-Programming a computer is straightforward: keep hammering away at theproblem until the computer does what it’s supposed to do Large applicationprograms and operating systems are a lot more complicated, but the method-ology is basically the same Writing a reliable computer program is muchharder, because the program needs to work even in the face of random errorsand mistakes: Murphy’s computer, if you will Significant research has goneinto reliable software design, and there are many mission-critical softwareapplications that are designed to withstand Murphy’s Law

Writing a secure computer program is another matter entirely Security

involves making sure things work, not in the presence of random faults, but inthe face of an intelligent and malicious adversary trying to ensure that thingsfail in the worst possible way at the worst possible time again and again It

truly is programming Satan’s computer

Security engineering is different from any other kind of programming It’s

a point I made over and over again: in my own book, Secrets and Lies, in

my monthly newsletter Crypto-Gram, and in my other writings And it’s a

point Ross makes in every chapter of this book This is why, if you’re doingany security engineering if you’re even thinking of doing any security

engineering, you need to read this book It’s the first, and only, end-to-endmodern security design and engineering book ever written

And it comes just in time You can divide the history of the Internetinto three waves The first wave centered around mainframes and terminals

xxvii

xxviii Foreword

Computers were expensive and rare The second wave, from about 1992 untilnow, centered around personal computers, browsers, and large applicationprograms And the third, starting now, will see the connection of all sorts

of devices that are currently in proprietary networks, standalone, and computerized By 2003, there will be more mobile phones connected to theInternet than computers Within a few years we’ll see many of the world’srefrigerators, heart monitors, bus and train ticket dispensers, burglar alarms,and electricity meters talking IP Personal computers will be a minority player

non-on the Internet

Security engineering, especially in this third wave, requires you to thinkdifferently You need to figure out not how something works, but howsomething can be made to not work You have to imagine an intelligentand malicious adversary inside your system (remember Satan’s computer),constantly trying new ways to subvert it You have to consider all the waysyour system can fail, most of them having nothing to do with the design itself.You have to look at everything backwards, upside down, and sideways Youhave to think like an alien

As the late great science fiction editor John W Campbell, said: ‘‘An alienthinks as well as a human, but not like a human.’’ Computer security is a lotlike that Ross is one of those rare people who can think like an alien, and thenexplain that thinking to humans Have fun reading

Bruce Schneier

January 2001

For generations, people have defined and protected their property and theirprivacy using locks, fences, signatures, seals, account books, and meters Thesehave been supported by a host of social constructs ranging from internationaltreaties through national laws to manners and customs

This is changing, and quickly Most records are now electronic, frombank accounts to registers of real property; and transactions are increasinglyelectronic, as shopping moves to the Internet Just as important, but lessobvious, are the many everyday systems that have been quietly automated.Burglar alarms no longer wake up the neighborhood, but send silent messages

to the police; students no longer fill their dormitory washers and dryers withcoins, but credit them using a smartcard they recharge at the college bookstore;locks are no longer simple mechanical affairs, but are operated by electronicremote controls or swipe cards; and instead of renting videocassettes, millions

of people get their movies from satellite or cable channels Even the humblebanknote is no longer just ink on paper, but may contain digital watermarksthat enable many forgeries to be detected by machine

How good is all this new security technology? Unfortunately, the honestanswer is ‘nowhere near as good as it should be’ New systems are often rapidlybroken, and the same elementary mistakes are repeated in one application afteranother It often takes four or five attempts to get a security design right, andthat is far too many

The media regularly report security breaches on the Internet; banks fighttheir customers over ‘phantom withdrawals’ from cash machines; VISA reportshuge increases in the number of disputed Internet credit card transactions;satellite TV companies hound pirates who copy their smartcards; and law

xxix

xxx Preface

enforcement agencies try to stake out territory in cyberspace with laws trolling the use of encryption Worse still, features interact A mobile phonethat calls the last number again if one of the keys is pressed by accident may

con-be just a minor nuisance — until someone invents a machine that dispenses

a can of soft drink every time its phone number is called When all of asudden you find 50 cans of Coke on your phone bill, who is responsible, thephone company, the handset manufacturer, or the vending machine operator?Once almost every electronic device that affects your life is connected to theInternet — which Microsoft expects to happen by 2010 — what does ‘Internetsecurity’ mean to you, and how do you cope with it?

