Actions for Information security [electronic resource] : principles and practice

Email RIS file
Bookmark
Report an Issue

Information security [electronic resource] : principles and practice / Mark Stamp

Author
Stamp, Mark
Published
Hoboken, N.J. : Wiley, [2011]
Copyright Date
©2011
Edition
2nd ed.
Physical Description
1 online resource
Access Online

Availability

I Want It
I Want It

Finding items...

Contents
Machine generated contents note: 1.Introduction -- 1.1.The Cast of Characters -- 1.2.Alice's Online Bank -- 1.2.1.Confidentiality, Integrity, and Availability -- 1.2.2.Beyond CIA -- 1.3.About This Book -- 1.3.1.Cryptography -- 1.3.2.Access Control -- 1.3.3.Protocols -- 1.3.4.Software -- 1.4.The People Problem -- 1.5.Principles and Practice -- 1.6.Problems -- I.Crypto -- 2.Crypto Basics -- 2.1.Introduction -- 2.2.How to Speak Crypto -- 2.3.Classic Crypto -- 2.3.1.Simple Substitution Cipher -- 2.3.2.Cryptanalysis of a Simple Substitution -- 2.3.3.Definition of Secure -- 2.3.4.Double Transposition Cipher -- 2.3.5.One-Time Pad -- 2.3.6.Project VENONA -- 2.3.7.Codebook Cipher -- 2.3.8.Ciphers of the Election of 1876 -- 2.4.Modern Crypto History -- 2.5.A Taxonomy of Cryptography -- 2.6.A Taxonomy of Cryptanalysis -- 2.7.Summary -- 2.8.Problems -- 3.Symmetric Key Crypto -- 3.1.Introduction -- 3.2.Stream Ciphers -- 3.2.1.A5/1 -- 3.2.2.RC4 -- 3.3.Block Ciphers -- 3.3.1.Feistel Cipher -- 3.3.2.DES -- 3.3.3.Triple DES -- 3.3.4.AES -- 3.3.5.Three More Block Ciphers -- 3.3.6.TEA -- 3.3.7.Block Cipher Modes -- 3.4.Integrity -- 3.5.Summary -- 3.6.Problems -- 4.Public Key Crypto -- 4.1.Introduction -- 4.2.Knapsack -- 4.3.RSA -- 4.3.1.Textbook RSA Example -- 4.3.2.Repeated Squaring -- 4.3.3.Speeding Up RSA -- 4.4.Diffie-Hellman -- 4.5.Elliptic Curve Cryptography -- 4.5.1.Elliptic Curve Math -- 4.5.2.ECC Diffie-Hellman -- 4.5.3.Realistic Elliptic Curve Example -- 4.6.Public Key Notation -- 4.7.Uses for Public Key Crypto -- 4.7.1.Confidentiality in the Real World -- 4.7.2.Signatures and Non-repudiation -- 4.7.3.Confidentiality and Non-repudiation -- 4.8.Public Key Infrastructure -- 4.9.Summary -- 4.10.Problems -- 5.Hash Functions++ -- 5.1.Introduction -- 5.2.What is a Cryptographic Hash Function? -- 5.3.The Birthday Problem -- 5.4.A Birthday Attack -- 5.5.Non-Cryptographic Hashes -- 5.6.Tiger Hash -- 5.7.HMAC -- 5.8.Uses for Hash Functions -- 5.8.1.Online Bids -- 5.8.2.Spam Reduction -- 5.9.Miscellaneous Crypto-Related Topics -- 5.9.1.Secret Sharing -- 5.9.2.Random Numbers -- 5.9.3.Information Hiding -- 5.10.Summary -- 5.11.Problems -- 6.Advanced Cryptanalysis -- 6.1.Introduction -- 6.2.Enigma -- 6.2.1.Enigma Cipher Machine -- 6.2.2.Enigma Keyspace -- 6.2.3.Rotors -- 6.2.4.Enigma Attack -- 6.3.RC4 as Used in WEP -- 6.3.1.RC4 Algorithm -- 6.3.2.RC4 Cryptanalytic Attack -- 6.3.3.Preventing Attacks on