Introduces aspects on security threats and their countermeasures in both fixed and wireless networks, advising on how countermeasures can provide secure communication infrastructures. Enables the reader to understand the risks of inappropriate network security, what mechanisms and protocols can be deployed to counter these risks, and how these mechanisms and protocols work. INDICE: I Foundations of Data Security Technology 1 .1 Introduction 3 .1.1 Content and Structure of this Book 4 .1.2 Threats and Security Goals 6 .1.3 Network Security Analysis 9 .1.4 Information Security Measures 13 .1.5 Important Terms Relating to Communication Security 14 .2 Fundamentals of Cryptology 17 .2.1 Cryptology, Cryptography and Cryptanalysis 17 .2.2 Classification of Cryptographic Algorithms 18 .2.3 Cryptanalysis 19 .2.4 Estimating the Effort Needed for Cryptographic Analysis 21 .2.5 Characteristics and Classification of Encryption Algorithms 24 .2.6 Key Management 25 .2.7 Summary 27 .2.8 Supplemental Reading 29 .2.9 Questions 29 .3 Symmetric Cryptography 31 .3.1 Encryption Modes of Block Ciphers 31 .3.2 Data Encryption Standard 37 .3.3 Advanced Encryption Standard 43 .3.4 RC4 Algorithm 48 .3.5 The KASUMI algorithm 51 .3.6 Summary 53 .3.7 Supplemental Reading 54 .3.8 Questions 55 .4 Asymmetric Cryptography 57 .4.1 Basic Idea of Asymmetric Cryptography 57 .4.2 Mathematical Principles 60 .4.3 The RSA Algorithm 69 .4.4 The Problem of the Discrete Logarithm 71 .4.5 The Diffie Hellman Key Exchange Algorithm 75 .4.6 The ElGamal Algorithm 77 .4.7 Security of Conventional Asymmetric Cryptographic Schemes 80 .4.8 Principles of Cryptography Based on Elliptic Curves 82 .4.9 Summary 93 .4.10 Supplemental Reading 94 .4.11 Exercises 95 .5 Cryptographic Check Values 97 .5.1 Requirements and Classification 97 .5.2 Modification Detection Codes 99 .5.3 Message Authentication Codes 112 .5.4 Message Authentication Codes Based on MDCs 116 .5.5 Authenticated Encryption 118 .5.6 Summary 122 .5.7 Supplemental Reading 123 .5.8 Questions 123 .6 Random Number Generation 125 .6.1 Random Numbers and Pseudo–Random Numbers 125 .6.2 Cryptographically Secure Random Numbers 126 .6.3 Statistical Tests for Random Numbers 128 .6.4 Generation of Random Numbers 129 .6.5 Generating Secure Pseudo–Random Numbers 130 .6.6 Implementation Security 133 .6.7 Summary 134 .6.8 Supplemental Reading 135 .6.9 Questions 136 .7 Cryptographic Protocols 137 .7.1 Properties and Notation of Cryptographic Protocols 137 .7.2 Data Origin and Entity Authentication 139 .7.3 Needham Schroeder Protocol 143 .7.4 Kerberos 147 .7.5 International Standard X.509 155 .7.6 Security of Negotiated Session Keys 160 .7.7 Advanced Password Authentication Methods 161 .7.8 Formal Validation of Cryptographic Protocols 166 .7.9 Summary 176 .7.10 Supplemental Reading 177 .7.11 Questions 178 .8 Secure Group Communication 179 .8.1 Specific Requirements for Secure Group Communication 179 .8.2 Negotiation of Group Keys 181 .8.3 Source Authentication 189 .8.4 Summary 193 .8.5 Supplemental Reading 194 .8.6 Questions 195 .9 Access Control 197 .9.1 Definition of Terms and Concepts 197 .9.2 Security Labels 199 .9.3 Specification of Access Control Policies 200 .9.4 Categories of Access Control Mechanisms 201 .9.5 Summary 203 .9.6 Supplemental Reading 204 .9.7 Questions 204 .II Network Security 207 .10 Integration of Security Services 209 .10.1 Motivation 209 .10.2 A Pragmatic Model 211 .10.3 General Considerations for Placement of Security Services 213 .10.4 Integration in Lower Protocol Layers vs Applications 216 .10.5 Integration into End Systems or Intermediate Systems 217 .10.6 Summary 219 .10.7 Supplemental Reading 219 .10.8 Questions 219 .11 Link Layer Security Protocols 221 .11.1 Virtual Separation of Data Traffic with IEEE 802.1Q 222 .11.2 Securing a Local Network Infrastructure Using IEEE 802.1X 224 .11.3 Encryption of Data Traffic