Table of Contents Cryptography and Network Security Principles and Practices, Fourth Edition Table of Contents Copyright Notation Preface Objectives Intended Audience Plan of the Book 10 Internet Services for Instructors and Students 11 Projects for Teaching Cryptography and Network Security 12 What's New in the Fourth Edition 13 Acknowledgments 14 Chapter Reader's Guide 15 Section 0.1 Outline of this Book 16 Section 0.2 Roadmap 17 Section 0.3 Internet and Web Resources 18 Chapter Introduction 19 Section 1.1 Security Trends 21 Section 1.2 The OSI Security Architecture 23 Section 1.3 Security Attacks 24 Section 1.4 Security Services 27 Section 1.5 Security Mechanisms 29 Section 1.6 A Model for Network Security 31 Section 1.7 Recommended Reading and Web Sites 33 Section 1.8 Key Terms, Review Questions, and Problems 34 Part One: Symmetric Ciphers 35 Chapter Classical Encryption Techniques 36 Section 2.1 Symmetric Cipher Model 37 Section 2.2 Substitution Techniques 40 Section 2.3 Transposition Techniques 48 Section 2.4 Rotor Machines 49 Section 2.5 Steganography 50 Section 2.6 Recommended Reading and Web Sites 51 Section 2.7 Key Terms, Review Questions, and Problems 52 Chapter Block Ciphers and the Data Encryption Standard 57 Section 3.1 Block Cipher Principles 58 Section 3.2 The Data Encryption Standard 65 Section 3.3 The Strength of Des 72 Section 3.4 Differential and Linear Cryptanalysis 73 Section 3.5 Block Cipher Design Principles 75 Section 3.6 Recommended Reading 77 Section 3.7 Key Terms, Review Questions, and Problems 78 Chapter Finite Fields 81 Section 4.1 Groups, Rings, and Fields 82 Section 4.2 Modular Arithmetic 85 Section 4.3 The Euclidean Algorithm 90 Section 4.4 Finite Fields of The Form GF(p) 92 Section 4.5 Polynomial Arithmetic 95 100 106 107 Chapter Advanced Encryption Standard 111 Section 5.1 Evaluation Criteria For AES 113 Section 5.2 The AES Cipher 116 Section 5.3 Recommended Reading and Web Sites 130 Section 5.4 Key Terms, Review Questions, and Problems 131 Appendix 5A Polynomials with Coefficients in GF(28) 133 Appendix 5B Simplified AES 135 Chapter More on Symmetric Ciphers 141 Section 6.1 Multiple Encryption and Triple DES 142 Section 6.2 Block Cipher Modes of Operation 145 Section 6.3 Stream Ciphers and RC4 150 Section 6.4 Recommended Reading and Web Site 153 Section 6.5 Key Terms, Review Questions, and Problems 154 Chapter Confidentiality Using Symmetric Encryption 158 Section 7.1 Placement of Encryption Function 160 Section 7.2 Traffic Confidentiality 165 Section 7.3 Key Distribution 166 Section 7.4 Random Number Generation 171 Section 7.5 Recommended Reading and Web Sites 176 Section 7.6 Key Terms, Review Questions, and Problems 177 Part Two: Public-Key Encryption and Hash Functions 180 Chapter Introduction to Number Theory 181 Section 8.1 Prime Numbers 182 Section 8.2 Fermat's and Euler's Theorems 184 Section 8.3 Testing for Primality 187 Section 8.4 The Chinese Remainder Theorem 189 Section 8.5 Discrete Logarithms 191 Section 8.6 Recommended Reading and Web Sites 195 Section 8.7 Key Terms, Review Questions, and Problems 196 Chapter Public-Key Cryptography and RSA 199 Section 9.1 Principles of Public-Key Cryptosystems 201 Section 9.2 The RSA Algorithm 207 Section 9.3 Recommended Reading and Web Sites 215 Section 9.4 Key Terms, Review Questions, and Problems 216 Appendix 9A Proof of the RSA Algorithm 220 Appendix 9B The Complexity of Algorithms 221 Chapter 10 Key Management; Other Public-Key Cryptosystems 223 Section 10.1 Key Management 224 Section 10.2 Diffie-Hellman Key Exchange 229 Section 10.3 Elliptic Curve Arithmetic 232 Section 10.4 Elliptic Curve Cryptography 238 Section 10.5 Recommended Reading and Web Sites 240 Section 10.6 Key Terms, Review Questions, and Problems 241 Chapter 11 Message Authentication and Hash Functions 244 Section 11.1 Authentication Requirements 246 Section 11.2 Authentication Functions 247 Section 11.3 Message Authentication Codes 254 Section 11.4 Hash Functions 256 Section 4.6 Finite Fields Of the Form GF(2n) Section 4.7 Recommended Reading and Web Sites Section 4.8 Key Terms, Review Questions, and Problems 260 262 263 265 Chapter 