Always Learning

Network Security: Private Communications in the Public World, CourseSmart eTextbook, 2/E
Charlie Kaufman
Radia Perlman
Mike Speciner

ISBN-10: 0137082185
ISBN-13:  9780137082186

Publisher:  Prentice Hall
Copyright:  2002
Format:  Electronic Book; 752 pp
Published:  04/22/2002
Status: Available


Customers outside the U.S., click here.


Print this content

In this section:


Description

CourseSmart eTextbooks are a creative digital solution that offers the freedom and convenience of online, offline, and mobile access using a single platform. With a CourseSmart eTextbook, students can:

    • search the text

    • make notes online

    • print out reading assignments that incorporate lecture notes

    • bookmark important passages for later review

    • save money. As an alternative to purchasing the print textbook, students can subscribe to the same content online for a significant discount off the suggested list price of the print text.

For more information, or to subscribe to the CourseSmart eTextbook, visit www.coursesmart.com (for customers in U.S. and Canada) or www.coursesmart.co.uk (for customers in Europe, Middle East, and Africa).



This product is an alternate version of:
Kaufman, Perlman & Speciner,  Network Security: Private Communication in a Public World, 2/E


Features

  • CourseSmart eTextbooks offer study advantages no print textbook can match. Students can search the entire text for key concepts; they can navigate easily to a page number, reading assignment, or chapter; they can bookmark important pages, sections, or chapters for quick review at a later date. With a CourseSmart eTextbook, students enjoy these key features:

     

      • NEW offline access functionality¿Now, instructors and students using CourseSmart have the freedom and convenience of online, offline and mobile access using a single platform.

      • Digital Textbook Delivery that saves students a significant amount off the print edition suggested list price.

      • Internet-based Service that makes textbook content available anytime, anywhere there is a Web connection.

      • Easy Navigation that makes finding pages easy and efficient. Search, Bookmark, and Note-Taking Tools save study time and reduce frustration by making critical information immediately accessible. Organizing study notes has never been easier!

      • Ability to print pages as needed, lightening up the backpack while making critical content available for offline study and review.

     

  • Now, students have a new choice in how they purchase and access required or recommended course textbooks. CourseSmart eTextbooks¿Where the Web meets textbooks for student savings!


Table of Contents



Acknowledgments.


1. Introduction.

Roadmap to the Book. What Type of Book Is This? Terminology. Notation. Primer on Networking. Active vs. Passive Attackc. Layers and Cryptography. Authorization. Tempest. Key Escrow for Law Enforcement. Key Escrow for Careless Users. Viruses, Worms, Trojan Horses. The Multi-level Model of Security. Legal Issues.

I. CRYPTOGRAPHY.

2. Introduction to Cryptography.

What Is Cryptography? Breaking an Encryption Scheme. Types of Cryptographic Functions. Secret Key Cryptography. Public Key Cryptography. Hash Algorithms. Homework.

3. Secret Key Cryptography.

Introduction. Generic Block Encryption. Data Encryption Standard (DES). International Data Encryption Algorithm (IDEA). Advanced Encryption Standard (AES). RC4. Homework.

4. Modes of Operation.

Introduction. Encrypting a Large Message. Generating MACs. Multiple Encryption DES. CBC Outside vs. Inside. Homework.

5. Hashes and Message Digests.

Introduction. Nifty Things to Do with a Hash. MD2. MD4. MD5. SHA-1. HMAC. Homework.

6. Public Key Algorithms.

Introduction. Modular Arithmetic. RSA. Diffie-Hellman. Digital Signature Standard (DSS). How Secure Are RSA and Diffie-Hellman? Elliptic Curve Cryptography (ECC). Zero Knowledge Proof Systems. Homework Problems.

7. Number Theory.

Introduction. Modular Arithmetic. Primes. Euclid's Algorithm. Chinese Remainder Theorem. Zn. Euler's Totient Function. Euler's Theorem. Homework Problems.

