Security Engineering - Errata (original) (raw)

My book suffered from a particularly fraught copyediting process, plagued by incompatible file formats (Wiley abandoned their latex capability while the book was being written) and rampant political correctness (for example, their editor changed almost every third person pronoun to `he or she', in defiance of even the Chicago Manual of Style - and I had to change them back again). Almost every other page led to serious arguments and repeated re-edits. So there are more errors than I would like (and more than there would have been without copyediting) - but probably fewer than in the typical technical reference of 640 pages.

The most embarrassing socially was the reference to Bruce Schneier as Prince Schneier on page 113. This came about because we changed from a surname-only citation rule to full-name citation, and at a stage when edits were being passed back and forth on wodges of paper. I wrote in Bruce's name by hand and my scrawl was mistranscribed. Sorry, Bruce ...

The most embarrassing professionally is on page 107 where I remark that key establishment can be done using any encryption function that commutes. The clause that got dropped there is of course the caveat that not all commutative encryption functions yield a key establishment protocol that is secure. The classic case of a commutative encryption function giving insecure key establishment is the one-time pad - in fact, I set this as an exam questionin 1996. In mitigation, I plead that (a) it was me who found this howler, and (b) in section 23.2.2.3, where I discuss software error rates, I estimated on the basis of what we found during proofreading that there are perhaps three dozen errors of substance left in the book. So far, we're well below that!

One case history that unfortunately turns out to be unfounded is the story of the `Mig-in-the-middle' attack, pp 19-20. I got this story over a beer from a chap I met at a conference who was wearing SAAF uniform, and it seemed technically plausible. I tried to get independent verification and failed, as I mention on page 19. I used it, with that caveat, as I've found it is a very good way of getting students to understand the risks of middleperson attacks on crypto protocols. However, in September 2001, I learned from a former employee of the South African Communications Security Agency that the story is apocryphal. As there were no South African air defence forces on the ground inside Angola, IFF was not used there, and the SAAF did not have secure mode IFF at the time anyway. I am also told, however, by former GCHQ / Royal Air Force sources that similar games have been played elsewhere by other forces. See the excellent books by R.V. Jones (references [424] and [425]), plus the later chapter on electronic warfare, for more on air combat deception strategies.

Vodafone has pointed out a few errors in the sections on mobile phone security in chapter 17. First, they did not use RF fingerprinting in the UK, but their subsidiary Airtouch did in the USA; what worked well in the UK was cryptographic authentication of the ESN (the equipment serial number) and the number being called. Second, in the authentication protocol, the triplets are sent to the VLR rather than the BSC, but the BSC still does receive Kc in the clear after a successful authentication. This means that there is still a protocol vulnerability, but in Vodafone's case the BSC is usually colocated with the VLR or connected by wireline to make attacks hard. Third, the first 3gpp services were launched in 2001, and Voda will launch in 2002.

There are a few other errors can cause the reader to stumble but should be clear on reading the sentence again. The most prominent may be the one cited in Niels Bjergstrom's review: the example encryption with Playfair on page 78 is obscure `...using the key in Figure 5.7, it enciphers to TB while rf enciphers to OB...' and should in fact read `...using the key in Figure 5.7, rd enciphers to TB while rf enciphers to OB...'. Also, p 15 section 2.2 line 7 says `X subscript KT for the message enciphered under the key K' but should be `X subscript K'.

There's also the usual crop of minor typos. For example, on page 29 line 9, the name of the German `Geldkarte' system got mysteriously (mis-)translated to `goldbank'; I've no idea how this happened. If I do a second edition, this sort of stuff will get fixed (and no doubt new ones introduced) - but after eighteen months' hard pounding on the manuscript I can't even face the thought of writing another book, let alone rewriting this one. Ask me again in ten years' time ...

Since 21 May 2004 I have been maintaining detailed pages of errata, including even minor typos, and some links to new material, for part 1, part 2, and part 3.

Return to the book's home page.