Introduction to Network Security

Theory and Practice

Inbunden, Engelska, 2015

Av Jie Wang, Zachary A. Kissel, Zachary A Kissel

2 309 kr

Beställningsvara. Skickas inom 3-6 vardagar

Fri frakt för medlemmar vid köp för minst 249 kr.

Introductory textbook in the important area of network security for undergraduate and graduate students Comprehensively covers fundamental concepts with newer topics such as electronic cash, bit-coin, P2P, SHA-3, E-voting, and Zigbee securityFully updated to reflect new developments in network securityIntroduces a chapter on Cloud security, a very popular and essential topicUses everyday examples that most computer users experience to illustrate important principles and mechanismsFeatures a companion website with Powerpoint slides for lectures and solution manuals to selected exercise problems, available at http://www.cs.uml.edu/~wang/NetSec

Produktinformation

Utgivningsdatum2015-08-11
Mått183 x 249 x 28 mm
Vikt839 g
FormatInbunden
SpråkEngelska
Antal sidor440
Upplaga2
FörlagJohn Wiley & Sons Inc
ISBN9781118939482

Tillhör följande kategorier

Preface xvAbout the Authors xix1 Network Security Overview 11.1 Mission and Definitions 11.2 Common Attacks and Defense Mechanisms 31.2.1 Eavesdropping 31.2.2 Cryptanalysis 41.2.3 Password Pilfering 51.2.4 Identity Spoofing 131.2.5 Buffer-Overflow Exploitations 161.2.6 Repudiation 181.2.7 Intrusion 191.2.8 Traffic Analysis 191.2.9 Denial of Service Attacks 201.2.10 Malicious Software 221.3 Attacker Profiles 251.3.1 Hackers 251.3.2 Script Kiddies 261.3.3 Cyber Spies 261.3.4 Vicious Employees 271.3.5 Cyber Terrorists 271.3.6 Hypothetical Attackers 271.4 Basic Security Model 271.5 Security Resources 291.5.1 CERT 291.5.2 SANS Institute 291.5.3 Microsoft Security 291.5.4 NTBugtraq 291.5.5 Common Vulnerabilities and Exposures 301.6 Closing Remarks 301.7 Exercises 301.7.1 Discussions 301.7.2 Homework 312 Data Encryption Algorithms 452.1 Data Encryption Algorithm Design Criteria 452.1.1 ASCII Code 462.1.2 XOR Encryption 462.1.3 Criteria of Data Encryptions 482.1.4 Implementation Criteria 502.2 Data Encryption Standard 502.2.1 Feistel’s Cipher Scheme 502.2.2 DES Subkeys 522.2.3 DES Substitution Boxes 542.2.4 DES Encryption 552.2.5 DES Decryption and Correctness Proof 572.2.6 DES Security Strength 582.3 Multiple DES 592.3.1 Triple-DES with Two Keys 592.3.2 2DES and 3DES/3 592.3.3 Meet-in-the-Middle Attacks on 2DES 602.4 Advanced Encryption Standard 612.4.1 AES Basic Structures 612.4.2 AES S-Boxes 632.4.3 AES-128 Round Keys 652.4.4 Add Round Keys 662.4.5 Substitute-Bytes 672.4.6 Shift-Rows 672.4.7 Mix-Columns 672.4.8 AES-128 Encryption 682.4.9 AES-128 Decryption and Correctness Proof 692.4.10 Galois Fields 702.4.11 Construction of the AES S-Box and Its Inverse 732.4.12 AES Security Strength 742.5 Standard Block Cipher Modes of Operations 742.5.1 Electronic-Codebook Mode 752.5.2 Cipher-Block-Chaining Mode 752.5.3 Cipher-Feedback Mode 752.5.4 Output-Feedback Mode 762.5.5 Counter Mode 762.6 Offset Codebook Mode of Operations 772.6.1 Basic Operations 772.6.2 OCB Encryption and Tag Generation 782.6.3 OCB Decryption and Tag Verification 792.7 Stream Ciphers 802.7.1 RC4 Stream Cipher 802.7.2 RC4 Security Weaknesses 812.8 Key Generations 832.8.1 ANSI