8. Math with AES and Elliptic Curves.

Introduction. Notation. Groups. Fields. Mathematics of Rijndael. Elliptic Curve Cryptography. Homework.

II. AUTHENTICATION.

9. Overview of Authentication Systems.

Password-Based Authentication. Address-Based Authentication. Cryptographic Authentication Protocols. Who Is Being Authenticated? Passwords as Cryptographic Keys. Eavesdropping and Server Database Reading. Trusted Intermediaries. Session Key Establishment. Delegation. Homework.

10. Authentication of People.

Passwords. On-Line Password Guessing. Off-Line Password Guessing. How Big Should a Secret Be? Eavesdropping. Passwords and Careless Users. Initial Password Distribution. Authentication Tokens. Physical Access. Biometrics. Homework.

11. Security Handshake Pitfalls.

Login Only. Mutual Authentication. Integrity/Encryption for Data. Mediated Authentication (with KDC). Nonce Types. Picking Random Numbers. Performance Considerations. Authentication Protocol Checklist. Homework.

12. Strong Password Protocols.

Introduction. Lamport's Hash. Strong Password Protocols. Strong Password Credentials. Strong Password Credentials Download Protocols. Homework.

III. STANDARDS.

13. Kerberos V4.

Introduction. Tickets and Ticket-Granting Tickets. Configuration. Logging Into the Network. Replicated KDC's. Realms. Interrealm Authentication. Key Version Numbers. Encryption for Privacy and Integrity. Encryption for Integrity Only. Network Layer Addresses in Tickets. Message Formats. Homework.

14. Kerberos V5.

ASN.1. Names. Delegation of Rights. Ticket Lifetimes. Key Versions. Making Master Keys in Different Realms Different. Optimizations. Cryptographic Algorithms. Hierarchy of Realms. Evading Password-Guessing Attacks. Key Inside Authenticator. Double TGT Authentication. PKINIT-Public Keys for Users. KDC Database. Kerberos V5 Messages. Homework.

15. PKI (Public Key Infrastructure).

Introduction. Some Terminology. PKI Trust Models. Revocation. Directories and PKI. PKIX and X.509. X.509 and PKIX Certificates. Authorization Futures. Homework.

16. Real-time Communication Security.

What Layer? Session Key Establishment. Perfect Forward Secrecy. PFS-Foilage. Denial-of-Service/Clogging Protection. Endpoint Identifier Hiding. Live Partner Reassurance. Arranging for Parallel Computation. Session Resumption. Plausible Deniability. Data Stream Protection. Negotiating Crypto Parameters. Easy Homework. Homework.

17. IPsec: AH and ESP.

Overview of Ipsec. IP and Ipv6. AH (Authentication Header). ESP (Encapsulating Security Payload). So, Do We Need AH? Comparison of Encodings. Easy Homework. Homework.

18. IPsec: IKE.

Photuris. SKIP. History of IKE. IKE Phases. Phase 1 IKE. Phase - 2 IKE: Setting up Ipsec Sas. ISAKMP/IKE Encoding. Homework.

19. SSL/TLS.

Introduction. Using TCP. Quick TCP. Quick History. SSL/TLS Basic Protocol. Session Resumption. Computing the Keys. Client Authentication. PKI as Deployed by SSL. Version Numbers. Negotiating Cipher Suites. Negotiating Compression Method. Attacks Fixed in v3. Exportability. Encoding. Further Reading. Easy Homework. Homework.

IV. ELECTRONIC MAIL.

20. Electronic Mail Security.

Distribution Lists. Store and Forward. Security Services for Electronic Mail. Establishing Keys. Privacy. Authentication of the Source. Message Integrity. Non-Repudiation. Proof of Submission. Proof of Delivery. Message Flow Confidentiality. Anonymity. Containment. Annoying Text Format Issues. Names and Addresses. Verifying When a Message Was Really Sent. Homework.

