CRYPTOGRAPHY AND NETWORK SECURITY

Transcription

1 CRYPTOGRAPHY AND NETWORK SECURITY PRINCIPLES AND PRACTICE SIXTH EDITION William Stallings International Edition contributions by Mohit P Tahiliani NITK Surathkal PEARSON Boston Columbus Indianapolis New York San Francisco Upper Saddle River Amsterdam Cape Town Dubai London Madrid Milan Munich Paris Montreal Toronto Delhi Mexico City Sao Paulo Sydney Hong Kong Seoul Singapore Taipei Tokyo

2 CONTENTS Notation 11 Preface 13 Chapter Chapter Guide for Readers and Instructors 21 Outline of This Book 22 A Roadmap for Readers and Instructors 23 Internet and Web Resources 24 Standards 25 Overview 27 Computer Security Concepts 29 The OSI Security Architecture 34 Security Attacks 35 Security Services 37 Security Mechanisms 40 A Model for Network Security 42 Recommended Reading 44 Key Terms, Review Questions, and Problems 45 PART ONE SYMMETRIC CIPHERS 47 Chapter 2 Classical Encryption Techniques Symmetric Cipher Model Substitution Techniques Transposition Techniques Rotor Machines Steganography Recommended Reading Key Terms, Review Questions, and Problems 75 Chapter 3 Block Ciphers and the Data Encryption Standard Traditional Block Cipher Structure The Data Encryption Standard A DES Example The Strength of DES Block Cipher Design Principles Recommended Reading Key Terms, Review Questions, and Problems 101 Chapter 4 Basic Concepts in Number Theory and Finite Fields Divisibility and the Division Algorithm The Euclidean Algorithm 108 4

3 CONTENTS Modular Arithmetic Groups, Rings, and Fields Finite Fields of the Form GF(p) Polynomial Arithmetic Finite Fields of the Form GF(2") Recommended Reading Key Terms, Review Questions, and Problems 144 Appendix 4A The Meaning of mod 147 Chapter 5 Advanced Encryption Standard Finite Field Arithmetic AES Structure AES Transformation Functions AES Key Expansion An AES Example, AES Implementation Recommended Reading Key Terms, Review Questions, and Problems 180 Appendix 5A Polynomials with Coefficients in GF(2 8 ) 182 Appendix 5.13 Simplified AES 184 Chapter 6 Block Cipher Operation Multiple Encryption and Triple DES Electronic Code book Cipher Block Chaining Mode Cipher Feedback Mode Output Feedback Mode Counter Mode XTS-AES Mode for Block-Oriented Storage Devices Recommended Reading Key Terms, Review Questions, and Problems 218 Chapter 7 Pseudorandom Number Generation and Stream Ciphers Principles of Pseudorandom Number Generation Pseudorandom Number Generators Pseudorandom Number Generation Using a Block Cipher Stream Ciphers RC True Random Number Generators Recommended Reading Key Terms, Review Questions, and Problems 248 PART TWO ASYMMETRIC CIPHERS 251 Chapter 8 More Number Theory Prime Numbers Fermat's and Euler's Theorems Testing for Primality 259, 8.4 The Chinese Remainder Theorem 262

4 6 CONTENTS 8.5 Discrete Logarithms Recommended Reading Key Terms, Review Questions, and Problems 270 Chapter 9 Public-Key Cryptography and RSA Principles of Public-Key Cryptosystems The RSA Algorithm Recommended Reading Key Terms, Review Questions, and Problems 299 Appendix 9A The Complexity of Algorithms 303 Chapter 10 Other Public-Key Cryptosystems Diffie-Hellman Key Exchange Elgamal Cryptographic System Elliptic Curve Arithmetic Elliptic Curve Cryptography Pseudorandom Number Generation Based on an Asymmetric Cipher Recommended Reading Key Terms, Review Questions, and Problems 329 PART THREE CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS 333 Chapter 11 Cryptographic Hash Functions Applications of Cryptographic Hash Functions Two Simple Hash Functions Requirements and Security Hash Functions Based on Cipher Block Chaining Secure Hash Algorithm (SHA) SHA Recommended Reading Key Terms, Review Questions, and Problems 371 Chapter 12 Message Authentication Codes Message Authentication Requirements Message Authentication Functions Requirements for Message Authentication Codes Security of MACs MACs Based on Hash Functions: HMAC MACs Based on Block Ciphers: DAA and CMAC Authenticated Encryption: CCM and GCM Key Wrapping Pseudorandom Number Generation using Hash Functions and MACs Recommended Reading Key Terms, Review Questions, and Problems 410 Chapter 13 Digital Signatures Digital Signatures Elgamal Digital Signature Scheme Schnorr Digital Signature Scheme 420

