Network Security: Private Communications in a Public World, 3rd Edition

Network Security: Private Communications in a Public World, 3rd Edition

by Charlie Kaufman, Radia Perlman, Mike Speciner, Ray Perlner
Released September 2022
Publisher(s): Addison-Wesley Professional
ISBN: 9780136643531

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

The classic guide to cryptography and network security -- now fully updated!

"Alice and Bob are back!"

Widely regarded as the most comprehensive yet comprehensible guide to network security and cryptography, the previous editions of Network Security received critical acclaim for lucid and witty explanations of the inner workings of cryptography and network security protocols. In this edition, the authors have significantly updated and revised the previous content, and added new topics that have become important.

This book explains sophisticated concepts in a friendly and intuitive manner. For protocol standards, it explains the various constraints and committee decisions that led to the current designs. For cryptographic algorithms, it explains the intuition behind the designs, as well as the types of attacks the algorithms are designed to avoid. It explains implementation techniques that can cause vulnerabilities even if the cryptography itself is sound. Homework problems deepen your understanding of concepts and technologies, and an updated glossary demystifies the field's jargon. Network Security, Third Edition will appeal to a wide range of professionals, from those who design and evaluate security systems to system administrators and programmers who want a better understanding of this important field. It can also be used as a textbook at the graduate or advanced undergraduate level.

Coverage includes

* Network security protocol and cryptography basics

* Design considerations and techniques for secret key and hash algorithms (AES, DES, SHA-1, SHA-2, SHA-3)

* First-generation public key algorithms (RSA, Diffie-Hellman, ECC)

* How quantum computers work, and why they threaten the first-generation public key algorithms

* Quantum computers: how they work, and why they threaten the first-generation public key algorithms

* Multi-factor authentication of people

* Real-time communication (SSL/TLS, SSH, IPsec)

* New applications (electronic money, blockchains)

* New cryptographic techniques (homomorphic encryption, secure multiparty computation)

.

