Details

<p>About the authors xiii</p> <p>Preface to the second edition xv</p> <p>Preface to the first edition xvii</p> <p><b>I Foundations of Data Security Technology 1</b></p> <p><b>1 Introduction 3</b></p> <p>1.1 Content and Structure of this Book 4</p> <p>1.2 Threats and Security Goals 6</p> <p>1.3 Network Security Analysis 9</p> <p>1.4 Information Security Measures 13</p> <p>1.5 Important Terms Relating to Communication Security 14</p> <p><b>2 Fundamentals of Cryptology 17</b></p> <p>2.1 Cryptology, Cryptography and Cryptanalysis 17</p> <p>2.2 Classification of Cryptographic Algorithms 18</p> <p>2.3 Cryptanalysis 19</p> <p>2.4 Estimating the Effort Needed for Cryptographic Analysis 21</p> <p>2.5 Characteristics and Classification of Encryption Algorithms 23</p> <p>2.6 Key Management 25</p> <p>2.7 Summary 27</p> <p>2.8 Supplemental Reading 28</p> <p>2.9 Questions 29</p> <p><b>3 Symmetric Cryptography 31</b></p> <p>3.1 Encryption Modes of Block Ciphers 31</p> <p>3.2 Data Encryption Standard 37</p> <p>3.3 Advanced Encryption Standard 43</p> <p>3.4 RC4 Algorithm 48</p> <p>3.5 The KASUMI algorithm 51</p> <p>3.6 Summary 53</p> <p>3.7 Supplemental Reading 54</p> <p>3.8 Questions 55</p> <p><b>4 Asymmetric Cryptography 57</b></p> <p>4.1 Basic Idea of Asymmetric Cryptography 57</p> <p>4.2 Mathematical Principles 60</p> <p>4.3 The RSA Algorithm 69</p> <p>4.4 The Problem of the Discrete Logarithm 71</p> <p>4.5 The Diffie–Hellman Key Exchange Algorithm 75</p> <p>4.6 The ElGamal Algorithm 77</p> <p>4.7 Security of Conventional Asymmetric Cryptographic Schemes 80</p> <p>4.8 Principles of Cryptography Based on Elliptic Curves 81</p> <p>4.9 Summary 93</p> <p>4.10 Supplemental Reading 94</p> <p>4.11 Questions 95</p> <p><b>5 Cryptographic Check Values 97</b></p> <p>5.1 Requirements and Classification 97</p> <p>5.2 Modification Detection Codes 99</p> <p>5.3 Message Authentication Codes 112</p> <p>5.4 Message Authentication Codes Based on MDCs 116</p> <p>5.5 Authenticated Encryption 117</p> <p>5.6 Summary 121</p> <p>5.7 Supplemental Reading 122</p> <p>5.8 Questions 123</p> <p><b>6 Random Number Generation 125</b></p> <p>6.1 Random Numbers and Pseudo-Random Numbers 125</p> <p>6.2 Cryptographically Secure Random Numbers 126</p> <p>6.3 Statistical Tests for Random Numbers 128</p> <p>6.4 Generation of Random Numbers 129</p> <p>6.5 Generating Secure Pseudo-Random Numbers 130</p> <p>6.6 Implementation Security 133</p> <p>6.7 Summary 134</p> <p>6.8 Supplemental Reading 135</p> <p>6.9 Questions 136</p> <p><b>7 Cryptographic Protocols 137</b></p> <p>7.1 Properties and Notation of Cryptographic Protocols 137</p> <p>7.2 Data Origin and Entity Authentication 139</p> <p>7.3 Needham–Schroeder Protocol 143</p> <p>7.4 Kerberos 147</p> <p>7.5 International Standard X.509 155</p> <p>7.6 Security of Negotiated Session Keys 160</p> <p>7.7 Advanced Password Authentication Methods 161</p> <p>7.8 Formal Validation of Cryptographic Protocols 166</p> <p>7.9 Summary 176</p> <p>7.10 Supplemental Reading 177</p> <p>7.11 Questions 178</p> <p><b>8 Secure Group Communication* 179</b></p> <p>8.1 Specific Requirements for Secure Group Communication 179</p> <p>8.2 Negotiation of Group Keys 181</p> <p>8.3 Source Authentication 189</p> <p>8.4 Summary 193</p> <p>8.5 Supplemental Reading 194</p> <p>8.6 Questions 194</p> <p><b>9 Access Control 197</b></p> <p>9.1 Definition of Terms and Concepts 197</p> <p>9.2 Security Labels 199</p> <p>9.3 