0915920514 cs@booksvn.com
EN VI JA KO ZH
Log in Sign up
BooksVN
Trang chủeBookNetwork Security: Private Communications in a Public World, 3rd edition
Network Security: Private Communications in a Public World, 3rd edition

Network Security: Private Communications in a Public World, 3rd edition

BRAND: PEARSON
Publisher:
PEARSON
Author:
Charlie Kaufman; Radia Perlman; Mike Speciner; Ray Perlner
Edition:
(August 31, 2022) © 2023
eBook ISBN:
9780136643524
Print ISBN:
9780136643609
Type:
1 Year Subscription. Dành cho Cá nhân
eBook edition. 1 Year Subscription. Dành cho Cá nhân | Trường ĐH, Nhóm, Thư Viện: Gọi 0915920514 để báo giá Pearson, Vital Source eBook hoặc mua Sách In
Related Tags

Tổng quan sách

Phiên bản được sửa đổi kỹ lưỡng của văn bản mang tính bước ngoặt về bảo mật máy tínhĐược coi là hướng dẫn toàn diện nhưng dễ hiểu nhất về an ninh mạng và mật mã, các phiên bản trước của An ninh mạng đã nhận được sự hoan nghênh của giới phê bình vì những giải thích sáng suốt và dí dỏm về hoạt động bên trong của mật mã và các giao thức an ninh mạng. Trong ấn bản này, các tác giả đã cập nhật và sửa đổi đáng kể nội dung trước đó, đồng thời bổ sung thêm các chủ đề mới trở nên quan trọng.Cuốn sách này giải thích các khái niệm phức tạp một cách thân thiện và trực quan. Đối với các tiêu chuẩn giao thức, nó giải thích các ràng buộc khác nhau và các quyết định của ủy ban dẫn đến các thiết kế hiện tại. Đối với các thuật toán mã hóa, nó giải thích trực giác đằng sau các thiết kế, cũng như các kiểu tấn công mà thuật toán được thiết kế để tránh. Nó giải thích các kỹ thuật triển khai có thể gây ra lỗ hổng ngay cả khi bản thân mật mã là hợp lý. Các bài tập về nhà giúp bạn hiểu sâu hơn về các khái niệm và công nghệ, đồng thời bảng thuật ngữ cập nhật sẽ làm sáng tỏ các thuật ngữ của lĩnh vực này. An ninh mạng, Phiên bản thứ ba sẽ thu hút nhiều độc giả, từ những người thiết kế và đánh giá hệ thống bảo mật đến quản trị viên hệ thống và lập trình viên muốn hiểu rõ hơn về lĩnh vực quan trọng này. Nó cũng có thể được sử dụng làm sách giáo khoa ở bậc đại học hoặc cao học.Bảo hiểm bao gồmKhái niệm cơ bản về giao thức bảo mật mạng và mật mãCân nhắc thiết kế và kỹ thuật cho thuật toán băm và khóa bí mật (AES, DES, SHA-1, SHA-2, SHA-3)Các thuật toán khóa công khai thế hệ đầu tiên (RSA, Diffie-Hellman, ECC)Cách thức hoạt động của máy tính lượng tử và lý do chúng đe dọa các thuật toán khóa công khai thế hệ đầu tiênXác thực đa yếu tố của con ngườiGiao tiếp thời gian thực (SSL/TLS, SSH, IPsec) Ứng dụng mới (tiền điện tử, blockchain)Các kỹ thuật mã hóa mới (mã hóa đồng cấu, tính toán nhiều bên an toàn)
  1. Chapter 1Introduction1.1 Opinions, Products1.2 Roadmap to the Book1.3 Terminology1.4 Notation1.5 Cryptographically Protected Sessions1.6 Active and Passive Attacks1.7 Legal Issues 1.7.1 Patents 1.7.2 Government Regulations1.8 Some Network Basics 1.8.1 Network Layers 1.8.2 TCP and UDP Ports 1.8.3 DNS (Domain Name System) 1.8.4 HTTP and URLs 1.8.5 Web Cookies1.9 Names for Humans1.10 Authentication and Authorization 1.10.1 ACL (Access Control List) 1.10.2 Central Administration/Capabilities 1.10.3 Groups 1.10.4 Cross-Organizational and Nested Groups 1.10.5 Roles1.11 Malware: Viruses, Worms, Trojan Horses 1.11.1 Where Does Malware Come From? 1.11.2 Virus Checkers1.12 Security Gateway 1.12.1 Firewall 1.12.2 Application-Level Gateway/Proxy 1.12.3 Secure Tunnels 1.12.4 Why Firewalls Don't Work1.13 Denial-of-Service (DoS) Attacks1.14 NAT (Network Address Translation) 1.14.1 Summary
