| |
| |
Notation | |
| |
| |
Preface | |
| |
| |
| |
Reader's Guide | |
| |
| |
| |
Outline of This Book | |
| |
| |
| |
Roadmap | |
| |
| |
| |
Internet and Web Resources | |
| |
| |
| |
Introduction | |
| |
| |
| |
Security Trends | |
| |
| |
| |
The OSI Security Architecture | |
| |
| |
| |
Security Attacks | |
| |
| |
| |
Security Services | |
| |
| |
| |
Security Mechanisms | |
| |
| |
| |
A Model for Network Security | |
| |
| |
| |
Recommended Reading and Web Sites | |
| |
| |
| |
Key Terms, Review Questions, and Problems | |
| |
| |
| |
Symmetric Ciphers | |
| |
| |
| |
Classical Encryption Techniques | |
| |
| |
| |
Symmetric Cipher Model | |
| |
| |
| |
Substitution Techniques | |
| |
| |
| |
Transposition Techniques | |
| |
| |
| |
Rotor Machines | |
| |
| |
| |
Steganography | |
| |
| |
| |
Recommended Reading and Web Sites | |
| |
| |
| |
Key Terms, Review Questions, and Problems | |
| |
| |
| |
Block Ciphers and the Data Encryption Standard | |
| |
| |
| |
Block Cipher Principles | |
| |
| |
| |
The Data Encryption Standard | |
| |
| |
| |
The Strength of DES | |
| |
| |
| |
Differential and Linear Cryptanalysis | |
| |
| |
| |
Block Cipher Design Principles | |
| |
| |
| |
Recommended Reading | |
| |
| |
| |
Key Terms, Review Questions, and Problems | |
| |
| |
| |
Finite Fields | |
| |
| |
| |
Groups, Rings, and Fields | |
| |
| |
| |
Modular Arithmetic | |
| |
| |
| |
The Euclidean Algorithm | |
| |
| |
| |
Finite Fields of the Form GF(p) | |
| |
| |
| |
Polynomial Arithmetic | |
| |
| |
| |
Finite Fields of the Form GF(2") | |
| |
| |
| |
Recommended Reading and Web Sites | |
| |
| |
| |
Key Terms, Review Questions, and Problems | |
| |
| |
| |
Advanced Encryption Standard | |
| |
| |
| |
Evaluation Criteria for AES | |
| |
| |
| |
The AES Cipher | |
| |
| |
| |
Recommended Reading and Web Sites | |
| |
| |
| |
Key Terms, Review Questions, and Problems | |
| |
| |
| |
Polynomials with Coefficients in GF(2[superscript 8]) | |
| |
| |
| |
Simplified AES | |
| |
| |
| |
More on Symmetric Ciphers | |
| |
| |
| |
Multiple Encryption and Triple DES | |
| |
| |
| |
Block Cipher Modes of Operation | |
| |
| |
| |
Stream Ciphers and RC4 | |
| |
| |
| |
Recommended Reading and Web Site | |
| |
| |
| |
Key Terms, Review Questions, and Problems | |
| |
| |
| |
Confidentiality Using Symmetric Encryption | |
| |
| |
| |
Placement of Encryption Function | |
| |
| |
| |
Traffic Confidentiality | |
| |
| |
| |
Key Distribution | |
| |
| |
| |
Random Number Generation | |
| |
| |
| |
Recommended Reading and Web Sites | |
| |
| |
| |
Key Terms, Review Questions, and Problems | |
| |
| |
| |
Public-Key Encryption and Hash Functions | |
| |
| |
| |
Introduction to Number Theory | |
| |
| |
| |
Prime Numbers | |
| |
| |
| |
Fermat's and Euler's Theorems | |
| |
| |
| |
Testing for Primality | |
| |
| |
| |
The Chinese Remainder Theorem | |
| |
| |
| |
Discrete Logarithms | |
| |
| |
| |
Recommended Reading and Web Site | |
| |
| |
| |
Key Terms, Review Questions, and Problems | |
| |
| |
| |
Public-Key Cryptography and RSA | |
| |
| |
| |
Principles of Public-Key Cryptosystems | |
| |
| |
| |
The RSA Algorithm | |
| |
| |
| |
Recommended Reading and Web Site | |
| |
| |
| |
Key Terms, Review Questions, and Problems | |
| |
| |
| |
Proof of the RSA Algorithm | |
| |
| |
| |
The Complexity of Algorithms | |
| |
| |
| |
Key Management; Other Public-Key Cryptosystems | |
| |
| |
| |
Key Management | |
| |
| |
| |
Diffie-Hellman Key Exchange | |
| |
| |
| |
Elliptic Curve Arithmetic | |
| |
| |
| |
Elliptic Curve Cryptography | |
| |
| |
| |
Recommended Reading and Web Site | |
| |
| |
| |
Key Terms, Review Questions, and Problems | |
| |
| |
| |
Message Authentication and Hash Functions | |
