We use cookies to provide essential features and services. By using our website you agree to our use of cookies .

×

Warehouse Stock Clearance Sale

Grab a bargain today!

Introduction to Network Security
By

Rating

Product Description
Product Details

Table of Contents

Preface xv About the Authors xix 1 Network Security Overview 1

1.1 Mission and Definitions 1

1.2 Common Attacks and Defense Mechanisms 3

1.2.1 Eavesdropping 31.2.2 Cryptanalysis 41.2.3 Password Pilfering 51.2.4 Identity Spoofing 131.2.5 Buffer-Overflow Exploitations 161.2.6 Repudiation 181.2.7 Intrusion 191.2.8 Traffic Analysis 191.2.9 Denial of Service Attacks 201.2.10 Malicious Software 22

1.3 Attacker Profiles 25

1.3.1 Hackers 251.3.2 Script Kiddies 261.3.3 Cyber Spies 261.3.4 Vicious Employees 271.3.5 Cyber Terrorists 271.3.6 Hypothetical Attackers 27

1.4 Basic Security Model 27

1.5 Security Resources 29

1.5.1 CERT 291.5.2 SANS Institute 291.5.3 Microsoft Security 291.5.4 NTBugtraq 291.5.5 Common Vulnerabilities and Exposures 30

1.6 Closing Remarks 30

1.7 Exercises 30

1.7.1 Discussions 301.7.2 Homework 312 Data Encryption Algorithms 45

2.1 Data Encryption Algorithm Design Criteria 45

2.1.1 ASCII Code 462.1.2 XOR Encryption 462.1.3 Criteria of Data Encryptions 482.1.4 Implementation Criteria 50

2.2 Data Encryption Standard 50

2.2.1 Feistel's Cipher Scheme 502.2.2 DES Subkeys 522.2.3 DES Substitution Boxes 542.2.4 DES Encryption 552.2.5 DES Decryption and Correctness Proof 572.2.6 DES Security Strength 58

2.3 Multiple DES 59

2.3.1 Triple-DES with Two Keys 592.3.2 2DES and 3DES/3 592.3.3 Meet-in-the-Middle Attacks on 2DES 60

2.4 Advanced Encryption Standard 61

2.4.1 AES Basic Structures 612.4.2 AES S-Boxes 632.4.3 AES-128 Round Keys 652.4.4 Add Round Keys 662.4.5 Substitute-Bytes 672.4.6 Shift-Rows 672.4.7 Mix-Columns 672.4.8 AES-128 Encryption 682.4.9 AES-128 Decryption and Correctness Proof 692.4.10 Galois Fields 702.4.11 Construction of the AES S-Box and Its Inverse 732.4.12 AES Security Strength 74

2.5 Standard Block Cipher Modes of Operations 74

2.5.1 Electronic-Codebook Mode 752.5.2 Cipher-Block-Chaining Mode 752.5.3 Cipher-Feedback Mode 752.5.4 Output-Feedback Mode 762.5.5 Counter Mode 76

2.6 Offset Codebook Mode of Operations 77

2.6.1 Basic Operations 772.6.2 OCB Encryption and Tag Generation 782.6.3 OCB Decryption and Tag Verification 79

2.7 Stream Ciphers 80

2.7.1 RC4 Stream Cipher 802.7.2 RC4 Security Weaknesses 81

2.8 Key Generations 83

2.8.1 ANSI X9.17 PRNG 832.8.2 BBS Pseudorandom Bit Generator 83

2.9 Closing Remarks 84

2.10 Exercises 85

2.10.1 Discussions 852.10.2 Homework 853 Public-Key Cryptography and Key Management 93

3.1 Concepts of Public-Key Cryptography 93

3.2 Elementary Concepts and Theorems in Number Theory 95

3.2.1 Modular Arithmetic and Congruence Relations 963.2.2 Modular Inverse 963.2.3 Primitive Roots 983.2.4 Fast Modular Exponentiation 983.2.5 Finding Large Prime Numbers 1003.2.6 The Chinese Remainder Theorem 1013.2.7 Finite Continued Fractions 102