Specification of Access Control Policies 201</p> <p>9.4 Categories of Access Control Mechanisms 202</p> <p>9.5 Summary 204</p> <p>9.6 Supplemental Reading 204</p> <p>9.7 Questions 205</p> <p><b>II Network Security 207</b></p> <p><b>10 Integration of Security Services in Communication Architectures 209</b></p> <p>10.1 Motivation 209</p> <p>10.2 A Pragmatic Model 211</p> <p>10.3 General Considerations for the Placement of Security Services 213</p> <p>10.4 Integration in Lower Protocol Layers vs Applications 216</p> <p>10.5 Integration into End Systems or Intermediate Systems 217</p> <p>10.6 Summary 219</p> <p>10.7 Supplemental Reading 219</p> <p>10.8 Questions 219</p> <p><b>11 Link Layer Security Protocols 221</b></p> <p>11.1 Virtual Separation of Data Traffic with IEEE 802.1Q 222</p> <p>11.2 Securing a Local Network Infrastructure Using IEEE 802.1X 224</p> <p>11.3 Encryption of Data Traffic with IEEE 802.1AE 226</p> <p>11.4 Point-to-Point Protocol 228</p> <p>11.5 Point-to-Point Tunneling Protocol 236</p> <p>11.6 Virtual Private Networks 242</p> <p>11.7 Summary 243</p> <p>11.8 Supplemental Reading 245</p> <p>11.9 Questions 246</p> <p><b>12 IPsec Security Architecture 249</b></p> <p>12.1 Short Introduction to the Internet Protocol Suite 249</p> <p>12.2 Overview of the IPsec Architecture 253</p> <p>12.3 Use of Transport and Tunnel Modes 261</p> <p>12.4 IPsec Protocol Processing 263</p> <p>12.5 The ESP Protocol 267</p> <p>12.6 The AH Protocol 273</p> <p>12.7 The ISAKMP Protocol 279</p> <p>12.8 Internet Key Exchange Version 1 286</p> <p>12.9 Internet Key Exchange Version 2 293</p> <p>12.10 Other Aspects of IPsec 297</p> <p>12.11 Summary 299</p> <p>12.12 Supplemental Reading 300</p> <p>12.13 Questions 301</p> <p><b>13 Transport Layer Security Protocols 303</b></p> <p>13.1 Secure Socket Layer 303</p> <p>13.2 Transport Layer Security 315</p> <p>13.3 Datagram Transport Layer Security 322</p> <p>13.4 Secure Shell 323</p> <p>13.5 Summary 332</p> <p>13.6 Supplemental Reading 333</p> <p>13.7 Questions 334</p> <p><b>III Secure Wireless and Mobile Communications 335</b></p> <p><b>14 Security Aspects of Mobile Communication 337</b></p> <p>14.1 Threats in Mobile Communication Networks 337</p> <p>14.2 Protecting Location Confidentiality 338</p> <p>14.3 Summary 343</p> <p>14.4 Supplemental Reading 343</p> <p>14.5 Questions 343</p> <p><b>15 Security in Wireless Local Area Networks 345</b></p> <p>15.1 The IEEE 802.11 Standard for WLANs 345</p> <p>15.2 Entity Authentication 347</p> <p>15.3 Wired Equivalent Privacy 353</p> <p>15.4 Robust Secure Networks 358</p> <p>15.5 Security in Public WLANs 365</p> <p>15.6 Summary 367</p> <p>15.7 Supplemental Reading 368</p> <p>15.8 Questions 369</p> <p><b>16 Security in Mobile Wide-Area Networks 371</b></p> <p>16.1 Global System for Mobile Communication 371</p> <p>16.2 Universal Mobile Telecommunications System 378</p> <p>16.3 Long-Term Evolution385</p> <p>16.4 Summary 389</p> <p>16.5 Supplemental Reading 390</p> <p>16.6 Questions 391</p> <p><b>IV Protecting Communications Infrastructures 393</b></p> <p><b>17 Protecting Communications and Infrastructure in Open Networks 395</b></p> <p>17.1 Systematic Threat Analysis 396</p> <p>17.2 Security of End Systems 399</p> <p>17.3 Summary 411</p> <p>17.4 Supplemental Reading 411</p> <p>17.5 Questions 412</p> <p><b>18 Availability of Data Transport 413</b></p> <p>18.1 Denial-of-Service Attacks 413</p> <p>18.2 Distributed