| |
| |
| |
Authentication Requirements | |
| |
| |
| |
Authentication Functions | |
| |
| |
| |
Message Authentication Codes | |
| |
| |
| |
Hash Functions | |
| |
| |
| |
Security of Hash Functions and MACs | |
| |
| |
| |
Recommended Reading | |
| |
| |
| |
Key Terms, Review Questions, and Problems | |
| |
| |
| |
Mathematical Basis of the Birthday Attack | |
| |
| |
| |
Hash and MAC Algorithms | |
| |
| |
| |
Secure Hash Algorithm | |
| |
| |
| |
Whirlpool | |
| |
| |
| |
HMAC | |
| |
| |
| |
CMAC | |
| |
| |
| |
Recommended Reading and Web Sites | |
| |
| |
| |
Key Terms, Review Questions, and Problems | |
| |
| |
| |
Digital Signatures and Authentication Protocols | |
| |
| |
| |
Digital Signatures | |
| |
| |
| |
Authentication Protocols | |
| |
| |
| |
Digital Signature Standard | |
| |
| |
| |
Recommended Reading and Web Sites | |
| |
| |
| |
Key Terms, Review Questions, and Problems | |
| |
| |
| |
Network Security Applications | |
| |
| |
| |
Authentication Applications | |
| |
| |
| |
Kerberos | |
| |
| |
| |
X.509 Authentication Service | |
| |
| |
| |
Public-Key Infrastructure | |
| |
| |
| |
Recommended Reading and Web Sites | |
| |
| |
| |
Key Terms, Review Questions, and Problems | |
| |
| |
| |
Kerberos Encryption Techniques | |
| |
| |
| |
Electronic Mail Security | |
| |
| |
| |
Pretty Good Privacy | |
| |
| |
| |
S/MIME | |
| |
| |
| |
Recommended Web Sites | |
| |
| |
| |
Key Terms, Review Questions, and Problems | |
| |
| |
| |
Data Compression Using ZIP | |
| |
| |
| |
Radix-64 Conversion | |
| |
| |
| |
PGP Random Number Generation | |
| |
| |
| |
IP Security | |
| |
| |
| |
IP Security Overview | |
| |
| |
| |
IP Security Architecture | |
| |
| |
| |
Authentication Header | |
| |
| |
| |
Encapsulating Security Payload | |
| |
| |
| |
Combining Security Associations | |
| |
| |
| |
Key Management | |
| |
| |
| |
Recommended Reading and Web Site | |
| |
| |
| |
Key Terms, Review Questions, and Problems | |
| |
| |
| |
Internetworking and Internet Protocols | |
| |
| |
| |
Web Security | |
| |
| |
| |
Web Security Considerations | |
| |
| |
| |
Secure Socket Layer and Transport Layer Security | |
| |
| |
| |
Secure Electronic Transaction | |
| |
| |
| |
Recommended Reading and Web Sites | |
| |
| |
| |
Key Terms, Review Questions, and Problems | |
| |
| |
| |
System Security | |
| |
| |
| |
Intruders | |
| |
| |
| |
Intruders | |
| |
| |
| |
Intrusion Detection | |
| |
| |
| |
Password Management | |
| |
| |
| |
Recommended Reading and Web Sites | |
| |
| |
| |
Key Terms, Review Questions, and Problems | |
| |
| |
| |
The Base-Rate Fallacy | |
| |
| |
| |
Malicious Software | |
| |
| |
| |
Viruses and Related Threats | |
| |
| |
| |
Virus Countermeasures | |
| |
| |
| |
Distributed Denial of Service Attacks | |
| |
| |
| |
Recommended Reading and Web Sites | |
| |
| |
| |
Key Terms, Review Questions, and Problems | |
| |
| |
| |
Firewalls | |
| |
| |
| |
Firewall Design Principles | |
| |
| |
| |
Trusted Systems | |
| |
| |
| |
Common Criteria for Information Technology Security Evaluation | |
| |
| |
| |
Recommended Reading and Web Sites | |
| |
| |
| |
Key Terms, Review Questions, and Problems | |
| |
| |
Appendices | |
| |
| |
| |
Standards and Standards-Setting Organizations | |
| |
| |
| |
The Importance of Standards | |
| |
| |
| |
Internet Standards and the Internet Society | |
| |
| |
| |
National Institute of Standards and Technology | |
| |
| |
| |
Projects for Teaching Cryptography and Network Security | |
| |
| |
| |
Research Projects | |
| |
| |
| |
Programming Projects | |
| |
| |
| |
Laboratory Exercises | |
| |
| |
| |
Writing Assignments | |
| |
| |
| |
Reading/Report Assignments | |
| |
| |
Glossary | |
| |
| |
References | |
| |
| |
Index | |