RC4 -- 6.4.Linear and Differential Cryptanalysis -- 6.4.1.Quick Review of DES -- 6.4.2.Overview of Differential Cryptanalysis -- 6.4.3.Overview of Linear Cryptanalysis -- 6.4.4.Tiny DES -- 6.4.5.Differential Cryptanalysis of TDES -- 6.4.6.Linear Cryptanalysis of TDES -- 6.4.7.Implications Block Cipher Design -- 6.5.Lattice Reduction and the Knapsack -- 6.6.RSA Timing Attacks -- 6.6.1.A Simple Timing Attack -- 6.6.2.Kocher's Timing Attack -- 6.7.Summary -- 6.8.Problems -- II.Access Control -- 7.Authentication -- 7.1.Introduction -- 7.2.Authentication Methods -- 7.3.Passwords -- 7.3.1.Keys Versus Passwords -- 7.3.2.Choosing Passwords -- 7.3.3.Attacking Systems via Passwords -- 7.3.4.Password Verification -- 7.3.5.Math of Password Cracking -- 7.3.6.Other Password Issues -- 7.4.Biometrics -- 7.4.1.Types of Errors -- 7.4.2.Biometric Examples -- 7.4.3.Biometric Error Rates -- 7.4.4.Biometric Conclusions -- 7.5.Something You Have -- 7.6.Two-Factor Authentication -- 7.7.Single Sign-On and Web Cookies -- 7.8.Summary -- 7.9.Problems -- 8.Authorization -- 8.1.Introduction -- 8.2.A Brief History of Authorization -- 8.2.1.The Orange Book -- 8.2.2.The Common Criteria -- 8.3.Access Control Matrix -- 8.3.1.ACLs and Capabilities -- 8.3.2.Confused Deputy -- 8.4.Multilevel Security Models -- 8.4.1.Bell-LaPadula -- 8.4.2.Biba's Model -- 8.5.Compartments -- 8.6.Covert Channel -- 8.7.Inference Control -- 8.8.CAPTCHA -- 8.9.Firewalls -- 8.9.1.Packet Filter -- 8.9.2.Stateful Packet Filter -- 8.9.3.Application Proxy -- 8.9.4.Personal Firewall -- 8.9.5.Defense in Depth -- 8.10.Intrusion Detection Systems -- 8.10.1.Signature-Based IDS -- 8.10.2.Anomaly-Based IDS -- 8.11.Summary -- 8.12.Problems -- III.Protocols -- 9.Simple Authentication Protocols -- 9.1.Introduction -- 9.2.Simple Security Protocols -- 9.3.Authentication Protocols -- 9.3.1.Authentication Using Symmetric Keys -- 9.3.2.Authentication Using Public Keys -- 9.3.3.Session Keys -- 9.3.4.Perfect Forward Secrecy -- 9.3.5.Mutual Authentication, Session Key, and PFS -- 9.3.6.Timestamps -- 9.4.Authentication and TCP -- 9.5.Zero Knowledge Proofs -- 9.6.The Best Authentication Protocol? -- 9.7.Summary -- 9.8.Problems -- 10.Real-World Security Protocols -- 10.1.Introduction -- 10.2.SSH -- 10.3.SSL -- 10.3.1.SSL and the Man-in-the-Middle -- 10.3.2.SSL Connections -- 10.3.3.SSL Versus IPSec -- 10.4.IPSec -- 10.4.1.IKE Phase 1: Digital Signature -- 10.4.2.IKE Phase 1: Symmetric Key -- 10.4.3.IKE Phase 1: Public Key Encryption -- 10.4.4.IPSec Cookies -- 10.4.5.IKE Phase 1 Summary -- 10.4.6.IKE Phase 2 -- 10.4.7.IPSec and IP Datagrams -- 10.4.8.Transport and Tunnel Modes -- 10.4.9.ESP and AH -- 10.5.Kerberos -- 10.5.1.Kerberized Login -- 10.5.2.Kerberos Ticket -- 10.5.3.Kerberos Security -- 10.6.WEP -- 10.6.1.WEP Authentication -- 10.6.2.WEP Encryption -- 10.6.3.WEP