Internet Cryptography

Richard E. Smith

  • 出版商: Addison Wesley
  • 出版日期: 1997-08-01
  • 售價: $850
  • 貴賓價: 9.8$833
  • 語言: 英文
  • 頁數: 384
  • 裝訂: Paperback
  • ISBN: 0201924803
  • ISBN-13: 9780201924800
  • 相關分類: 資訊安全
  • 無法訂購



Back to Top

Appropriate Courses

Back to Top


Back to Top

Table Of Contents

(NOTE: Each chapter concludes with For Further Information.)

Who This Book Is For.
How This Book Is Organized.
Crypto Today and Tomorrow.
Comments and Questions.

1. Introduction.
The Basic Problem.
Essentials of Crypto.
Crypto Is Hard to Use.
Balancing Crypto Use with Your Objectives.

Essentials of Networking and the Internet.
Protocol Layers and Network Products.
Internet Technology.
Internet Protocols in Your Host.
The Internet Security Problem.
An Internet Rogue's Gallery.

Setting Realistic Security Objectives.
Appropriate Communications Security.
Communications Security Goals.
Internet Crypto Techniques.

Legal Restrictions.

2. Encryption Basics.
Encryption Building Blocks.
Stream Ciphers.
Block Ciphers.

How Crypto Systems Fail.
Cryptanalysis and Modern Codes.
Brute Force Cracking of Secret Keys.
Attacks on Improper Crypto Use.

Choosing Between Strong and Weak Crypto.
Properties of Good Crypto Algorithms.
Crypto Algorithms to Consider.
Selecting a Block Cipher Mode.
Identifying a Safe Key Length.
Levels of Risk for Different Applications.

3. Link Encryption.
Security Objectives.
Product Example: In-line Encryptor.
Red/Black Separation.
Crypto Algorithm and Keying.
Encryptor Vulnerabilities.
Product Security Requirements.

Deployment Example: Point-to-Point Encryption.
Point-to-Point Practical Limitations.
Physical Protection and Control.
Deployment Security Requirements.

Deployment Example: IP-routed Configuration.
Site Protection.
Networkwide Security.
Deployment Security Requirements.

Key Recovery and Escrowed Encryption.

4. Managing Secret Keys.
Security Objectives.
Basic Issues in Secret Key Management.
Technology: Random Key Generation.
Random Seeding.
Pseudorandom Number Generators.
Technical Security Requirements.

Deployment Example: Manual Key Distribution.
Preparing Secret Keys for Delivery.
Batch Generation of Keys.
Printing Keys on Paper.
Key Packaging and Delivery.
Key Splitting for Safer Delivery.
Deployment Security Requirements.

Technology: Automatic Rekeying.
ANSI X9.17 Point-to-Point Rekeying.
Variations of X9.17.
Technical Security Requirements.

Key Distribution Centers (KDCs).
Maintaining Keys and System Security.

5. Security at the IP Layer.
Security Objectives.
Basic Issues with Using IPSEC.
Technology: Cryptographic Checksums.
One-way Hash Functions.
Technical Security Requirements.

IPSEC: IP Security Protocol.
IPSEC Authentication.
IPSEC Encryption.

IPSEC Key Management.
Other TCP/IP Network Security Protocols.

6. Virtual Private Networks.
Security Objectives.
Basic Issues with VPNs.
Technology: IPSEC Proxy Cryptography.
ESP Tunnel Mode.
ESP Transport Mode.

Product Example: IPSEC Encrypting Router.
Blocking Classic Internet Attacks.
Product Security Requirements.

Deployment Example: Site-to-Site Encryption.
Header Usage and Security.
Deployment Security Requirements.

7. Remote Access with IPSEC.
Security Objectives.
Basic Issues with IPSEC Clients.
Product Example: IPSEC Client.
Client Security Associations.
Client Self-Defense on the Internet.
Client Theft and Key Protection.
Product Security Requirements.

Deployment Example: Client-to-Server Site Access.
Remote Access Security Issues.
Deployment Security Requirements.

8. IPSEC and Firewalls.
Security Objectives.
Basic Issues with IPSEC and Firewalls.
Internet Firewalls.
What Firewalls Control.
How Firewalls Control Access.
Firewall Control Mechanisms.

Product Example: IPSEC Firewall.
Administering Multiple Sites.
Product Security Requirements.

Deployment Example: A VPN with a Firewall.
Establishing a Site Security Policy.
Chosen Plaintext Attack on a Firewall.
Deployment Security Requirements.

9. Public Key Crypto and SSL.
Public Key Cryptography.
Evolution of Public Key Crypto.
Diffie-Hellman Public Key Technique.
Brute Force Attacks on RSA.
Other RSA Vulnerabilities.
Technical Security Requirements.

Technology: Secret Key Exchange with RSA Crypto.
Attacking Public Key Distribution.
Public Key versus Secret Key Exchange.
Technical Security Requirements.

Secure Sockets Layer.
Other SSL Properties.
Basic Attacks Against SSL.
SSL Security Evolution.

10. World Wide Web Transaction Security.
Security Objectives.
Basic Issues in Internet Transaction Security.
Transactions on the World Wide Web.
Transactions with Web Forms.
Web Form Security Services.

Security Alternatives for Web Forms.
Password Protection.
Network-level Security (IPSEC).
Transport-level Security (SSL).
Application-level Security (SHTTP).
Client Authentication Alternatives.

Product Example: Web Browser with SSL.
Browser Cryptographic Services.
Authentication Capabilities.
Client Security and Executable Contents.
Product Security Requirements.

Product Example: Web Server with SSL.
Web Server Vulnerabilities.
Mandatory Protection.
Product Security Requirements.

Deployment Example: Vending with Exportable Encryption.
Export Restrictions and Transaction Security.
Site Configuration.
Deployment Security Requirements.

11. Secured Electronic Mail.
Security Objectives.
Basic Issues with E-Mail Security.
Basics of Internet Electronic Mail.
Internet E-Mail Software Architecture.
E-Mail Security Problems.

Technology: Off-line Message Keying.
Encryption Tokens.
Technical Security Requirements.

Technology: Digital Signatures.
Attacks on Digital Signatures.
The Digital Signature Standard.
Technical Security Requirements.

Product Example: Secure E-Mail Client.
Basic Secure Client Features.
E-Mail Client Security Issues.
Product Security Requirements.

E-Mail Deployment.

12. Public Key Cerificates.
Security Objectives.
Distributing Public Keys.
Technology: Public Key Certificates.
Generating Public Key Pairs.
Certificate Revocation.
Certification Authority Workstation.
Technical Security Requirements.

Certificate Distribution.
Transparent Distribution.
Interactive Distribution.

Centralized Certification Authority.
Netscape Server Authentication.
Handling Multiple Certification Authorities.

Hierarchical Certification Authority.
PEM Internet Certification Hierarchy.
Private Trees.

PGP “Web of Trust” .
For Further Information.

Appendix A: Glossary.
Appendix B: Bibliography.
Index. 0201924803T01282002

Back to Top