Veze, linkovi
Kompjuter biblioteka
Korpa
Uvod u sigurnost mreža, teorija i praksa

Mreže Mreže

Uvod u sigurnost mreža, teorija i praksa

Autor: Jie Wang, Zachary A. Kissel
Broj strana: 440
ISBN broj: 9781118939482
Izdavač: WILEY WILEY
Godina izdanja: 2015.

                 
Twitter   Facebook   Linkedin   Pinterest   Email
                 
Predlog za prevod

 

Description

Comprehensively covers fundamental concepts with newer topics such as electronic cash, bit-coin, P2P, SHA-3, E-voting, and Zigbee security
• Fully updated to reflect new developments in network security
• Introduces a chapter on Cloud security, a very popular and essential topic
• Uses everyday examples that most computer users experience to illustrate important principles and mechanisms
• Features a companion website with Powerpoint slides for lectures and solution manuals to selected exercise problems, available at http://www.cs.uml.edu/~wang/NetSec

Table of Contents

Preface xv

About the Authors xix

1 Network Security Overview 1

1.1 Mission and Definitions 1

1.2 Common Attacks and Defense Mechanisms 3

1.2.1 Eavesdropping 3

1.2.2 Cryptanalysis 4

1.2.3 Password Pilfering 5

1.2.4 Identity Spoofing 13

1.2.5 Buffer-Overflow Exploitations 16

1.2.6 Repudiation 18

1.2.7 Intrusion 19

1.2.8 Traffic Analysis 19

1.2.9 Denial of Service Attacks 20

1.2.10 Malicious Software 22

1.3 Attacker Profiles 25

1.3.1 Hackers 25

1.3.2 Script Kiddies 26

1.3.3 Cyber Spies 26

1.3.4 Vicious Employees 27

1.3.5 Cyber Terrorists 27

1.3.6 Hypothetical Attackers 27

1.4 Basic Security Model 27

1.5 Security Resources 29

1.5.1 CERT 29

1.5.2 SANS Institute 29

1.5.3 Microsoft Security 29

1.5.4 NTBugtraq 29

1.5.5 Common Vulnerabilities and Exposures 30

1.6 Closing Remarks 30

1.7 Exercises 30

1.7.1 Discussions 30

1.7.2 Homework 31

2 Data Encryption Algorithms 45

2.1 Data Encryption Algorithm Design Criteria 45

2.1.1 ASCII Code 46

2.1.2 XOR Encryption 46

2.1.3 Criteria of Data Encryptions 48

2.1.4 Implementation Criteria 50

2.2 Data Encryption Standard 50

2.2.1 Feistel’s Cipher Scheme 50

2.2.2 DES Subkeys 52

2.2.3 DES Substitution Boxes 54

2.2.4 DES Encryption 55

2.2.5 DES Decryption and Correctness Proof 57

2.2.6 DES Security Strength 58

2.3 Multiple DES 59

2.3.1 Triple-DES with Two Keys 59

2.3.2 2DES and 3DES/3 59

2.3.3 Meet-in-the-Middle Attacks on 2DES 60

2.4 Advanced Encryption Standard 61

2.4.1 AES Basic Structures 61

2.4.2 AES S-Boxes 63

2.4.3 AES-128 Round Keys 65

2.4.4 Add Round Keys 66

2.4.5 Substitute-Bytes 67

2.4.6 Shift-Rows 67

2.4.7 Mix-Columns 67

2.4.8 AES-128 Encryption 68

2.4.9 AES-128 Decryption and Correctness Proof 69

2.4.10 Galois Fields 70

2.4.11 Construction of the AES S-Box and Its Inverse 73

2.4.12 AES Security Strength 74

2.5 Standard Block Cipher Modes of Operations 74

2.5.1 Electronic-Codebook Mode 75

2.5.2 Cipher-Block-Chaining Mode 75

2.5.3 Cipher-Feedback Mode 75

2.5.4 Output-Feedback Mode 76

2.5.5 Counter Mode 76

2.6 Offset Codebook Mode of Operations 77

2.6.1 Basic Operations 77

2.6.2 OCB Encryption and Tag Generation 78

2.6.3 OCB Decryption and Tag Verification 79

2.7 Stream Ciphers 80

2.7.1 RC4 Stream Cipher 80

2.7.2 RC4 Security Weaknesses 81

2.8 Key Generations 83

2.8.1 ANSI X9.17 PRNG 83

2.8.2 BBS Pseudorandom Bit Generator 83

2.9 Closing Remarks 84

2.10 Exercises 85

2.10.1 Discussions 85

2.10.2 Homework 85

3 Public-Key Cryptography and Key Management 93

3.1 Concepts of Public-Key Cryptography 93

