Information Security

Information Security
Автор книги: id книги: 2161273     Оценка: 0.0     Голосов: 0     Отзывы, комментарии: 0 13035,6 руб.     (122,76$) Читать книгу Купить и скачать книгу Электронная книга Жанр: Зарубежная компьютерная литература Правообладатель и/или издательство: John Wiley & Sons Limited Дата добавления в каталог КнигаЛит: ISBN: 9781119505884 Скачать фрагмент в формате   fb2   fb2.zip Возрастное ограничение: 0+ Оглавление Отрывок из книги

Реклама. ООО «ЛитРес», ИНН: 7719571260.

Описание книги

INFORMATION SECURITY Provides systematic guidance on meeting the information security challenges of the 21st century, featuring newly revised material throughout Information Security: Principles and Practice is the must-have book for students, instructors, and early-stage professionals alike. Author Mark Stamp provides clear, accessible, and accurate information on the four critical components of information security: cryptography, access control, network security, and software. Readers are provided with a wealth of real-world examples that clarify complex topics, highlight important security issues, and demonstrate effective methods and strategies for protecting the confidentiality and integrity of data. Fully revised and updated, the third edition of Information Security features a brand-new chapter on network security basics and expanded coverage of cross-site scripting (XSS) attacks, Stuxnet and other malware, the SSH protocol, secure software development, and security protocols. Fresh examples illustrate the Rivest-Shamir-Adleman (RSA) cryptosystem, elliptic-curve cryptography (ECC), SHA-3, and hash function applications including bitcoin and blockchains. Updated problem sets, figures, tables, and graphs help readers develop a working knowledge of classic cryptosystems, modern symmetric and public key cryptography, cryptanalysis, simple authentication protocols, intrusion and malware detection systems, quantum computing, and more. Presenting a highly practical approach to information security, this popular textbook: Provides up-to-date coverage of the rapidly evolving field of information security Explains session keys, perfect forward secrecy, timestamps, SSH, SSL, IPSec, Kerberos, WEP, GSM, and other authentication protocols Addresses access control techniques including authentication and authorization, ACLs and capabilities, and multilevel security and compartments Discusses software security issues, ranging from malware detection to secure software development Includes an instructor’s solution manual, PowerPoint slides, lecture videos, and additional teaching resources Information Security: Principles and Practice, Third Edition is the perfect textbook for advanced undergraduate and graduate students in all Computer Science programs, and remains essential reading for professionals working in industrial or government security.

