search for books and compare prices
Tables of Contents for Network Security
What Type of Book Is This?
3
1
OSI Reference Model7
1
IP, UDP, and TCP8
1
Directory Service9
2
Replicated Services11
1
Packet Switching11
1
Network Components12
1
Destinations: Ultimate and Next-Hop13
1
Address Structure14
1
Active vs. Passive Attacks
15
1
Layers and Cryptography
15
1
Key Escrow for Law Enforcement
17
2
Key Escrow for Careless Users
19
1
Viruses, Worms, Trojan Horses
19
8
Where Do They Come From?20
3
Spreading Pests from Machine to Machine23
1
Virus Checkers24
1
What Can We Do Today?25
1
Wish List for the Future26
1
The Multi-level Model of Security
27
9
Mandatory (Nondiscretionary) Access Controls28
1
Levels of Security29
1
Mandatory Access Control Rules29
1
Covert Channels30
2
The Orange Book32
3
Successors to the Orange Book35
1
Patents36
1
Export Controls37
4
Introduction to Cryptography
41
18
Computational Difficulty42
1
To Publish or Not to Publish43
1
Secret Codes44
1
Breaking an Encryption Scheme
45
2
Ciphertext Only45
1
Known Plaintext46
1
Chosen Plaintext46
1
Types of Cryptographic Functions
47
1
Secret Key Cryptography
47
3
Security Uses of Secret Key Cryptography47
1
Transmitting Over an Insecure Channel48
1
Secure Storage on Insecure Media48
1
Authentication48
1
Integrity Check49
1
Public Key Cryptography
50
4
Security Uses of Public Key Cryptography52
1
Transmitting Over an Insecure Channel52
1
Secure Storage on Insecure Media52
1
Authentication53
1
Digital Signatures54
1
Password Hashing55
1
Message Integrity56
1
Message Fingerprint56
1
Downline Load Security57
1
Digital Signature Efficiency57
1
Secret Key Cryptography
59
36
Generic Block Encryption
59
3
Data Encryption Standard (DES)
62
13
DES Overview64
2
The Permutations of the Data66
1
Generating the Per-Round Keys67
2
A DES Round69
1
The Mangler Function70
4
Weak and Semi-Weak Keys74
1
What's So Special About DES?74
1
International Data Encryption Algorithm (IDEA)
75
6
Primitive Operations75
2
Key Expansion77
1
One Round78
1
Odd Round78
1
Even Round79
1
Inverse Keys for Decryption80
1
Does IDEA Work?81
1
Advanced Encryption Standard (AES)
81
11
Basic Structure82
2
Primitive Operations84
3
What about the inverse cipher?87
2
Key Expansion89
1
Rounds90
1
Inverse Rounds91
1
Optimization91
1
Encrypting a Large Message
95
10
Electronic Code Book (ECB)96
1
Cipher Block Chaining (CBC)97
2
CBC Threat 1---Modifying Ciphertext Blocks99
1
CBC Threat 2---Rearranging Ciphertext Blocks100
1
Output Feedback Mode (OFB)101
1
Cipher Feedback Mode (CFB)102
2
Counter Mode (CTR)104
1
Ensuring Privacy and Integrity Together106
1
CBC with a Weak Cryptographic Checksum107
1
CBC Encryption and CBC Residue with Related Keys108
1
CBC with a Cryptographic Hash108
1
Offset Codebook Mode (OCB)108
1
Multiple Encryption DES
109
5
How Many Encryptions?111
1
Encrypting Twice with the Same Key111
1
Encrypting Twice with Two Keys111
1
Triple Encryption with only Two Keys112
1
CBC Outside vs. Inside113
1
Hashes and Message Digests
117
30
Nifty Things to Do with a Hash
121
7
Authentication123
1
Computing a MAC with a Hash123
2
Encryption with a Message Digest125
1
Generating a One-Time Pad125
1
Mixing In the Plaintext126
1
Using Secret Key for a Hash126
1
UNIX Password Hash126
1
Hashing Large Messages127
1
MD2 Padding129
1
MD2 Checksum Computation129
2
MD2 Final Pass131
2
MD4 Message Padding133
1
Overview of MD4 Message Digest Computation133
2
MD4 Message Digest Pass 1135
1
MD4 Message Digest Pass 2135
1
MD4 Message Digest Pass 3136
1
MD5 Message Padding137
1
Overview of MD5 Message Digest Computation137
1
MD5 Message Digest Pass 1138
1
MD5 Message Digest Pass 2138
1
MD5 Message Digest Pass 3139
1
MD5 Message Digest Pass 4139
1
SHA-1 Message Padding140
1
Overview of SHA-1 Message Digest Computation140
1
SHA-1 Operation on a 512-bit Block141
1
Public Key Algorithms
147
38
Modular Addition148
1
Modular Multiplication149
2
Modular Exponentiation151
1
RSA Algorithm152
1
Why Does RSA Work?153
1
Why Is RSA Secure?153
1
How Efficient Are the RSA Operations?154
1
Exponentiating with Big Numbers154
2
Generating RSA Keys156
1
Finding Big Primes p and q156
2
Finding d and e158
1
Having a Small Constant e158
2
Optimizing RSA Private Key Operations160
1
Smooth Numbers161
1
The Cube Root Problem162
1
Public-Key Cryptography Standard (PKCS)
163
3
Encryption163
1
Encryption---Take 2164
1
Signing165
1
The Bucket Brigade/Man-in-the-Middle Attack167
2
Defenses Against Man-in-the-Middle Attack169
1
Published Diffie-Hellman Numbers169
1
Authenticated Diffie-Hellman169
1
Encryption with Diffie-Hellman170
1
ElGamal Signatures170
1
Diffie-Hellman Details---Safe Primes171
1
Digital Signature Standard (DSS)
172
5
The DSS Algorithm172
2
Why Does the Verification Procedure Work?174
1
Why Is This Secure?174
1
The DSS Controversy175
1
Per-Message Secret Number176
1
How Secure Are RSA and Diffie-Hellman?
