book

Network Security: Private Communications in a Public World, 3rd Edition

Name: Network Security: Private Communications in a Public World, 3rd Edition
ISBN: 9780136643531

by Charlie Kaufman, Radia Perlman, Mike Speciner, Ray Perlner

September 2022

Intermediate to advanced

544 pages

18h 10m

English

Addison-Wesley Professional

Read now

Unlock full access

Cover Page
About This eBook
Title Page
Copyright Page
Dedication Page
Contents
Acknowledgments
About the Authors
1. Introduction
1.1 Opinions, Products1.2 Roadmap to the Book1.3 Terminology1.4 Notation1.5 Cryptographically Protected Sessions1.6 Active and Passive Attacks1.7 Legal Issues1.8 Some Network Basics1.9 Names for Humans1.10 Authentication and Authorization1.11 Malware: Viruses, Worms, Trojan Horses1.12 Security Gateway1.13 Denial-of-Service (DoS) Attacks1.14 NAT (Network Address Translation)
2. Introduction to Cryptography
2.1 Introduction2.2 Secret Key Cryptography2.3 Public Key Cryptography2.4 Hash Algorithms2.5 Breaking an Encryption Scheme2.6 Random Numbers2.7 Numbers2.8 Homework

3. Secret Key Cryptography
3.1 Introduction3.2 Generic Block Cipher Issues3.3 Constructing a Practical Block Cipher3.4 Choosing Constants3.5 Data Encryption Standard (DES)3.6 3DES (Multiple Encryption DES)3.7 Advanced Encryption Standard (AES)3.8 RC3.9 Homework
4. Modes of Operation
4.1 Introduction4.2 Encrypting a Large Message4.3 Generating MACs4.4 Ensuring Privacy and Integrity Together4.5 Performance Issues4.6 Homework
5. Cryptographic Hashes
5.1 Introduction5.2 The Birthday Problem5.3 A Brief History of Hash Functions5.4 Nifty Things to Do with a Hash5.5 Creating a Hash Using a Block Cipher5.6 Construction of Hash Functions5.7 Padding5.8 The Internal Encryption Algorithms5.9 SHA-3 f Function (Also Known as KECCAK-f)5.10 Homework
6. First-Generation Public Key Algorithms
6.1 Introduction6.2 Modular Arithmetic6.3 RSA6.4 Diffie-Hellman6.5 Digital Signature Algorithm (DSA)6.6 How Secure Are RSA and Diffie-Hellman?6.7 Elliptic Curve Cryptography (ECC)6.8 Homework
7. Quantum Computing
7.1 What Is a Quantum Computer?7.2 Grover’s Algorithm7.3 Shor’s Algorithm7.4 Quantum Key Distribution (QKD)7.5 How Hard Are Quantum Computers to Build?7.6 Quantum Error Correction7.7 Homework
8. Post-Quantum Cryptography
8.1 Signature and/or Encryption Schemes8.2 Hash-based Signatures8.3 Lattice-Based Cryptography8.4 Code-based Schemes8.5 Multivariate Cryptography8.6 Homework
9. Authentication of People
9.1 Password-based Authentication9.2 Address-based Authentication9.3 Biometrics9.4 Cryptographic Authentication Protocols9.5 Who Is Being Authenticated?9.6 Passwords as Cryptographic Keys9.7 On-Line Password Guessing9.8 Off-Line Password Guessing9.9 Using the Same Password in Multiple Places9.10 Requiring Frequent Password Changes9.11 Tricking Users into Divulging Passwords9.12 Lamport’s Hash9.13 Password Managers9.14 Web Cookies9.15 Identity Providers (IDPs)9.16 Authentication Tokens9.17 Strong Password Protocols9.18 Credentials Download Protocols9.19 Homework
10. Trusted Intermediaries
10.1 Introduction10.2 Functional Comparison10.3 Kerberos10.4 PKI10.5 Website Gets a DNS Name and Certificate10.6 PKI Trust Models10.7 Building Certificate Chains10.8 Revocation10.9 Other Information in a PKIX Certificate10.10 Issues with Expired Certificates10.11 DNSSEC (DNS Security Extensions)10.12 Homework
11. Communication Session Establishment
11.1 One-way Authentication of Alice11.2 Mutual Authentication11.3 Integrity/Encryption for Data11.4 Nonce Types11.5 Intentional MITM11.6 Detecting MITM11.7 What Layer?11.8 Perfect Forward Secrecy11.9 Preventing Forged Source Addresses11.10 Endpoint Identifier Hiding11.11 Live Partner Reassurance11.12 Arranging for Parallel Computation11.13 Session Resumption/Multiple Sessions11.14 Plausible Deniability11.15 Negotiating Crypto Parameters11.16 Homework