3.2 Elementary Concepts and Theorems in Number Theory 95

3.2.1 Modular Arithmetic and Congruence Relations 96

3.2.2 Modular Inverse 96

3.2.3 Primitive Roots 98

3.2.4 Fast Modular Exponentiation 98

3.2.5 Finding Large Prime Numbers 100

3.2.6 The Chinese Remainder Theorem 101

3.2.7 Finite Continued Fractions 102

3.3 Diffie-Hellman Key Exchange 103

3.3.1 Key Exchange Protocol 103

3.3.2 Man-in-the-Middle Attacks 104

3.3.3 Elgamal PKC 106

3.4 RSA Cryptosystem 106

3.4.1 RSA Key Pairs, Encryptions, and Decryptions 106

3.4.2 RSA Parameter Attacks 109

3.4.3 RSA Challenge Numbers 112

3.5 Elliptic-Curve Cryptography 113

3.5.1 Commutative Groups on Elliptic Curves 113

3.5.2 Discrete Elliptic Curves 115

3.5.3 ECC Encodings 116

3.5.4 ECC Encryption and Decryption 117

3.5.5 ECC Key Exchange 118

3.5.6 ECC Strength 118

3.6 Key Distributions and Management 118

3.6.1 Master Keys and Session Keys 119

3.6.2 Public-Key Certificates 119

3.6.3 CA Networks 120

3.6.4 Key Rings 121

3.7 Closing Remarks 123

3.8 Exercises 123

3.8.1 Discussions 123

3.8.2 Homework 124

4 Data Authentication 129

4.1 Cryptographic Hash Functions 129

4.1.1 Design Criteria of Cryptographic Hash Functions 130

4.1.2 Quest for Cryptographic Hash Functions 131

4.1.3 Basic Structure of Standard Hash Functions 132

4.1.4 SHA-512 132

4.1.5 WHIRLPOOL 135

4.1.6 SHA-3 Standard 139

4.2 Cryptographic Checksums 143

4.2.1 Exclusive-OR Cryptographic Checksums 143

4.2.2 Design Criteria of MAC Algorithms 144

4.2.3 Data Authentication Algorithm 144

4.3 HMAC 144

4.3.1 Design Criteria of HMAC 144

4.3.2 HMAC Algorithm 145

4.4 Birthday Attacks 145

4.4.1 Complexity of Breaking Strong Collision Resistance 146

4.4.2 Set Intersection Attack 147

4.5 Digital Signature Standard 149

4.5.1 Signing 149

4.5.2 Signature Verifying 150

4.5.3 Correctness Proof of Signature Verification 150

4.5.4 Security Strength of DSS 151

4.6 Dual Signatures and Electronic Transactions 151

4.6.1 Dual Signature Applications 152

4.6.2 Dual Signatures and Electronic Transactions 152

4.7 Blind Signatures and Electronic Cash 153

4.7.1 RSA Blind Signatures 153

4.7.2 Electronic Cash 154

4.7.3 Bitcoin 156

4.8 Closing Remarks 158

4.9 Exercises 158

4.9.1 Discussions 158

4.9.2 Homework 158

5 Network Security Protocols in Practice 165

5.1 Crypto Placements in Networks 165

5.1.1 Crypto Placement at the Application Layer 168

5.1.2 Crypto Placement at the Transport Layer 168

5.1.3 Crypto Placement at the Network Layer 168

5.1.4 Crypto Placement at the Data-Link Layer 169

5.1.5 Implementations of Crypto Algorithms 169

5.2 Public-Key Infrastructure 170

5.2.1 X.509 Public-Key Infrastructure 170

5.2.2 X.509 Certificate Formats 171

5.3 IPsec: A Security Protocol at the Network Layer 173

5.3.1 Security Association 173

5.3.2 Application Modes and Security Associations 174

5.3.3 AH Format 176

5.3.4 ESP Format 178

5.3.5 Secret Key Determination and Distribution 179

5.4 SSL/TLS: Security Protocols at the Transport Layer 183

5.4.1 SSL Handshake Protocol 184

5.4.2 SSL Record Protocol 187

5.5 PGP and S/MIME: Email Security Protocols 188

5.5.1 Basic Email Security Mechanisms 189

5.5.2 PGP 190

5.5.3 S/MIME 191

5.6 Kerberos: An Authentication Protocol 192

5.6.1 Basic Ideas 192

5.6.2 Single-Realm Kerberos 193

5.6.3 Multiple-Realm Kerberos 195

5.7 SSH: Security Protocols for Remote Logins 197

5.8 Electronic Voting Protocols 198

5.8.1 Interactive Proofs 198

5.8.2 Re-encryption Schemes 199

5.8.3 Threshold Cryptography 200

