Title:
Internet security : cryptographic principles, algorithms, and protocols
Personal Author:
Publication Information:
Chichester, West Sussex, England : J. Wiley, 2003
ISBN:
9780470852859
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 30000010019504 | TK5105.875.I57 R44 2003 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Knowledge of number theory and abstract algebra are pre-requisites for any engineer designing a secure internet-based system.
However, most of the books currently available on the subject are aimed at practitioners who just want to know how the various tools available on the market work and what level of security they impart. These books traditionally deal with the science and mathematics only in so far as they are necessary to understand how the tools work.
Internet Security differs by its assertion that cryptography is the single most important technology for securing the Internet. To quote one reviewer "if every one of your communication partners were using a secure system based on encryption, viruses, worms and hackers would have a very hard time". This scenario does not reflect the reality of the Internet world as it currently stands. However, with security issues becoming more and more important internationally, engineers of the future will be required to design tougher, safer systems.
Internet Security:
* Offers an in-depth introduction to the relevant cryptographic principles, algorithms protocols - the nuts and bolts of creating a secure network
* Links cryptographic principles to the technologies in use on the Internet, eg. PGP, S/MIME, IPsec, SSL TLS, Firewalls and SET (protecting credit card transactions)
* Provides state-of-the-art analysis of the latest IETF standards plus summaries and explanations of RFC documents
* Authored by a recognised expert in security
Internet Security is the definitive text for graduate students on security and cryptography courses, and researchers in security and cryptography areas. It will prove to be invaluable to professionals engaged in the long-term development of secure systems.
Table of Contents
| Author biography | p. xi |
| Preface | p. xiii |
| 1 Internetworking and Layered Models | p. 1 |
| 1.1 Networking Technology | p. 2 |
| 1.1.1 Local Area Networks (LANs) | p. 2 |
| 1.1.2 Wide Area Networks (WANs) | p. 3 |
| 1.2 Connecting Devices | p. 5 |
| 1.2.1 Switches | p. 5 |
| 1.2.2 Repeaters | p. 6 |
| 1.2.3 Bridges | p. 6 |
| 1.2.4 Routers | p. 7 |
| 1.2.5 Gateways | p. 8 |
| 1.3 The OSI Model | p. 8 |
| 1.4 TCP/IP Model | p. 12 |
| 1.4.1 Network Access Layer | p. 13 |
| 1.4.2 Internet Layer | p. 13 |
| 1.4.3 Transport Layer | p. 13 |
| 1.4.4 Application Layer | p. 13 |
| 2 TCP/IP Suite and Internet Stack Protocols | p. 15 |
| 2.1 Network Layer Protocols | p. 15 |
| 2.1.1 Internet Protocol (IP) | p. 15 |
| 2.1.2 Address Resolution Protocol (ARP) | p. 28 |