21. PEM & S/MIME.

Introduction. Structure of a PEM Message. Establishing Keys. Some PEM History. PEM Certificate Hierarchy. Certificate Revocation Lists (CRLs). Reformatting Data to Get Through Mailers. General Structure of a PEM Message. Encryption. Source Authentication and Integrity Protection. Multiple Recipients. Bracketing PEM Messages. Forwarding and Enclosures. Unprotected Information. Message Formats. DES-CBC as MIC Doesn't Work. Differences in S/MIME. S/MIME Certificate Hierarchy. Homework.

22. PGP (Pretty Good Privacy).

Introduction. Overview. Key Distribution. Efficient Encoding. Certificate and Key Revocation. Signature Types. Your Private Key. Key Rings. Anomalies. Object Formats.

V. LEFTOVERS.

23. Firewalls.

Packet Filters. Application Level Gateway. Encrypted Tunnels. Comparisons. Why Firewalls Don't Work. Denial-of-Service Attacks. Should Firewalls Go Away?

24. More Security Systems.

NetWare V3. NetWare V4. KryptoKnight. DASS/SPX. Lotus Notes Security. DCE Security. Microsoft Windows Security. Network Denial of Service. Clipper. Homework.

25. Web Issues.

Introduction. URLs/URIs. HTTP. HTTP Digest Authentication. Cookies. Other Web Security Problems. Homework.

26. Folklore.

Perfect Forward Secrecy. Change Keys Periodically. Multiplexing Flows over a Single SA. Use Different Keys in the Two Directions. Use Different Secret Keys for Encryption vs. Integrity Protection. Use Different Keys for Different Purposes. Use Different Keys for Signing vs. Encryption. Have Both Sides Contribute to the Master Key. Don't Let One Side Determine the Key. Hash in a Constant When Hashing a Password. HMAC Rather than Simple MD. Key Expansion. Randomly Chosen Ivs. Use of Nonces in Protocols. Don't Let Encrypted Data Begin with a Constant. Don't Let Encrypted Data Begin with a Predictable Value. Compress Data Before Encrypting It. Don't Do Encryption Only. Avoiding Weak Keys. Minimal vs. Redundant Designs. Overestimate the Size of Key. Hardware Random Number Generators. Timing Attacks. Put Checksums at the End of Data. Forward Compatibility. Negotiating Parameters. Homework.

Bibliography.

Glossary.

Index.



Back to top

Print this content

In this section:


Author Bios

CHARLIE KAUFMAN is a Distinguished Engineer at IBM, where he is Chief Security Architect for Lotus Notes and Domino. Previously, he was the Network Security Architect at Digital Equipment Corporation. He chaired the IETF's Web Transaction Security working group and currently serves on the IAB, the IETF's architecture board.

RADIA PERLMAN, Distinguished Engineer at Sun Microsystems, is known worldwide for her contributions to bridging (spanning tree algorithm) and routing (link state routing) as well as security (sabotage-proof networks). Perlman is the author of Interconnections: Bridges, Routers, Switches, and Internetworking Protocols, and she is one of the 25 people whose work has most influenced the networking industry, according to Data Communications magazine.

MIKE SPECINER is a Senior Consulting Engineer at ThinkEngine Networks and is a recognized expert in mathematical algorithms and operating systems.

Combined, this author team holds close to 100 patents.

Back to top

Log in to the Instructor Resource Center

Login name: 

  Password: 

Forgot login/password?  |  Need to redeem an access code?

        

Instructor Resource Center File Download

This work is protected by local and international copyright laws and is provided solely for the use of instructors in teaching their courses and assessing student learning. Dissemination or sale of any part of this work (including on the World Wide Web) will destroy the integrity of the work and is not permitted. The work and materials from this site should never be made available to students except by instructors using the accompanying text in their classes. All recipients of this work are expected to abide by these restrictions and to honor the intended pedagogical purposes and the needs of other instructors who rely on these materials.

Cancel     I accept, proceed with download

Print this content

Pearson Higher Education offers special pricing when you choose to package your text with other student resources. If you're interested in creating a cost-saving package for your students contact your Pearson Higher Education representative.

Back to top