5.8.4 The Helios Voting Protocol 202

5.9 Closing Remarks 204

5.10 Exercises 204

5.10.1 Discussions 204

5.10.2 Homework 204

6 Wireless Network Security 211

6.1 Wireless Communications and 802.11 WLAN Standards 211

6.1.1 WLAN Architecture 212

6.1.2 802.11 Essentials 213

6.1.3 Wireless Security Vulnerabilities 214

6.2 Wired Equivalent Privacy 215

6.2.1 Device Authentication and Access Control 215

6.2.2 Data Integrity Check 215

6.2.3 LLC Frame Encryption 216

6.2.4 Security Flaws of WEP 218

6.3 Wi-Fi Protected Access 221

6.3.1 Device Authentication and Access Controls 221

6.3.2 TKIP Key Generations 222

6.3.3 TKIP Message Integrity Code 224

6.3.4 TKIP Key Mixing 226

6.3.5 WPA Encryption and Decryption 229

6.3.6 WPA Security Strength and Weaknesses 229

6.4 IEEE 802.11i/WPA2 230

6.4.1 Key Generations 231

6.4.2 CCMP Encryptions and MIC 231

6.4.3 802.11i Security Strength and Weaknesses 232

6.5 Bluetooth Security 233

6.5.1 Piconets 233

6.5.2 Secure Pairings 235

6.5.3 SAFERBlock Ciphers 235

6.5.4 Bluetooth Algorithms E1E21, and E22 238

6.5.5 Bluetooth Authentication 240

6.5.6 A PIN Cracking Attack 241

6.5.7 Bluetooth Secure Simple Pairing 242

6.6 ZigBee Security 243

6.6.1 Joining a Network 243

6.6.2 Authentication 244

6.6.3 Key Establishment 244

6.6.4 Communication Security 245

6.7 Wireless Mesh Network Security 245

6.7.1 Blackhole Attacks 247

6.7.2 Wormhole Attacks 247

6.7.3 Rushing Attacks 247

6.7.4 Route-Error-Injection Attacks 247

6.8 Closing Remarks 248

6.9 Exercises 248

6.9.1 Discussions 248

6.9.2 Homework 248

7 Cloud Security 253

7.1 The Cloud Service Models 253

7.1.1 The REST Architecture 254

7.1.2 Software-as-a-Service 254

7.1.3 Platform-as-a-Service 254

7.1.4 Infrastructure-as-a-Service 254

7.1.5 Storage-as-a-Service 255

7.2 Cloud Security Models 255

7.2.1 Trusted-Third-Party 255

7.2.2 Honest-but-Curious 255

7.2.3 Semi-Honest-but-Curious 255

7.3 Multiple Tenancy 256

7.3.1 Virtualization 256

7.3.2 Attacks 258

7.4 Access Control 258

7.4.1 Access Control in Trusted Clouds 259

7.4.2 Access Control in Untrusted Clouds 260

7.5 Coping with Untrusted Clouds 263

7.5.1 Proofs of Storage 264

7.5.2 Secure Multiparty Computation 265

7.5.3 Oblivious Random Access Machines 268

7.6 Searchable Encryption 271

7.6.1 Keyword Search 271

7.6.2 Phrase Search 274

7.6.3 Searchable Encryption Attacks 275

7.6.4 Searchable Symmetric Encryptions for the SHBC Clouds 276

7.7 Closing Remarks 280

7.8 Exercises 280

7.8.1 Discussions 280

7.8.2 Homework 280

8 Network Perimeter Security 283

8.1 General Firewall Framework 284

8.2 Packet Filters 285

8.2.1 Stateless Filtering 285

8.2.2 Stateful Filtering 287

8.3 Circuit Gateways 288

8.3.1 Basic Structures 288

8.3.2 SOCKS 290

8.4 Application Gateways 290

8.4.1 Cache Gateways 291

8.4.2 Stateful Packet Inspections 291

8.5 Trusted Systems and Bastion Hosts 291

8.5.1 Trusted Operating Systems 292

8.5.2 Bastion hosts and Gateways 293

8.6 Firewall Configurations 294

8.6.1 Single-Homed Bastion Host System 294

8.6.2 Dual-Homed Bastion Host System 294

8.6.3 Screened Subnets 296

8.6.4 Demilitarized Zones 297

8.6.5 Network Security Topology 297

8.7 Network Address Translations 298

8.7.1 Dynamic NAT 298

8.7.2 Virtual Local Area Networks 298

8.7.3 Small Office and Home Office Firewalls 299

8.8 Setting Up Firewalls 299

8.8.1 Security Policy 300

8.8.2 Building a Linux Stateless Packet Filter 300

8.9 Closing Remarks 301

8.10 Exercises 301

8.10.1 Discussions 301