| 2.1.3 Reverse Address Resolution Protocol (RARP) | p. 31 |
| 2.1.4 Classless Interdomain Routing (CIDR) | p. 32 |
| 2.1.5 IP Version 6 (IPv6, or IPng) | p. 33 |
| 2.1.6 Internet Control Message Protocol (ICMP) | p. 41 |
| 2.1.7 Internet Group Management Protocol (IGMP) | p. 41 |
| 2.2 Transport Layer Protocols | p. 42 |
| 2.2.1 Transmission Control Protocol (TCP) | p. 42 |
| 2.2.2 User Datagram Protocol (UDP) | p. 45 |
| 2.3 World Wide Web | p. 47 |
| 2.3.1 Hypertext Transfer Protocol (HTTP) | p. 48 |
| 2.3.2 Hypertext Markup Language (HTML) | p. 48 |
| 2.3.3 Common Gateway Interface (CGI) | p. 49 |
| 2.3.4 Java | p. 49 |
| 2.4 File Transfer | p. 50 |
| 2.4.1 File Transfer Protocol (FTP) | p. 50 |
| 2.4.2 Trivial File Transfer Protocol (TFTP) | p. 50 |
| 2.4.3 Network File System (NFS) | p. 50 |
| 2.5 Electronic Mail | p. 51 |
| 2.5.1 Simple Mail Transfer Protocol (SMTP) | p. 51 |
| 2.5.2 Post Office Protocol Version 3 (POP3) | p. 52 |
| 2.5.3 Internet Message Access Protocol (IMAP) | p. 52 |
| 2.5.4 Multipurpose Internet Mail Extension (MIME) | p. 52 |
| 2.6 Network Management Service | p. 53 |
| 2.6.1 Simple Network Management Protocol (SNMP) | p. 53 |
| 2.7 Converting IP Addresses | p. 54 |
| 2.7.1 Domain Name System (DNS) | p. 54 |
| 2.8 Routing Protocols | p. 54 |
| 2.8.1 Routing Information Protocol (RIP) | p. 54 |
| 2.8.2 Open Shortest Path First (OSPF) | p. 55 |
| 2.8.3 Border Gateway Protocol (BGP) | p. 55 |
| 2.9 Remote System Programs | p. 56 |
| 2.9.1 TELNET | p. 56 |
| 2.9.2 Remote Login (Rlogin) | p. 56 |
| 3 Symmetric Block Ciphers | p. 57 |
| 3.1 Data Encryption Standard (DES) | p. 57 |
| 3.1.1 Description of the Algorithm | p. 58 |
| 3.1.2 Key Schedule | p. 60 |
| 3.1.3 DES Encryption | p. 62 |
| 3.1.4 DES Decryption | p. 67 |
| 3.1.5 Triple DES | p. 71 |
| 3.1.6 DES-CBC Cipher Algorithm with IV | p. 73 |
| 3.2 International Data Encryption Algorithm (IDEA) | p. 75 |
| 3.2.1 Subkey Generation and Assignment | p. 76 |
| 3.2.2 IDEA Encryption | p. 77 |
| 3.2.3 IDEA Decryption | p. 82 |
| 3.3 RC5 Algorithm | p. 84 |
| 3.3.1 Description of RC5 | p. 85 |
| 3.3.2 Key Expansion | p. 86 |
| 3.3.3 Encryption | p. 91 |
| 3.3.4 Decryption | p. 92 |
| 3.4 RC6 Algorithm | p. 95 |
| 3.4.1 Description of RC6 | p. 95 |
| 3.4.2 Key Schedule | p. 96 |
| 3.4.3 Encryption | p. 97 |
| 3.4.4 Decryption | p. 100 |
| 3.5 AES (Rijndael) Algorithm | p. 107 |
| 3.5.1 Notational Conventions | p. 107 |
| 3.5.2 Mathematical Operations | p. 108 |
| 3.5.3 AES Algorithm Specification | p. 111 |
| 4 Hash Function, Message Digest and Message Authentication Code | p. 123 |
| 4.1 DMDC Algorithm | p. 123 |
| 4.1.1 Key Schedule | p. 124 |
| 4.1.2 Computation of Message Digests | p. 128 |
| 4.2 Advanced DMDC Algorithm | p. 133 |
| 4.2.1 Key Schedule | p. 133 |
| 4.2.2 Computation of Message Digests | p. 136 |
| 4.3 MD5 Message-digest Algorithm | p. 138 |
| 4.3.1 Append Padding Bits | p. 138 |
| 4.3.2 Append Length | p. 138 |