Оглавление

Mark Stamp. Information Security

Table of Contents

List of Tables

List of Illustrations

Guide

Pages

Information Security. Principles and Practice

Preface

About the Author

Note

Acknowledgments

Chapter 1 Introductions

1.1 The Cast of Characters

1.2 Alice's Online Bank

1.2.1 Confidentiality, Integrity, and Availability

1.2.2 Beyond CIA

1.3 About This Book

1.3.1 Cryptography

1.3.2 Access Control

1.3.3 Network Security

1.3.4 Software

1.4 The People Problem

1.5 Principles and Practice

1.6 Problems

Notes

Chapter 2. Classic Crypto

2.1 Introduction

2.2 How to Speak Crypto

2.3 Classic Ciphers

2.3.1 Simple Substitution Cipher

2.3.2 Cryptanalysis of a Simple Substitution

2.3.3 Definition of Secure

2.3.4 Double Transposition Cipher

2.3.5 One‐Time Pad

2.3.6 Codebook Cipher

2.4 Classic Crypto in History

2.4.1 Ciphers of the Election of 1876

2.4.2 Zimmermann Telegram

2.4.3 Project VENONA

2.5 Modern Crypto History

2.6 A Taxonomy of Cryptography

2.7 A Taxonomy of Cryptanalysis

2.8 Summary

2.9 Problems

Notes

Chapter 3 Symmetric Ciphers

3.1 Introduction

3.2 Stream Ciphers

3.2.1 A5 / 1

3.2.2 RC4

3.3 Block Ciphers

3.3.1 Feistel Cipher

3.3.2 DES

3.3.3 Triple DES

3.3.4 AES

3.3.5 TEA

3.3.6 Block Cipher Modes

3.4 Integrity

3.5 Quantum Computers and Symmetric Crypto

3.6 Summary

3.7 Problems

Notes

Chapter 4 Public Key Crypto

4.1 Introduction

4.2 Knapsack

4.3 RSA

4.3.1 Textbook RSA Example

4.3.2 Repeated Squaring

4.3.3 Speeding Up RSA

4.4 Diffie–Hellman

4.5 Elliptic Curve Cryptography

4.5.1 Elliptic Curve Math

4.5.2 ECC Diffie–Hellman

4.5.3 Realistic Elliptic Curve Example

4.6 Public Key Notation

4.7 Uses for Public Key Crypto

4.7.1 Confidentiality in the Real World

4.7.2 Signatures and Non‐repudiation

4.7.3 Confidentiality and Non‐repudiation

4.8 Certificates and PKI

4.9 Quantum Computers and Public Key

4.10 Summary

4.11 Problems

Notes

Chapter 5. Crypto Hash Functions ++

5.1 Introduction

5.2 What is a Cryptographic Hash Function?

5.3 The Birthday Problem

5.4 A Birthday Attack

5.5 Non‐Cryptographic Hashes

5.6 SHA‐3

5.7 HMAC

5.8 Cryptographic Hash Applications

5.8.1 Online Bids

5.8.2 Blockchain

5.9 Miscellaneous Crypto‐Related Topics

5.9.1 Secret Sharing

5.9.1.1 Key Escrow

5.9.1.2 Visual Cryptography

5.9.2 Random Numbers

5.9.2.1 Texas Hold ’em Poker

5.9.2.2 Generating Random Bits

5.9.3 Information Hiding

5.10 Summary

5.11 Problems

Notes

Chapter 6. Authentication

6.1 Introduction

6.2 Authentication Methods

6.3 Passwords

6.3.1 Keys Versus Passwords

6.3.2 Choosing Passwords

6.3.3 Attacking Systems via Passwords

6.3.4 Password Verification

6.3.5 Math of Password Cracking

6.3.5.1 Case I

6.3.5.2 Case II

6.3.5.3 Case III

6.3.5.4 Case IV

6.3.5.5 Bottom Line on Password Cracking

6.3.6 Other Password Issues

6.4 Biometrics

6.4.1 Types of Errors

6.4.2 Biometric Examples

6.4.2.1 Fingerprints

6.4.2.2 Hand Geometry

6.4.2.3 Iris Scan

6.4.3 Biometric Error Rates

6.4.4 Biometric Conclusions

6.5 Something You Have

6.6 Two‐Factor Authentication

6.7 Single Sign‐On and Web Cookies

6.8 Summary

6.9 Problems

Notes

Chapter 7. Authorization

7.1 Introduction

7.2 A Brief History of Authorization

7.2.1 The Orange Book

7.2.2 The Common Criteria

7.3 Access Control Matrix

7.3.1 ACLs and Capabilities

7.3.2 Confused Deputy

7.4 Multilevel Security Models

7.4.1 Bell–LaPadula

7.4.2 Bibaś Model

7.4.3 Compartments

7.5 Covert Channels

7.6 Inference Control

7.7 CAPTCHA

7.8 Summary

7.9 Problems

Notes

Chapter 8. Network Security Basics

8.1 Introduction

8.2 Networking Basics

8.2.1 The Protocol Stack

8.2.2 Application Layer

8.2.3 Transport Layer

8.2.4 Network Layer

8.2.5 Link Layer