X9.17 PRNG 832.8.2 BBS Pseudorandom Bit Generator 832.9 Closing Remarks 842.10 Exercises 852.10.1 Discussions 852.10.2 Homework 853 Public-Key Cryptography and Key Management 933.1 Concepts of Public-Key Cryptography 933.2 Elementary Concepts and Theorems in Number Theory 953.2.1 Modular Arithmetic and Congruence Relations 963.2.2 Modular Inverse 963.2.3 Primitive Roots 983.2.4 Fast Modular Exponentiation 983.2.5 Finding Large Prime Numbers 1003.2.6 The Chinese Remainder Theorem 1013.2.7 Finite Continued Fractions 1023.3 Diffie-Hellman Key Exchange 1033.3.1 Key Exchange Protocol 1033.3.2 Man-in-the-Middle Attacks 1043.3.3 Elgamal PKC 1063.4 RSA Cryptosystem 1063.4.1 RSA Key Pairs, Encryptions, and Decryptions 1063.4.2 RSA Parameter Attacks 1093.4.3 RSA Challenge Numbers 1123.5 Elliptic-Curve Cryptography 1133.5.1 Commutative Groups on Elliptic Curves 1133.5.2 Discrete Elliptic Curves 1153.5.3 ECC Encodings 1163.5.4 ECC Encryption and Decryption 1173.5.5 ECC Key Exchange 1183.5.6 ECC Strength 1183.6 Key Distributions and Management 1183.6.1 Master Keys and Session Keys 1193.6.2 Public-Key Certificates 1193.6.3 CA Networks 1203.6.4 Key Rings 1213.7 Closing Remarks 1233.8 Exercises 1233.8.1 Discussions 1233.8.2 Homework 1244 Data Authentication 1294.1 Cryptographic Hash Functions 1294.1.1 Design Criteria of Cryptographic Hash Functions 1304.1.2 Quest for Cryptographic Hash Functions 1314.1.3 Basic Structure of Standard Hash Functions 1324.1.4 SHA-512 1324.1.5 WHIRLPOOL 1354.1.6 SHA-3 Standard 1394.2 Cryptographic Checksums 1434.2.1 Exclusive-OR Cryptographic Checksums 1434.2.2 Design Criteria of MAC Algorithms 1444.2.3 Data Authentication Algorithm 1444.3 HMAC 1444.3.1 Design Criteria of HMAC 1444.3.2 HMAC Algorithm 1454.4 Birthday Attacks 1454.4.1 Complexity of Breaking Strong Collision Resistance 1464.4.2 Set Intersection Attack 1474.5 Digital Signature Standard 1494.5.1 Signing 1494.5.2 Signature Verifying 1504.5.3 Correctness Proof of Signature Verification 1504.5.4 Security Strength of DSS 1514.6 Dual Signatures and Electronic Transactions 1514.6.1 Dual Signature Applications 1524.6.2 Dual Signatures and Electronic Transactions 1524.7 Blind Signatures and Electronic Cash 1534.7.1 RSA Blind Signatures 1534.7.2 Electronic Cash 1544.7.3 Bitcoin 1564.8 Closing Remarks 1584.9 Exercises 1584.9.1 Discussions 1584.9.2 Homework 1585 Network Security Protocols in Practice 1655.1 Crypto Placements in Networks 1655.1.1 Crypto Placement at the Application Layer 1685.1.2 Crypto Placement at the Transport Layer 1685.1.3 Crypto Placement at the Network Layer 1685.1.4 Crypto Placement at the Data-Link Layer 1695.1.5 Implementations of Crypto Algorithms 1695.2 Public-Key Infrastructure 1705.2.1 X.509 Public-Key Infrastructure 1705.2.2 X.509 Certificate Formats 1715.3 IPsec: A Security Protocol at the Network Layer 1735.3.1 Security Association 1735.3.2 Application Modes and Security Associations 1745.3.3 AH Format 1765.3.4 ESP Format 1785.3.5 Secret Key Determination and Distribution 1795.4 SSL/TLS: Security Protocols at the Transport Layer 1835.4.1 SSL Handshake Protocol 1845.4.2 SSL Record Protocol 1875.5 PGP and S/MIME: Email Security Protocols 1885.5.1 Basic Email Security Mechanisms 1895.5.2 PGP 1905.5.3 S/MIME 