Non-Integrity -- 10.6.4.Other WEP Issues -- 10.6.5.WEP: The Bottom Line -- 10.7.GSM -- 10.7.1.GSM Architecture -- 10.7.2.GSM Security Architecture -- 10.7.3.GSM Authentication Protocol -- 10.7.4.GSM Security Flaws -- 10.7.5.GSM Conclusions -- 10.7.6.3GPP -- 10.8.Summary -- 10.9.Problems -- IV.Software -- 11.Software Flaws and Malware -- 11.1.Introduction -- 11.2.Software Flaws -- 11.2.1.Buffer Overflow -- 11.2.2.Incomplete Mediation -- 11.2.3.Race Conditions -- 11.3.Malware -- 11.3.1.Brain -- 11.3.2.Morris Worm -- 11.3.3.Code Red -- 11.3.4.SQL Slammer -- 11.3.5.Trojan Example -- 11.3.6.Malware Detection -- 11.3.7.The Future of Malware -- 11.3.8.Cyber Diseases Versus Biological Diseases -- 11.4.Botnets -- 11.5.Miscellaneous Software-Based Attacks -- 11.5.1.Salami Attacks -- 11.5.2.Linearization Attacks -- 11.5.3.Time Bombs -- 11.5.4.Trusting Software -- 11.6.Summary -- 11.7.Problems -- 12.Insecurity in Software -- 12.1.Introduction -- 12.2.Software Reverse Engineering -- 12.2.1.Reversing Java Bytecode -- 12.2.2.SRE Example -- 12.2.3.Anti-Disassembly Techniques -- 12.2.4.Anti-Debugging Techniques -- 12.2.5.Software Tamper Resistance -- 12.2.6.Metamorphism 2.0 -- 12.3.Digital Rights Management -- 12.3.1.What is DRM? -- 12.3.2.A Real-World DRM System -- 12.3.3.DRM for Streaming Media -- 12.3.4.DRM for a P2P Application -- 12.3.5.Enterprise DRM -- 12.3.6.DRM Failures -- 12.3.7.DRM Conclusions -- 12.4.Software Development -- 12.4.1.Open Versus Closed Source Software -- 12.4.2.Finding Flaws -- 12.4.3.Other Software Development Issues -- 12.5.Summary -- 12.6.Problems -- 13.Operating Systems and Security -- 13.1.Introduction -- 13.2.OS Security Functions -- 13.2.1.Separation -- 13.2.2.Memory Protection -- 13.2.3.Access Control -- 13.3.Trusted Operating System -- 13.3.1.MAC, DAC, and More -- 13.3.2.Trusted Path -- 13.3.3.Trusted Computing Base -- 13.4.Next Generation Secure Computing Base -- 13.4.1.NGSCB Feature Groups -- 13.4.2.NGSCB Compelling Applications -- 13.4.3.Criticisms of NGSCB -- 13.5.Summary -- 13.6.Problems -- Appendix -- A-1.Network Security Basics -- A-1.1.Introduction -- A-1.2.The Protocol Stack -- A-1.3.Application Layer -- A-1.4.Transport Layer -- A-1.5.Network Layer -- A-1.6.Link Layer -- A-1.7.Conclusions -- A-2.Math Essentials -- A-2.1.Introduction -- A-2.2.Modular Arithmetic -- A-2.3.Permutations -- A-2.4.Probability -- A-2.5.Linear Algebra -- A-2.6.Conclusions.
Subject(s)
ISBN
1118027957 (electronic bk.)
9781118027950 (electronic bk.)
9780470626399
0470626399
Note
Description based on print version record.
AVAILABLE ONLINE TO AUTHORIZED PSU USERS.
Bibliography Note
Includes bibliographical references and index.
Technical Details
Mode of access: World Wide Web.
Endowment Note
Philip M. and Susan C. Gresh Textbook and Educational Resources Endowment
View MARC record | catkey: 7291347