| 4.3.3 Initialise MD Buffer | p. 138 |
| 4.3.4 Define Four Auxiliary Functions (F, G, H, I) | p. 139 |
| 4.3.5 FF, GG, HH and II Transformations for Rounds 1, 2, 3 and 4 | p. 139 |
| 4.3.6 Computation of Four Rounds (64 Steps) | p. 140 |
| 4.4 Secure Hash Algorithm (SHA-1) | p. 149 |
| 4.4.1 Message Padding | p. 149 |
| 4.4.2 Initialise 160-Bit Buffer | p. 150 |
| 4.4.3 Functions Used | p. 150 |
| 4.4.4 Constants Used | p. 150 |
| 4.4.5 Computing the Message Digest | p. 151 |
| 4.5 Hashed Message Authentication Codes (HMAC) | p. 155 |
| 5 Asymmetric Public-key Cryptosystems | p. 161 |
| 5.1 Diffie--Hellman Exponential Key Exchange | p. 161 |
| 5.2 RSA Public-key Cryptosystem | p. 165 |
| 5.2.1 RSA Encryption Algorithm | p. 165 |
| 5.2.2 RSA Signature Scheme | p. 170 |
| 5.3 ElGamals Public-key Cryptosystem | p. 172 |
| 5.3.1 ElGamal Encryption | p. 173 |
| 5.3.2 ElGamal Signatures | p. 175 |
| 5.3.3 ElGamal Authentication Scheme | p. 177 |
| 5.4 Schnorr's Public-key Cryptosystem | p. 179 |
| 5.4.1 Schnorr's Authentication Algorithm | p. 179 |
| 5.4.2 Schnorr's Signature Algorithm | p. 181 |
| 5.5 Digital Signature Algorithm | p. 184 |
| 5.6 The Elliptic Curve Cryptosystem (ECC) | p. 187 |
| 5.6.1 Elliptic Curves | p. 187 |
| 5.6.2 Elliptic Curve Cryptosystem Applied to the ElGamal Algorithm | p. 195 |
| 5.6.3 Elliptic Curve Digital Signature Algorithm | p. 196 |
| 5.6.4 ECDSA Signature Computation | p. 198 |
| 6 Public-key Infrastructure | p. 201 |
| 6.1 Internet Publications for Standards | p. 202 |
| 6.2 Digital Signing Techniques | p. 203 |
| 6.3 Functional Roles of PKI Entities | p. 210 |
| 6.3.1 Policy Approval Authority | p. 210 |
| 6.3.2 Policy Certification Authority | p. 212 |
| 6.3.3 Certification Authority | p. 213 |
| 6.3.4 Organisational Registration Authority | p. 214 |
| 6.4 Key Elements for PKI Operations | p. 215 |
| 6.4.1 Hierarchical Tree Structures | p. 216 |
| 6.4.2 Policy-making Authority | p. 217 |
| 6.4.3 Cross-certification | p. 218 |
| 6.4.4 X.500 Distinguished Naming | p. 221 |
| 6.4.5 Secure Key Generation and Distribution | p. 222 |
| 6.5 X.509 Certificate Formats | p. 222 |
| 6.5.1 X.509 v1 Certificate Format | p. 223 |
| 6.5.2 X.509 v2 Certificate Format | p. 225 |
| 6.5.3 X.509 v3 Certificate Format | p. 226 |
| 6.6 Certificate Revocation List | p. 233 |
| 6.6.1 CRL Fields | p. 234 |
| 6.6.2 CRL Extensions | p. 235 |
| 6.6.3 CRL Entry Extensions | p. 237 |
| 6.7 Certification Path Validation | p. 238 |
| 6.7.1 Basic Path Validation | p. 239 |
| 6.7.2 Extending Path Validation | p. 240 |
| 7 Network Layer Security | p. 243 |
| 7.1 IPsec Protocol | p. 243 |
| 7.1.1 IPsec Protocol Documents | p. 244 |
| 7.1.2 Security Associations (SAs) | p. 246 |
| 7.1.3 Hashed Message Authentication Code (HMAC) | p. 248 |
| 7.2 IP Authentication Header | p. 250 |
| 7.2.1 AH Format | p. 251 |
| 7.2.2 AH Location | p. 253 |
| 7.3 IP ESP | p. 253 |