Denial-of-Service Attacks 420</p> <p>18.3 Countermeasures 422</p> <p>18.4 Summary 433</p> <p>18.5 Supplemental Reading 434</p> <p>18.6 Questions 435</p> <p><b>19 Routing Security 437</b></p> <p>19.1 Cryptographic Protection of BGP 441</p> <p>19.2 Identification of Routing Anomalies* 450</p> <p>19.3 Summary 455</p> <p>19.4 Supplemental Reading 456</p> <p>19.5 Questions 457</p> <p><b>20 Secure Name Resolution 459</b></p> <p>20.1 The DNS Operating Principle 459</p> <p>20.2 Security Objectives and Threats 461</p> <p>20.3 Secure Use of Traditional DNS 467</p> <p>20.4 Cryptographic Protection of DNS 469</p> <p>20.5 Summary 481</p> <p>20.6 Supplemental Reading 482</p> <p>20.7 Questions 483</p> <p><b>21 Internet Firewalls 485</b></p> <p>21.1 Tasks and Basic Principles of Firewalls 485</p> <p>21.2 Firewall-Relevant Internet Services and Protocols 487</p> <p>21.3 Terminology and Building Blocks 490</p> <p>21.4 Firewall Architectures 491</p> <p>21.5 Packet Filtering 495</p> <p>21.6 Bastion Hosts and Proxy Servers 500</p> <p>21.7 Other Aspects of Modern Firewall Systems 502</p> <p>21.8 Summary 503</p> <p>21.9 Supplemental Reading 504</p> <p>21.10 Questions 505</p> <p><b>22 Automated Attack Detection and Response 507</b></p> <p>22.1 Operating Principle and Objectives of Intrusion Detection Systems 508</p> <p>22.2 Design and operation of network-based IDSs 512</p> <p>22.3 Response to Attacks and Automatic prevention 521</p> <p>22.4 Techniques for Evading NIDSs 524</p> <p>22.5 Summary 526</p> <p>22.6 Supplemental Reading 527</p> <p>22.7 Questions 528</p> <p><b>23 Management of Complex Communication Infrastructures* 529</b></p> <p>23.1 Automatic Certificate Management 529</p> <p>23.2 Automatic VPN Configuration 536</p> <p>23.3 Summary 550</p> <p>23.4 Supplemental Reading 552</p> <p>23.5 Questions 554</p> <p>Bibliography 555</p> <p>Abbreviations 585</p> <p>Index 595</p>

<p><b>Guenter Schaefer</b>, Professor, Technische Universität Ilmenau, Germany. After obtaining his Ph.D. degree (1998) he worked at Ecole Nationale Supérieure des Télécommunications, Paris, France (1999 - 2000). Between 2000 and 2005, he was researcher at Technische Universitaet Berlin, Germany where he was leading the network security laboratory. Since 2005 he is at his current post leading the Telematics/Computer Networks research group. His research interests lie in the areas of network security, networking protocols, mobile communications, and innovative communication services/architectures, and he regularly gives courses on network security, networking subjects and basics of computer science.</p> <p><b>Michael Rossberg</b>, PostDoc Researcher, Technische Universität Ilmenau, Germany. In 2011 he obtained his Ph.D. in computer science with a thesis on peer-to-peer-based auto-configuration of large scale IPsec VPNs. His research interests lie in network security and performance evaluation/optimization. In 2010, Michael Rossberg and Guenter Schaefer were jointly awarded with the third prize of the German IT Security Award for their work on automatic configuration of large scale VPNs.</p> <p><b>Translated by Herbert Eppel at HE Translations, Leicester, UK <strong style="font-family: Arial; font-size: 13.3333px; background-color: #f7f3e7;">(<a style="font-size: 10pt;" href="https://hetranslations.uk/">https://HETranslations.uk</a>)</b></b> DISCLAIMER: By including the link to this site, this does not mean the site is endorsed by Wiley</p>

GB