  2. Chapter 2Introduction to Cryptography2.1 Introduction 2.1.1 The Fundamental Tenet of Cryptography 2.1.2 Keys 2.1.3 Computational Difficulty 2.1.4 To Publish or Not to Publish 2.1.5 Earliest Encryption 2.1.6 One-Time Pad (OTP)2.2 Secret Key Cryptography 2.2.1 Transmitting Over an Insecure Channel 2.2.2 Secure Storage on Insecure Media 2.2.3 Authentication 2.2.4 Integrity Check2.3 Public Key Cryptography 2.3.1 Transmitting Over an Insecure Channel 2.3.2 Secure Storage on Insecure Media 2.3.3 Authentication 2.3.4 Digital Signatures2.4 Hash Algorithms 2.4.1 Password Hashing 2.4.2 Message Integrity 2.4.3 Message Fingerprint 2.4.4 Efficient Digital Signatures2.5 Breaking an Encryption Scheme 2.5.1 Ciphertext Only 2.5.2 Known Plaintext 2.5.3 Chosen Plaintext 2.5.4 Chosen Ciphertext 2.5.5 Side-Channel Attacks2.6 Random Numbers 2.6.1 Gathering Entropy 2.6.2 Generating Random Seeds 2.6.3 Calculating a Pseudorandom Stream from the Seed 2.6.4 Periodic Reseeding 2.6.5 Types of Random Numbers 2.6.6 Noteworthy Mistakes2.7 Numbers 2.7.1 Finite Fields 2.7.2 Exponentiation 2.7.3 Avoiding a Side-Channel Attack 2.7.4 Types of Elements used in Cryptography 2.7.5 Euclidean Algorithm 2.7.6 Chinese Remainder Theorem2.8 Homework
  3. Chapter 3Secret Key Cryptography3.1 Introduction3.2 Generic Block Cipher Issues 3.2.1 Blocksize, Keysize 3.2.2 Completely General Mapping 3.2.3 Looking Random3.3 Constructing a Practical Block Cipher 3.3.1 Per-Round Keys 3.3.2 S-boxes and Bit Shuffles 3.3.3 Feistel Ciphers3.4 Choosing Constants3.5 Data Encryption Standard (DES) 3.5.1 DES Overview 3.5.2 The Mangler Function 3.5.3 Undesirable Symmetries 3.5.4 What's So Special About DES?3.6 3DES (Multiple Encryption DES) 3.6.1 How Many Encryptions? 3.6.1.1 Encrypting Twice with the Same Key 3.6.1.2 Encrypting Twice with Two Keys 3.6.1.3 Triple Encryption with Only Two Keys3.6.2 Why EDE Rather Than EEE?3.7 Advanced Encryption Standard (AES) 3.7.1 Origins of AES 3.7.2 Broad Overview 3.7.3 AES Overview 3.7.4 Key Expansion 3.7.5 Inverse Rounds 3.7.6 Software Implementations of AES3.8 RC43.9 Homework
  4. Chapter 4Modes of Operation4.1 Introduction4.2 Encrypting a Large Message 4.2.1 ECB (Electronic Code Book) 4.2.2 CBC (Cipher Block Chaining) 4.2.2.1 Randomized ECB 4.2.2.2 CBC 4.2.2.3 CBC Threat—Modifying Ciphertext Blocks 4.2.3 CTR (Counter Mode) 4.2.3.1 Choosing IVs for CTR Mode 4.2.4 XEX (XOR Encrypt XOR) 4.2.5 XTS (XEX with Ciphertext Stealing)4.3 Generating MACs 4.3.1 CBC-MAC 4.3.1.1 CBC Forgery Attack 4.3.2 CMAC 4.3.3 GMAC 4.3.3.1 GHASH 4.3.3.2 Transforming GHASH into GMAC4.4 Ensuring Privacy and Integrity Together 4.4.1 CCM (Counter with CBC-MAC) 4.4.2 GCM (Galois/Counter Mode)4.5 Performance Issues4.6 Homework
