did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780471738480

Information Security : Principles and Practice

by
  • ISBN13:

    9780471738480

  • ISBN10:

    0471738484

  • Format: Hardcover
  • Copyright: 2005-10-01
  • Publisher: Wiley-Interscience
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Buyback Icon We Buy This Book Back!
    In-Store Credit: $1.05
    Check/Direct Deposit: $1.00
List Price: $104.95

Summary

Your expert guide to information security As businesses and consumers become more dependent on complex multinational information systems, the need to understand and devise sound information security systems has never been greater. This title takes a practical approach to information security by focusing on real-world examples. While not sidestepping the theory, the emphasis is on developing the skills and knowledge that security and information technology students and professionals need to face their challenges. The book is organized around four major themes: * Cryptography: classic cryptosystems, symmetric key cryptography, public key cryptography, hash functions, random numbers, information hiding, and cryptanalysis * Access control: authentication and authorization, password-based security, ACLs and capabilities, multilevel and multilateral security, covert channels and inference control, BLP and Biba's models, firewalls, and intrusion detection systems * Protocols: simple authentication protocols, session keys, perfect forward secrecy, timestamps, SSL, IPSec, Kerberos, and GSM * Software: flaws and malware, buffer overflows, viruses and worms, software reverse engineering, digital rights management, secure software development, and operating systems security Additional features include numerous figures and tables to illustrate and clarify complex topics, as well as problems-ranging from basic to challenging-to help readers apply their newly developed skills. A solutions manual and a set of classroom-tested PowerPoint(r) slides will assist instructors in their course development. Students and professors in information technology, computer science, and engineering, and professionals working in the field will find this reference most useful to solve their information security issues. An Instructor's Manual presenting detailed solutions to all the problems in the book is available from the Wiley editorial department. An Instructor Support FTP site is also available.

Author Biography

MARK STAMP, PHD, is Professor of Computer Science, San José State University, where he teaches undergraduate and graduate-level information security courses. In addition to his experience gained in private industry and academia, Dr. Stamp has seven years' experience working as a cryptanalyst at the U.S. National Security Agency.