8.3 Cross‐Site Scripting Attacks

8.4 Firewalls

8.4.1 Packet Filter

8.4.2 Stateful Packet Filter

8.4.3 Application Proxy

8.4.4 Defense in Depth

8.5 Intrusion Detection Systems

8.5.1 Signature‐Based IDS

8.5.2 Anomaly‐Based IDS

8.6 Summary

8.7 Problems

Notes

Chapter 9. Simple Authentication Protocols

9.1 Introduction

9.2 Simple Security Protocols

9.3 Authentication Protocols

9.3.1 Authentication Using Symmetric Keys

9.3.2 Authentication Using Public Keys

9.3.3 Session Keys

9.3.4 Perfect Forward Secrecy

9.3.5 Mutual Authentication, Session Key, and PFS

9.3.6 Timestamps

9.4 “Authentication” and TCP

9.5 Zero Knowledge Proofs

9.6 Tips for Analyzing Protocols

9.7 Summary

9.8 Problems

Notes

Chapter 10. Real‐World Security Protocols

10.1 Introduction

10.2 SSH

10.2.1 SSH and the Man‐in‐the‐Middle

10.3 SSL

10.3.1 SSL and the Man‐in‐the‐Middle

10.3.2 SSL Connections

10.3.3 SSL Versus IPsec

10.4 IPsec

10.4.1 IKE Phase 1

10.4.1.1 IKE Phase 1: Digital Signature

10.4.1.2 IKE Phase 1: Symmetric Key

10.4.1.3 IKE Phase 1: Public Key Encryption

10.4.1.4 IPsec Cookies

10.4.1.5 IKE Phase 1 Summary

10.4.2 IKE Phase 2

10.4.3 IPsec and IP Datagrams

10.4.4 Transport and Tunnel Modes

10.4.5 ESP and AH

10.5 Kerberos

10.5.1 Kerberized Login

10.5.2 Kerberos Tickets

10.5.3 Security of Kerberos

10.6 WEP

10.6.1 WEP Authentication

10.6.2 WEP Encryption

10.6.3 WEP Non‐integrity

10.6.4 Other WEP Issues

10.6.5 WEP: The Bottom Line

10.7 GSM

10.7.1 GSM Architecture

10.7.2 GSM Security Architecture

10.7.2.1 Anonymity

10.7.2.2 Authentication

10.7.2.3 Confidentiality

10.7.3 GSM Authentication Protocol

10.7.4 GSM Security Flaws

10.7.4.1 Crypto Flaws

10.7.4.2 Invalid Assumptions

10.7.4.3 SIM Attacks

10.7.4.4 Fake Base Station

10.7.5 GSM Conclusions

10.7.6 3GPP

10.8 Summary

10.9 Problems

Notes

Chapter 11 Software Flaws and Malware

11.1 Introduction

11.2 Software Flaws

11.2.1 Buffer Overflow

11.2.1.1 Smashing the Stack

11.2.1.2 Stack Smashing Example

11.2.1.3 Stack Smashing Prevention

11.2.1.4 Buffer Overflow: The Last Word

11.2.2 Incomplete Mediation

11.2.3 Race Conditions

11.3 Malware

11.3.1 Malware Examples

11.3.1.1 Brain

11.3.1.2 Morris Worm

11.3.1.3 Code Red

11.3.1.4 SQL Slammer

11.3.1.5 Trojan Example

11.3.1.6 Botnets

11.3.1.7 Stuxnet

11.3.1.8 Ransomware

11.3.2 Malware Detection

11.3.2.1 Signature Detection

11.3.2.2 Change Detection

11.3.2.3 Anomaly Detection

11.3.2.4 Machine Learning

11.3.3 The Future of Malware

11.3.4 The Future of Malware Detection

11.4 Miscellaneous Software‐Based Attacks

11.4.1 Salami Attacks

11.4.2 Linearization Attacks

11.4.3 Time Bombs

11.4.4 Trusting Software

11.5 Summary

11.6 Problems

Notes

Chapter 12. Insecurity in Software

12.1 Introduction

12.2 Software Reverse Engineering

12.2.1 Reversing Java Bytecode

12.2.2 SRE Example

12.2.3 Anti‐Disassembly Techniques

12.2.4 Anti‐Debugging Techniques

12.2.5 Software Tamper Resistance

12.2.5.1 Guards

12.2.5.2 Obfuscation

12.3 Software Development

12.3.1 Flaws and Testing

12.3.2 Secure Software Development?

12.4 Summary

12.5 Problems

Notes

Appendix

A‐1 Modular Arithmetic

A‐2 Permutations

A‐3 Probability

A‐4 DES Permutations

Bibliography

Index

WILEY END USER LICENSE AGREEMENT

Отрывок из книги

Third Edition

Mark Stamp

.....

Let's consider an example of one‐time pad encryptions that are in depth. Using the same bit encoding as in Table 2.1, suppose we have

and both are encrypted with the same key . Then

.....

Добавление нового отзыва

Комментарий Поле, отмеченное звёздочкой  — обязательно к заполнению

Отзывы и комментарии читателей

Нет рецензий. Будьте первым, кто напишет рецензию на книгу Information Security
Подняться наверх