3.3 Diffie-Hellman Key Exchange 103

3.3.1 Key Exchange Protocol 1033.3.2 Man-in-the-Middle Attacks 1043.3.3 Elgamal PKC 106

3.4 RSA Cryptosystem 106

3.4.1 RSA Key Pairs, Encryptions, and Decryptions 1063.4.2 RSA Parameter Attacks 1093.4.3 RSA Challenge Numbers 112

3.5 Elliptic-Curve Cryptography 113

3.5.1 Commutative Groups on Elliptic Curves 1133.5.2 Discrete Elliptic Curves 1153.5.3 ECC Encodings 1163.5.4 ECC Encryption and Decryption 1173.5.5 ECC Key Exchange 1183.5.6 ECC Strength 118

3.6 Key Distributions and Management 118

3.6.1 Master Keys and Session Keys 1193.6.2 Public-Key Certificates 1193.6.3 CA Networks 1203.6.4 Key Rings 121

3.7 Closing Remarks 123

3.8 Exercises 123

3.8.1 Discussions 1233.8.2 Homework 1244 Data Authentication 129

4.1 Cryptographic Hash Functions 129

4.1.1 Design Criteria of Cryptographic Hash Functions 1304.1.2 Quest for Cryptographic Hash Functions 1314.1.3 Basic Structure of Standard Hash Functions 1324.1.4 SHA-512 1324.1.5 WHIRLPOOL 1354.1.6 SHA-3 Standard 139

4.2 Cryptographic Checksums 143

4.2.1 Exclusive-OR Cryptographic Checksums 1434.2.2 Design Criteria of MAC Algorithms 1444.2.3 Data Authentication Algorithm 144

4.3 HMAC 144

4.3.1 Design Criteria of HMAC 1444.3.2 HMAC Algorithm 145

4.4 Birthday Attacks 145

4.4.1 Complexity of Breaking Strong Collision Resistance 1464.4.2 Set Intersection Attack 147

4.5 Digital Signature Standard 149

4.5.1 Signing 1494.5.2 Signature Verifying 1504.5.3 Correctness Proof of Signature Verification 1504.5.4 Security Strength of DSS 151

4.6 Dual Signatures and Electronic Transactions 151

4.6.1 Dual Signature Applications 1524.6.2 Dual Signatures and Electronic Transactions 152

4.7 Blind Signatures and Electronic Cash 153

4.7.1 RSA Blind Signatures 1534.7.2 Electronic Cash 1544.7.3 Bitcoin 156

4.8 Closing Remarks 158

4.9 Exercises 158

4.9.1 Discussions 1584.9.2 Homework 1585 Network Security Protocols in Practice 165

5.1 Crypto Placements in Networks 165

5.1.1 Crypto Placement at the Application Layer 1685.1.2 Crypto Placement at the Transport Layer 1685.1.3 Crypto Placement at the Network Layer 1685.1.4 Crypto Placement at the Data-Link Layer 1695.1.5 Implementations of Crypto Algorithms 169

5.2 Public-Key Infrastructure 170

5.2.1 X.509 Public-Key Infrastructure 1705.2.2 X.509 Certificate Formats 171

5.3 IPsec: A Security Protocol at the Network Layer 173

5.3.1 Security Association 1735.3.2 Application Modes and Security Associations 1745.3.3 AH Format 1765.3.4 ESP Format 1785.3.5 Secret Key Determination and Distribution 179

5.4 SSL/TLS: Security Protocols at the Transport Layer 183

5.4.1 SSL Handshake Protocol 1845.4.2 SSL Record Protocol 187

5.5 PGP and S/MIME: Email Security Protocols 188

5.5.1 Basic Email Security Mechanisms 1895.5.2 PGP 1905.5.3 S/MIME 191

5.6 Kerberos: An Authentication Protocol 192

5.6.1 Basic Ideas 1925.6.2 Single-Realm Kerberos 1935.6.3 Multiple-Realm Kerberos 195

5.7 SSH: Security Protocols for Remote Logins 197

5.8 Electronic Voting Protocols 198

5.8.1 Interactive Proofs 1985.8.2 Re-encryption Schemes 1995.8.3 Threshold Cryptography 2005.8.4 The Helios Voting Protocol 202

5.9 Closing Remarks 204

5.10 Exercises 204

5.10.1 Discussions 2045.10.2 Homework 2046 Wireless Network Security 211

6.1 Wireless Communications and 802.11 WLAN Standards 211

6.1.1 WLAN Architecture 2126.1.2 802.11 Essentials 2136.1.3 Wireless Security Vulnerabilities 214

6.2 Wired Equivalent Privacy 215

6.2.1 Device Authentication and Access Control 2156.2.2 Data Integrity Check 2156.2.3 LLC Frame Encryption 2166.2.4 Security Flaws of WEP 218