1915.6 Kerberos: An Authentication Protocol 1925.6.1 Basic Ideas 1925.6.2 Single-Realm Kerberos 1935.6.3 Multiple-Realm Kerberos 1955.7 SSH: Security Protocols for Remote Logins 1975.8 Electronic Voting Protocols 1985.8.1 Interactive Proofs 1985.8.2 Re-encryption Schemes 1995.8.3 Threshold Cryptography 2005.8.4 The Helios Voting Protocol 2025.9 Closing Remarks 2045.10 Exercises 2045.10.1 Discussions 2045.10.2 Homework 2046 Wireless Network Security 2116.1 Wireless Communications and 802.11 WLAN Standards 2116.1.1 WLAN Architecture 2126.1.2 802.11 Essentials 2136.1.3 Wireless Security Vulnerabilities 2146.2 Wired Equivalent Privacy 2156.2.1 Device Authentication and Access Control 2156.2.2 Data Integrity Check 2156.2.3 LLC Frame Encryption 2166.2.4 Security Flaws of WEP 2186.3 Wi-Fi Protected Access 2216.3.1 Device Authentication and Access Controls 2216.3.2 TKIP Key Generations 2226.3.3 TKIP Message Integrity Code 2246.3.4 TKIP Key Mixing 2266.3.5 WPA Encryption and Decryption 2296.3.6 WPA Security Strength and Weaknesses 2296.4 IEEE 802.11i/WPA2 2306.4.1 Key Generations 2316.4.2 CCMP Encryptions and MIC 2316.4.3 802.11i Security Strength and Weaknesses 2326.5 Bluetooth Security 2336.5.1 Piconets 2336.5.2 Secure Pairings 2356.5.3 SAFER+ Block Ciphers 2356.5.4 Bluetooth Algorithms E1, E21, and E22 2386.5.5 Bluetooth Authentication 2406.5.6 A PIN Cracking Attack 2416.5.7 Bluetooth Secure Simple Pairing 2426.6 ZigBee Security 2436.6.1 Joining a Network 2436.6.2 Authentication 2446.6.3 Key Establishment 2446.6.4 Communication Security 2456.7 Wireless Mesh Network Security 2456.7.1 Blackhole Attacks 2476.7.2 Wormhole Attacks 2476.7.3 Rushing Attacks 2476.7.4 Route-Error-Injection Attacks 2476.8 Closing Remarks 2486.9 Exercises 2486.9.1 Discussions 2486.9.2 Homework 2487 Cloud Security 2537.1 The Cloud Service Models 2537.1.1 The REST Architecture 2547.1.2 Software-as-a-Service 2547.1.3 Platform-as-a-Service 2547.1.4 Infrastructure-as-a-Service 2547.1.5 Storage-as-a-Service 2557.2 Cloud Security Models 2557.2.1 Trusted-Third-Party 2557.2.2 Honest-but-Curious 2557.2.3 Semi-Honest-but-Curious 2557.3 Multiple Tenancy 2567.3.1 Virtualization 2567.3.2 Attacks 2587.4 Access Control 2587.4.1 Access Control in Trusted Clouds 2597.4.2 Access Control in Untrusted Clouds 2607.5 Coping with Untrusted Clouds 2637.5.1 Proofs of Storage 2647.5.2 Secure Multiparty Computation 2657.5.3 Oblivious Random Access Machines 2687.6 Searchable Encryption 2717.6.1 Keyword Search 2717.6.2 Phrase Search 2747.6.3 Searchable Encryption Attacks 2757.6.4 Searchable Symmetric Encryptions for the SHBC Clouds 2767.7 Closing Remarks 2807.8 Exercises 2807.8.1 Discussions 2807.8.2 Homework 2808 Network Perimeter Security 2838.1 General Firewall Framework 2848.2 Packet Filters 2858.2.1 Stateless Filtering 2858.2.2 Stateful Filtering 2878.3 Circuit Gateways 2888.3.1 Basic Structures 2888.3.2 SOCKS 2908.4 Application Gateways 2908.4.1 Cache Gateways 2918.4.2 Stateful Packet Inspections 2918.5 Trusted Systems and Bastion Hosts 2918.5.1 Trusted Operating Systems 2928.5.2 Bastion hosts and Gateways 2938.6 Firewall Configurations 2948.6.1 Single-Homed Bastion Host System 2948.6.2 Dual-Homed Bastion Host System 2948.6.3 Screened Subnets 2968.6.4 Demilitarized