Table of Contents

Preface xv
About The Author xix
Acknowledgments xxi
1 INTRODUCTION 1(8)
1.1 The Cast of Characters
1(1)
1.2 Alice's Online Bank
1(2)
1.2.1 Confidentiality, Integrity, and Availability
2(1)
1.2.2 Beyond CIA
2(1)
1.3 About This Book
3(3)
1.3.1 Cryptography
4(1)
1.3.2 Access Control
4(1)
1.3.3 Protocols
5(1)
1.3.4 Software
6(1)
1.4 The People Problem
6(1)
1.5 Principles and Practice
7(1)
1.6 Problems
7(2)
I CRYPTO 9(142)
2 CRYPTO BASICS
11(22)
2.1 Introduction
11(1)
2.2 How to Speak Crypto
12(1)
2.3 Classic Crypto
13(13)
2.3.1 Simple Substitution Cipher
13(2)
2.3.2 Cryptanalysis of a Simple Substitution
15(1)
2.3.3 Definition of Secure
16(1)
2.3.4 Double Transposition Cipher
17(1)
2.3.5 One-Time Pad
18(3)
2.3.6 Project VENONA
21(1)
2.3.7 Codebook Cipher
22(2)
2.3.8 Ciphers of the Election of 1876
24(2)
2.4 Modern Crypto History
26(2)
2.5 A Taxonomy of Cryptography
28(1)
2.6 A Taxonomy of Cryptanalysis
29(1)
2.7 Summary
30(1)
2.8 Problems
31(2)
3 SYMMETRIC KEY CRYPTO
33(28)
3.1 Introduction
33(1)
3.2 Stream Ciphers
34(4)
3.2.1 A5/1
34(2)
3.2.2 RC4
36(2)
3.3 Block Ciphers
38(16)
3.3.1 Feistel Cipher
38(1)
3.3.2 DES
39(5)
3.3.3 Triple DES
44(1)
3.3.4 AES
45(3)
3.3.5 Three More Block Ciphers
48(1)
3.3.6 TEA
49(1)
3.3.7 Block Cipher Modes
50(4)
3.4 Integrity
54(1)
3.5 Summary
55(1)
3.6 Problems
56(5)
4 PUBLIC KEY CRYPTO
61(24)
4.1 Introduction
61(2)
4.2 Knapsack
63(3)
4.3 RSA
66(4)
4.3.1 RSA Example
67(1)
4.3.2 Repeated Squaring
68(1)
4.3.3 Speeding Up RSA
69(1)
4.4 Diffie-Hellman
70(2)
4.5 Elliptic Curve Cryptography
72(3)
4.5.1 Elliptic Curve Math
72(2)
4.5.2 ECC Diffie-Hellman
74(1)
4.6 Public Key Notation
75(1)
4.7 Uses for Public Key Crypto
76(3)
4.7.1 Confidentiality in the Real World
76(1)
4.7.2 Signatures and Non-repudiation
76(1)
4.7.3 Confidentiality and Non-repudiation
77(2)
4.8 Public Key Infrastructure
79(2)
4.9 Summary
81(1)
4.10 Problems
81(4)
5 HASH FUNCTIONS AND OTHER TOPICS
85(24)
5.1 What is a Hash Function?
85(1)
5.2 The Birthday Problem
86(2)
5.3 Non-Cryptographic Hashes
88(1)
5.4 Tiger Hash
89(4)
5.5 HMAC
93(2)
5.6 Uses of Hash Functions
95(1)
5.6.1 Online Bids
95(1)
5.6.2 Spam Reduction
95(1)
5.7 Other Crypto-Related Topics
96(8)
5.7.1 Secret Sharing
97(1)
5.7.2 Random Numbers
98(2)
5.7.3 Information Hiding
100(4)
5.8 Summary
104(1)
5.9 Problems
104(5)
6 ADVANCED CRYPTANALYSIS
109(44)
6.1 Introduction
109(1)
6.2 Linear and Differential Cryptanalysis
110(15)
6.2.1 Quick Review of DES
110(1)
6.2.2 Overview of Differential Cryptanalysis
111(3)
6.2.3 Overview of Linear Cryptanalysis
114(1)
6.2.4 Tiny DES
115(2)
6.2.5 Differential Cryptanalysis of TDES
117(5)
6.2.6 Linear Cryptanalysis of TDES
122(2)
6.2.7 Block Cipher Design
124(1)
6.3 Side Channel Attack on RSA
125(3)
6.4 Lattice Reduction and the Knapsack
128(6)
6.5 Hellman's Time-Memory Trade-Off
134(10)
6.5.1 Popcnt
134(1)
6.5.2 Cryptanalytic TMTO
135(4)
6.5.3 Misbehaving Chains
139(4)
6.5.4 Success Probability
143(1)
6.6 Summary
144(1)
6.7 Problems
144(7)
II ACCESS CONTROL 151(56)
7 AUTHENTICATION
153(24)
7.1 Introduction
153(1)
7.2 Authentication Methods
154(1)
7.3 Passwords
154(9)
7.3.1 Keys Versus Passwords
155(1)
7.3.2 Choosing Passwords
156(2)
7.3.3 Attacking Systems via Passwords
158(1)
7.3.4 Password Verification
158(1)
7.3.5 Math of Password Cracking
159(3)
7.3.6 Other Password Issues
162(1)
7.4 Biometrics
163(7)
7.4.1 Types of Errors
164(1)
7.4.2 Biometric Examples
165(5)
7.4.3 Biometric Error Rates
170(1)
7.4.4 Biometric Conclusions
170(1)
7.5 Something You Have
170(2)
7.6 Two-Factor Authentication
172(1)
7.7 Single Sign-On and Web Cookies
172(1)
7.8 Summary
173(1)
7.9 Problems
173(4)
8 AUTHORIZATION
177(32)
8.1 Introduction
177(1)
8.2 Access Control Matrix
178(3)
8.2.1 ACLs and Capabilities
178(2)
8.2.2 Confused Deputy
180(1)
8.3 Multilevel Security Models
181(3)
8.3.1 Bell-LaPadula
182(2)
8.3.2 Biba's Model
184(1)
8.4 Multilateral Security
184(2)
8.5 Covert Channel
186(2)
8.6 Inference Control
188(1)
8.7 CAPTCHA
189(2)
8.8 Firewalls
191(5)
8.8.1 Packet Filter
192(1)
8.8.2 Stateful Packet Filter
193(1)
8.8.3 Application Proxy
194(1)
8.8.4 Personal Firewall
195(1)