6.3 Wi-Fi Protected Access 221

6.3.1 Device Authentication and Access Controls 2216.3.2 TKIP Key Generations 2226.3.3 TKIP Message Integrity Code 2246.3.4 TKIP Key Mixing 2266.3.5 WPA Encryption and Decryption 2296.3.6 WPA Security Strength and Weaknesses 229

6.4 IEEE 802.11i/WPA2 230

6.4.1 Key Generations 2316.4.2 CCMP Encryptions and MIC 2316.4.3 802.11i Security Strength and Weaknesses 232

6.5 Bluetooth Security 233

6.5.1 Piconets 2336.5.2 Secure Pairings 2356.5.3 SAFER+ Block Ciphers 2356.5.4 Bluetooth Algorithms E1, E21, and E22 2386.5.5 Bluetooth Authentication 2406.5.6 A PIN Cracking Attack 2416.5.7 Bluetooth Secure Simple Pairing 242

6.6 ZigBee Security 243

6.6.1 Joining a Network 2436.6.2 Authentication 2446.6.3 Key Establishment 2446.6.4 Communication Security 245

6.7 Wireless Mesh Network Security 245

6.7.1 Blackhole Attacks 2476.7.2 Wormhole Attacks 2476.7.3 Rushing Attacks 2476.7.4 Route-Error-Injection Attacks 247

6.8 Closing Remarks 248

6.9 Exercises 248

6.9.1 Discussions 2486.9.2 Homework 2487 Cloud Security 253

7.1 The Cloud Service Models 253

7.1.1 The REST Architecture 2547.1.2 Software-as-a-Service 2547.1.3 Platform-as-a-Service 2547.1.4 Infrastructure-as-a-Service 2547.1.5 Storage-as-a-Service 255

7.2 Cloud Security Models 255

7.2.1 Trusted-Third-Party 2557.2.2 Honest-but-Curious 2557.2.3 Semi-Honest-but-Curious 255

7.3 Multiple Tenancy 256

7.3.1 Virtualization 2567.3.2 Attacks 258

7.4 Access Control 258

7.4.1 Access Control in Trusted Clouds 2597.4.2 Access Control in Untrusted Clouds 260

7.5 Coping with Untrusted Clouds 263

7.5.1 Proofs of Storage 2647.5.2 Secure Multiparty Computation 2657.5.3 Oblivious Random Access Machines 268

7.6 Searchable Encryption 271

7.6.1 Keyword Search 2717.6.2 Phrase Search 2747.6.3 Searchable Encryption Attacks 2757.6.4 Searchable Symmetric Encryptions for the SHBC Clouds 276

7.7 Closing Remarks 280

7.8 Exercises 280

7.8.1 Discussions 2807.8.2 Homework 2808 Network Perimeter Security 283

8.1 General Firewall Framework 284

8.2 Packet Filters 285

8.2.1 Stateless Filtering 2858.2.2 Stateful Filtering 287

8.3 Circuit Gateways 288

8.3.1 Basic Structures 2888.3.2 SOCKS 290

8.4 Application Gateways 290

8.4.1 Cache Gateways 2918.4.2 Stateful Packet Inspections 291

8.5 Trusted Systems and Bastion Hosts 291

8.5.1 Trusted Operating Systems 2928.5.2 Bastion hosts and Gateways 293

8.6 Firewall Configurations 294

8.6.1 Single-Homed Bastion Host System 2948.6.2 Dual-Homed Bastion Host System 2948.6.3 Screened Subnets 2968.6.4 Demilitarized Zones 2978.6.5 Network Security Topology 297

8.7 Network Address Translations 298

8.7.1 Dynamic NAT 2988.7.2 Virtual Local Area Networks 2988.7.3 Small Office and Home Office Firewalls 299

8.8 Setting Up Firewalls 299

8.8.1 Security Policy 3008.8.2 Building a Linux Stateless Packet Filter 300

8.9 Closing Remarks 301

8.10 Exercises 301

8.10.1 Discussions 3018.10.2 Homework 3029 Intrusion Detections 309

9.1 Basic Ideas of Intrusion Detection 309

9.1.1 Basic Methodology 3109.1.2 Auditing 3119.1.3 IDS Components 3129.1.4 IDS Architecture 3139.1.5 Intrusion Detection Policies 3159.1.6 Unacceptable Behaviors 316