Zones 2978.6.5 Network Security Topology 2978.7 Network Address Translations 2988.7.1 Dynamic NAT 2988.7.2 Virtual Local Area Networks 2988.7.3 Small Office and Home Office Firewalls 2998.8 Setting Up Firewalls 2998.8.1 Security Policy 3008.8.2 Building a Linux Stateless Packet Filter 3008.9 Closing Remarks 3018.10 Exercises 3018.10.1 Discussions 3018.10.2 Homework 3029 Intrusion Detections 3099.1 Basic Ideas of Intrusion Detection 3099.1.1 Basic Methodology 3109.1.2 Auditing 3119.1.3 IDS Components 3129.1.4 IDS Architecture 3139.1.5 Intrusion Detection Policies 3159.1.6 Unacceptable Behaviors 3169.2 Network-Based Detections and Host-Based Detections 3169.2.1 Network-Based Detections 3179.2.2 Host-Based Detections 3189.3 Signature Detections 3199.3.1 Network Signatures 3209.3.2 Host-Based Signatures 3219.3.3 Outsider Behaviors and Insider Misuses 3229.3.4 Signature Detection Systems 3239.4 Statistical Analysis 3249.4.1 Event Counter 3249.4.2 Event Gauge 3249.4.3 Event Timer 3259.4.4 Resource Utilization 3259.4.5 Statistical Techniques 3259.5 Behavioral Data Forensics 3259.5.1 Data Mining Techniques 3269.5.2 A Behavioral Data Forensic Example 3269.6 Honeypots 3279.6.1 Types of Honeypots 3279.6.2 Honeyd 3289.6.3 MWCollect Projects 3319.6.4 Honeynet Projects 3319.7 Closing Remarks 3319.8 Exercises 3329.8.1 Discussions 3329.8.2 Homework 33210 The Art of Anti-Malicious Software 33710.1 Viruses 33710.1.1 Virus Types 33810.1.2 Virus Infection Schemes 34010.1.3 Virus Structures 34110.1.4 Compressor Viruses 34210.1.5 Virus Disseminations 34310.1.6 Win32 Virus Infection Dissection 34410.1.7 Virus Creation Toolkits 34510.2 Worms 34610.2.1 Common Worm Types 34610.2.2 The Morris Worm 34610.2.3 The Melissa Worm 34710.2.4 The Code Red Worm 34810.2.5 The Conficker Worm 34810.2.6 Other Worms Targeted at Microsoft Products 34910.2.7 Email Attachments 35010.3 Trojans 35110.3.1 Ransomware 35310.4 Malware Defense 35310.4.1 Standard Scanning Methods 35410.4.2 Anti-Malicious-Software Products 35410.4.3 Malware Emulator 35510.5 Hoaxes 35610.6 Peer-to-Peer Security 35710.6.1 P2P Security Vulnerabilities 35710.6.2 P2P Security Measures 35910.6.3 Instant Messaging 35910.6.4 Anonymous Networks 35910.7 Web Security 36010.7.1 Basic Types of Web Documents 36110.7.2 Security of Web Documents 36210.7.3 ActiveX 36310.7.4 Cookies 36410.7.5 Spyware 36510.7.6 AJAX Security 36510.7.7 Safe Web Surfing 36710.8 Distributed Denial-of-Service Attacks 36710.8.1 Master-Slave DDoS Attacks 36710.8.2 Master-Slave-Reflector DDoS Attacks 36710.8.3 DDoS Attacks Countermeasures 36810.9 Closing Remarks 37010.10 Exercises 37010.10.1 Discussions 37010.10.2 Homework 370Appendix A 7-bit ASCII code 377Appendix B SHA-512 Constants (in Hexadecimal) 379Appendix C Data Compression Using ZIP 381Exercise 382Appendix D Base64 Encoding 383Exercise 384Appendix E Cracking WEP Keys Using WEPCrack 385E.1 System Setup 385AP 385Trim Size: 170mm x 244mm Wang ftoc.tex V1 - 04/21/2015 10:14 P.M. Page xivxiv ContentsUser’s Network Card 385Attacker’s Network Card 386E.2 Experiment Details 386Step 1: Initial Setup 386Step 2: Attacker Setup 387Step 3: Collecting Weak Initialization Vectors 387Step 4: Cracking 387E.3 Sample Code 388Appendix F Acronyms 393Further Reading 399Index 406