12. IPsec
12.1 IPsec Security Associations12.2 IKE (Internet Key Exchange Protocol)12.3 Creating a Child-SA12.4 AH and ESP12.5 AH (Authentication Header)12.6 ESP (Encapsulating Security Payload)12.7 Comparison of Encodings12.8 Homework
13. SSL/TLS and SSH
13.1 Using TCP13.2 StartTLS13.3 Functions in the TLS Handshake13.4 TLS 1.2 (and Earlier) Basic Protocol13.5 TLS 1.313.6 Session Resumption13.7 PKI as Deployed by TLS13.8 SSH (Secure Shell)13.9 Homework
14. Electronic Mail Security
14.1 Distribution Lists14.2 Store and Forward14.3 Disguising Binary as Text14.4 HTML-Formatted Email14.5 Attachments14.6 Non-cryptographic Security Features14.7 Malicious Links in Email14.8 Data Loss Prevention (DLP)14.9 Knowing Bob’s Email Address14.10 Self-Destruct, Do-Not-Forward, …14.11 Preventing Spoofing of From Field14.12 In-Flight Encryption14.13 End-to-End Signed and Encrypted Email14.14 Encryption by a Server14.15 Message Integrity14.16 Non-Repudiation14.17 Plausible Deniability14.18 Message Flow Confidentiality14.19 Anonymity14.20 Homework
15. Electronic Money
15.1 ECASH15.2 Offline eCash15.3 Bitcoin15.4 Wallets for Electronic Currency15.5 Homework
16. Cryptographic Tricks
16.1 Secret Sharing16.2 Blind Signature16.3 Blind Decryption16.4 Zero-Knowledge Proofs16.5 Group Signatures16.6 Circuit Model16.7 Secure Multiparty Computation (MPC)16.8 Fully Homomorphic Encryption (FHE)16.9 Homework
17. Folklore
17.1 Misconceptions17.2 Perfect Forward Secrecy17.3 Change Encryption Keys Periodically17.4 Don’t Encrypt without Integrity Protection17.5 Multiplexing Flows over One Secure Session17.6 Using Different Secret Keys17.7 Using Different Public Keys17.8 Establishing Session Keys17.9 Hash in a Constant When Hashing a Password17.10 HMAC Rather than Simple Keyed Hash17.11 Key Derivation17.12 Use of Nonces in Protocols17.13 Creating an Unpredictable Nonce17.14 Compression17.15 Minimal vs Redundant Designs17.16 Overestimate the Size of Key17.17 Hardware Random Number Generators17.18 Put Checksums at the End of Data17.19 Forward Compatibility
Glossary
Math
M.1 IntroductionM.2 Some definitions and notationM.3 ArithmeticM.4 Abstract AlgebraM.5 Modular ArithmeticM.6 GroupsM.7 FieldsM.8 Mathematics of RijndaelM.9 Elliptic Curve CryptographyM.10 RingsM.11 Linear TransformationsM.12 Matrix ArithmeticM.13 DeterminantsM.14 Homework
Bibliography
Index
Code Snippets

Content preview from Network Security: Private Communications in a Public World, 3rd Edition

10 Trusted Intermediaries

10.1 Introduction

If nodes Alice and Bob want to be able to communicate securely, they need to know keys for each other. Configuring each node with keys for every other node will not scale beyond a small number, so a trusted third party (someone that Alice and Bob trust) is used for introducing Alice and Bob to each other.

In this chapter we describe different types of systems based on trusted third parties. One is a system that uses only secret keys, in which case the trusted third party is usually known as a KDC (Key Distribution Center). In a public key system, the trusted third party is usually known as a certification authority (CA), and it signs certificates, which assert things such as the mapping between the ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Network Security: Private Communication in a Public World, Second Edition

Publisher Resources

ISBN: 9780136643531

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Network Security: Private Communications in a Public World, 3rd Edition

by Charlie Kaufman, Radia Perlman, Mike Speciner, Ray Perlner