12 Hash and MAC Algorithms 269 Section 12.1 Secure Hash Algorithm 270 Section 12.2 Whirlpool 274 Section 12.3 HMAC 281 Section 12.4 CMAC 284 Section 12.5 Recommended Reading and Web Sites 286 Section 12.6 Key Terms, Review Questions, and Problems 287 Chapter 13 Digital Signatures and Authentication Protocols 289 Section 13.1 Digital Signatures 290 Section 13.2 Authentication Protocols 292 Section 13.3 Digital Signature Standard 296 Section 13.4 Recommended Reading and Web Sites 299 Section 13.5 Key Terms, Review Questions, and Problems 300 Part Three: Network Security Applications 303 Chapter 14 Authentication Applications 304 Section 14.1 Kerberos 305 Section 14.2 X.509 Authentication Service 315 Section 14.3 Public-Key Infrastructure 321 Section 14.4 Recommended Reading and Web Sites 323 Section 14.5 Key Terms, Review Questions, and Problems 324 Appendix 14A Kerberos Encryption Techniques 326 Chapter 15 Electronic Mail Security 328 Section 15.1 Pretty Good Privacy 330 Section 15.2 S/MIME 340 Section 15.3 Key Terms, Review Questions, and Problems 349 Appendix 15A Data Compression Using Zip 351 Appendix 15B Radix-64 Conversion 353 Appendix 15C PGP Random Number Generation 356 Chapter 16 IP Security 358 Section 16.1 IP Security Overview 359 Section 16.2 IP Security Architecture 361 Section 16.3 Authentication Header 365 Section 16.4 Encapsulating Security Payload 368 Section 16.5 Combining Security Associations 371 Section 16.6 Key Management 373 Section 16.7 Recommended Reading and Web Site 379 Section 16.8 Key Terms, Review Questions, and Problems 380 Appendix 16A Internetworking and Internet Protocols 382 Chapter 17 Web Security 387 Section 17.1 Web Security Considerations 388 Section 17.2 Secure Socket Layer and Transport Layer Security 390 Section 17.3 Secure Electronic Transaction 400 Section 17.4 Recommended Reading and Web Sites 406 Section 17.5 Key Terms, Review Questions, and Problems 407 Part Four: System Security 409 Chapter 18 Intruders 410 Section 18.1 Intruders 412 Section 11.5 Security of Hash Functions and Macs Section 11.6 Recommended Reading Section 11.7 Key Terms, Review Questions, and Problems Appendix 11A Mathematical Basis of the Birthday Attack Section 18.2 Intrusion Detection 414 Section 18.3 Password Management 420 Section 18.4 Recommended Reading and Web Sites 426 Section 18.5 Key Terms, Review Questions, and Problems 427 Appendix 18A The Base-Rate Fallacy 429 431 Section 19.1 Viruses and Related Threats 432 Section 19.2 Virus Countermeasures 438 Section 19.3 Distributed Denial of Service Attacks 441 Section 19.4 Recommended Reading and Web Sites 444 Section 19.5 Key Terms, Review Questions, and Problems 445 Chapter 20 Firewalls 447 Section 20.1 Firewall Design Principles 448 Section 20.2 Trusted Systems 454 Section 20.3 Common Criteria for Information Technology Security Evaluation 457 Section 20.4 Recommended Reading and Web Sites 460 Section 20.5 Key Terms, Review Questions, and Problems 461 Appendix A Standards and Standards-Setting Organizations 463 Section A.1 The Importance of Standards 464 Section A.2 Internet Standards and the Internet Society 465 Section A.3 National Institute of Standards and Technology 467 Appendix B Projects for Teaching Cryptography and Network Security 468 Section B.1 Research Projects 469 Section B.2 Programming Projects 470 Section B.3 Laboratory Exercises 471 Section B.4 Writing Assignments 472 Section B.5 Reading/Report Assignments 473 Glossary 474 References 481 Abbreviations 482 Inside Front Cover 488 Inside Back Cover 489 Index 491 SYMBOL 492 A 493 B 495 C 496 D 498 E 500 F 502 G 503 H 504 I 505 K 507 L 508 M 509 N 511 O 512 P 513 Q 515 R 516 Chapter 19 Malicious Software S 517 T 520 U 522 V 523 W 524 X 525 Z 526 Cryptography and Network Security Principles and Practices, Fourth Edition • Table of Contents • Index Cryptography and Network Security Principles and Practices, Fourth Edition By William Stallings Publisher: Prentice Hall Pub Date: November 16, 2005 Print ISBN-10: 0-13-187316-4 Print ISBN-13: 978-0-13-187316-2 eText ISBN-10: 0-13-187319-9 eText ISBN-13: 978-0-13-187319-3 Pages: 592 In this age of viruses and