9.2 Network-Based Detections and Host-Based Detections 316

9.2.1 Network-Based Detections 3179.2.2 Host-Based Detections 318

9.3 Signature Detections 319

9.3.1 Network Signatures 3209.3.2 Host-Based Signatures 3219.3.3 Outsider Behaviors and Insider Misuses 3229.3.4 Signature Detection Systems 323

9.4 Statistical Analysis 324

9.4.1 Event Counter 3249.4.2 Event Gauge 3249.4.3 Event Timer 3259.4.4 Resource Utilization 3259.4.5 Statistical Techniques 325

9.5 Behavioral Data Forensics 325

9.5.1 Data Mining Techniques 3269.5.2 A Behavioral Data Forensic Example 326

9.6 Honeypots 327

9.6.1 Types of Honeypots 3279.6.2 Honeyd 3289.6.3 MWCollect Projects 3319.6.4 Honeynet Projects 331

9.7 Closing Remarks 331

9.8 Exercises 332

9.8.1 Discussions 3329.8.2 Homework 33210 The Art of Anti-Malicious Software 337

10.1 Viruses 337

10.1.1 Virus Types 33810.1.2 Virus Infection Schemes 34010.1.3 Virus Structures 34110.1.4 Compressor Viruses 34210.1.5 Virus Disseminations 34310.1.6 Win32 Virus Infection Dissection 34410.1.7 Virus Creation Toolkits 345

10.2 Worms 346

10.2.1 Common Worm Types 34610.2.2 The Morris Worm 34610.2.3 The Melissa Worm 34710.2.4 The Code Red Worm 34810.2.5 The Conficker Worm 34810.2.6 Other Worms Targeted at Microsoft Products 34910.2.7 Email Attachments 350

10.3 Trojans 351

10.3.1 Ransomware 353

10.4 Malware Defense 353

10.4.1 Standard Scanning Methods 35410.4.2 Anti-Malicious-Software Products 35410.4.3 Malware Emulator 355

10.5 Hoaxes 356

10.6 Peer-to-Peer Security 357

10.6.1 P2P Security Vulnerabilities 35710.6.2 P2P Security Measures 35910.6.3 Instant Messaging 35910.6.4 Anonymous Networks 359

10.7 Web Security 360

10.7.1 Basic Types of Web Documents 36110.7.2 Security of Web Documents 36210.7.3 ActiveX 36310.7.4 Cookies 36410.7.5 Spyware 36510.7.6 AJAX Security 36510.7.7 Safe Web Surfing 367

10.8 Distributed Denial-of-Service Attacks 367

10.8.1 Master-Slave DDoS Attacks 36710.8.2 Master-Slave-Reflector DDoS Attacks 36710.8.3 DDoS Attacks Countermeasures 368

10.9 Closing Remarks 370

10.10 Exercises 370

10.10.1 Discussions 37010.10.2 Homework 370Appendix A 7-bit ASCII code 377 Appendix B SHA-512 Constants (in Hexadecimal) 379 Appendix C Data Compression Using ZIP 381

Exercise 382

Appendix D Base64 Encoding 383

Exercise 384

Appendix E Cracking WEP Keys Using WEPCrack 385

E.1 System Setup 385

AP 385

Trim Size: 170mm x 244mm Wang ftoc.tex V1 - 04/21/2015 10:14 P.M. Page xiv

xiv ContentsUser's Network Card 385Attacker's Network Card 386

E.2 Experiment Details 386

Step 1: Initial Setup 386Step 2: Attacker Setup 387Step 3: Collecting Weak Initialization Vectors 387Step 4: Cracking 387

E.3 Sample Code 388

Appendix F Acronyms 393 Further Reading 399 Index 406

About the Author

Jie Wang, University of Massachusetts Lowell, US

Zachary A. Kissel, Merrimack College, US

Ask a Question About this Product More...
Write your question below:
Look for similar items by category
Home » Books » Computers » Networking » General
Home » Books » Computers » Security » Networking
People also searched for
Item ships from and is sold by Fishpond Retail Limited.
Back to top