Information Security
Реклама. ООО «ЛитРес», ИНН: 7719571260.
Оглавление
Mark Stamp. Information Security
Table of Contents
List of Tables
List of Illustrations
Guide
Pages
Information Security. Principles and Practice
Preface
About the Author
Note
Acknowledgments
Chapter 1 Introductions
1.1 The Cast of Characters
1.2 Alice's Online Bank
1.2.1 Confidentiality, Integrity, and Availability
1.2.2 Beyond CIA
1.3 About This Book
1.3.1 Cryptography
1.3.2 Access Control
1.3.3 Network Security
1.3.4 Software
1.4 The People Problem
1.5 Principles and Practice
1.6 Problems
Notes
Chapter 2. Classic Crypto
2.1 Introduction
2.2 How to Speak Crypto
2.3 Classic Ciphers
2.3.1 Simple Substitution Cipher
2.3.2 Cryptanalysis of a Simple Substitution
2.3.3 Definition of Secure
2.3.4 Double Transposition Cipher
2.3.5 One‐Time Pad
2.3.6 Codebook Cipher
2.4 Classic Crypto in History
2.4.1 Ciphers of the Election of 1876
2.4.2 Zimmermann Telegram
2.4.3 Project VENONA
2.5 Modern Crypto History
2.6 A Taxonomy of Cryptography
2.7 A Taxonomy of Cryptanalysis
2.8 Summary
2.9 Problems
Notes
Chapter 3 Symmetric Ciphers
3.1 Introduction
3.2 Stream Ciphers
3.2.1 A5 / 1
3.2.2 RC4
3.3 Block Ciphers
3.3.1 Feistel Cipher
3.3.2 DES
3.3.3 Triple DES
3.3.4 AES
3.3.5 TEA
3.3.6 Block Cipher Modes
3.4 Integrity
3.5 Quantum Computers and Symmetric Crypto
3.6 Summary
3.7 Problems
Notes
Chapter 4 Public Key Crypto
4.1 Introduction
4.2 Knapsack
4.3 RSA
4.3.1 Textbook RSA Example
4.3.2 Repeated Squaring
4.3.3 Speeding Up RSA
4.4 Diffie–Hellman
4.5 Elliptic Curve Cryptography
4.5.1 Elliptic Curve Math
4.5.2 ECC Diffie–Hellman
4.5.3 Realistic Elliptic Curve Example
4.6 Public Key Notation
4.7 Uses for Public Key Crypto
4.7.1 Confidentiality in the Real World
4.7.2 Signatures and Non‐repudiation
4.7.3 Confidentiality and Non‐repudiation
4.8 Certificates and PKI
4.9 Quantum Computers and Public Key
4.10 Summary
4.11 Problems
Notes
Chapter 5. Crypto Hash Functions ++
5.1 Introduction
5.2 What is a Cryptographic Hash Function?
5.3 The Birthday Problem
5.4 A Birthday Attack
5.5 Non‐Cryptographic Hashes
5.6 SHA‐3
5.7 HMAC
5.8 Cryptographic Hash Applications
5.8.1 Online Bids
5.8.2 Blockchain
5.9 Miscellaneous Crypto‐Related Topics
5.9.1 Secret Sharing
5.9.1.1 Key Escrow
5.9.1.2 Visual Cryptography
5.9.2 Random Numbers
5.9.2.1 Texas Hold ’em Poker
5.9.2.2 Generating Random Bits
5.9.3 Information Hiding
5.10 Summary
5.11 Problems
Notes
Chapter 6. Authentication
6.1 Introduction
6.2 Authentication Methods
6.3 Passwords
6.3.1 Keys Versus Passwords
6.3.2 Choosing Passwords
6.3.3 Attacking Systems via Passwords
6.3.4 Password Verification
6.3.5 Math of Password Cracking
6.3.5.1 Case I
6.3.5.2 Case II
6.3.5.3 Case III
6.3.5.4 Case IV
6.3.5.5 Bottom Line on Password Cracking
6.3.6 Other Password Issues
6.4 Biometrics
6.4.1 Types of Errors
6.4.2 Biometric Examples
6.4.2.1 Fingerprints
6.4.2.2 Hand Geometry
6.4.2.3 Iris Scan
6.4.3 Biometric Error Rates
6.4.4 Biometric Conclusions
6.5 Something You Have
6.6 Two‐Factor Authentication
6.7 Single Sign‐On and Web Cookies
6.8 Summary
6.9 Problems
Notes
Chapter 7. Authorization
7.1 Introduction
7.2 A Brief History of Authorization
7.2.1 The Orange Book
7.2.2 The Common Criteria
7.3 Access Control Matrix
7.3.1 ACLs and Capabilities
7.3.2 Confused Deputy
7.4 Multilevel Security Models
7.4.1 Bell–LaPadula
7.4.2 Bibaś Model
7.4.3 Compartments
7.5 Covert Channels
7.6 Inference Control
7.7 CAPTCHA
7.8 Summary
7.9 Problems
Notes
Chapter 8. Network Security Basics
8.1 Introduction