hackers, of electronic eavesdropping and electronic fraud, security is paramount A s the disciplines of cryptography and network security have matured, more practical, readily available applications to enforce network security have developed This text provides a practical survey of both the principles and practice of cryptography and network security First, the basic issues to be addressed by a network security capability are explored through a tutorial and survey of cryptography and network security technology Then, the practice of network security is explored via practical applications that have been implemented and are in use today / 526 Cryptography and Network Security Principles and Practices, Fourth Edition • Table of Contents • Index Cryptography and Network Security Principles and Practices, Fourth Edition By William Stallings Publisher: Prentice Hall Pub Date: November 16, 2005 Print ISBN-10: 0-13-187316-4 Print ISBN-13: 978-0-13-187316-2 eText ISBN-10: 0-13-187319-9 eText ISBN-13: 978-0-13-187319-3 Pages: 592 Copyright Notation Preface Objectives Intended Audience Plan of the Book Internet Services for Instructors and Students Projects for Teaching Cryptography and Network Security What's New in the Fourth Edition Acknowledgments Chapter Reader's Guide Section 0.1 Outline of this Book Section 0.2 Roadmap Section 0.3 Internet and Web Resources Chapter Introduction Section 1.1 Security Trends Section 1.2 The OSI Security Architecture Section 1.3 Security Attacks Section 1.4 Security Services Section 1.5 Security Mechanisms Section 1.6 A Model for Network Security Section 1.7 Recommended Reading and Web Sites Section 1.8 Key Terms, Review Questions, and Problems Part One: Symmetric Ciphers Chapter Classical Encryption Techniques Section 2.1 Symmetric Cipher Model Section 2.2 Substitution Techniques Section 2.3 Transposition Techniques Section 2.4 Rotor Machines Section 2.5 Steganography Section 2.6 Recommended Reading and Web Sites Section 2.7 Key Terms, Review Questions, and Problems Chapter Block Ciphers and the Data Encryption Standard Section 3.1 Block Cipher Principles Section 3.2 The Data Encryption Standard Section 3.3 The Strength of Des Section 3.4 Differential and Linear Cryptanalysis Section 3.5 Block Cipher Design Principles Section 3.6 Recommended Reading Section 3.7 Key Terms, Review Questions, and Problems Chapter Finite Fields Section 4.1 Groups, Rings, and Fields Section 4.2 Modular Arithmetic Section 4.3 The Euclidean Algorithm Section 4.4 Finite Fields of The Form GF(p) Section 4.5 Polynomial Arithmetic Section 4.6 Finite Fields Of the Form GF(2n) Section 4.7 Recommended Reading and Web Sites Section 4.8 Key Terms, Review Questions, and Problems Chapter Advanced Encryption Standard Section 5.1 Evaluation Criteria For AES Section 5.2 The AES Cipher Section 5.3 Recommended Reading and Web Sites Section 5.4 Key Terms, Review Questions, and Problems Appendix 5A Polynomials with Coefficients in GF(28) xi xiii xiii xiii xiv xiv xiv xv xvi 2 12 13 16 19 22 24 25 26 28 30 35 49 51 53 55 56 62 64 72 82 83 86 90 90 95 97 101 107 109 113 119 129 130 134 135 140 160 161 163 / 526 Cryptography and Network Security Principles and Practices, Fourth Edition Appendix 5B Simplified AES Chapter More on Symmetric Ciphers Section 6.1 Multiple Encryption and Triple DES Section 6.2 Block Cipher Modes of Operation Section 6.3 Stream Ciphers and RC4 Section 6.4 Recommended Reading and Web Site Section 6.5 Key Terms, Review Questions, and Problems Chapter Confidentiality Using Symmetric Encryption Section 7.1 Placement of Encryption Function Section 7.2 Traffic Confidentiality Section 7.3 Key Distribution Section 7.4 Random Number Generation Section 7.5 Recommended Reading and Web Sites Section 7.6 Key Terms, Review Questions, and Problems Part Two: Public-Key Encryption and Hash Functions Chapter Introduction to Number Theory Section 8.1 Prime Numbers Section 8.2 Fermat's and Euler's Theorems Section 8.3 Testing for Primality Section 8.4 The Chinese Remainder Theorem Section 8.5 Discrete Logarithms Section 8.6 Recommended Reading and Web Sites Section 8.7 Key Terms, Review Questions, and