User's guide to cryptography and standards

Title:

Personal Author:

Dent, Alexander W.

Series:

Artech House computer security series

Publication Information:

Boston, MA : Artech House, 2005

ISBN:

9781580535304

Subject Term:

Computer security

Cryptography -- Standards

Computers -- Access control -- Standards

Added Author:

Mitchell, Chris J.

Available:*

Library	Item Barcode	Call Number	Material Type	Item Category 1	Status
Searching... PSZ JB	30000010077647	QA76.9.A25 D464 2005	Open Access Book	Book	Searching... Unknown
Searching... PSZ KL	30000010115912	QA76.9.A25 D464 2005	Open Access Book	Book	Searching... Unknown

With the scope and frequency of attacks on valuable corporate data growing enormously in recent years, a solid understanding of cryptography is essential for anyone working in the computer/network security field. This timely book delivers the hands-on knowledge you need, offering comprehensive coverage on the latest and most-important standardized cryptographic techniques to help you protect your data and computing resources to the fullest. Rather than focusing on theory like other books on the market, this unique resource describes cryptography from an end-user perspective, presenting in-depth, highly practical comparisons of standards and techniques.

Reviews 1

Choice Review

Dent and Mitchell (both, Univ. of London) offer a work that is not a traditional cryptography book. They assume some familiarity with cryptography but, as they state, the book is "not intended to provide a thorough grounding in the theory of cryptography." They also avoid any details of cryptanalysis. The mathematics is kept to a minimum (modular arithmetic and discrete logarithms take up two pages). When discussing the security of a particular cipher, one may ask two questions: Why is it secure? Who says it is secure? This book focuses on the latter question, and discusses the various certifying agencies along with some of their criteria and what their particular certification asserts. It goes through the historic development of many of the different agencies, often including why they came into being as well as their impact. It is not a textbook in that there are no problems, but it does provide a considerable list of references and, as the title suggests, it is a user's guide for many of the standards in cryptography, for the end user rather than the researcher. ^BSumming Up: Recommended. Professionals. J. R. Burke Gonzaga University