8.2 Networking Basics
8.2.1 The Protocol Stack
8.2.2 Application Layer
8.2.3 Transport Layer
8.2.4 Network Layer
8.2.5 Link Layer
8.3 Cross‐Site Scripting Attacks
8.4 Firewalls
8.4.1 Packet Filter
8.4.2 Stateful Packet Filter
8.4.3 Application Proxy
8.4.4 Defense in Depth
8.5 Intrusion Detection Systems
8.5.1 Signature‐Based IDS
8.5.2 Anomaly‐Based IDS
8.6 Summary
8.7 Problems
Notes
Chapter 9. Simple Authentication Protocols
9.1 Introduction
9.2 Simple Security Protocols
9.3 Authentication Protocols
9.3.1 Authentication Using Symmetric Keys
9.3.2 Authentication Using Public Keys
9.3.3 Session Keys
9.3.4 Perfect Forward Secrecy
9.3.5 Mutual Authentication, Session Key, and PFS
9.3.6 Timestamps
9.4 “Authentication” and TCP
9.5 Zero Knowledge Proofs
9.6 Tips for Analyzing Protocols
9.7 Summary
9.8 Problems
Notes
Chapter 10. Real‐World Security Protocols
10.1 Introduction
10.2 SSH
10.2.1 SSH and the Man‐in‐the‐Middle
10.3 SSL
10.3.1 SSL and the Man‐in‐the‐Middle
10.3.2 SSL Connections
10.3.3 SSL Versus IPsec
10.4 IPsec
10.4.1 IKE Phase 1
10.4.1.1 IKE Phase 1: Digital Signature
10.4.1.2 IKE Phase 1: Symmetric Key
10.4.1.3 IKE Phase 1: Public Key Encryption
10.4.1.4 IPsec Cookies
10.4.1.5 IKE Phase 1 Summary
10.4.2 IKE Phase 2
10.4.3 IPsec and IP Datagrams
10.4.4 Transport and Tunnel Modes
10.4.5 ESP and AH
10.5 Kerberos
10.5.1 Kerberized Login
10.5.2 Kerberos Tickets
10.5.3 Security of Kerberos
10.6 WEP
10.6.1 WEP Authentication
10.6.2 WEP Encryption
10.6.3 WEP Non‐integrity
10.6.4 Other WEP Issues
10.6.5 WEP: The Bottom Line
10.7 GSM
10.7.1 GSM Architecture
10.7.2 GSM Security Architecture
10.7.2.1 Anonymity
10.7.2.2 Authentication
10.7.2.3 Confidentiality
10.7.3 GSM Authentication Protocol
10.7.4 GSM Security Flaws
10.7.4.1 Crypto Flaws
10.7.4.2 Invalid Assumptions
10.7.4.3 SIM Attacks
10.7.4.4 Fake Base Station
10.7.5 GSM Conclusions
10.7.6 3GPP
10.8 Summary
10.9 Problems
Notes
Chapter 11 Software Flaws and Malware
11.1 Introduction
11.2 Software Flaws
11.2.1 Buffer Overflow
11.2.1.1 Smashing the Stack
11.2.1.2 Stack Smashing Example
11.2.1.3 Stack Smashing Prevention
11.2.1.4 Buffer Overflow: The Last Word
11.2.2 Incomplete Mediation
11.2.3 Race Conditions
11.3 Malware
11.3.1 Malware Examples
11.3.1.1 Brain
11.3.1.2 Morris Worm
11.3.1.3 Code Red
11.3.1.4 SQL Slammer
11.3.1.5 Trojan Example
11.3.1.6 Botnets
11.3.1.7 Stuxnet
11.3.1.8 Ransomware
11.3.2 Malware Detection
11.3.2.1 Signature Detection
11.3.2.2 Change Detection
11.3.2.3 Anomaly Detection
11.3.2.4 Machine Learning
11.3.3 The Future of Malware
11.3.4 The Future of Malware Detection
11.4 Miscellaneous Software‐Based Attacks
11.4.1 Salami Attacks
11.4.2 Linearization Attacks
11.4.3 Time Bombs
11.4.4 Trusting Software
11.5 Summary
11.6 Problems
Notes
Chapter 12. Insecurity in Software
12.1 Introduction
12.2 Software Reverse Engineering
12.2.1 Reversing Java Bytecode
12.2.2 SRE Example
12.2.3 Anti‐Disassembly Techniques
12.2.4 Anti‐Debugging Techniques
12.2.5 Software Tamper Resistance
12.2.5.1 Guards
12.2.5.2 Obfuscation
12.3 Software Development
12.3.1 Flaws and Testing
12.3.2 Secure Software Development?
12.4 Summary
12.5 Problems
Notes
Appendix
A‐1 Modular Arithmetic
A‐2 Permutations
A‐3 Probability
A‐4 DES Permutations
Bibliography
Index
WILEY END USER LICENSE AGREEMENT
Отрывок из книги
Third Edition
Mark Stamp
.....
Let's consider an example of one‐time pad encryptions that are in depth. Using the same bit encoding as in Table 2.1, suppose we have
and both are encrypted with the same key . Then
.....