Problems Chapter Public-Key Cryptography and RSA Section 9.1 Principles of Public-Key Cryptosystems Section 9.2 The RSA Algorithm Section 9.3 Recommended Reading and Web Sites Section 9.4 Key Terms, Review Questions, and Problems Appendix 9A Proof of the RSA Algorithm Appendix 9B The Complexity of Algorithms Chapter 10 Key Management; Other Public-Key Cryptosystems Section 10.1 Key Management Section 10.2 Diffie-Hellman Key Exchange Section 10.3 Elliptic Curve Arithmetic Section 10.4 Elliptic Curve Cryptography Section 10.5 Recommended Reading and Web Sites Section 10.6 Key Terms, Review Questions, and Problems Chapter 11 Message Authentication and Hash Functions Section 11.1 Authentication Requirements Section 11.2 Authentication Functions Section 11.3 Message Authentication Codes Section 11.4 Hash Functions Section 11.5 Security of Hash Functions and Macs Section 11.6 Recommended Reading Section 11.7 Key Terms, Review Questions, and Problems Appendix 11A Mathematical Basis of the Birthday Attack Chapter 12 Hash and MACAlgorithms Section 12.1 Secure Hash Algorithm Section 12.2 Whirlpool Section 12.3 HMAC Section 12.4 CMAC Section 12.5 Recommended Reading and Web Sites Section 12.6 Key Terms, Review Questions, and Problems Chapter 13 Digital Signatures and Authentication Protocols Section 13.1 Digital Signatures Section 13.2 Authentication Protocols Section 13.3 Digital Signature Standard Section 13.4 Recommended Reading and Web Sites Section 13.5 Key Terms, Review Questions, and Problems Part Three: Network Security Applications Chapter 14 Authentication Applications Section 14.1 Kerberos Section 14.2 X.509 Authentication Service Section 14.3 Public-Key Infrastructure Section 14.4 Recommended Reading and Web Sites Section 14.5 Key Terms, Review Questions, and Problems Appendix 14A Kerberos Encryption Techniques Chapter 15 Electronic Mail Security Section 15.1 Pretty Good Privacy Section 15.2 S/MIME 165 174 175 181 189 194 194 199 201 209 210 218 227 228 232 234 236 238 242 245 247 253 254 257 259 268 280 281 285 286 289 290 298 301 310 313 314 317 319 320 331 334 340 344 344 346 351 353 358 368 372 374 374 377 378 382 390 393 393 398 400 401 419 428 430 431 433 436 438 457 / 526 Cryptography and Network Security Principles and Practices, Fourth Edition Section 15.3 Key Terms, Review Questions, and Problems 474 Appendix 15A Data Compression Using Zip 475 Appendix 15B Radix-64 Conversion 478 Appendix 15C PGP Random Number Generation 479 Chapter 16 IP Security 483 Section 16.1 IP Security Overview 485 Section 16.2 IP Security Architecture 487 Section 16.3 Authentication Header 493 Section 16.4 Encapsulating Security Payload 498 Section 16.5 Combining Security Associations 503 Section 16.6 Key Management 506 Section 16.7 Recommended Reading and Web Site 516 Section 16.8 Key Terms, Review Questions, and Problems 517 Appendix 16A Internetworking and Internet Protocols 518 Chapter 17 Web Security 527 Section 17.1 Web Security Considerations 528 Section 17.2 Secure Socket Layer and Transport Layer Security 531 Section 17.3 Secure Electronic Transaction 549 Section 17.4 Recommended Reading and Web Sites 560 Section 17.5 Key Terms, Review Questions, and Problems 561 Part Four: System Security 563 Chapter 18 Intruders 565 Section 18.1 Intruders 567 Section 18.2 Intrusion Detection 570 Section 18.3 Password Management 582 Section 18.4 Recommended Reading and Web Sites 591 Section 18.5 Key Terms, Review Questions, and Problems 592 Appendix 18A The Base-Rate Fallacy 594 Chapter 19 Malicious Software 598 Section 19.1 Viruses and Related Threats 599 Section 19.2 Virus Countermeasures 610 Section 19.3 Distributed Denial of Service Attacks 614 Section 19.4 Recommended Reading and Web Sites 619 Section 19.5 Key Terms, Review Questions, and Problems 620 Chapter 20 Firewalls 621 Section 20.1 Firewall Design Principles 622 Section 20.2 Trusted Systems 634 Section 20.3 Common Criteria for Information Technology Security Evaluation640 Section 20.4 Recommended Reading and Web Sites 644 Section 20.5 Key Terms, Review Questions, and Problems 645 Appendix A Standards and Standards-Setting Organizations 647 Section A.1 