  5. Chapter 5Cryptographic Hashes5.1 Introduction5.2 The Birthday Problem5.3 A Brief History of Hash Functions5.4 Nifty Things to Do with a Hash 5.4.1 Digital Signatures 5.4.2 Password Database 5.4.3 Secure Shorthand of Larger Piece of Data 5.4.4 Hash Chains 5.4.5 Blockchain 5.4.6 Puzzles 5.4.7 Bit Commitment 5.4.8 Hash Trees 5.4.9 Authentication 5.4.10 Computing a MAC with a Hash 5.4.11 HMAC 5.4.12 Encryption with a Secret and a Hash Algorithm5.5 Creating a Hash Using a Block Cipher5.6 Construction of Hash Functions 5.6.1 Construction of MD4, MD5, SHA-1 and SHA-2 5.6.2 Construction of SHA-35.7 Padding 5.7.1 MD4, MD5, SHA-1, and SHA2-256 Message Padding 5.7.2 SHA-3 Padding Rule5.8 The Internal Encryption Algorithms 5.8.1 SHA-1 Internal Encryption Algorithm 5.8.2 SHA-2 Internal Encryption Algorithm5.9 SHA-3fFunction (Also Known as KECCAK-f)5.10 Homework
  6. Chapter 6First-Generation Public Key Algorithms6.1 Introduction6.2 Modular Arithmetic 6.2.1 Modular Addition 6.2.2 Modular Multiplication 6.2.3 Modular Exponentiation 6.2.4 Fermat's Theorem and Euler's Theorem6.3 RSA 6.3.1 RSA Algorithm 6.3.2 Why Does RSA Work? 6.3.3 Why Is RSA Secure? 6.3.4 How Efficient Are the RSA Operations? 6.3.4.1 Exponentiating with Big Numbers 6.3.4.2 Generating RSA Keys 6.3.4.3 Why a Non-Prime Has Multiple Square Roots of One 6.3.4.4 Having a Small Constante 6.3.4.5 Optimizing RSA Private Key Operations 6.3.5 Arcane RSA Threats 6.3.5.1 Smooth Numbers 6.3.5.2 The Cube Root Problem 6.3.6 Public-Key Cryptography Standard (PKCS) 6.3.6.1 Encryption 6.3.6.2 The Million-Message Attack 6.3.6.3 Signing6.4 Diffie-Hellman 6.4.1 MITM (Meddler-in-the-Middle) Attack 6.4.2 Defenses Against MITM Attack 6.4.3 Safe Primes and the Small-Subgroup Attack 6.4.4 ElGamal Signatures6.5 Digital Signature Algorithm (DSA) 6.5.1 The DSA Algorithm 6.5.2 Why Is This Secure? 6.5.3 Per-Message Secret Number6.6 How Secure Are RSA and Diffie-Hellman?6.7 Elliptic Curve Cryptography (ECC) 6.7.1 Elliptic Curve Diffie-Hellman (ECDH) 6.7.2 Elliptic Curve Digital Signature Algorithm (ECDSA)6.8 Homework
  7. Chapter 7Quantum Computing7.1 What Is a Quantum Computer? 7.1.1 A Preview of the Conclusions 7.1.2 First, What Is a Classical Computer? 7.1.3 Qubits and Superposition 7.1.3.1 Example of a Qubit 7.1.3.2 Multi-Qubit States and Entanglement 7.1.4 States and Gates as Vectors and Matrices 7.1.5 Becoming Superposed and Entangled 7.1.6 Linearity 7.1.6.1 No Cloning Theorem 7.1.7 Operating on Entangled Qubits 7.1.8 Unitarity 7.1.9 Doing Irreversible Operations by Measurement 7.1.10 Making Irreversible Classical Operations Reversible 7.1.11 Universal Gate Sets7.2 Grover's Algorithm 7.2.1 Geometric Description 7.2.2 How to Negate the Amplitude of |k⟩ 7.2.3 How to Reflect All the Amplitudes Across the Mean 7.2.4 Parallelizing Grover's Algorithm7.3 Shor's Algorithm 7.3.1 Why Exponentiation modnIs a Periodic Function 7.3.2 How Finding the Period ofaxmodnLets You Factorn 7.3.3 Overview of Shor's Algorithm 7.3.4 Converting to the Frequency Graph—Introduction 7.3.5 The Mechanics of Converting to the Frequency Graph 7.3.6 Calculating the Period 7.3.7 Quantum Fourier Transform7.4 Quantum Key Distribution (QKD) 7.4.1 Why It's Sometimes Called Quantum Encryption 7.4.2 Is Quantum Key Distribution Important?7.5 How Hard Are Quantum Computers to Build?7.6 Quantum Error Correction7.7 Homework
