Librería Portfolio

Introductory textbook in the important area of network security for undergraduate and graduate students
Comprehensively covers fundamental concepts with newer topics such as electronic cash, bit-coin, P2P, SHA-3, E-voting, and Zigbee security
Fully updated to reflect new developments in network security
Introduces a chapter on Cloud security, a very popular and essential topic
Uses everyday examples that most computer users experience to illustrate important principles and mechanisms
Features a companion website with Powerpoint slides for lectures and solution manuals to selected exercise problems, available at http://www.cs.uml.edu/~wang/NetSec



Table of Contents

Preface xv

About the Authors xix

1 Network Security Overview 1

1.1 Mission and Definitions 1

1.2 Common Attacks and Defense Mechanisms 3

1.2.1 Eavesdropping 3

1.2.2 Cryptanalysis 4

1.2.3 Password Pilfering 5

1.2.4 Identity Spoofing 13

1.2.5 Buffer-Overflow Exploitations 16

1.2.6 Repudiation 18

1.2.7 Intrusion 19

1.2.8 Traffic Analysis 19

1.2.9 Denial of Service Attacks 20

1.2.10 Malicious Software 22

1.3 Attacker Profiles 25

1.3.1 Hackers 25

1.3.2 Script Kiddies 26

1.3.3 Cyber Spies 26

1.3.4 Vicious Employees 27

1.3.5 Cyber Terrorists 27

1.3.6 Hypothetical Attackers 27

1.4 Basic Security Model 27

1.5 Security Resources 29

1.5.1 CERT 29

1.5.2 SANS Institute 29

1.5.3 Microsoft Security 29

1.5.4 NTBugtraq 29

1.5.5 Common Vulnerabilities and Exposures 30

1.6 Closing Remarks 30

1.7 Exercises 30

1.7.1 Discussions 30

1.7.2 Homework 31

2 Data Encryption Algorithms 45

2.1 Data Encryption Algorithm Design Criteria 45

2.1.1 ASCII Code 46

2.1.2 XOR Encryption 46

2.1.3 Criteria of Data Encryptions 48

2.1.4 Implementation Criteria 50

2.2 Data Encryption Standard 50

2.2.1 Feistel's Cipher Scheme 50

2.2.2 DES Subkeys 52

2.2.3 DES Substitution Boxes 54

2.2.4 DES Encryption 55

2.2.5 DES Decryption and Correctness Proof 57

2.2.6 DES Security Strength 58

2.3 Multiple DES 59

2.3.1 Triple-DES with Two Keys 59

2.3.2 2DES and 3DES/3 59

2.3.3 Meet-in-the-Middle Attacks on 2DES 60

2.4 Advanced Encryption Standard 61

2.4.1 AES Basic Structures 61

2.4.2 AES S-Boxes 63

2.4.3 AES-128 Round Keys 65

2.4.4 Add Round Keys 66

2.4.5 Substitute-Bytes 67

2.4.6 Shift-Rows 67

2.4.7 Mix-Columns 67

2.4.8 AES-128 Encryption 68

2.4.9 AES-128 Decryption and Correctness Proof 69

2.4.10 Galois Fields 70

2.4.11 Construction of the AES S-Box and Its Inverse 73

2.4.12 AES Security Strength 74

2.5 Standard Block Cipher Modes of Operations 74

2.5.1 Electronic-Codebook Mode 75

2.5.2 Cipher-Block-Chaining Mode 75

2.5.3 Cipher-Feedback Mode 75

2.5.4 Output-Feedback Mode 76

2.5.5 Counter Mode 76

2.6 Offset Codebook Mode of Operations 77

2.6.1 Basic Operations 77

2.6.2 OCB Encryption and Tag Generation 78

2.6.3 OCB Decryption and Tag Verification 79

2.7 Stream Ciphers 80

2.7.1 RC4 Stream Cipher 80

2.7.2 RC4 Security Weaknesses 81

2.8 Key Generations 83

2.8.1 ANSI X9.17 PRNG 83

2.8.2 BBS Pseudorandom Bit Generator 83

2.9 Closing Remarks 84

2.10 Exercises 85

2.10.1 Discussions 85

2.10.2 Homework 85

3 Public-Key Cryptography and Key Management 93

3.1 Concepts of Public-Key Cryptography 93

3.2 Elementary Concepts and Theorems in Number Theory 95