177
1
Elliptic Curve Cryptography (ECC)
178
1
Zero Knowledge Proof Systems
179
3
Zero Knowledge Signatures181
1
Finding Multiplicative Inverses in Modular Arithmetic189
1
Chinese Remainder Theorem
190
2
Euler's Totient Function
194
1
A Generalization of Euler's Theorem195
1
Math with AES and Elliptic Curves
197
18
Polynomials201
3
Finite Fields204
1
What Sizes Can Finite Fields Be?205
1
Representing a Field205
1
Mathematics of Rijndael
206
3
A Rijndael Round207
2
Elliptic Curve Cryptography
209
1
Overview of Authentication Systems
215
22
Password-Based Authentication
215
4
Off- vs. On-Line Password Guessing217
1
Storing User Passwords217
2
Address-Based Authentication
219
3
Network Address Impersonation221
1
Cryptographic Authentication Protocols
222
1
Who Is Being Authenticated?
223
1
Passwords as Cryptographic Keys
223
1
Eavesdropping and Server Database Reading
224
2
Trusted Intermediaries
226
7
KDCs227
1
Certification Authorities (CAs)228
1
Certificate Revocation229
1
Multiple Trusted Intermediaries230
1
Multiple KDC Domains230
2
Multiple CA Domains232
1
Session Key Establishment
233
1
Authentication of People
237
20
On-Line Password Guessing
238
3
Off-Line Password Guessing
241
2
How Big Should a Secret Be?
243
1
Passwords and Careless Users
245
4
Using a Password in Multiple Places246
1
Requiring Frequent Password Changes246
1
A Login Trojan Horse to Capture Passwords247
1
Non-Login Use of Passwords248
1
Initial Password Distribution
249
1
Authentication Tokens
250
3
Security Handshake Pitfalls
257
34
Shared Secret258
4
One-Way Public Key262
2
Mutual Authentication
264
5
Reflection Attack264
2
Password Guessing266
1
Public Keys267
1
Timestamps268
1
Integrity/Encryption for Data
269
5
Shared Secret269
2
Two-Way Public Key Based Authentication271
1
One-Way Public Key Based Authentication272
1
Privacy and Integrity272
2
Mediated Authentication (with KDC)
274
6
Needham-Schroeder275
2
Expanded Needham-Schroeder277
1
Otway-Rees278
2
Picking Random Numbers
282
2
Performance Considerations
284
1
Authentication Protocol Checklist
285
3
Strong Password Protocols
291
16
Strong Password Protocols
295
5
The Basic Form295
1
Subtle Details296
2
Augmented Strong Password Protocols298
1
SRP (Secure Remote Password)299
1
Strong Password Credentials Download Protocols
300
1
Tickets and Ticket-Granting Tickets
308
1
Logging Into the Network
310
4
Obtaining a Session Key and TGT310
1
Alice Asks to Talk to a Remote Node311
3
Interrealm Authentication
316
1
Encryption for Privacy and Integrity
318
2
Encryption for Integrity Only
320
1
Network Layer Addresses in Tickets
321
1
Tickets324
1
Authenticators325
1
Credentials326
2
AS_REQ328
1
TGS_REQ328
1
AS_REP and TGS_REP329
2
Error Reply from KDC331
1
AP_REQ331
1
AP_REP332
1
Encrypted Data (KRB_PRV)333
1
Integrity-Checked Data (SAFE)333
2
AP_ERR335
1
Renewable Tickets342
1
Postdated Tickets343
1
Making Master Keys in Different Realms Different
344
1
Cryptographic Algorithms
345
4
Integrity-Only Algorithms346
1
rsa-md5-des346
1
des-mac347
1
des-mac-k348
1
rsa-md4-des348
1
rsa-md4-des-k348
1
Encryption for Privacy and Integrity349
1
Evading Password-Guessing Attacks
352
1
Key Inside Authenticator
353
1
Double TGT Authentication
353
1
PKINIT---Public Keys for Users
354
1
Kerberos V5 Messages
356
13
Authenticator356
1
Ticket357
1
AS_REQ357
2
TGS_REQ359
1
AS_REP360
2
TGS_REP362
1
AP_REQ362
1
AP_REP363
1
KRB_SAFE363
1
KRB_PRIV364
1
KRB_CRED364
1
KRB_ERROR365
4
PKI (Public Key Infrastructure)
371
32
Monopoly Model372
1
Monopoly plus Registration Authorities (RAs)373
1
Delegated CAs373
1
Oligarchy374
1
Anarchy Model375
1