  8. Chapter 8Post-Quantum Cryptography8.1 Signature and/or Encryption Schemes 8.1.1 NIST Criteria for Security Levels 8.1.2 Authentication 8.1.3 Defense Against Dishonest Ciphertext8.2 Hash-based Signatures 8.2.1 Simplest Scheme – Signing a Single Bit 8.2.2 Signing an Arbitrary-sized Message 8.2.3 Signing Lots of Messages 8.2.4 Deterministic Tree Generation 8.2.5 Short Hashes 8.2.6 Hash Chains 8.2.7 Standardized Schemes 8.2.7.1 Stateless Schemes8.3 Lattice-Based Cryptography 8.3.1 A Lattice Problem 8.3.2 Optimization: Matrices with Structure 8.3.3 NTRU-Encryption Family of Lattice Encryption Schemes 8.3.3.1 Bob Computes a (Public, Private) Key Pair 8.3.3.2 How Bob Decrypts to Findm 8.3.3.3 How Does this Relate to Lattices? 8.3.4 Lattice-Based Signatures 8.3.4.1 Basic Idea 8.3.4.2 Insecure Scheme 8.3.4.3 Fixing the Scheme 8.3.5 Learning with Errors (LWE) 8.3.5.1 LWE Optimizations 8.3.5.2 LWE-based NIST Submissions8.4 Code-based Schemes 8.4.1 Non-cryptographic Error-correcting Codes 8.4.1.1 Invention Step 8.4.1.2 Codeword Creation Step 8.4.1.3 Misfortune Step 8.4.1.4 Diagnosis Step 8.4.2 The Parity-Check Matrix 8.4.3 Cryptographic Public Key Code-based Scheme 8.4.3.1 Neiderreiter Optimization 8.4.3.2 Generating a Public Key Pair 8.4.3.3 Using Circulant Matrices8.5 Multivariate Cryptography 8.5.1 Solving Linear Equations 8.5.2 Quadratic Polynomials 8.5.3 Polynomial Systems 8.5.4 Multivariate Signature Systems 8.5.4.1 Multivariate Public Key Signatures8.6 Homework
  9. Chapter 9Authentication of People9.1 Password-based Authentication 9.1.1 Challenge-Response Based on Password 9.1.2 Verifying Passwords9.2 Address-based Authentication 9.2.1 Network Address Impersonation9.3 Biometrics9.4 Cryptographic Authentication Protocols9.5 Who Is Being Authenticated?9.6 Passwords as Cryptographic Keys9.7 On-Line Password Guessing9.8 Off-Line Password Guessing9.9 Using the Same Password in Multiple Places9.10 Requiring Frequent Password Changes9.11 Tricking Users into Divulging Passwords9.12 Lamport's Hash9.13 Password Managers9.14 Web Cookies9.15 Identity Providers (IDPs)9.16 Authentication Tokens 9.16.1 Disconnected Tokens 9.16.2 Public Key Tokens9.17 Strong Password Protocols 9.17.1 Subtle Details 9.17.2 Augmented Strong Password Protocols 9.17.3 SRP (Secure Remote Password)9.18 Credentials Download Protocols9.19 Homework
  10. Chapter 10Trusted Intermediaries10.1 Introduction10.2 Functional Comparison10.3 Kerberos 10.3.1 KDC Introduces Alice to Bob 10.3.2 Alice Contacts Bob 10.3.3 Ticket Granting Ticket (TGT) 10.3.4 Interrealm Authentication 10.3.5 Making Password-Guessing Attacks Difficult 10.3.6 Double TGT Protocol 10.3.7 Authorization Information 10.3.8 Delegation10.4 PKI 10.4.1 Some Terminology 10.4.2 Names in Certificates10.5 Website Gets a DNS Name and Certificate10.6 PKI Trust Models 10.6.1 Monopoly Model 10.6.2 