Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
---|---|---|---|---|---|
Searching... | 30000010070369 | TK5102.94 C62 2004 | Open Access Book | Book | Searching... |
Searching... | 30000010076878 | QA76.9 .M35 C37 2004 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Cryptography is the most effective way to achieve data security and is essential to e-commerce activities such as online shopping, stock trading, and banking This invaluable introduction to the basics of encryption covers everything from the terminology used in the field to specific technologies to the pros and cons of different implementations Discusses specific technologies that incorporate cryptography in their design, such as authentication methods, wireless encryption, e-commerce, and smart cards Based entirely on real-world issues and situations, the material provides instructions for already available technologies that readers can put to work immediately Expert author Chey Cobb is retired from the NRO, where she held a Top Secret security clearance, instructed employees of the CIA and NSA on computer security and helped develop the computer security policies used by all U.S. intelligence agencies
Author Notes
Chey Cobb, CISSP, was Chief Security Officer for a National Reconnaissance Office (NRO) overseas location. She is a nationally recognized computer security expert
Table of Contents
Introduction | p. 1 |
About This Book | p. 2 |
How to Use This Book | p. 2 |
What You Don't Need to Read | p. 3 |
Foolish Assumptions | p. 3 |
How This Book Is Organized | p. 3 |
Icons Used in This Book | p. 5 |
Where to Go from Here | p. 5 |
Part I Crypto Basics & What You Really Need to Know | p. 7 |
Chapter 1 A Primer on Crypto Basics | p. 9 |
It's Not about James Bond | p. 9 |
Getting to Know the Basic Terms | p. 12 |
What Makes a Cipher? | p. 13 |
Breaking Ciphers | p. 20 |
Cryptosystems | p. 22 |
Everyday Uses of Encryption | p. 23 |
Why Encryption Isn't More Commonplace | p. 28 |
Chapter 2 Major League Algorithms | p. 33 |
Beware of "Snake Oil" | p. 34 |
Symmetric Keys Are All the Same | p. 37 |
Symmetric Algorithms Come in Different Flavors | p. 40 |
Identifying Symmetric Algorithms | p. 45 |
Asymmetric Keys | p. 47 |
Working Together | p. 52 |
Chapter 3 Deciding What You Really Need | p. 53 |
Justifying the Costs to Management | p. 53 |
Do You Need Secure Communications? | p. 62 |
Do You Need to Authenticate Users? | p. 69 |
Do You Need to Ensure Confidentiality and Integrity? | p. 75 |
Protecting Personal Data | p. 75 |
What's It Gonna Cost? | p. 77 |
Chapter 4 Locks and Keys | p. 79 |
The Magic Passphrase | p. 80 |
The Key Concept | p. 88 |
Part II Public Key Infrastructure | p. 93 |
Chapter 5 The PKI Primer | p. 95 |
What Is PKI? | p. 96 |
Uses for PKI Systems | p. 103 |
Common PKI Problems | p. 105 |
Chapter 6 PKI Bits and Pieces | p. 107 |
Certificate Authorities | p. 108 |
Certificate Policies (CPs) | p. 111 |
Digital Certificates and Keys | p. 112 |
D'basing Your Certificates | p. 113 |
Certificate Revocation | p. 114 |
Picking the PKCS | p. 115 |
Chapter 7 All Keyed Up! | p. 119 |
So, What Exactly IS a Key? | p. 120 |
Making a Key | p. 120 |
The Long and Short of It | p. 121 |
Randomness in Keys Is Good | p. 122 |
Storing Your Keys Safely | p. 123 |
Keys for Different Purposes | p. 124 |
Keys and Algorithms | p. 124 |
One Key; Two Keys | p. 125 |
Trusting Those Keys | p. 129 |
Key Servers | p. 130 |
Part III Putting Encryption Technologies to Work for You | p. 135 |
Chapter 8 Securing E-Mail from Prying Eyes | p. 137 |
E-Mail Encryption Basics | p. 138 |
Digital Certificates or PGP Public/Private Key Pairs? | p. 140 |
Using S/MIME | p. 142 |
Fun and Games with PGP | p. 153 |
Other Encryption Stuff to Try | p. 164 |
Chapter 9 File and Storage Strategies | p. 167 |
Why Encrypt Your Data? | p. 168 |
Encrypted Storage Roulette | p. 170 |
Dealing with Integrity Issues | p. 174 |
Policies and Procedures | p. 177 |
Examples of Encryption Storage | p. 178 |
Chapter 10 Authentication Systems | p. 183 |
Common Authentication Systems | p. 185 |
Authentication Protocols | p. 188 |