As well as the systems that fail, many systems just don’t work well enough.Medical record systems don’t let doctors share personal health information

as they would like, but still don’t protect it against inquisitive private eyes.Zillion-dollar military systems prevent anyone without a ‘top secret’ clearancefrom getting at intelligence data, but are often designed so that almost everyoneneeds this clearance to do any work Passenger ticket systems are designed toprevent customers cheating, but when trustbusters break up the railroad, theycannot stop the new rail companies cheating each other Many of these failurescould have been foreseen if designers had just a little bit more knowledge ofwhat had been tried, and had failed, elsewhere

Security engineering is the new discipline that is starting to emerge out ofall this chaos

Although most of the underlying technologies (cryptology, software bility, tamper resistance, security printing, auditing, etc.) are relatively wellunderstood, the knowledge and experience of how to apply them effectively

relia-is much scarcer And since the move from mechanical to digital mechanrelia-isms

is happening everywhere at once, there just has not been time for the lessonslearned to percolate through the engineering community Time and again, wesee the same old square wheels being reinvented

The industries that have managed the transition most capably are oftenthose that have been able to borrow an appropriate technology from anotherdiscipline Examples include the reuse of technology designed for militaryidentify-friend-or-foe equipment in bank cash machines and even prepaymentgas meters So even if a security designer has serious expertise in some par-ticular speciality — whether as a mathematician working with ciphers or achemist developing banknote inks — it is still prudent to have an overview

of the whole subject The essence of good security engineering is standing the potential threats to a system, then applying an appropriate mix

under-of protective measures — both technological and organizational — to controlthem Knowing what has worked, and more importantly what has failed, inother applications is a great help in developing judgment It can also save a lot

of money

Preface xxxi

The purpose of this book is to give a solid introduction to security ing, as we understand it at the beginning of the twenty-first century My goal

engineer-is that it works at four different levels:

1 As a textbook that you can read from one end to the other over a few days as an

introduction to the subject The book is to be used mainly by the working

IT professional who needs to learn about the subject, but it can also be

used in a one-semester course in a university

2 As a reference book to which you can come for an overview of the workings of

some particular type of system These systems include cash machines, taxi

meters, radar jammers, anonymous medical record databases, and so on

3 As an introduction to the underlying technologies, such as crypto, access

con-trol, inference concon-trol, tamper resistance, and seals Space prevents me from

going into great depth; but I provide a basic road map for each subject,

plus a reading list for the curious (and a list of open research problems

for the prospective graduate student)

4 As an original scientific contribution in which I have tried to draw out the

com-mon principles that underlie security engineering, and the lessons that people

building one kind of system should have learned from others In the many

years I have been working in security, I keep coming across these For

example, a simple attack on stream ciphers wasn’t known to the people

who designed a common antiaircraft fire control radar so it was easy

to jam; while a trick well known to the radar community wasn’t

under-stood by banknote printers and people who design copyright marking

schemes, which led to a quite general attack on most digital watermarks

I have tried to keep this book resolutely mid-Atlantic; a security engineeringbook has to be, as many of the fundamental technologies are American, whilemany of the interesting applications are European (This isn’t surprising giventhe better funding of U.S universities and research labs, and the greaterdiversity of nations and markets in Europe.) What’s more, many of thesuccessful European innovations — from the smart-card to the GSM mobilephone to the pay-per-view TV service — have crossed the Atlantic and nowthrive in the Americas Both the science, and the case studies, are necessary

This book grew out of the security engineering courses I teach at CambridgeUniversity, but I have rewritten my notes to make them self-contained andadded at least as much material again It should be useful to the establishedprofessional security manager or consultant as a first-line reference; to thecomputer science professor doing research in cryptology; to the workingpolice detective trying to figure out the latest computer scam; and to policywonks struggling with the conflicts involved in regulating cryptography andanonymity Above all, it is aimed at Dilbert My main audience is the working

xxxii Preface

programmer or engineer who is trying to design real systems that will keep onworking despite the best efforts of customers, managers, and everybody else.This book is divided into three parts

The first looks at basic concepts, starting with the central concept of asecurity protocol, and going on to human-computer interface issues,access controls, cryptology, and distributed system issues It does notassume any particular technical background other than basic computerliteracy It is based on an Introduction to Security course that I teach tosecond-year undergraduates

The second part looks in much more detail at a number of importantapplications, such as military communications, medical record systems,cash machines, mobile phones, and pay-TV These are used to intro-duce more of the advanced technologies and concepts It also considersinformation security from the viewpoint of a number of different inter-est groups, such as companies, consumers, criminals, police, and spies.This material is drawn from my senior course on security, from researchwork, and from experience consulting

The third part looks at the organizational and policy issues: how puter security interacts with law, with evidence, and with corporate pol-itics; how we can gain confidence that a system will perform as intended;and how the whole business of security engineering can best be

com-managed

I believe that building systems that continue to perform robustly in the face

of malice is one of the most important, interesting, and difficult tasks facingengineers in the twenty-first century

