Internet Cryptography
Richard E. Smith
- 出版商: Addison Wesley
- 出版日期: 1997-08-01
- 售價: $850
- 貴賓價: 9.8 折 $833
- 語言: 英文
- 頁數: 384
- 裝訂: Paperback
- ISBN: 0201924803
- ISBN-13: 9780201924800
-
相關分類:
資訊安全
無法訂購
相關主題
商品描述
Description
Features
Table Of Contents
(NOTE: Each chapter concludes with For Further Information.)
Preface.
Who This Book Is For.
How This Book Is Organized.
Crypto Today and Tomorrow.
Comments and Questions.
How This Book Is Organized.
Crypto Today and Tomorrow.
Comments and Questions.
Acknowledgments.
1. Introduction.
The Basic Problem.
Essentials of Crypto.
Essentials of Networking and the Internet.
Setting Realistic Security Objectives.
Appropriate Communications Security.
Legal Restrictions.
Essentials of Crypto.
Crypto Is Hard to Use.
Balancing Crypto Use with Your Objectives.
Balancing Crypto Use with Your Objectives.
Essentials of Networking and the Internet.
Protocol Layers and Network Products.
Internet Technology.
Internet Protocols in Your Host.
The Internet Security Problem.
An Internet Rogue's Gallery.
Internet Technology.
Internet Protocols in Your Host.
The Internet Security Problem.
An Internet Rogue's Gallery.
Setting Realistic Security Objectives.
Appropriate Communications Security.
Communications Security Goals.
Internet Crypto Techniques.
Internet Crypto Techniques.
Legal Restrictions.
2. Encryption Basics.
Encryption Building Blocks.
How Crypto Systems Fail.
Choosing Between Strong and Weak Crypto.
Stream Ciphers.
Block Ciphers.
Block Ciphers.
How Crypto Systems Fail.
Cryptanalysis and Modern Codes.
Brute Force Cracking of Secret Keys.
Attacks on Improper Crypto Use.
Brute Force Cracking of Secret Keys.
Attacks on Improper Crypto Use.
Choosing Between Strong and Weak Crypto.
Properties of Good Crypto Algorithms.
Crypto Algorithms to Consider.
Selecting a Block Cipher Mode.
Identifying a Safe Key Length.
Levels of Risk for Different Applications.
Crypto Algorithms to Consider.
Selecting a Block Cipher Mode.
Identifying a Safe Key Length.
Levels of Risk for Different Applications.
3. Link Encryption.
Security Objectives.
Product Example: In-line Encryptor.
Deployment Example: Point-to-Point Encryption.
Deployment Example: IP-routed Configuration.
Key Recovery and Escrowed Encryption.
Product Example: In-line Encryptor.
Red/Black Separation.
Crypto Algorithm and Keying.
Encryptor Vulnerabilities.
Product Security Requirements.
Crypto Algorithm and Keying.
Encryptor Vulnerabilities.
Product Security Requirements.
Deployment Example: Point-to-Point Encryption.
Point-to-Point Practical Limitations.
Physical Protection and Control.
Deployment Security Requirements.
Physical Protection and Control.
Deployment Security Requirements.
Deployment Example: IP-routed Configuration.
Site Protection.
Networkwide Security.
Deployment Security Requirements.
Networkwide Security.
Deployment Security Requirements.
Key Recovery and Escrowed Encryption.
4. Managing Secret Keys.
Security Objectives.
Basic Issues in Secret Key Management.
Technology: Random Key Generation.
Deployment Example: Manual Key Distribution.
Technology: Automatic Rekeying.
Key Distribution Centers (KDCs).
Maintaining Keys and System Security.
Basic Issues in Secret Key Management.
Technology: Random Key Generation.
Random Seeding.
Pseudorandom Number Generators.
Technical Security Requirements.
Pseudorandom Number Generators.
Technical Security Requirements.
Deployment Example: Manual Key Distribution.
Preparing Secret Keys for Delivery.
Batch Generation of Keys.
Printing Keys on Paper.
Key Packaging and Delivery.
Key Splitting for Safer Delivery.
Deployment Security Requirements.
Batch Generation of Keys.
Printing Keys on Paper.
Key Packaging and Delivery.
Key Splitting for Safer Delivery.
Deployment Security Requirements.
Technology: Automatic Rekeying.
ANSI X9.17 Point-to-Point Rekeying.
Variations of X9.17.
Technical Security Requirements.
Variations of X9.17.
Technical Security Requirements.
Key Distribution Centers (KDCs).
Maintaining Keys and System Security.
5. Security at the IP Layer.
Security Objectives.
Basic Issues with Using IPSEC.
Technology: Cryptographic Checksums.
IPSEC: IP Security Protocol.
IPSEC Key Management.
Other TCP/IP Network Security Protocols.
Basic Issues with Using IPSEC.
Technology: Cryptographic Checksums.
One-way Hash Functions.
Technical Security Requirements.
Technical Security Requirements.
IPSEC: IP Security Protocol.
IPSEC Authentication.
IPSEC Encryption.
IPSEC Encryption.
IPSEC Key Management.
Other TCP/IP Network Security Protocols.
6. Virtual Private Networks.
Security Objectives.
Basic Issues with VPNs.
Technology: IPSEC Proxy Cryptography.
Product Example: IPSEC Encrypting Router.
Deployment Example: Site-to-Site Encryption.
Basic Issues with VPNs.
Technology: IPSEC Proxy Cryptography.
ESP Tunnel Mode.
ESP Transport Mode.
ESP Transport Mode.
Product Example: IPSEC Encrypting Router.
Blocking Classic Internet Attacks.
Product Security Requirements.
Product Security Requirements.
Deployment Example: Site-to-Site Encryption.
Header Usage and Security.
Deployment Security Requirements.