5 13.4 NIST Digital Signature Algorithm Elliptic Curve Digital Signature Algorithm RSA-PSS Digital Signature Algorithm Recommended Reading Key Terms, Review Questions, and Problems 432 PART FOUR MUTUAL TRUST 437 Chapter 14 Key Management and Distribution Symmetric Key Distribution Using Symmetric Encryption Symmetric Key Distribution Using Asymmetric Encryption Distribution of Public Keys X.509 Certificates Public-Key Infrastructure Recommended Reading Key Terms, Review Questions, and Problems 466 Chapter 15 User Authentication Remote User-Authentication Principles Remote User-Authentication Using Symmetric Encryption Kerberos Remote User Authentication Using Asymmetric Encryption Federated Identity Management Personal Identity Verification Recommended Reading Key Terms, Review Questions, and Problems 511 PART FIVE NETWORK AND INTERNET SECURITY 515 Chapter 16 Network Access Control and Cloud Security Network Access Control Extensible Authentication Protocol IEEE 802.1X Port-Based Network Access Control Cloud Computing Cloud Security Risks and Countermeasures Data Protection in the Cloud Cloud Security as a Service Recommended Reading Key Terms, Review Questions, and Problems 541 Chapter 17 Transport-Level Security Web Security Considerations Secure Sockets Layer Transport Layer Security HTTPS Secure Shell (SSH) Recommended Reading Key Terms, Review Questions, and Problems 576

6 8 CONTENTS Chapter 18 Wireless Network Security Wireless Security Mobile Device Security IEEE Wireless LAN Overview IEEE 802.lli Wireless LAN Security Recommended Reading Key Terms, Review Questions, and Problems 607 Chapter 19 Electronic Mail Security Pretty Good Privacy S/MIME DomainKeys Identified Mail Recommended Reading Key Terms, Review Questions, and Problems 642 Appendix 19A Radix-64 Conversion 643 Chapter 20 IP Security IP Security Overview IP Security Policy Encapsulating Security Payload Combining Security Associations Internet Key Exchange Cryptographic Suites Recommended Reading Key Terms, Review Questions, and Problems 679 APPENDICES 681 Appendix A Projects for Teaching Cryptography and Network Security 681 A.l Sage Computer Algebra Projects 682 A.2 Hacking Project 683 A.3 Block Cipher Projects 684 A.4 Laboratory Exercises 684 A.5 Research Projects 684 A.6 Programming Projects 685 A.7 Practical Security Assessments 685 A.8 Firewall Projects 686 A.9 Case Studies 686 A.10 Writing Assignments 686 A.11 Reading/Report Assignments 687 A.12 Discussion Topics 687 Appendix B Sage Examples 688 B.l Linear Algebra and Matrix Functionality 689 B.2 Chapter 2: Classical Encryption 680 B.3 Chapter 3: Block Ciphers and the Data Encryption Standard 693 B.4 Chapter 4: Basic Concepts in Number Theory and Finite Fields 697 B.5 Chapter 5: Advanced Encryption Standard 704

7 CONTENTS 9 B.6 Chapter B.7 Chapter B.8 Chapter B.9 Chapter B.10 Chapter B.ll Chapter References 730 Credits 740 Index 743 ONLINE CHAPTERS AND APPENDICES 1 PART SIX SYSTEM SECURITY Chapter 21 Malicious Software 21.1 Types of Malicious Software 21.2 Propagation Infected Content - Viruses 21.3 Propagation Vulnerability Exploit - Worms 21.4 Propagation Social Engineering - SPAM, Trojans 21.5 Payload - System Corruption 21.6 Payload Attack Agent Zombie, Bots 21.7 Payload - Information Theft Keyloggers, Phishing, Spyware 21.8 Payload - Stealthing Backdoors, Rootkits 21.9 Countermeasures Distributed Denial of Service Attacks Recommended Reading Key Terms, Review Questions, and Problems Chapter 22 Intruders 22.1 Intruders 22.2 Intrusion Detection 22.3 Password Management 22.4 Recommended Reading 22.5 Key Terms, Review Questions, and Problems Appendix 22A The Base-Rate Fallacy Chapter 23 Firewalls 23.1 The Need for Firewalls 23.2 Firewall Characteristics 23.3 Types of Firewalls 23.4 Firewall Basing 23.5 Firewall Location and Configurations 23.6 Recommended Reading 23.7 Key Terms, Review Questions, and Problems 'Online chapters, appendices, and other documents are Premium Content, available via the access card at the front of this book. \

8 10 CONTENTS PART SEVEN LEGAL AND ETHICAL ISSUES Chapter 24 Legal and Ethical Issues 24.1 Cybercrime and Computer Crime 24.2 Intellectual Property 24.3 Privacy 24.4 Ethical Issues 24.5 Recommended Reading 24.6 Key Terms, Review Questions, and Problems Appendix C Appendix D Appendix E Appendix F Appendix G Appendix H Appendix I Appendix J Appendix K Appendix L Appendix M Appendix N Appendix O Appendix P Appendix Q Appendix R Appendix S Appendix T Appendix U Appendix V Sage Exercises Standards and Standards-Setting Organizations Basic Concepts from Linear Algebra Measures of Security and Secrecy Simplified DES Evaluation Criteria for AES More on Simplified AES Rnapsack Public-Key Algorithm Proof of the Digital Signature Algorithm TCP/IP and OSI Java Cryptographic APIs MD5 and Whirlpool Hash Functions Data Compression Using ZIP More on PGP The International Reference Alphabet Proof of the RSA Algorithm Data Encryption Standard (DES) Kerberos Encryption Techniques Mathematical Basis of the Birthday Attack Evaluation Criteria for SHA-3 Glossary