I’ve been playing with computers and electronics since childhood. I even supported the people in my village with their computer issues back then. During my studies in electrical engineering, I learned how to solve technical challenges with structured approaches. At this time, I became fascinated by topics like cryptography and embedded system security. The books on this list helped me understand important concepts and practical real-world obstacles. I hope they are also of value to you!
I wrote...
Engineering Secure Devices: A Practical Guide for Embedded System Architects and Developers
I like embedded systems a lot, but I like hardware attacks on them even more because they represent very powerful attackers! I love the wonderful collection of expert knowledge and practical experience on side-channel analysis, fault attacks, and corresponding countermeasures created by Colin O'Flynn and Jasper van Woudenberg.
When reading through this one, I always remember my time as a PhD student, when my colleagues and I performed several tricky hardware attacks in our lab... That was definitely challenging but also a lot of fun!
The Hardware Hacking Handbook is a deep dive into embedded security, perfect for readers interested in designing, analysing, and attacking devices. You'll start with a crash course in embedded security and hardware interfaces and learn how to set up a test lab. Real-world examples and hands-on labs throughout allow you to explore hardware interfaces and practice various attacks.
When I first heard about cryptography at university, it sounded like mathematical magic. After looking into some randomly chosen crypto books, I was discouraged from digging deeper because they were full of math details.
Understanding Cryptography was different. It was aimed at engineering students like me, and it provided me with the most relevant facts necessary for designing secure devices. Since then, it has always been a great reference book for me.
Cryptography is now ubiquitous - moving beyond the traditional environments, such as government communications and banking systems, we see cryptographic techniques realized in Web browsers, e-mail programs, cell phones, manufacturing systems, embedded software, smart buildings, cars, and even medical implants. Today's designers need a comprehensive understanding of applied cryptography.
After an introduction to cryptography and data security, the authors explain the main techniques in modern cryptography, with chapters addressing stream ciphers, the Data Encryption Standard (DES) and 3DES, the Advanced Encryption Standard (AES), block ciphers, the RSA cryptosystem, public-key cryptosystems based on the discrete logarithm problem, elliptic-curve cryptography (ECC), digital…
When I take this book off my shelf, the probability that I find the answer I'm looking for is very high. Yes, it's a big book, and I'm pretty sure I haven't read every single page yet, but because of its broad coverage of security engineering knowledge, from crypto to real-world processes, it is an invaluable reference for teaching and practical cyber security.
Now that there's software in everything, how can you make anything secure? Understand how to engineer dependable systems with this newly updated classic
In Security Engineering: A Guide to Building Dependable Distributed Systems, Third Edition Cambridge University professor Ross Anderson updates his classic textbook and teaches readers how to design, implement, and test systems to withstand both error and attack.
This book became a best-seller in 2001 and helped establish the discipline of security engineering. By the second edition in 2008, underground dark markets had let the bad guys specialize and scale up; attacks were increasingly on users rather than…
I love this book because it has the power to pull even technical people out of their “security technology will save the world” bubble. I regularly encounter engineers randomly throwing countermeasures like strong encryption, secure boot, and TPMs at devices without knowing why.
This book provided me with a set of methods and practical hints for identifying and assessing relevant security threats—a much better starting point than penetration testing!
The only security book to be chosen as a Dr. Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography! Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn…
I love thinking about potential vulnerabilities and threat scenarios in IoT devices, because they are everywhere and they have already gained a significant amount of power.
Practical IoT Hacking is a wonderful read that stimulates my imagination about how to tackle devices and systems, but it doesn’t stop there: it even addresses the practical security analysis needs of my students and me.
Geared towards security researchers, IT teams, and penetration testers, application testers, developers, and IT administrators, this book teaches readers how to get started with hacking Internet connected devices. Readers dig deep into technical (and related legal) issues, as they learn what kinds of devices to use as hacking tools and which make the best targets. The authors, all experts in the field, cover the kinds of vulnerabilities found in IoT devices, explain how to exploit their network protocols, and how to leverage security flaws and certain hardware interfaces found in the physical devices themselves.
My book is a practical guide meant for students, engineers, and embedded system architects. It provides the fundamentals of a secure development process and modern cryptography before diving into typical building blocks of secure devices, like confidential data storage, unique device identities, and secure communication protocols. Further, you'll learn how to design secure boot and update processes, robust device architectures, and reliable access control measures. All topics are accompanied by real-world case studies and practical hints.