Name Constraints376
1
Top-Down with Name Constraints376
1
Bottom-Up with Name Constraints377
3
Relative Names380
1
Name Constraints in Certificates380
1
Policies in Certificates381
1
Revocation Mechanisms383
1
Delta CRLs383
1
First Valid Certificate384
1
Good-lists vs. Bad-lists
385
1
Store Certificates with Subject or Issuer?387
1
Finding Certificate Chains388
1
Names389
1
OIDs390
1
Specification of Time391
1
X.509 and PKIX Certificates
391
4
X.509 and PKIX CRLs395
1
Authorization Futures
395
6
ACL (Access Control List)396
1
Central Administration/Capabilities396
1
Groups397
1
Cross-Organizational and Nested Groups397
1
Roles398
2
Anonymous Groups400
1
Real-time Communication Security
403
20
Session Key Establishment
406
1
Perfect Forward Secrecy
407
2
Denial-of-Service/Clogging Protection
410
2
Cookies410
1
Puzzles411
1
Endpoint Identifier Hiding
412
1
Live Partner Reassurance
413
2
Arranging for Parallel Computation
415
1
Plausible Deniability
416
1
Data Stream Protection
417
2
Negotiating Crypto Parameters
419
1
Security Associations423
1
Security Association Database424
1
Security Policy Database424
1
AH and ESP424
1
Tunnel, Transport Mode425
2
Why Protect the IP Header?427
1
NAT (Network Address Translation)428
1
Firewalls429
1
IPv4 Header430
1
IPv6 Header431
1
AH (Authentication Header)
432
3
Mutable, Immutable433
1
Mutable but Predictable434
1
ESP (Encapsulating Security Payload)
435
1
Comparison of Encodings
437
1
Aggressive Mode and Main Mode446
2
Key Types448
1
Proof of Identity449
1
Cookie Issues450
1
Negotiating Cryptographic Parameters451
1
Session Keys452
2
Message IDs454
1
Phase 2/Quick Mode454
1
Traffic Selectors454
1
The IKE Phase 1 Protocols455
1
Public Signature Keys, Main Mode455
1
Public Signature Keys, Aggressive Mode456
1
Public Encryption Key, Main Mode, Original457
1
Public Encryption Key, Aggressive Mode, Original458
1
Public Encryption Key, Main Mode, Revised458
1
Public Encryption Key, Aggressive Mode, Revised459
1
Shared Secret Key, Main Mode459
1
Shared Secret Key, Aggressive Mode460
2
Phase-2 IKE: Setting up IPsec SAs
462
1
Fixed Header465
2
Payload Portion of ISAKMP Messages467
1
SA Payload467
1
Ps and Ts within the SA Payload468
1
Payload Length in SA, P, and T Payloads468
1
Type of Next Payload468
1
SA Payload Fields469
1
P Payload470
1
T Payload471
1
KE Payload472
1
ID Payload472
1
Cert Payload473
1
Certificate Request Payload474
1
Hash/Signature/Nonce Payloads474
1
Notify Payload474
1
Vendor ID Payload475
1
SSL/TLS Basic Protocol
478
2
Client Authentication
482
1
PKI as Deployed by SSL
482
1
Negotiating Cipher Suites
484
2
Who Makes the Decision?485
1
Cipher Suite Names485
1
Negotiating Compression Method
486
1
Downgrade Attack486
1
Truncation Attack486
1
Exportability in SSLv2487
1
Exportability in SSLv3488
1
Server Gated Cryptography/Step-Up489
1
Encrypted Records491
1
Handshake Messages492
1
ClientHello493
1
ServerHello493
1
ServerHelloDone493
1
ClientKeyExchange494
1
ServerKeyExchange494
1
CertificateRequest495
1
Certificate495
1
Certificate Verify496
1
HandshakeFinished496
1
ChangeCipherSpec496
1
Alerts497
1
Electronic Mail Security
501
28
Security Services for Electronic Mail
505
1
Establishing Public Keys507
1
Establishing Secret Keys507
1
End-to-End Privacy508
1
Privacy with Distribution List Exploders509
1
Authentication of the Source
510
2
Source Authentication Based on Public Key Technology510
1
Source Authentication Based on Secret Keys511
1
Source Authentication with Distribution Lists512
1
Message Integrity without Source Authentication513
1
Non-Repudiation Based on Public Key Technology514
1