3.2.1 Modular Arithmetic and Congruence Relations 96

3.2.2 Modular Inverse 96

3.2.3 Primitive Roots 98

3.2.4 Fast Modular Exponentiation 98

3.2.5 Finding Large Prime Numbers 100

3.2.6 The Chinese Remainder Theorem 101

3.2.7 Finite Continued Fractions 102

3.3 Diffie-Hellman Key Exchange 103

3.3.1 Key Exchange Protocol 103

3.3.2 Man-in-the-Middle Attacks 104

3.3.3 Elgamal PKC 106

3.4 RSA Cryptosystem 106

3.4.1 RSA Key Pairs, Encryptions, and Decryptions 106

3.4.2 RSA Parameter Attacks 109

3.4.3 RSA Challenge Numbers 112

3.5 Elliptic-Curve Cryptography 113

3.5.1 Commutative Groups on Elliptic Curves 113

3.5.2 Discrete Elliptic Curves 115

3.5.3 ECC Encodings 116

3.5.4 ECC Encryption and Decryption 117

3.5.5 ECC Key Exchange 118

3.5.6 ECC Strength 118

3.6 Key Distributions and Management 118

3.6.1 Master Keys and Session Keys 119

3.6.2 Public-Key Certificates 119

3.6.3 CA Networks 120

3.6.4 Key Rings 121

3.7 Closing Remarks 123

3.8 Exercises 123

3.8.1 Discussions 123

3.8.2 Homework 124

4 Data Authentication 129

4.1 Cryptographic Hash Functions 129

4.1.1 Design Criteria of Cryptographic Hash Functions 130

4.1.2 Quest for Cryptographic Hash Functions 131

4.1.3 Basic Structure of Standard Hash Functions 132

4.1.4 SHA-512 132

4.1.5 WHIRLPOOL 135

4.1.6 SHA-3 Standard 139

4.2 Cryptographic Checksums 143

4.2.1 Exclusive-OR Cryptographic Checksums 143

4.2.2 Design Criteria of MAC Algorithms 144

4.2.3 Data Authentication Algorithm 144

4.3 HMAC 144

4.3.1 Design Criteria of HMAC 144

4.3.2 HMAC Algorithm 145

4.4 Birthday Attacks 145

4.4.1 Complexity of Breaking Strong Collision Resistance 146

4.4.2 Set Intersection Attack 147

4.5 Digital Signature Standard 149

4.5.1 Signing 149

4.5.2 Signature Verifying 150

4.5.3 Correctness Proof of Signature Verification 150

4.5.4 Security Strength of DSS 151

4.6 Dual Signatures and Electronic Transactions 151

4.6.1 Dual Signature Applications 152

4.6.2 Dual Signatures and Electronic Transactions 152

4.7 Blind Signatures and Electronic Cash 153

4.7.1 RSA Blind Signatures 153

4.7.2 Electronic Cash 154

4.7.3 Bitcoin 156

4.8 Closing Remarks 158

4.9 Exercises 158

4.9.1 Discussions 158

4.9.2 Homework 158

5 Network Security Protocols in Practice 165

5.1 Crypto Placements in Networks 165

5.1.1 Crypto Placement at the Application Layer 168

5.1.2 Crypto Placement at the Transport Layer 168

5.1.3 Crypto Placement at the Network Layer 168

5.1.4 Crypto Placement at the Data-Link Layer 169

5.1.5 Implementations of Crypto Algorithms 169

5.2 Public-Key Infrastructure 170

5.2.1 X.509 Public-Key Infrastructure 170

5.2.2 X.509 Certificate Formats 171

5.3 IPsec: A Security Protocol at the Network Layer 173

5.3.1 Security Association 173

5.3.2 Application Modes and Security Associations 174

5.3.3 AH Format 176

5.3.4 ESP Format 178

5.3.5 Secret Key Determination and Distribution 179

5.4 SSL/TLS: Security Protocols at the Transport Layer 183

5.4.1 SSL Handshake Protocol 184

5.4.2 SSL Record Protocol 187

5.5 PGP and S/MIME: Email Security Protocols 188

5.5.1 Basic Email Security Mechanisms 189

5.5.2 PGP 190

5.5.3 S/MIME 191

5.6 Kerberos: An Authentication Protocol 192

5.6.1 Basic Ideas 192

5.6.2 Single-Realm Kerberos 193

5.6.3 Multiple-Realm Kerberos 195

5.7 SSH: Security Protocols for Remote