| |
| |
Acknowledgments | |
| |
| |
| |
Introduction | |
| |
| |
Roadmap to the Book | |
| |
| |
What Type of Book Is This? | |
| |
| |
Terminology | |
| |
| |
Notation | |
| |
| |
Primer on Networking | |
| |
| |
Active vs. Passive Attackc | |
| |
| |
Layers and Cryptography | |
| |
| |
Authorization | |
| |
| |
Tempest | |
| |
| |
Key Escrow for Law Enforcement | |
| |
| |
Key Escrow for Careless Users | |
| |
| |
Viruses, Worms, Trojan Horses | |
| |
| |
The Multi-level Model of Security | |
| |
| |
Legal Issues | |
| |
| |
| |
Cryptography | |
| |
| |
| |
Introduction to Cryptography | |
| |
| |
What Is Cryptography? | |
| |
| |
Breaking an Encryption Scheme | |
| |
| |
Types of Cryptographic Functions | |
| |
| |
Secret Key Cryptography | |
| |
| |
Public Key Cryptography | |
| |
| |
Hash Algorithms | |
| |
| |
Homework | |
| |
| |
| |
Secret Key Cryptography | |
| |
| |
Introduction | |
| |
| |
Generic Block Encryption | |
| |
| |
Data Encryption Standard (DES) | |
| |
| |
International Data Encryption Algorithm (IDEA) | |
| |
| |
Advanced Encryption Standard (AES) | |
| |
| |
RC4 | |
| |
| |
Homework | |
| |
| |
| |
Modes of Operation | |
| |
| |
Introduction | |
| |
| |
Encrypting a Large Message | |
| |
| |
Generating MACs | |
| |
| |
Multiple Encryption DES | |
| |
| |
CBC Outside vs. Inside | |
| |
| |
Homework | |
| |
| |
| |
Hashes and Message Digests | |
| |
| |
Introduction | |
| |
| |
Nifty Things to Do with a Hash | |
| |
| |
MD2 | |
| |
| |
MD4 | |
| |
| |
MD5 | |
| |
| |
SHA-1 | |
| |
| |
HMAC | |
| |
| |
Homework | |
| |
| |
| |
Public Key Algorithms | |
| |
| |
Introduction | |
| |
| |
Modular Arithmetic | |
| |
| |
RSA | |
| |
| |
Diffie-Hellman | |
| |
| |
Digital Signature Standard (DSS) | |
| |
| |
How Secure Are RSA and Diffie-Hellman? | |
| |
| |
Elliptic Curve Cryptography (ECC) | |
| |
| |
Zero Knowledge Proof Systems | |
| |
| |
Homework Problems | |
| |
| |
| |
Number Theory | |
| |
| |
Introduction | |
| |
| |
Modular Arithmetic | |
| |
| |
Primes | |
| |
| |
Euclid's Algorithm | |
| |
| |
Chinese Remainder Theorem | |
| |
| |
Zn. Euler's Totient Function | |
| |
| |
Euler's Theorem | |
| |
| |
Homework Problems | |
| |
| |
| |
Math with AES and Elliptic Curves | |
| |
| |
Introduction | |
| |
| |
Notation | |
| |
| |
Groups | |
| |
| |
Fields | |
| |
| |
Mathematics of Rijndael | |
| |
| |
Elliptic Curve Cryptography | |
| |
| |
Homework | |
| |
| |
| |
Authentication | |
| |
| |
| |
Overview of Authentication Systems | |
| |
| |
Password-Based Authentication | |
| |
| |
Address-Based Authentication | |
| |
| |
Cryptographic Authentication Protocols | |
| |
| |
Who Is Being Authenticated? | |
| |
| |
Passwords as Cryptographic Keys | |
| |
| |
Eavesdropping and Server Database Reading | |
| |
| |
Trusted Intermediaries | |
| |
| |
Session Key Establishment | |
| |
| |
Delegation | |
| |
| |
Homework | |
| |
| |
| |
Authentication of People | |
| |
| |
Passwords | |
| |
| |
On-Line Password Guessing | |
| |
| |
Off-Line Password Guessing | |
| |
| |
How Big Should a Secret Be? | |
| |
| |
Eavesdropping | |
| |
| |
Passwords and Careless Users | |
| |
| |
Initial Password Distribution | |
| |
| |
Authentication Tokens | |
| |
| |
Physical Access | |
| |
| |
Biometrics | |
| |
| |
Homework | |
| |
| |
| |
Security Handshake Pitfalls | |
| |
| |
Login Only | |
| |
| |
Mutual Authentication | |
| |
| |
Integrity/Encryption for Data | |
| |
| |
Mediated Authentication (with KDC) | |
| |
| |
Nonce Types | |
| |
| |
Picking Random Numbers | |
| |
| |
Performance Considerations | |
| |
| |
Authentication Protocol Checklist | |
| |
| |
Homework | |