Acknowledgments	p. xv
1 Introduction	p. 1
1.1 Scope and purpose	p. 1
1.2 Structure of the book	p. 3
1.3 Terminology	p. 4
1.4 Modular arithmetic	p. 5
1.5 Notes	p. 7
References	p. 7
2 Standards and the Standardization Process	p. 9
2.1 Why bother with standards?	p. 9
2.2 International standardization organizations	p. 10
2.2.1 International Organization for Standardization (ISO)	p. 10
2.2.2 International Electrotechnical Commission (IEC)	p. 12
2.2.3 International Telecommunication Union (ITU)	p. 12
2.3 National standardization organizations	p. 12
2.3.1 American National Standards Institute (ANSI)	p. 13
2.3.2 British Standards Institute (BSI)	p. 13
2.3.3 National Institute of Standards and Technology (NIST)	p. 13
2.4 Industrial standardization organizations	p. 13
2.4.1 Third Generation Partnership Project (3GPP)	p. 14
2.4.2 European Telecommunications Standard Institute (ETSI)	p. 14
2.4.3 Institute of Electrical and Electronics Engineers (IEEE)	p. 14
2.4.4 Internet Engineering Task Force (IETF)	p. 14
2.4.5 Standards for Efficient Cryptography Group (SECG)	p. 15
2.4.6 Public-Key Cryptography Standards (PKCSs)	p. 15
2.5 Cryptographic evaluation bodies	p. 16
2.6 Notes	p. 17
References	p. 17
3 Security Mechanisms and Security Services	p. 19
3.1 Introduction	p. 19
3.2 Security standards	p. 20
3.3 A model for security	p. 21
3.3.1 Security policies	p. 21
3.4 Security services	p. 22
3.4.1 Authentication	p. 23
3.4.2 Access control	p. 23
3.4.3 Data confidentiality	p. 24
3.4.4 Data integrity	p. 24
3.4.5 Non-repudiation	p. 25
3.4.6 Other services	p. 25
3.4.7 Summary	p. 25
3.5 Security mechanisms	p. 26
3.5.1 Specific security mechanisms	p. 26
3.5.2 Pervasive security mechanisms	p. 29
3.5.3 Selection of security mechanisms	p. 30
3.6 Relating services to mechanisms	p. 31
3.7 Service and protocol layers	p. 31
3.7.1 The OSI model	p. 31
3.7.2 Layers versus security services	p. 32
3.7.3 The Internet model	p. 33
3.8 Security management	p. 34
3.8.1 System security management	p. 35
3.8.2 Security service management	p. 35
3.8.3 Security mechanism management	p. 35
3.8.4 Security of OSI management	p. 36
3.8.5 Assurance	p. 36
3.9 Security frameworks	p. 36
3.9.1 Frameworks overview	p. 37
3.9.2 Authentication framework	p. 37
3.9.3 Access control framework	p. 37
3.9.4 Non-repudiation framework	p. 37
3.9.5 Confidentiality framework	p. 38
3.9.6 Integrity framework	p. 38
3.9.7 Audit and alarms framework	p. 38
3.10 Notes	p. 38
References	p. 40
4 Encryption	p. 45
4.1 Definitions and basic properties	p. 46
4.1.1 Symmetric ciphers	p. 46
4.1.2 Asymmetric ciphers	p. 46
4.1.3 Attacks against encryption schemes	p. 47
4.2 Block ciphers	p. 48
4.2.1 The National Bureau of Standards and DES	p. 49
4.2.2 The ISO Register of Cryptographic Algorithms	p. 51
4.2.3 NIST and AES	p. 52
4.2.4 3GPP and KASUMI	p. 52
4.2.5 ISO/IEC 18033	p. 53
4.3 Stream ciphers	p. 53
4.4 Asymmetric ciphers	p. 56
4.4.1 The Rivest-Shamir-Adleman (RSA) scheme	p. 57
4.4.2 Industry Standards for Asymmetric Encryption	p. 59
4.4.3 IEEE 1363	p. 60
4.4.4 ISO/IEC 18033	p. 61
4.5 Notes	p. 63
References	p. 67
5 Modes of Operation for Block Ciphers	p. 71
5.1 Definitions and basic properties	p. 71
5.2 Standards for modes of operation	p. 72
5.3 Padding methods	p. 72
5.4 ECB mode	p. 73
5.5 Cipher block chaining (CBC) mode	p. 74
5.6 CTR mode	p. 77
5.7 OFB mode	p. 79
5.8 CFB mode	p. 81
5.9 Choosing a mode of operation	p. 84
5.10 Other modes	p. 86
5.10.1 Triple-DES modes	p. 86
5.10.2 Authenticated encryption modes	p. 87
5.11 Notes	p. 87
References	p. 89
6 Cryptographic Hash Functions	p. 93
6.1 Definitions and basic properties	p. 93
6.1.1 The security of a hash function	p. 93
6.1.2 Iterative hash functions	p. 95
6.2 Standards for hash functions	p. 97
6.3 Hash functions based on block ciphers	p. 98
6.3.1 Padding methods	p. 98
6.3.2 Block cipher hash function 1	p. 99
6.3.3 Block cipher hash function 2	p. 101
6.4 Dedicated hash functions	p. 103
6.5 Hash functions based on modular arithmetic	p. 105
6.6 Choosing a hash function	p. 105
6.7 Notes	p. 106
References	p. 109
7 Message Authentication Codes (MACs)	p. 113