with IEEE 802.1AE 226 .11.4 Point–to–Point Protocol 227 .11.5 Point–to–Point Tunneling Protocol 236 .11.6 Virtual Private Networks 242 .11.7 Summary 243 .11.8 Supplemental Reading 245 .11.9 Questions 246 .12 IPsec Security Architecture 249 .12.1 Short Introduction to the Internet Protocol Suite 249 .12.2 Overview of the IPsec Architecture 253 .12.3 Use of Transport and Tunnel Mode 261 .12.4 IPsec Protocol Processing 265 .12.5 The ESP Protocol 267 .12.6 The AH Protocol 274 .12.7 The ISAKMP Protocol 279 .12.8 Internet Key Exchange Version 1 287 .12.9 Internet Key Exchange Version 2 293 .12.10 Other Aspects of IPsec 297 .12.11 Summary 300 .12.12 Supplemental Reading 301 .12.13 Questions 302 .13 Transport Layer Security Protocols 305 .13.1 Secure Socket Layer (SSL) 305 .13.2 Transport Layer Security (TLS) 317 .13.3 Datagram Transport Layer Security (DTLS) 324 .13.4 Secure Shell (SSH) 325 .13.5 Summary 334 .13.6 Supplemental Reading 335 .13.7 Questions 336 .III Secure Wireless and Mobile Communications 339 .14 Security Aspects of Mobile Communication 341 .14.1 Threats in Mobile Communication Networks 341 .14.2 Protecting Location Confidentiality 342 .14.3 Summary 347 .14.4 Supplemental Reading 347 .14.5 Questions 347 .15 Security in Wireless Local Area Networks 349 .15.1 The IEEE 802.11 Standard for Wireless Local Area Networks 349 .15.2 Entity Authentication 351 .15.3 Wired Equivalent Privacy 357 .15.4 Robust Secure Networks 362 .15.5 Security in Public WLANs 369 .15.6 Summary 371 .15.7 Supplemental Reading 372 .15.8 Questions 373 .16 Security in Mobile Wide–Area Networks 375 .16.1 Global System for Mobile Communication (GSM) 375 .16.2 Universal Mobile Telecommunications System (UMTS) 382 .16.3 Long Term Evolution (LTE) 389 .16.4 Summary 393 .16.5 Supplemental Reading 394 .16.6 Questions 395 .IV Protecting Communications Infrastructures 397 .17 Protecting Communications and Infrastructure in Open Networks 399 .17.1 Systematic Threat Analysis 400 .17.2 Security of End Systems 403 .17.3 Summary 415 .17.4 Supplemental Reading 415 .17.5 Questions 416 .18 Availability of Data Transport 419 .18.1 Denial–of–Service Attacks 419 .18.2 Distributed Denial–of–Service Attacks 426 .18.3 Countermeasures 428 .18.4 Summary 439 .18.5 Supplemental Reading 440 .18.6 Questions 441 .19 Routing Security 443 .19.1 Cryptographic Protection of BGP 447 .19.2 Identification of Routing Anomalies? 456 .19.3 Summary 461 .19.4 Supplemental Reading 462 .19.5 Questions 463 .20 Secure Name Resolution 465 .20.1 The DNS Operating Principle 465 .20.2 Security Objectives and Threats 467 .20.3 Secure use of traditional DNS 473 .20.4 Cryptographic Protection of DNS 475 .20.5 Summary 487 .20.6 Supplemental Reading 488 .20.7 Questions 489 .21 Internet Firewalls 491 .21.1 Tasks and Basic Principles of Firewalls 491 .21.2 Firewall–Relevant Internet Services and Protocols 493 .21.3 Terminology and Building Blocks 496 .21.4 Firewall Architectures 497 .21.5 Packet Filtering 501 .21.6 Bastion Hosts and Proxy Servers 506 .21.7 Other Aspects of Modern Firewall Systems 508 .21.8 Summary 510 .21.9 Supplemental Reading 510 .21.10 Questions 511 .22 Automated Attack Detection and Response 513 .22.1 Operating Principle and Objectives of Intrusion Detection Systems 514 .22.2 Design and operation of network–based IDSes 518 .22.3 Response to attacks and automatic prevention 527 .22.4 Techniques for Evading NIDSes 530 .22.5 Summary 532 .22.6 Supplemental Reading 533 .22.7 Questions 534 .23 Management of Complex Communication Infrastructures? 535 .23.1 Automatic Certificate Management 535 .23.2 Automatic VPN Configuration 543 .23.3 Summary 557 .23.4 Supplemental Reading 558 .23.5 Questions 560 .Bibliography 562 .Abbreviations 593 .Index 602
- ISBN: 978-1-119-04074-3
- Editorial: Wiley–Blackwell
- Encuadernacion: Cartoné
- Páginas: 600
- Fecha Publicación: 14/03/2016
- Nº Volúmenes: 1
- Idioma: Inglés