8.10.2 Homework 302

9 Intrusion Detections 309

9.1 Basic Ideas of Intrusion Detection 309

9.1.1 Basic Methodology 310

9.1.2 Auditing 311

9.1.3 IDS Components 312

9.1.4 IDS Architecture 313

9.1.5 Intrusion Detection Policies 315

9.1.6 Unacceptable Behaviors 316

9.2 Network-Based Detections and Host-Based Detections 316

9.2.1 Network-Based Detections 317

9.2.2 Host-Based Detections 318

9.3 Signature Detections 319

9.3.1 Network Signatures 320

9.3.2 Host-Based Signatures 321

9.3.3 Outsider Behaviors and Insider Misuses 322

9.3.4 Signature Detection Systems 323

9.4 Statistical Analysis 324

9.4.1 Event Counter 324

9.4.2 Event Gauge 324

9.4.3 Event Timer 325

9.4.4 Resource Utilization 325

9.4.5 Statistical Techniques 325

9.5 Behavioral Data Forensics 325

9.5.1 Data Mining Techniques 326

9.5.2 A Behavioral Data Forensic Example 326

9.6 Honeypots 327

9.6.1 Types of Honeypots 327

9.6.2 Honeyd 328

9.6.3 MWCollect Projects 331

9.6.4 Honeynet Projects 331

9.7 Closing Remarks 331

9.8 Exercises 332

9.8.1 Discussions 332

9.8.2 Homework 332

10 The Art of Anti-Malicious Software 337

10.1 Viruses 337

10.1.1 Virus Types 338

10.1.2 Virus Infection Schemes 340

10.1.3 Virus Structures 341

10.1.4 Compressor Viruses 342

10.1.5 Virus Disseminations 343

10.1.6 Win32 Virus Infection Dissection 344

10.1.7 Virus Creation Toolkits 345

10.2 Worms 346

10.2.1 Common Worm Types 346

10.2.2 The Morris Worm 346

10.2.3 The Melissa Worm 347

10.2.4 The Code Red Worm 348

10.2.5 The Conficker Worm 348

10.2.6 Other Worms Targeted at Microsoft Products 349

10.2.7 Email Attachments 350

10.3 Trojans 351

10.3.1 Ransomware 353

10.4 Malware Defense 353

10.4.1 Standard Scanning Methods 354

10.4.2 Anti-Malicious-Software Products 354

10.4.3 Malware Emulator 355

10.5 Hoaxes 356

10.6 Peer-to-Peer Security 357

10.6.1 P2P Security Vulnerabilities 357

10.6.2 P2P Security Measures 359

10.6.3 Instant Messaging 359

10.6.4 Anonymous Networks 359

10.7 Web Security 360

10.7.1 Basic Types of Web Documents 361

10.7.2 Security of Web Documents 362

10.7.3 ActiveX 363

10.7.4 Cookies 364

10.7.5 Spyware 365

10.7.6 AJAX Security 365

10.7.7 Safe Web Surfing 367

10.8 Distributed Denial-of-Service Attacks 367

10.8.1 Master-Slave DDoS Attacks 367

10.8.2 Master-Slave-Reflector DDoS Attacks 367

10.8.3 DDoS Attacks Countermeasures 368

10.9 Closing Remarks 370

10.10 Exercises 370

10.10.1 Discussions 370

10.10.2 Homework 370

Appendix A 7-bit ASCII code 377

Appendix B SHA-512 Constants (in Hexadecimal) 379

Appendix C Data Compression Using ZIP 381

Exercise 382

Appendix D Base64 Encoding 383

Exercise 384

Appendix E Cracking WEP Keys Using WEPCrack 385

E.1 System Setup 385

AP 385

Trim Size: 170mm x 244mm Wang ftoc.tex V1 - 04/21/2015 10:14 P.M. Page xiv

xiv Contents

User’s Network Card 385

Attacker’s Network Card 386

E.2 Experiment Details 386

Step 1: Initial Setup 386

Step 2: Attacker Setup 387

Step 3: Collecting Weak Initialization Vectors 387

Step 4: Cracking 387

E.3 Sample Code 388

Appendix F Acronyms 393

Further Reading 399

Index 406


 

Budite prvi koji će ostaviti komentar.

Ostavite komentar Ostavite komentar

 

Preporučujemo

IPv6 mreža

IPv6 mreža

Popust cena:
1760.00 rsd

Savremene komunikacione tehnologije i mreže

Savremene komunikacione tehnologije i mreže

Popust cena:
2200.00 rsd

Veze, linkovi
Linkedin Twitter Facebook
 
     
 
© Sva prava pridržana, Kompjuter biblioteka, Beograd, Obalskih radnika 4a, Telefon: +381 11 252 0 272