The Importance of Standards 648 Section A.2 Internet Standards and the Internet Society 649 Section A.3 National Institute of Standards and Technology 652 Appendix B Projects for Teaching Cryptography and Network Security 653 Section B.1 Research Projects 654 Section B.2 Programming Projects 655 Section B.3 Laboratory Exercises 655 Section B.4 Writing Assignments 655 Section B.5 Reading/Report Assignments 656 Glossary 657 References 663 Abbreviations 663 Inside Front Cover InsideFrontCover Inside Back Cover InsideBackCover Index / 526 Cryptography and Network Security Principles and Practices, Fourth Edition Copyright [Page ii] Library of Congress Cataloging-in-Publication Data on File V ice President and Editorial Director, ECS: Marcia J Horton Executive Editor: Tracy Dunkelberger Editorial A ssistant: Christianna Lee Executive Managing Editor: Vince O'Brien Managing Editor: Camille Trentacoste Production Editor: Rose Kernan Director of Creative Services: Paul Belfanti Cover Designer: Bruce Kenselaar Managing Editor, A V Management and Production: Patricia Burns A rt Editor: Gregory Dulles Manufacturing Manager: Alexis Heydt-Long Manufacturing Buyer: Lisa McDowell Marketing Manager: Robin O'Brien Marketing A ssistant: Barrie Reinhold © 2006 Pearson Education, Inc Pearson Prentice Hall Pearson Education, Inc Upper Saddle River, NJ 07458 A ll rights reserved No part of this book may be reproduced, in any form or by any means, without permission in writing from the publisher Pearson Prentice Hall™ is a trademark of Pearson Education, Inc The author and publisher of this book have used their best efforts in preparing this book These efforts include the development, research, and testing of the theories and programs to determine their effectiveness The author and publisher make no warranty of any kind, expressed or implied, with regard to these programs or the documentation contained in this book The author and publisher shall not be liable in any event for incidental or consequential damages in connection with, or arising out of, the furnishing, performance, or use of these programs Printed in the United States of A merica 10 Pearson Education Ltd., London Pearson Education A ustralia Pty Ltd., Sydney Pearson Education Singapore, Pte Ltd Pearson Education North A sia Ltd., Hong Kong Pearson Education Canada, Inc., Toronto Pearson Educacíon de Mexico, S.A de C.V Pearson EducationJapan, Tokyo Pearson Education Malaysia, Pte Ltd Pearson Education Inc., Upper Saddle River, New Jersey [Page iii] Dedication To Antigone never dull never boring always a Sage / 526 Cryptography and Network Security Principles and Practices, Fourth Edition Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] Oakley key determination protocol 2nd authentication methods cookie exchange exchange example features of One-time pad One-way authentication 2nd public-key encryption approaches symmetric encryption approaches X.509 service One-way function One-way property 2nd Open Systems Interconnection (OSI) 2nd model security architecture Operational model Optimal assymetric encryption padding (OAEP) Order Output feedback (OFB) mode 2nd 3rd Owner trust field 512 / 526 Cryptography and Network Security Principles and Practices, Fourth Edition Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] Packet-filtering router Padding 2nd 3rd 4th 5th 6th cryptographic computations ESP optimal assymetric encryption padding (OAEP) traffic Parasitic virus Passive attacks Password management access control Bloom filter computer-generated Markov model proactive checker protection reactive checking selection strategies UNIX scheme user education vulnerability of passwords Path MTU Payload 2nd 3rd 4th 5th 6th Encapsulating Security (ESP) 2nd 3rd 4th ISAKMP types length Payment, SET authorization capture processing purchase request Peer entity authentication Period of validity Permutation 2nd 3rd 4th DES tables initial 2nd layer SC PGP [See Pretty Good Privacy (PGP)] Pin punctures Plaintext 2nd 3rd Playfair cipher Policy constraints Policy mappings Polyalphabetic cipher Polymorphic virus Polynomial arithmetic 2nd 3rd coefficients in