Monopoly plus Registration Authorities (RAs) 10.6.3 Delegated CAs 10.6.4 Oligarchy 10.6.5 Anarchy Model 10.6.6 Name Constraints 10.6.7 Top-Down with Name Constraints 10.6.8 Multiple CAs for Any Namespace Node 10.6.9 Bottom-Up with Name Constraints 10.6.9.1 Functionality of Up-Links 10.6.9.2 Functionality of Cross-Links 10.6.10 Name Constraints in PKIX Certificates10.7 Building Certificate Chains10.8 Revocation 10.8.1 CRL (Certificate Revocation list 10.8.2 Online Certificate Status Protocol (OCSP) 10.8.3 Good-Lists vs. Bad-Lists10.9 Other Information in a PKIX Certificate10.10 Issues with Expired Certificates10.11 DNSSEC (DNS Security Extensions)10.12 Homework
  11. Chapter 11Communication Session Establishment11.1 One-way Authentication of Alice 11.1.1 Timestamps vs. Challenges 11.1.2 One-Way Authentication of Alice using a Public Key11.2 Mutual Authentication 11.2.1 Reflection Attack 11.2.2 Timestamps for Mutual Authentication11.3 Integrity/Encryption for Data 11.3.1 Session Key Based on Shared Secret Credentials 11.3.2 Session Key Based on Public Key Credentials 11.3.3 Session Key Based on One-Party Public Keys11.4 Nonce Types11.5 Intentional MITM11.6 Detecting MITM11.7 What Layer?11.8 Perfect Forward Secrecy11.9 Preventing Forged Source Addresses 11.9.1 Allowing Bob to Be Stateless in TCP 11.9.2 Allowing Bob to Be Stateless in IPsec11.10 Endpoint Identifier Hiding11.11 Live Partner Reassurance11.12 Arranging for Parallel Computation11.13 Session Resumption/Multiple Sessions11.14 Plausible Deniability11.15 Negotiating Crypto Parameters 11.15.1 Suites vs. à la Carte 11.15.2 Downgrade Attack11.16 Homework
  12. Chapter 12IPsec12.1 IPsec Security Associations 12.1.1 Security Association Database 12.1.2 Security Policy Database 12.1.3 IKE-SAs and Child-SAs12.2 IKE (Internet Key Exchange Protocol)12.3 Creating a Child-SA12.4 AH and ESP 12.4.1 ESP Integrity Protection 12.4.2 Why Protect the IP Header? 12.4.3 Tunnel, Transport Mode 12.4.4 IPv4 Header 12.4.5 IPv6 Header12.5 AH (Authentication Header)12.6 ESP (Encapsulating Security Payload)12.7 Comparison of Encodings12.8 Homework
  13. Chapter 13SSL/TLS and SSH13.1 Using TCP13.2 StartTLS13.3 Functions in the TLS Handshake13.4 TLS 1.2 (and Earlier) Basic Protocol13.5 TLS 1.313.6 Session Resumption13.7 PKI as Deployed by TLS13.8 SSH (Secure Shell) 13.8.1 SSH Authentication 13.8.2 SSH Port Forwarding13.9 Homework
  14. Chapter 14Electronic Mail Security14.1 Distribution Lists14.2 Store and Forward14.3 Disguising Binary as Text14.4 HTML-Formatted Email14.5 Attachments14.6 Non-cryptographic Security Features 14.6.1 Spam Defenses14.7 Malicious Links in Email14.8 Data Loss Prevention (DLP)14.9 Knowing Bob's Email Address14.10 Self-Destruct, Do-Not-Forward,14.11 Preventing Spoofing of From Field14.12 In-Flight Encryption14.13 End-to-End Signed and Encrypted Email14.14 Encryption by a Server14.15 Message Integrity14.16 Non-Repudiation14.17 Plausible Deniability14.18 Message Flow Confidentiality14.19 Anonymity14.20 Homework