Deployment Security Requirements.
7. Remote Access with IPSEC.
Security Objectives.
Basic Issues with IPSEC Clients.
Product Example: IPSEC Client.
Deployment Example: Client-to-Server Site Access.
Basic Issues with IPSEC Clients.
Product Example: IPSEC Client.
Client Security Associations.
Client Self-Defense on the Internet.
Client Theft and Key Protection.
Product Security Requirements.
Client Self-Defense on the Internet.
Client Theft and Key Protection.
Product Security Requirements.
Deployment Example: Client-to-Server Site Access.
Remote Access Security Issues.
Deployment Security Requirements.
Deployment Security Requirements.
8. IPSEC and Firewalls.
Security Objectives.
Basic Issues with IPSEC and Firewalls.
Internet Firewalls.
Product Example: IPSEC Firewall.
Deployment Example: A VPN with a Firewall.
Basic Issues with IPSEC and Firewalls.
Internet Firewalls.
What Firewalls Control.
How Firewalls Control Access.
Firewall Control Mechanisms.
How Firewalls Control Access.
Firewall Control Mechanisms.
Product Example: IPSEC Firewall.
Administering Multiple Sites.
Product Security Requirements.
Product Security Requirements.
Deployment Example: A VPN with a Firewall.
Establishing a Site Security Policy.
Chosen Plaintext Attack on a Firewall.
Deployment Security Requirements.
Chosen Plaintext Attack on a Firewall.
Deployment Security Requirements.
9. Public Key Crypto and SSL.
Public Key Cryptography.
Technology: Secret Key Exchange with RSA Crypto.
Secure Sockets Layer.
Evolution of Public Key Crypto.
Diffie-Hellman Public Key Technique.
Brute Force Attacks on RSA.
Other RSA Vulnerabilities.
Technical Security Requirements.
Diffie-Hellman Public Key Technique.
Brute Force Attacks on RSA.
Other RSA Vulnerabilities.
Technical Security Requirements.
Technology: Secret Key Exchange with RSA Crypto.
Attacking Public Key Distribution.
Public Key versus Secret Key Exchange.
Technical Security Requirements.
Public Key versus Secret Key Exchange.
Technical Security Requirements.
Secure Sockets Layer.
Other SSL Properties.
Basic Attacks Against SSL.
SSL Security Evolution.
Basic Attacks Against SSL.
SSL Security Evolution.
10. World Wide Web Transaction Security.
Security Objectives.
Basic Issues in Internet Transaction Security.
Transactions on the World Wide Web.
Security Alternatives for Web Forms.
Product Example: Web Browser with SSL.
Product Example: Web Server with SSL.
Deployment Example: Vending with Exportable Encryption.
Basic Issues in Internet Transaction Security.
Transactions on the World Wide Web.
Transactions with Web Forms.
Web Form Security Services.
Web Form Security Services.
Security Alternatives for Web Forms.
Password Protection.
Network-level Security (IPSEC).
Transport-level Security (SSL).
Application-level Security (SHTTP).
Client Authentication Alternatives.
Network-level Security (IPSEC).
Transport-level Security (SSL).
Application-level Security (SHTTP).
Client Authentication Alternatives.
Product Example: Web Browser with SSL.
Browser Cryptographic Services.
Authentication Capabilities.
Client Security and Executable Contents.
Product Security Requirements.
Authentication Capabilities.
Client Security and Executable Contents.
Product Security Requirements.
Product Example: Web Server with SSL.
Web Server Vulnerabilities.
Mandatory Protection.
Product Security Requirements.
Mandatory Protection.
Product Security Requirements.
Deployment Example: Vending with Exportable Encryption.
Export Restrictions and Transaction Security.
Site Configuration.
Deployment Security Requirements.
Site Configuration.
Deployment Security Requirements.
11. Secured Electronic Mail.
Security Objectives.
Basic Issues with E-Mail Security.
Basics of Internet Electronic Mail.
Technology: Off-line Message Keying.
Technology: Digital Signatures.
Product Example: Secure E-Mail Client.
E-Mail Deployment.
Basic Issues with E-Mail Security.
Basics of Internet Electronic Mail.
Internet E-Mail Software Architecture.
E-Mail Security Problems.
E-Mail Security Problems.
Technology: Off-line Message Keying.
Encryption Tokens.
Technical Security Requirements.
Technical Security Requirements.
Technology: Digital Signatures.
Attacks on Digital Signatures.
The Digital Signature Standard.
Technical Security Requirements.
The Digital Signature Standard.
Technical Security Requirements.
Product Example: Secure E-Mail Client.
Basic Secure Client Features.
E-Mail Client Security Issues.
Product Security Requirements.
E-Mail Client Security Issues.
Product Security Requirements.
E-Mail Deployment.
12. Public Key Cerificates.
Security Objectives.
Distributing Public Keys.
Technology: Public Key Certificates.
Certificate Distribution.
Centralized Certification Authority.
Hierarchical Certification Authority.
PGP “Web of Trust” .
For Further Information.
Distributing Public Keys.
Technology: Public Key Certificates.
Generating Public Key Pairs.
Certificate Revocation.
Certification Authority Workstation.
Technical Security Requirements.
Certificate Revocation.
Certification Authority Workstation.
Technical Security Requirements.
Certificate Distribution.
Transparent Distribution.
Interactive Distribution.
Interactive Distribution.
Centralized Certification Authority.
Netscape Server Authentication.
Handling Multiple Certification Authorities.
Handling Multiple Certification Authorities.
Hierarchical Certification Authority.
PEM Internet Certification Hierarchy.
Private Trees.
Private Trees.
PGP “Web of Trust” .
For Further Information.
Appendix A: Glossary.
Appendix B: Bibliography.
Index. 0201924803T01282002