GF(28) coefficients in Zp greatest common divisor, finding MixColumns transformations modular multiplication by x ordinary polynomial ring Ports, source and destination Preoutput, defined Preprocessing, CTR mode Pretty Good Privacy (PGP) 2nd 3rd 4th authentication 2nd compression confidentiality data compression e-mail compatibility key identifiers key rings keys and key rings, cryptographic 2nd messages, transmission and reception of 2nd notation operational description 2nd public-key management random number generation 513 / 526 Cryptography and Network Security Principles and Practices, Fourth Edition random number generation reassembly revoking public keys segmentation session key generation trust, use of use of ZIP data compression using , Prime curve Prime numbers 2nd determination of distribution of Miller-Rabin algorithm properties of testing for Prime polynomial Primitive root Private key 2nd 3rd 4th encryption ring RSA, efficient operation using usage period Proposal (P) payload 2nd Protection profiles (PPs) Protocols, authentication Provable security, CTR mode Pseudorandom function (PRF), TLS Pseudorandom numbers 2nd 3rd 4th ANSI X9.17 Blum Blum Shub (BBS) generator generators (PRNGs) 2nd 3rd 4th PGP generation using , Public keys 2nd 3rd 4th 5th [See also Public-key cryptography, Public-key encryption] authority certificates cryptography directory of efficient operation of RSA using encryption 2nd 3rd 4th 5th management Pretty Good Privacy (PGP) public announcement of revoking Public-key cryptography authentication protocols digital signal standard (DSS) digital signatures Public-key encryption 2nd 3rd 4th 5th algorithm approaches 2nd cryptography cryptosystems 2nd Diffie-Hellman key exchange elliptic curve cryptography (ECC) key management message authentication number theory Oakley key determination protocol RSA algorithm 2nd Public-key infrastructure (PKI) development of management functions management protocols X.509 (PKIX) Public-key management 2nd approaches to, PGP cryptography for secret key distribution distribution Pretty Good Privacy (PGP) trust, use of Public-key ring Purchase request, SET 514 / 526 Cryptography and Network Security Principles and Practices, Fourth Edition Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] Quoted-printable transfer encoding 515 / 526 Cryptography and Network Security Principles and Practices, Fourth Edition Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] Radix-64 conversion Random access, CTR mode Random delay Random number generation 2nd 3rd ANSI X.9.17 PGP ANSI X.9.17 PRNG Blum Blum Shub (BBS) generator cryptographically cyclic encryption linear congruential generators output feedback (OFB) mode, DES Pretty Good Privacy (PGP) pseudorandom number generators (PRNGs) 2nd 3rd 4th randomness skew true random number generator (TRNG) 2nd unpredictability use of RC4 algorithm development of initialization of S logic of stream generation strength of 2nd Reader's guide Receiver, role of Record Protocol Reflector DDoS Registration authority (RA) Registration request Relatively prime Release of message contents Reliability, network Replay Replay attacks Repository Request for Comment (RFC) publication 2nd Residue 2nd Revocation request RFC 822 Rijndael proposal 2nd Rings (R) 2nd Rivest-Shamir-Adleman (RSA) algorithm 2nd chosen ciphertext attack (CCA) complexity of computational aspects of description of development of efficient operation of exponentiation on modular arithmetic factoring problem key generation optimal assymetric encryption padding (OAEP) proof of security of timing attacks Root, polynomial Rotor machines Rounds 2nd 3rd 4th function of number of 2nd single, details of Routing header 2nd RSA algorithm [See Rivest-Shamir-Adleman (RSA) algorithm] Rule-based intrusion detection 2nd 516 / 526 Cryptography and Network Security Principles and Practices, Fourth Edition Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] S-AES [See Simplified Advanced Encryption Standard (S-AES)] S-box 2nd 3rd 4th 5th AES design of role of 2nd S-AES S/MIME [See Secure/Multipurpose Internet Mail Extension (S/MIME)] Secret key 2nd authentication