7.1 Definitions and basic properties	p. 113
7.2 Standards for MACs	p. 115
7.3 CBC-MACs	p. 116
7.3.1 SMAC-the simplest form of CBC-MAC	p. 116
7.3.2 Padding methods	p. 117
7.3.3 Output transformations	p. 119
7.3.4 Other CBC-MAC schemes	p. 121
7.3.5 MAC algorithm 4 from ISO/IEC 9797-1	p. 123
7.3.6 MAC algorithms 5 and 6 from ISO/IEC 9797-1	p. 124
7.3.7 XCBC, TMAC, and OMAC	p. 124
7.3.8 Choosing a CBC-MAC function	p. 125
7.4 MACs based on hash functions	p. 126
7.4.1 The MDx-MAC functions	p. 127
7.4.2 HMAC	p. 127
7.4.3 MDx-MAC variant for short messages	p. 128
7.4.4 Choosing a hash-based MAC function	p. 128
7.5 Other MAC functions	p. 128
7.6 Notes	p. 129
References	p. 131
8 Digital Signatures	p. 135
8.1 Definitions and basic properties	p. 135
8.1.1 Deterministic and probabilistic signature schemes	p. 138
8.1.2 Reversible and nonreversible signature schemes	p. 139
8.1.3 Identity-based and certificate-based signature schemes	p. 140
8.2 Standards for digital signatures	p. 141
8.3 The Digital Signature Algorithm (DSA)	p. 142
8.4 RSA-based signature schemes	p. 144
8.5 Digital signatures and the law	p. 147
8.5.1 U.S. legislation	p. 147
8.5.2 Certification authorities	p. 149
8.5.3 EU legislation	p. 149
8.6 Choosing a digital signature scheme	p. 150
8.7 Notes	p. 151
References	p. 156
9 Non-Repudiation Mechanisms	p. 159
9.1 Introduction	p. 159
9.2 Standards for non-repudiation	p. 160
9.3 Non-repudiation model and services	p. 160
9.3.1 A model for non-repudiation	p. 161
9.3.2 Types of evidence	p. 162
9.3.3 Non-repudiation services	p. 162
9.3.4 Non-repudiation tokens	p. 163
9.4 Non-repudiation using symmetric cryptography	p. 164
9.4.1 Non-repudiation of origin using MACs	p. 164
9.4.2 Non-repudiation of delivery using MACs	p. 166
9.4.3 Other mechanisms	p. 168
9.5 Non-repudiation using asymmetric cryptography	p. 168
9.5.1 Non-repudiation of origin using signatures	p. 168
9.5.2 Non-repudiation of delivery using signatures	p. 169
9.5.3 Other mechanisms	p. 170
9.6 Time-stamping and non-repudiation	p. 170
9.7 Notes	p. 170
References	p. 171
10 Authentication Protocols	p. 173
10.1 Introduction	p. 174
10.2 Standards for entity authentication protocols	p. 175
10.3 Cryptographic mechanisms	p. 176
10.3.1 Using symmetric encryption	p. 176
10.3.2 Using MACs	p. 177
10.3.3 Using digital signatures	p. 178
10.3.4 Zero-knowledge protocols	p. 178
10.3.5 Using asymmetric encryption	p. 178
10.3.6 Using other asymmetric cryptographic techniques	p. 179
10.4 Timeliness checking mechanisms	p. 179
10.4.1 Time-stamps	p. 179
10.4.2 Nonces	p. 180
10.5 Authentication using symmetric cryptography	p. 181
10.5.1 Unilateral authentication protocols	p. 181
10.5.2 Mutual authentication protocols	p. 185
10.5.3 Third party-aided mechanisms	p. 189
10.6 Authentication using asymmetric cryptography	p. 194
10.6.1 Unilateral authentication mechanisms	p. 195
10.6.2 Mutual authentication mechanisms	p. 197
10.7 Manual authentication protocols	p. 200
10.7.1 Manual authentication using a short check-value	p. 202
10.7.2 Manual authentication using a full-length MAC function	p. 203
10.8 Choosing an authentication protocol	p. 205
10.9 Notes	p. 207
References	p. 210
11 Key Management Frameworks	p. 215
11.1 Standards for key management	p. 215
11.2 Definitions and basic properties	p. 216
11.2.1 Threats and protection	p. 216
11.2.2 Basic definitions	p. 217
11.2.3 Key separation	p. 218
11.2.4 Key hierarchies	p. 218
11.2.5 Registration authorities	p. 219
11.3 The general framework	p. 219
11.3.1 Key generation	p. 221
11.3.2 Key activation	p. 223
11.3.3 Key deactivation	p. 223
11.3.4 Key reactivation	p. 224
11.3.5 Key destruction	p. 224
11.4 The ANSI X9.24 framework	p. 225
11.4.1 General requirements	p. 225
11.4.2 Key generation	p. 227
11.4.3 Key distribution	p. 227
11.4.4 Key utilization	p. 227
11.4.5 Key replacement	p. 228
11.4.6 Key destruction and archival	p. 228
11.5 Notes	p. 228
References	p. 229
12 Key Establishment Mechanisms	p. 231
12.1 Definitions and basic properties	p. 231
12.1.1 Key establishment mechanisms and authentication protocols	p. 233
12.1.2 Properties of key establishment mechanisms	p. 234