| 7.3.1 ESP Packet Format | p. 254 |
| 7.3.2 ESP Header Location | p. 256 |
| 7.3.3 Encryption and Authentication Algorithms | p. 258 |
| 7.4 Key Management Protocol for IPsec | p. 260 |
| 7.4.1 OAKLEY Key Determination Protocol | p. 260 |
| 7.4.2 ISAKMP | p. 261 |
| 8 Transport Layer Security: SSLv3 and TLSv1 | p. 277 |
| 8.1 SSL Protocol | p. 277 |
| 8.1.1 Session and Connection States | p. 278 |
| 8.1.2 SSL Record Protocol | p. 279 |
| 8.1.3 SSL Change Cipher Spec Protocol | p. 282 |
| 8.1.4 SSL Alert Protocol | p. 283 |
| 8.1.5 SSL Handshake Protocol | p. 284 |
| 8.2 Cryptographic Computations | p. 290 |
| 8.2.1 Computing the Master Secret | p. 290 |
| 8.2.2 Converting the Master Secret into Cryptographic Parameters | p. 291 |
| 8.3 TLS Protocol | p. 293 |
| 8.3.1 HMAC Algorithm | p. 293 |
| 8.3.2 Pseudo-random Function | p. 296 |
| 8.3.3 Error Alerts | p. 300 |
| 8.3.4 Certificate Verify Message | p. 302 |
| 8.3.5 Finished Message | p. 302 |
| 8.3.6 Cryptographic Computations (For TLS) | p. 302 |
| 9 Electronic Mail Security: PGP, S/MIME | p. 305 |
| 9.1 PGP | p. 305 |
| 9.1.1 Confidentiality via Encryption | p. 306 |
| 9.1.2 Authentication via Digital Signature | p. 307 |
| 9.1.3 Compression | p. 308 |
| 9.1.4 Radix-64 Conversion | p. 309 |
| 9.1.5 Packet Headers | p. 313 |
| 9.1.6 PGP Packet Structure | p. 315 |
| 9.1.7 Key Material Packet | p. 319 |
| 9.1.8 Algorithms for PGP 5.x | p. 323 |
| 9.2 S/MIME | p. 324 |
| 9.2.1 MIME | p. 325 |
| 9.2.2 S/MIME | p. 331 |
| 9.2.3 Enhanced Security Services for S/MIME | p. 335 |
| 10 Internet Firewalls for Trusted Systems | p. 339 |
| 10.1 Role of Firewalls | p. 339 |
| 10.2 Firewall-Related Terminology | p. 340 |
| 10.2.1 Bastion Host | p. 341 |
| 10.2.2 Proxy Server | p. 341 |
| 10.2.3 SOCKS | p. 342 |
| 10.2.4 Choke Point | p. 343 |
| 10.2.5 De-militarised Zone (DMZ) | p. 343 |
| 10.2.6 Logging and Alarms | p. 343 |
| 10.2.7 VPN | p. 344 |
| 10.3 Types of Firewalls | p. 344 |
| 10.3.1 Packet Filters | p. 344 |
| 10.3.2 Circuit-level Gateways | p. 349 |
| 10.3.3 Application-level Gateways | p. 349 |
| 10.4 Firewall Designs | p. 350 |
| 10.4.1 Screened Host Firewall (Single-homed Bastion Host) | p. 351 |
| 10.4.2 Screened Host Firewall (Dual-homed Bastion Host) | p. 351 |
| 10.4.3 Screened Subnet Firewall | p. 352 |
| 11 SET for E-commerce Transactions | p. 355 |
| 11.1 Business Requirements for SET | p. 355 |
| 11.2 SET System Participants | p. 357 |
| 11.3 Cryptographic Operation Principles | p. 358 |
| 11.4 Dual Signature and Signature Verification | p. 359 |
| 11.5 Authentication and Message Integrity | p. 363 |
| 11.6 Payment Processing | p. 366 |
| 11.6.1 Cardholder Registration | p. 366 |
| 11.6.2 Merchant Registration | p. 371 |
| 11.6.3 Purchase Request | p. 373 |
| 11.6.4 Payment Authorisation | p. 374 |
| 11.6.5 Payment Capture | p. 376 |
| Acronyms | p. 379 |
| Bibliography | p. 383 |
| Index | p. 391 |