8.8.5 Defense in Depth
195(1)
8.9 Intrusion Detection
196(7)
8.9.1 Signature-Based IDS
198(1)
8.9.2 Anomaly-Based IDS
199(4)
8.10 Summary
203(1)
8.11 Problems
203(4)
III PROTOCOLS 207(58)
9 SIMPLE AUTHENTICATION PROTOCOLS
209(26)
9.1 Introduction
209(1)
9.2 Simple Security Protocols
210(2)
9.3 Authentication Protocols
212(12)
9.3.1 Authentication Using Symmetric Keys
215(2)
9.3.2 Authentication Using Public Keys
217(1)
9.3.3 Session Keys
218(2)
9.3.4 Perfect Forward Secrecy
220(2)
9.3.5 Mutual Authentication, Session Key, and PFS
222(1)
9.3.6 Timestamps
222(2)
9.4 Authentication and TCP
224(2)
9.5 Zero Knowledge Proofs
226(4)
9.6 The Best Authentication Protocol?
230(1)
9.7 Summary
230(1)
9.8 Problems
230(5)
10 REAL-WORLD SECURITY PROTOCOLS
235(30)
10.1 Introduction
235(1)
10.2 Secure Socket Layer
236(4)
10.2.1 SSL and the Man-in-the-Middle
238(1)
10.2.2 SSL Connections
238(1)
10.2.3 SSL Versus IPSec
239(1)
10.3 IPSec
240(10)
10.3.1 IKE Phase 1: Digital Signature
241(2)
10.3.2 IKE Phase 1: Symmetric Key
243(1)
10.3.3 IKE Phase 1: Public Key Encryption
243(2)
10.3.4 IPSec Cookies
245(1)
10.3.5 IKE Phase 1 Summary
246(1)
10.3.6 IKE Phase 2
246(1)
10.3.7 IPSec and IP Datagrams
247(1)
10.3.8 Transport and Tunnel Modes
247(1)
10.3.9 ESP and AH
248(2)
10.4 Kerberos
250(3)
10.4.1 Kerberized Login
251(1)
10.4.2 Kerberos Ticket
251(1)
10.4.3 Kerberos Security
252(1)
10.5 GSM
253(7)
10.5.1 GSM Architecture
254(1)
10.5.2 GSM Security Architecture
255(2)
10.5.3 GSM Authentication Protocol
257(1)
10.5.4 GSM Security Flaws
257(2)
10.5.5 GSM Conclusions
259(1)
10.5.6 3GPP
260(1)
10.6 Summary
260(1)
10.7 Problems
261(4)
IV SOFTWARE 265(76)
11 SOFTWARE FLAWS AND MALWARE
267(28)
11.1 Introduction
267(1)
11.2 Software Flaws
268(13)
11.2.1 Buffer Overflow
270(9)
11.2.2 Incomplete Mediation
279(1)
11.2.3 Race Conditions
279(2)
11.3 Malware
281(8)
11.3.1 Brain
282(1)
11.3.2 Morris Worm
282(1)
11.3.3 Code Red
283(1)
11.3.4 SQL Slammer
284(1)
11.3.5 Trojan Example
284(1)
11.3.6 Malware Detection
285(2)
11.3.7 The Future of Mal ware
287(2)
11.3.8 Cyber Diseases Versus Biological Diseases
289(1)
11.4 Miscellaneous Software-Based Attacks
289(3)
11.4.1 Salami Attacks
289(1)
11.4.2 Linearization Attacks
290(1)
11.4.3 Time Bombs
291(1)
11.4.4 Trusting Software
292(1)
11.5 Summary
292(1)
11.6 Problems
292(3)
12 INSECURITY IN SOFTWARE
295(30)
12.1 Introduction
295(1)
12.2 Software Reverse Engineering
296(6)
12.2.1 Anti-Disassembly Techniques
300(1)
12.2.2 Anti-Debugging Techniques
301(1)
12.3 Software Tamper Resistance
302(2)
12.3.1 Guards
302(1)
12.3.2 Obfuscation
302(1)
12.3.3 Metamorphism Revisited
303(1)
12.4 Digital Rights Management
304(11)
12.4.1 What is DRM?
305(3)
12.4.2 A Real-World DRM System
308(2)
12.4.3 DRM for Streaming Media
310(2)
12.4.4 DRM for a P2P Application
312(1)
12.4.5 DRM in the Enterprise
313(1)
12.4.6 DRM Failures
314(1)
12.4.7 DRM Conclusions
314(1)
12.5 Software Development
315(6)
12.5.1 Open Versus Closed Source Software
316(2)
12.5.2 Finding Flaws
318(1)
12.5.3 Other Software Development Issues
318(3)
12.6 Summary
321(1)
12.7 Problems
322(3)
13 OPERATING SYSTEMS AND SECURITY
325(16)
13.1 Introduction
325(1)
13.2 Operating System Security Functions
326(2)
13.2.1 Separation
326(1)
13.2.2 Memory Protection
326(2)
13.2.3 Access Control
328(1)
13.3 Trusted Operating System
328(5)
13.3.1 MAC, DAC, and More
329(1)
13.3.2 Trusted Path
330(1)
13.3.3 Trusted Computing Base
331(2)
13.4 Next Generation Secure Computing Base
333(5)
13.4.1 NGSCB Feature Groups
334(2)
13.4.2 NGSCB Compelling Applications
336(1)
13.4.3 Criticisms of NGSCB
336(2)
13.5 Summary
338(1)
13.6 Problems
338(3)
APPENDIX 341(18)
A-1 Network Security Basics
341(10)
A-1.1 Introduction
341(1)
A-1.2 The Protocol Stack
342(1)
A-1.3 Application Layer
343(2)
A-1.4 Transport Layer
345(2)
A-1.5 Network Layer
347(2)
A-1.6 Link Layer
349(1)
A-1.7 Conclusions
350(1)
A-2 Math Essentials
351(4)
A-2.1 Modular Arithmetic
351(1)
A-2.2 Permutations
352(1)
A-2.3 Probability
353(1)
A-2.4 Linear Algebra
353(2)
A-3 DES S-Boxes
355(4)
ANNOTATED BIBLIOGRAPHY 359(22)
INDEX 381

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program