confidentiality distribution hybrid approach, IBM mainframe man-in-the-middle attack Secure Electronic Transaction (SET) development of dual signature features of overview payment purchase request requirements system participants transaction types Secure Hash Algorithms (SHA) development of parameters SHA-512 use of Secure mailing lists Secure Socket Layer (SSL) Alert Protocol architecture Change Cipher Spec Protocol connection 2nd cryptographic parameters, generation of Handshake Protocol master secret creation Record Protocol session Secure/Multipurpose Internet Mail Extension (S/MIME) certificate processing certificates-only message clear signing cryptographic algorithms development of enhanced security services 2nd envelopedData functionality functions limitations of Mailing List Agent (MLA) messages MIME entity, securing multipurpose Internet mail extensions (MIME) registration request RFC 822 secure mailing lists security labels 2nd signed receipts signedData user-agent role VeriSign certificates 2nd Security 2nd 3rd 4th 5th 6th [See also Authentication, Network security, System Security] attacks 2nd 3rd authentication brute-force attacks computer cryptanalysis elliptic curve cryptography (ECC) hash functions 517 / 526 Cryptography and Network Security Principles and Practices, Fourth Edition hash functions information internet introduction to mechanism 2nd 3rd message authentication code (MAC) network security 2nd 3rd OSI architecture RSA algorithm services 2nd 3rd system security trends Security association (SA) 2nd 3rd 4th authentication plus confidentiality basic combinations, examples of combining protocols Internet protocol security (IPSec) iterated tunneling parameters payload 2nd selectors transport adjacency 2nd transport-tunnel bundle Security labels 2nd Security mechanisms 2nd 3rd security services, relationship with X.800 Security Parameters Index (SPI) Security Police Database (SPD) Security protocol identifier Security services 2nd 3rd 4th access control authentication availability data confidentiality data integrity defined 2nd nonrepudiation security mechanisms, relationship with X.800 Security targets (STs) Sender, role of Sequence Counter Overflow Sequence modification Sequence Number Counter Serial number Service control Service threats Session key 2nd Session key component Session security model (SSM) Session, SSL SHA-512 algorithm logic processing steps round function ShiftRows transformation 2nd 3rd Signature 2nd 3rd 4th algorithm identifier component trust field Signature (SIG) payload 2nd Signed receipts SignedData 2nd Simplicity, CTR mode Simplified Advanced Encryption Standard (S-AES) add key function decryption 2nd development of encryption 2nd key expansion mix column function nibble substitution overview of S-box shift row function structure transformations Single round, details of Skew 518 / 526 Cryptography and Network Security Principles and Practices, Fourth Edition Skew Sliding history buffer Software efficiency, CTR mode Source IPAddress 2nd 3rd Source repudiation Standards importance of Internet National Institute of Standards and Technology State array Stateful inspection firewalls Statistical anomaly intrusion detection 2nd Stealth virus Steganography Store-and-forward communications Stream ciphers 2nd design considerations keystream RC4 algorithm structure Stream generation Strict avalanche criterion (SAC) Strong collision resistance 2nd Subject attributes 2nd alternative name directory attributes key identifier name public-key information unique identifier Subkey generation algorithm Substitute bytes (SubBytes) transformation 2nd Substitution techniques 2nd Caesar cipher Hill cipher monoalphabetic cypher one-time pad Playfair cipher polyalphabetic cipher Subtypes, MIME SunOS system events, intrusion detection Suppress-replay attacks Symmetric ciphers Advanced Encryption Standard (AES) block ciphers 2nd confidentiality Data Encryption Standard (DES) 2nd encryption techniques finite fields model multiple encryption and triple DES RC4 stream ciphers Symmetric encryption 2nd 3rd 4th 5th authentication approaches 2nd authentication function cipher model