How Authentication Systems Use Digital Certificates | p. 190 |
Tokens, Smart Cards, and Biometrics | p. 191 |
Chapter 11 Secure E-Commerce | p. 197 |
SSL Is the Standard | p. 198 |
Time for TLS | p. 203 |
Setting Up an SSL Solution | p. 204 |
XML Is the New Kid on the Block | p. 209 |
Going for Outsourced E-Commerce | p. 210 |
Chapter 12 Virtual Private Network (VPN) Encryption | p. 213 |
How Do VPNs Work Their Magic? | p. 214 |
Setting Up a VPN | p. 214 |
Various VPN Encryption Schemes | p. 217 |
Which Is Best? | p. 220 |
Testing, Testing, Testing | p. 221 |
Chapter 13 Wireless Encryption Basics | p. 223 |
Why WEP Makes Us Weep | p. 224 |
WEP Attack Methods | p. 227 |
Wireless Protection Measures | p. 230 |
Part IV The Part of Tens | p. 235 |
Chapter 14 The Ten Best Encryption Web Sites | p. 237 |
Mat Blaze's Cryptography Resource on the Web | p. 237 |
The Center for Democracy and Technology | p. 237 |
SSL Review | p. 238 |
How IPsec Works | p. 238 |
Code and Cipher | p. 238 |
CERIAS--Center for Education and Research in Information Assurance and Security | p. 238 |
The Invisible Cryptologists--African Americans, WWII to 1956 | p. 239 |
Bruce Schneier | p. 239 |
North American Cryptography Archives | p. 239 |
RSA's Crypto FAQ | p. 239 |
Chapter 15 The Ten Most Commonly Misunderstood Encryption Terms | p. 241 |
Military-Grade Encryption | p. 241 |
Trusted Third Party | p. 241 |
X.509 Certificates | p. 242 |
Rubber Hose Attack | p. 242 |
Shared Secret | p. 242 |
Key Escrow | p. 242 |
Initialization Vector | p. 243 |
Alice, Bob, Carol, and Dave | p. 243 |
Secret Algorithm | p. 243 |
Steganography | p. 244 |
Chapter 16 Cryptography Do's and Don'ts | p. 245 |
Do Be Sure the Plaintext Is Destroyed after a Document Is Encrypted | p. 245 |
Do Protect Your Key Recovery Database and Other Key Servers to the Greatest Extent Possible | p. 246 |
Don't Store Your Private Keys on the Hard Drive of Your Laptop or Other Personal Computing Device | p. 246 |
Do Make Sure Your Servers' Operating Systems Are "Hardened" before You Install Cryptological Systems on Them | p. 246 |
Do Train Your Users against Social Engineering | p. 247 |
Do Create the Largest Key Size Possible | p. 247 |
Do Test Your Cryptosystem after You Have It Up and Running | p. 248 |
Do Check the CERT Advisories and Vendor Advisories about Flaws and Weaknesses in Cryptosystems | p. 248 |
Don't Install a Cryptosystem Yourself If You're Not Sure What You Are Doing | p. 248 |
Don't Use Unknown, Untested Algorithms | p. 249 |
Chapter 17 Ten Principles of "Cryptiquette" | p. 251 |
If Someone Sends You an Encrypted Message, Reply in Kind | p. 251 |
Don't Create Too Many Keys | p. 251 |
Don't Immediately Trust Someone Just Because He/She Has a Public Key | p. 252 |
Always Back Up Your Keys and Passphrases | p. 252 |
Be Wary of What You Put in the Subject Line of Encrypted Messages | p. 252 |
If You Lose Your Key or Passphrase, Revoke Your Keys as Soon as Possible | p. 253 |
Don't Publish Someone's Public Key to a Public Key Server without His/Her Permission | p. 253 |
Don't Sign Someone's Public Key Unless You Have Reason To | p. 253 |
If You Are Corresponding with Someone for the First Time, Send an Introductory Note Along with Your Public Key | p. 254 |
Be Circumspect in What You Encrypt | p. 254 |
Chapter 18 Ten Very Useful Encryption Products | p. 255 |
PGP: Pretty Good Privacy | p. 255 |
GAIM | p. 255 |
madeSafe Vault | p. 256 |
Password Safe | p. 256 |
Kerberos | p. 256 |
OpenSSL and Apache SSL | p. 256 |
SafeHouse | p. 257 |
WebCrypt | p. 257 |
Privacy Master | p. 257 |
Advanced Encryption Package | p. 257 |
Part V Appendixes | p. 259 |
Appendix A Cryptographic Attacks | p. 261 |
Known Plaintext Attack | p. 262 |
Chosen Ciphertext Attacks | p. 262 |
Chosen Plaintext Attacks | p. 263 |
The Birthday Attack | p. 263 |
Man-in-the-Middle Attack | p. 263 |
Timing Attacks | p. 264 |
Rubber Hose Attack | p. 264 |
Electrical Fluctuation Attacks | p. 265 |
Major Boo-Boos | p. 265 |
Appendix B Glossary | p. 267 |
Appendix C Encryption Export Controls | p. 279 |
Index | p. 283 |