Ross Anderson

Cambridge, January 2001

About the Author

Why should I have been the person to write this book? Well, I seem tohave accumulated the right mix of experience and qualifications over the last

25 years I graduated in mathematics and natural science from Cambridge(England) in the 1970s, and got a qualification in computer engineering; myfirst proper job was in avionics; and I became interested in cryptology andcomputer security in the mid-1980s After working in the banking industry forseveral years, I started doing consultancy for companies that designed equip-ment for banks, and then working on other applications of this technology,such as prepayment electricity meters

I moved to academia in 1992, but continued to consult to industry on securitytechnology During the 1990s, the number of applications that employedcryptology rose rapidly: burglar alarms, car door locks, road toll tags, andsatellite TV encryption systems all made their appearance As the first legaldisputes about these systems came along, I was lucky enough to be an expertwitness in some of the important cases The research team I lead had thegood fortune to be in the right place at the right time when several crucialtechnologies, such as tamper resistance and digital watermarking, became hottopics

By about 1996, it started to become clear to me that the existing textbookswere too specialized The security textbooks focused on the access controlmechanisms in operating systems, while the cryptology books gave verydetailed expositions of the design of cryptographic algorithms and protocols.These topics are interesting, and important However they are only part ofthe story Most system designers are not overly concerned with crypto oroperating system internals, but with how to use these tools effectively Theyare quite right in this, as the inappropriate use of mechanisms is one of themain causes of security failure I was encouraged by the success of a number

xxxiii

xxxiv About the Author

of articles I wrote on security engineering (starting with ‘Why CryptosystemsFail’ in 1993); and the need to teach an undergraduate class in security led tothe development of a set of lecture notes that made up about half of this book.Finally, in 1999, I got round to rewriting them for a general technical audience

I have learned a lot in the process; writing down what you think you know

is a good way of finding out what you don’t I have also had a lot of fun Ihope you have as much fun reading it!

A great many people have helped in various ways with this book I probablyowe the greatest thanks to those who read the manuscript (or a large part ofit) looking for errors and obscurities They were Anne Anderson, Ian Brown,Nick Bohm, Richard Bondi, Caspar Bowden, Richard Clayton, Steve Early,Rich Graveman, Markus Kuhn, Dan Lough, David MacKay, John McHugh,Bob Morris, Roger Needham, Jerry Saltzer, Marv Schaefer, Karen Sp¨arck Jonesand Frank Stajano Much credit also goes to my editor, Carol Long, who(among many other things) went through the first six chapters and coached

me on the style appropriate for a professional (as opposed to academic) book

At the proofreading stage, I got quite invaluable help from Carola Bohm, MikeBond, Richard Clayton, George Danezis, and Bruce Godfrey

A large number of subject experts also helped me with particular chapters

or sections Richard Bondi helped me refine the definitions in Chapter 1;Jianxin Yan, Alan Blackwell and Alasdair Grant helped me investigate theapplied psychology aspects of passwords; John Gordon and Sergei Sko-robogatov were my main sources on remote key entry devices; Whit Diffieand Mike Brown on IFF; Steve Early on Unix security (although some of mymaterial is based on lectures given by Ian Jackson); Mike Roe, Ian Kelly, PaulLeyland, and Fabien Petitcolas on the security of Windows NT4 and Win2K;Virgil Gligor on the history of memory overwriting attacks, and on mandatoryintegrity policies; and Jean Bacon on distributed systems Gary Graunke told

me the history of protection in Intel processors; Orr Dunkelman found manybugs in a draft of the crypto chapter and John Brazier pointed me to theHumpty Dumpty quote

Moving to the second part of the book, the chapter on multilevel security wasmuch improved by input from Jeremy Epstein, Virgil Gligor, Jong-Hyeon Lee,Ira Moskowitz, Paul Karger, Rick Smith, Frank Stajano, and Simon Wiseman,

xxxv

xxxvi Acknowledgments

while Frank also helped with the following two chapters The material onmedical systems was originally developed with a number of people at theBritish Medical Association, most notably Fleur Fisher, Simon Jenkins, andGrant Kelly Denise Schmandt-Besserat taught the world about bullae, whichprovided the background for the chapter on banking systems; that chapterwas also strengthened by input from Fay Hider and Willie List The chapter

on alarms contains much that I was taught by Roger Needham, Peter Dean,John Martin, Frank Clish, and Gary Geldart Nuclear command and controlsystems are much the brainchild of Gus Simmons; he and Bob Morris taught

me much of what’s in that chapter

Sijbrand Spannenburg reviewed the chapter on security printing; and RogerJohnston has taught us all an enormous amount about seals John Daugmanhelped polish the chapter on biometrics, as well as inventing iris scan-ning which I describe there My tutors on tamper resistance were Oliver