Oakley key determination protocol System security firewalls 2nd intruders 2nd malicious software 2nd 519 / 526 Cryptography and Network Security Principles and Practices, Fourth Edition Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] Target of evaluation (TOE) Technical specifications (TS) Threats 2nd Ticket flags Ticket-granting server (TGS) Time complexity Time series model Time to Live (TTL) Timestamps 2nd 3rd Timing attacks 2nd Timing modification Traffic analysis 2nd Traffic confidentiality Traffic padding Transfer encodings, MIME Transform (T) payload 2nd Transformations 2nd 3rd 4th AddRoundKey AES 2nd equivalent inverse ciphers forward 2nd 3rd 4th interchanging AddRoundKey and InvMixColumns inverse 2nd 3rd 4th MixColumns transformations 2nd 3rd nibble substitution S-AES S-box 2nd ShiftRows transformation 2nd 3rd substitute bytes (SubBytes) 2nd Transparent key control 2nd Transport adjacency 2nd Transport layer functionality (TCP) Transport Layer Protocol Transport Layer Security (TLS) alert codes certificate_verify message cipher suites client certificate types finished messages message authentication code pseudorandom function (PRF) version number Transport mode 2nd 3rd 4th 5th AH ESP 2nd IPSec overview of 2nd Transport-tunnel bundle Transposition techniques Triple EDS Trojan horses 2nd True random number generator (TRNG) 2nd Trust example of flags 2nd key legitimacy field owner field PGP use of signature field Trusted systems concept of data access control defined Trojan horse defense Tunnel mode 2nd 3rd 4th 5th AH ESP 2nd 3rd IPSec overview of 520 / 526 Cryptography and Network Security Principles and Practices, Fourth Edition 521 / 526 Cryptography and Network Security Principles and Practices, Fourth Edition Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] USENET newsgroups User control User ID 2nd 3rd User-agent role USTAT model actions, intrusion detection 522 / 526 Cryptography and Network Security Principles and Practices, Fourth Edition Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] VeriSign certificates 2nd Version 2nd 3rd Version number, TLS Vigenère cipher Viruses 2nd antivirus approaches behavior-blocking software countermeasures digital immune system e-mail virus generic decryption (GD) initial infection macro virus nature of phases structure types of 523 / 526 Cryptography and Network Security Principles and Practices, Fourth Edition Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] Weak collision resistance 2nd Web resources Web security Alert Protocol Change Cipher Spec Protocol, considerations cryptographic computations Handshake Protocol Secure Electronic Transaction (SET) Secure Socket Layer (SSL) threats 2nd traffic approaches 2nd Transport Layer Security (TLS) Whirlpool block cipher W development of drawbacks features hash structure performance of processing steps Worms Morris recent attacks technology, state of 524 / 526 Cryptography and Network Security Principles and Practices, Fourth Edition Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] X.509 authentication service certificates certification path constraints development of key information one-way policy information procedures three-way two-way version X.509, Public-Key Infrastructure (PKIX) X.800, ITU-T recommendation 2nd 525 / 526 Cryptography and Network Security Principles and Practices, Fourth Edition Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] ZIP compression algorithm data compression using decompression algorithm Zombie Zp 2nd coefficients in elliptic curves over 526 / 526 ... 526 Cryptography and Network Security Principles and Practices, Fourth Edition • Table of Contents • Index Cryptography and Network Security Principles and Practices, Fourth Edition By... and are in use today / 526 Cryptography and Network Security Principles and Practices, Fourth Edition • Table of Contents • Index Cryptography and Network Security Principles and Practices, Fourth. .. read and then write a short report See A ppendix B for details 12 / 526 Cryptography and Network Security Principles and Practices, Fourth Edition [Page xv (continued)] What''s New in the Fourth Edition