  15. Chapter 15Electronic Money15.1 ECASH15.2 Offline eCash 15.2.1 Practical Attacks15.3 Bitcoin 15.3.1 Transactions 15.3.2 Bitcoin Addresses 15.3.3 Blockchain 15.3.4 The Ledger 15.3.5 Mining 15.3.6 Blockchain Forks 15.3.7 Why Is Bitcoin So Energy-Intensive? 15.3.8 Integrity Checks: Proof of Work vs. Digital Signatures 15.3.9 Concerns15.4 Wallets for Electronic Currency15.5 Homework
  16. Chapter 16Cryptographic Tricks16.1 Secret Sharing16.2 Blind Signature16.3 Blind Decryption16.4 Zero-Knowledge Proofs 16.4.1 Graph Isomorphism ZKP 16.4.2 Proving Knowledge of a Square Root 16.4.3 Noninteractive ZKP16.5 Group Signatures 16.5.1 Trivial Group Signature Schemes 16.5.1.1 Single Shared Key 16.5.1.2 Group Membership Certificate 16.5.1.3 Multiple Group Membership Certificates 16.5.1.4 Blindly Signed Multiple Group Membership Certificates 16.5.2 Ring Signatures 16.5.3 DAA (Direct Anonymous Attestation) 16.5.4 EPID (Enhanced Privacy ID)16.6 Circuit Model16.7 Secure Multiparty Computation (MPC)16.8 Fully Homomorphic Encryption (FHE) 16.8.1 Bootstrapping 16.8.2 Easy-to-Understand Scheme16.9 Homework
  17. Chapter 17Folklore17.1 Misconceptions17.2 Perfect Forward Secrecy17.3 Change Encryption Keys Periodically17.4 Don't Encrypt without Integrity Protection17.5 Multiplexing Flows over One Secure Session 17.5.1 The Splicing Attack 17.5.2 Service Classes 17.5.3 Different Cryptographic Algorithms17.6 Using Different Secret Keys 17.6.1 For Initiator and Responder in Handshake 17.6.2 For Encryption and Integrity 17.6.3 In Each Direction of a Secure Session17.7 Using Different Public Keys 17.7.1 Use Different Keys for Different Purposes 17.7.2 Different Keys for Signing and Encryption17.8 Establishing Session Keys 17.8.1 Have Both Sides Contribute to the Master Key 17.8.2 Don't Let One Side Determine the Key17.9 Hash in a Constant When Hashing a Password17.10 HMAC Rather than Simple Keyed Hash17.11 Key Derivation17.12 Use of Nonces in Protocols17.13 Creating an Unpredictable Nonce17.14 Compression17.15 Minimal vs. Redundant Designs17.16 Overestimate the Size of Key17.17 Hardware Random Number Generators17.18 Put Checksums at the End of Data17.19 Forward Compatibility 17.19.1 Options 17.19.2 Version Numbers 17.19.2.1 Version Number Field Must Not Move 17.19.2.2 Negotiating Highest Version Supported 17.19.2.3 Minor Version Number FieldGlossaryMathM.1 IntroductionM.2 Some definitions and notationM.3 ArithmeticM.4 Abstract AlgebraM.5 Modular Arithmetic M.5.1 How Do Computers Do Arithmetic? M.5.2 Computing Inverses in Modular Arithmetic M.5.2.1 The Euclidean Algorithm M.5.2.2 The Chinese Remainder Theorem M.5.3 How Fast Can We Do Arithmetic?M.6 GroupsM.7 Fields M.7.1 Polynomials M.7.2 Finite Fields M.7.2.1 What Sizes Can Finite Fields Be? M.7.2.2 Representing a FieldM.8 Mathematics of Rijndael M.8.1 A Rijndael RoundM.9 Elliptic Curve CryptographyM.10 RingsM.11 Linear TransformationsM.12 Matrix Arithmetic M.12.1 Permutations M.12.2 Matrix Inverses M.12.2.1 Gaussian EliminationM.13 Determinants M.13.1 Properties of Determinants M.13.1.1 Adjugate of a Matrix M.13.2 Proof: Determinant of Product is Product of DeterminantsM.14 HomeworkBibliography 9780136643609 TOC 8/2/2022
Chat Zalo