12.2 Standards for key establishment	p. 235
12.2.1 Standards using symmetric techniques	p. 235
12.2.2 Standards using asymmetric techniques	p. 236
12.3 Physical mechanisms	p. 237
12.3.1 Dual control	p. 238
12.4 Mechanisms using symmetric cryptography	p. 238
12.4.1 Direct communication	p. 239
12.4.2 Key distribution centers	p. 241
12.4.3 Key translation centers (KTCs)	p. 244
12.4.4 Key establishment between different security domains	p. 246
12.5 Mechanisms using asymmetric cryptography	p. 246
12.5.1 The Diffie-Hellman function	p. 248
12.5.2 Key agreement mechanisms	p. 249
12.5.3 Key transport mechanisms	p. 253
12.6 Key establishment based on weak secrets	p. 254
12.7 Key establishment for mobile networks	p. 255
12.8 Choosing a key establishment scheme	p. 258
12.9 Notes	p. 259
References	p. 263
13 Public Key Infrastructures	p. 267
13.1 What is a PKI?	p. 267
13.2 PKI standards	p. 269
13.3 Certificate formats	p. 271
13.3.1 X.509 public key certificates	p. 271
13.3.2 X.509 attribute certificates	p. 276
13.3.3 X.509 certificate profiles	p. 276
13.3.4 Other certificate formats	p. 278
13.4 Certificate management	p. 278
13.4.1 The certificate management protocol (CMP)	p. 279
13.4.2 Certificate request messages	p. 281
13.4.3 Mechanisms for proof of possession	p. 282
13.4.4 Other certificate management standards	p. 282
13.5 Certificate storage and retrieval	p. 283
13.5.1 X.500 directories	p. 283
13.5.2 Using LDAP version 2	p. 283
13.5.3 Using FTP and HTTP	p. 284
13.5.4 Delegating certification path discovery	p. 284
13.6 Certificate status discovery	p. 284
13.6.1 Certificate revocation lists (CRLs)	p. 285
13.6.2 The on-line certificate status protocol (OCSP)	p. 285
13.6.3 Using proxies for status management	p. 285
13.7 Certificate policies and certification practice statements	p. 286
13.8 Notes	p. 287
References	p. 289
14 Trusted Third Parties	p. 295
14.1 Definitions and basic properties	p. 295
14.2 Standards for managing TTPs	p. 297
14.3 TTP requirements	p. 297
14.3.1 Policy and practice statements	p. 297
14.3.2 TTP management	p. 298
14.3.3 Legal considerations	p. 299
14.4 TTP architectures	p. 299
14.4.1 Two-party TTP architectures	p. 300
14.4.2 Interworking TTPs	p. 302
14.5 Time-stamping authorities	p. 302
14.5.1 Time-stamping tokens	p. 303
14.5.2 Linked tokens	p. 304
14.6 Digital archiving authorities	p. 305
14.7 Notes	p. 305
References	p. 307
15 Cryptographic APIs	p. 309
15.1 Introduction	p. 309
15.2 Standards for crypto APIs	p. 311
15.3 GSS-API	p. 312
15.3.1 Properties of the API	p. 313
15.3.2 Language bindings	p. 314
15.3.3 Authentication protocols	p. 314
15.4 PKCS #11	p. 315
15.4.1 Data storage	p. 315
15.4.2 Access control	p. 316
15.4.3 Sessions and concurrency	p. 316
15.5 Security issues	p. 316
15.6 Notes	p. 318
References	p. 319
16 Other Standards	p. 323
16.1 Random bit generation	p. 323
16.1.1 Nondeterministic RBGs	p. 324
16.1.2 Deterministic RBGs	p. 326
16.1.3 Generating random numbers	p. 327
16.2 Prime number generation	p. 328
16.3 Authenticated encryption	p. 329
16.3.1 CTR and CBC-MAC (CCM) mode	p. 330
16.3.2 CTR and OMAC (EAX) mode	p. 333
16.4 Security modules	p. 336
16.4.1 Security modules in the financial sector	p. 336
16.4.2 Security modules in the wider world	p. 338
16.5 Standards for the use of biometric techniques	p. 339
16.5.1 General requirements of a biometric	p. 340
16.5.2 Common biometrics	p. 341
16.5.3 The general biometric architecture	p. 343
16.5.4 Supporting functions	p. 344
16.5.5 Biometric standards	p. 344
16.6 Information security management	p. 345
16.7 Notes	p. 347
References	p. 350
17 Standards: The Future	p. 355
Appendix A Table of Standards	p. 359
A.1 3GPP standards	p. 359
A.2 ANSI standards	p. 360
A.3 BSI standards	p. 360
A.4 ETSI standards	p. 361
A.5 IEEE standards	p. 361
A.6 IETF requests for comments (RFCs)	p. 361
A.7 ISO standards	p. 363
A.8 ITU-T Recommendations	p. 366
A.9 NIST FIPS	p. 367
A.10 RSA PKCS	p. 368
A.11 SECG standards	p. 368
About the Authors	p. 369
Index	p. 371

Available:*

On Order

Summary

Summary

Reviews 1

Choice Review

Table of Contents