Plausible Deniability Based on Public Key Technology514
1
Non-Repudiation with Secret Keys515
1
Message Flow Confidentiality
517
1
Annoying Text Format Issues
519
4
Disguising Data as Text521
2
Verifying When a Message Was Really Sent
524
1
Preventing Backdating524
1
Preventing Postdating525
1
Structure of a PEM Message
530
3
PEM Certificate Hierarchy
536
2
Certificate Revocation Lists (CRLs)
538
1
Reformatting Data to Get Through Mailers
539
1
General Structure of a PEM Message
540
1
Source Authentication and Integrity Protection
542
1
Bracketing PEM Messages
544
3
Forwarding and Enclosures
547
2
Forwarding a Message547
2
Unprotected Information
549
1
Encrypted, Public Key Variant551
3
Encrypted, Secret Key Variant554
2
MIC-Only or MIC-Clear, Public Key Variant556
1
MIC-Only and MIC-Clear, Secret Key Variant557
1
CRL-Retrieval-Request558
1
CRL558
1
DES-CBC and MIC Doesn't Work
558
3
Differences in S/MIME
561
3
S/MIME Certificate Hierarchy
564
1
S/MIME with a Public Certifier564
1
S/MIME with an Organizational Certifier564
1
S/MIME with Certificates from Any Old CA564
1
PGP (Pretty Good Privacy)
567
18
Certificate and Key Revocation
572
1
File Name574
1
People Names575
1
Message Formats576
1
Primitive Object Formats577
8
Application Level Gateway
589
2
Why Firewalls Don't Work
592
1
Denial-of-Service Attacks
593
1
Should Firewalls Go Away?
594
1
More Security Systems
595
40
NetWare's Guillou-Quisquater Authentication Scheme600
2
KryptoKnight Tickets603
1
Authenticators604
1
Nonces vs. Timestamps604
1
Data Encryption605
1
DASS Certification Hierarchy605
1
Login Key606
1
DASS Authentication Handshake606
2
DASS Authenticators608
1
DASS Delegation608
1
Saving Bits609
1
ID Files610
1
Coping with Export Controls611
1
Certificates for Hierarchical Names612
1
Certificates for Flat Names613
1
Lotus Notes Authentication614
2
The Authentication Long-Term Secret616
1
Mail616
1
Certification Revocation617
1
Microsoft Windows Security
622
4
LAN Manager and NTLM622
2
Windows 2000 Kerberos624
2
Network Denial of Service
626
3
Robust Broadcast626
2
Robust Packet Delivery628
1
Key Escrow632
1
HTTP Digest Authentication
639
2
Alternatives to Cookies641
1
Cookies Rules642
1
Tracking Users643
2
Other Web Security Problems
645
5
Spoofing a Site to a User645
1
Merchants Unclear on the Concept646
1
Getting Impersonated by a Subsequent User646
1
Cross-Site Scripting647
2
Poisoning Cookies649
1
Other Misuse of Cookies649
1
Perfect Forward Secrecy
653
1
Change Keys Periodically
654
1
Multiplexing Flows over a Single SA
655
2
The Splicing Attack655
1
Service Classes656
1
Different Cryptographic Algorithms656
1
Use Different Keys in the Two Directions
657
1
Use Different Secret Keys for Encryption vs. Integrity Protection
657
1
Use Different Keys for Different Purposes
658
1
Use Different Keys for Signing vs. Encryption
658
1
Have Both Sides Contribute to the Master Key
659
1
Don't Let One Side Determine the Key
659
1
Hash in a Constant When Hashing a Password
660
1
HMAC Rather than Simple MD
661
1
Use of Nonces in Protocols
663
1
Don't Let Encrypted Data Begin with a Constant
663
1
Don't Let Encrypted Data Begin with a Predictable Value
664
1
Compress Data Before Encrypting It
664
1
Don't Do Encryption Only
665
1
Minimal vs. Redundant Designs
666
1
Overestimate the Size of Key
666
1
Hardware Random Number Generators
667
1
Put Checksums at the End of Data
668
1
Forward Compatibility
669
3
Options669
1
Version Numbers670
1
Version Number Field Must Not Move670
1
Negotiating Highest Version Supported670
1
Minor Version Number Field671
1
Vendor Options672
1
Negotiating Parameters
672
1
<