Table of contents

  1. Cover Page
  2. About This eBook
  3. Title Page
  4. Copyright Page
  5. Pearson’s Commitment to Diversity, Equity, and Inclusion
  6. Dedication Page
  7. Contents
  8. Acknowledgments
  9. About the Authors
  10. 1. Introduction
    1. 1.1 Opinions, Products
    2. 1.2 Roadmap to the Book
    3. 1.3 Terminology
    4. 1.4 Notation
    5. 1.5 Cryptographically Protected Sessions
    6. 1.6 Active and Passive Attacks
    7. 1.7 Legal Issues
    8. 1.8 Some Network Basics
    9. 1.9 Names for Humans
    10. 1.10 Authentication and Authorization
    11. 1.11 Malware: Viruses, Worms, Trojan Horses
    12. 1.12 Security Gateway
    13. 1.13 Denial-of-Service (DoS) Attacks
    14. 1.14 NAT (Network Address Translation)
  11. 2. Introduction to Cryptography
    1. 2.1 Introduction
    2. 2.2 Secret Key Cryptography
    3. 2.3 Public Key Cryptography
    4. 2.4 Hash Algorithms
    5. 2.5 Breaking an Encryption Scheme
    6. 2.6 Random Numbers
    7. 2.7 Numbers
    8. 2.8 Homework
  12. 3. Secret Key Cryptography
    1. 3.1 Introduction
    2. 3.2 Generic Block Cipher Issues
    3. 3.3 Constructing a Practical Block Cipher
    4. 3.4 Choosing Constants
    5. 3.5 Data Encryption Standard (DES)
    6. 3.6 3DES (Multiple Encryption DES)
    7. 3.7 Advanced Encryption Standard (AES)
    8. 3.8 RC
    9. 3.9 Homework
  13. 4. Modes of Operation
    1. 4.1 Introduction
    2. 4.2 Encrypting a Large Message
    3. 4.3 Generating MACs
    4. 4.4 Ensuring Privacy and Integrity Together
    5. 4.5 Performance Issues
    6. 4.6 Homework
  14. 5. Cryptographic Hashes
    1. 5.1 Introduction
    2. 5.2 The Birthday Problem
    3. 5.3 A Brief History of Hash Functions
    4. 5.4 Nifty Things to Do with a Hash
    5. 5.5 Creating a Hash Using a Block Cipher
    6. 5.6 Construction of Hash Functions
    7. 5.7 Padding
    8. 5.8 The Internal Encryption Algorithms
    9. 5.9 SHA-3 f Function (Also Known as KECCAK-f)
    10. 5.10 Homework
  15. 6. First-Generation Public Key Algorithms
    1. 6.1 Introduction
    2. 6.2 Modular Arithmetic
    3. 6.3 RSA
    4. 6.4 Diffie-Hellman
    5. 6.5 Digital Signature Algorithm (DSA)
    6. 6.6 How Secure Are RSA and Diffie-Hellman?
    7. 6.7 Elliptic Curve Cryptography (ECC)
    8. 6.8 Homework
  16. 7. Quantum Computing
    1. 7.1 What Is a Quantum Computer?
    2. 7.2 Grover’s Algorithm
    3. 7.3 Shor’s Algorithm
    4. 7.4 Quantum Key Distribution (QKD)
    5. 7.5 How Hard Are Quantum Computers to Build?
    6. 7.6 Quantum Error Correction
    7. 7.7 Homework
  17. 8. Post-Quantum Cryptography
    1. 8.1 Signature and/or Encryption Schemes
    2. 8.2 Hash-based Signatures
    3. 8.3 Lattice-Based Cryptography
    4. 8.4 Code-based Schemes
    5. 8.5 Multivariate Cryptography
    6. 8.6 Homework
  18. 9. Authentication of People
    1. 9.1 Password-based Authentication
    2. 9.2 Address-based Authentication
    3. 9.3 Biometrics
    4. 9.4 Cryptographic Authentication Protocols
    5. 9.5 Who Is Being Authenticated?
    6. 9.6 Passwords as Cryptographic Keys
    7. 9.7 On-Line Password Guessing
    8. 9.8 Off-Line Password Guessing
    9. 9.9 Using the Same Password in Multiple Places
    10. 9.10 Requiring Frequent Password Changes
    11. 9.11 Tricking Users into Divulging Passwords
    12. 9.12 Lamport’s Hash
    13. 9.13 Password Managers
    14. 9.14 Web Cookies
    15. 9.15 Identity Providers (IDPs)
    16. 9.16 Authentication Tokens
    17. 9.17 Strong Password Protocols
    18. 9.18 Credentials Download Protocols
    19. 9.19 Homework
  19. 10. Trusted Intermediaries
    1. 10.1 Introduction
    2. 10.2 Functional Comparison
    3. 10.3 Kerberos
    4. 10.4 PKI
    5. 10.5 Website Gets a DNS Name and Certificate
    6. 10.6 PKI Trust Models
    7. 10.7 Building Certificate Chains
    8. 10.8 Revocation
    9. 10.9 Other Information in a PKIX Certificate
    10. 10.10 Issues with Expired Certificates
    11. 10.11 DNSSEC (DNS Security Extensions)
    12. 10.12 Homework
  20. 11. Communication Session Establishment