K ¨ommerling and Markus Kuhn; Markus also worked with me on emissionsecurity I had substantial input on electronic warfare from Mike Brown andOwen Lewis The chapter on phone fraud owes a lot to Duncan Campbell,Richard Cox, Rich Graveman, Udi Manber, Andrew Odlyzko and Roy Pater-son Ian Jackson contributed some ideas on network security Fabien Petitcolas

‘wrote the book’ on copyright marking, and helped polish my chapter on it.Johann Bezuidenhoudt made perceptive comments on both phone fraud andelectronic commerce, while Peter Landrock gave valuable input on bookkeep-ing and electronic commerce systems Alistair Kelman was a fount of knowl-edge on the legal aspects of copyright; and Hal Varian kept me straight on mat-ters of economics, and particularly the chapters on e-commerce and assurance

As for the third part of the book, the chapter on e-policy was heavily enced by colleagues at the Foundation for Information Policy Research, notablyCaspar Bowden, Nick Bohm, Fleur Fisher, Brian Gladman, Ian Brown, RichardClayton — and by the many others involved in the fight, including Whit Diffie,John Gilmore, Susan Landau, Brian Omotani and Mark Rotenberg The chapter

influ-on management benefited from input from Robert Brady, Jack Lang, and WillieList Finally, my thinking on assurance has been influenced by many people,including Robin Ball, Robert Brady, Willie List, and Robert Morris

There were also many people over the years who taught me my trade Theforemost of them is Roger Needham, who was my thesis advisor; but I alsolearned a lot from hundreds of engineers, programmers, auditors, lawyers,and policemen with whom I worked on various consultancy jobs over the last

15 years Of course, I take the rap for all the remaining errors and omissions.Finally, I owe a huge debt to my family, especially to my wife Shireen forputting up with over a year in which I neglected household duties and wasgenerally preoccupied Daughter Bavani and dogs Jimmy, Bess, Belle, Hobbes,Bigfoot, Cat, and Dogmatix also had to compete for a diminished quantum ofattention, and I thank them for their forbearance

Further Acknowledgments for

the Second Edition

Many of the folks who helped me with the first edition have also helpedupdate the same material this time In addition, I’ve had useful input, feedback

or debugging assistance from Edmond Alyanakian, Johann Bezuidenhoudt,Richard Clayton, Jolyon Clulow, Dan Cvrcek, Roger Dingledine, Saar Drimer,Mike Ellims, Dan Geer, Gary Geldart, Wendy Grossman, Dan Hagon, FengHao, Roger Johnston, Markus Kuhn, Susan Landau, Stephen Lewis, NickMathewson, Tyler Moore, Steven Murdoch, Shishir Nagaraja, Roger Nebel,Andy Ozment, Mike Roe, Frank Stajano, Mark Staples, Don Taylor, MarcTobias, Robert Watson and Jeff Yan The members of our security group

in Cambridge, and the Advisory Council of the Foundation for InformationPolicy Research, have been an invaluable sounding-board for many ideas And

I am also grateful to the many readers of the first edition who pointed outtypos and other improvements: Piotr Carlson, Peter Chambers, Nick Drage,Austin Donnelly, Ben Dougall, Shawn Fitzgerald, Paul Gillingwater, PieterHartel, David H˚as¨ather, Konstantin Hypp ¨onen, Oliver Jorns, Markus Kuhn,Garry McKay, Joe Osborne, Avi Rubin, Sam Simpson, M Taylor, Peter Taylor,Paul Thomas, Nick Volenec, Randall Walker, Keith Willis, Stuart Wray andStefek Zaba

A number of typos have been corrected in the second printing (2010) Thanks

to Adam Atkinson, Alastair Beresford, Antonomasia, David Boddie, KristofBoeynaems, Martin Brain, James Davenport, Dan Eble, Shailendra Fuloria,Dan Hasather, Neil Jenkins, Hyoung Joong Kim, Patrick Koeberl, SimonKramer, Stephan Neuhaus, Mark Oeltjenbruns, Alexandros Papadopoulos,Chris Pepper, Oscar Pereira, Raphael Phan, Matthew Slyman, Daniel Wagner-Hall, Randall Walker, and Stuart Wray for pointing them out!

xxxvii