    1. 11.1 One-way Authentication of Alice
    2. 11.2 Mutual Authentication
    3. 11.3 Integrity/Encryption for Data
    4. 11.4 Nonce Types
    5. 11.5 Intentional MITM
    6. 11.6 Detecting MITM
    7. 11.7 What Layer?
    8. 11.8 Perfect Forward Secrecy
    9. 11.9 Preventing Forged Source Addresses
    10. 11.10 Endpoint Identifier Hiding
    11. 11.11 Live Partner Reassurance
    12. 11.12 Arranging for Parallel Computation
    13. 11.13 Session Resumption/Multiple Sessions
    14. 11.14 Plausible Deniability
    15. 11.15 Negotiating Crypto Parameters
    16. 11.16 Homework
  21. 12. IPsec
    1. 12.1 IPsec Security Associations
    2. 12.2 IKE (Internet Key Exchange Protocol)
    3. 12.3 Creating a Child-SA
    4. 12.4 AH and ESP
    5. 12.5 AH (Authentication Header)
    6. 12.6 ESP (Encapsulating Security Payload)
    7. 12.7 Comparison of Encodings
    8. 12.8 Homework
  22. 13. SSL/TLS and SSH
    1. 13.1 Using TCP
    2. 13.2 StartTLS
    3. 13.3 Functions in the TLS Handshake
    4. 13.4 TLS 1.2 (and Earlier) Basic Protocol
    5. 13.5 TLS 1.3
    6. 13.6 Session Resumption
    7. 13.7 PKI as Deployed by TLS
    8. 13.8 SSH (Secure Shell)
    9. 13.9 Homework
  23. 14. Electronic Mail Security
    1. 14.1 Distribution Lists
    2. 14.2 Store and Forward
    3. 14.3 Disguising Binary as Text
    4. 14.4 HTML-Formatted Email
    5. 14.5 Attachments
    6. 14.6 Non-cryptographic Security Features
    7. 14.7 Malicious Links in Email
    8. 14.8 Data Loss Prevention (DLP)
    9. 14.9 Knowing Bob’s Email Address
    10. 14.10 Self-Destruct, Do-Not-Forward, …
    11. 14.11 Preventing Spoofing of From Field
    12. 14.12 In-Flight Encryption
    13. 14.13 End-to-End Signed and Encrypted Email
    14. 14.14 Encryption by a Server
    15. 14.15 Message Integrity
    16. 14.16 Non-Repudiation
    17. 14.17 Plausible Deniability
    18. 14.18 Message Flow Confidentiality
    19. 14.19 Anonymity
    20. 14.20 Homework
  24. 15. Electronic Money
    1. 15.1 ECASH
    2. 15.2 Offline eCash
    3. 15.3 Bitcoin
    4. 15.4 Wallets for Electronic Currency
    5. 15.5 Homework
  25. 16. Cryptographic Tricks
    1. 16.1 Secret Sharing
    2. 16.2 Blind Signature
    3. 16.3 Blind Decryption
    4. 16.4 Zero-Knowledge Proofs
    5. 16.5 Group Signatures
    6. 16.6 Circuit Model
    7. 16.7 Secure Multiparty Computation (MPC)
    8. 16.8 Fully Homomorphic Encryption (FHE)
    9. 16.9 Homework
  26. 17. Folklore
    1. 17.1 Misconceptions
    2. 17.2 Perfect Forward Secrecy
    3. 17.3 Change Encryption Keys Periodically
    4. 17.4 Don’t Encrypt without Integrity Protection
    5. 17.5 Multiplexing Flows over One Secure Session
    6. 17.6 Using Different Secret Keys
    7. 17.7 Using Different Public Keys
    8. 17.8 Establishing Session Keys
    9. 17.9 Hash in a Constant When Hashing a Password
    10. 17.10 HMAC Rather than Simple Keyed Hash
    11. 17.11 Key Derivation
    12. 17.12 Use of Nonces in Protocols
    13. 17.13 Creating an Unpredictable Nonce
    14. 17.14 Compression
    15. 17.15 Minimal vs Redundant Designs
    16. 17.16 Overestimate the Size of Key
    17. 17.17 Hardware Random Number Generators
    18. 17.18 Put Checksums at the End of Data
    19. 17.19 Forward Compatibility
  27. Glossary
  28. Math
    1. M.1 Introduction
    2. M.2 Some definitions and notation
    3. M.3 Arithmetic
    4. M.4 Abstract Algebra
    5. M.5 Modular Arithmetic
    6. M.6 Groups
    7. M.7 Fields
    8. M.8 Mathematics of Rijndael
    9. M.9 Elliptic Curve Cryptography
    10. M.10 Rings
    11. M.11 Linear Transformations
    12. M.12 Matrix Arithmetic
    13. M.13 Determinants
    14. M.14 Homework
  29. Bibliography
  30. Index
  31. Code Snippets

Product information

  • Title: Network Security: Private Communications in a Public World, 3rd Edition
  • Author(s): Charlie Kaufman, Radia Perlman, Mike Speciner, Ray Perlner
  • Release date: September 2022
  • Publisher(s): Addison-Wesley Professional
  • ISBN: 9780136643531