book

Secrets and Lies: Digital Security in a Networked World, 15th Anniversary Edition

Name: Secrets and Lies: Digital Security in a Networked World, 15th Anniversary Edition
Author: Bruce Schneier
ISBN: 9781119092438

by Bruce Schneier

March 2015

Intermediate to advanced

448 pages

12h 13m

English

Wiley

Read now

Unlock full access

Cover Page
Title Page
Copyright
Dedication
Contents
Foreword to 2015 15 th Anniversary Edition
Introduction from the Paperback Edition
Preface
About the Author
CHAPTER 1: Introduction
STEP ONE: ENFORCE LIABILITIESSTEP TWO: ALLOW PARTIES TO TRANSFER LIABILITIESSTEP THREE: PROVIDE MECHANISMS TO REDUCE RISKADDITIONAL BOOKSFURTHER READING

PART 1: THE LANDSCAPE
CHAPTER 2: Digital Threats
THE UNCHANGING NATURE OF ATTACKSTHE CHANGING NATURE OF ATTACKSPROACTION VS. REACTION
CHAPTER 3: Attacks
CRIMINAL ATTACKSPRIVACY VIOLATIONSPUBLICITY ATTACKSLEGAL ATTACKS
CHAPTER 4: Adversaries
HACKERSLONE CRIMINALSMALICIOUS INSIDERSINDUSTRIAL ESPIONAGEPRESSORGANIZED CRIMEPOLICETERRORISTSNATIONAL INTELLIGENCE ORGANIZATIONSINFOWARRIORS
CHAPTER 5: Security Needs
PRIVACYMULTILEVEL SECURITYANONYMITYPRIVACY AND THE GOVERNMENTAUTHENTICATIONINTEGRITYAUDITELECTRONIC CURRENCYPROACTIVE SOLUTIONS
PART 2: TECHNOLOGIES
CHAPTER 6: Cryptography
SYMMETRIC ENCRYPTIONTYPES OF CRYPTOGRAPHIC ATTACKSRECOGNIZING PLAINTEXTMESSAGE AUTHENTICATION CODESONE-WAY HASH FUNCTIONSPUBLIC-KEY ENCRYPTIONDIGITAL SIGNATURE SCHEMESRANDOM NUMBER GENERATORSKEY LENGTH
CHAPTER 7: Cryptography in Context
KEY LENGTH AND SECURITYONE-TIME PADSPROTOCOLSINTERNET CRYPTOGRAPHIC PROTOCOLSTYPES OF PROTOCOL ATTACKSCHOOSING AN ALGORITHM OR PROTOCOL
CHAPTER 8: Computer Security
DEFINITIONSACCESS CONTROLSECURITY MODELSSECURITY KERNELS AND TRUSTED COMPUTING BASESCOVERT CHANNELSEVALUATION CRITERIAFUTURE OF SECURE COMPUTERS
CHAPTER 9: Identification and Authentication
PASSWORDSBIOMETRICSACCESS TOKENSAUTHENTICATION PROTOCOLSSINGLE SIGN-ON
CHAPTER 10: Networked-Computer Security
MALICIOUS SOFTWAREMODULAR CODEMOBILE CODEWEB SECURITY
CHAPTER 11: Network Security
HOW NETWORKS WORKIP SECURITYDNS SECURITYDENIAL-OF-SERVICE ATTACKSDISTRIBUTED DENIAL-OF-SERVICE ATTACKSTHE FUTURE OF NETWORK SECURITY
CHAPTER 12: Network Defenses
FIREWALLSDEMILITARIZED ZONESVIRTUAL PRIVATE NETWORKSINTRUSION DETECTION SYSTEMSHONEY POTS AND BURGLAR ALARMSVULNERABILITY SCANNERSE-MAIL SECURITYENCRYPTION AND NETWORK DEFENSES
CHAPTER 13: Software Reliability
FAULTY CODEATTACKS ON FAULTY CODEBUFFER OVERFLOWSTHE UBIQUITY OF FAULTY CODE
CHAPTER 14: Secure Hardware
TAMPER RESISTANCESIDE-CHANNEL ATTACKSATTACKS AGAINST SMART CARDS
CHAPTER 15: Certificates and Credentials
TRUSTED THIRD PARTIESCREDENTIALSCERTIFICATESPROBLEMS WITH TRADITIONAL PKISPKIS ON THE INTERNET
CHAPTER 16: Security Tricks
GOVERNMENT ACCESS TO KEYSDATABASE SECURITYSTEGANOGRAPHYSUBLIMINAL CHANNELSDIGITAL WATERMARKINGCOPY PROTECTIONERASING DIGITAL INFORMATION
CHAPTER 17: The Human Factor
RISKEXCEPTION HANDLINGHUMAN–COMPUTER INTERFACEHUMAN–COMPUTER TRANSFERENCEMALICIOUS INSIDERSSOCIAL ENGINEERING
PART 3: STRATEGIES
CHAPTER 18: Vulnerabilities and the Vulnerability Landscape
ATTACK METHODOLOGYCOUNTERMEASURESTHE VULNERABILITY LANDSCAPERATIONALLY APPLYING COUNTERMEASURES
CHAPTER 19: Threat Modeling and Risk Assessment
FAIR ELECTIONSSECURE TELEPHONESSECURE E - MAILSTORED-VALUE SMART CARDSRISK ASSESSMENTTHE POINT OF THREAT MODELINGGETTING THE THREAT WRONG
CHAPTER 20: Security Policies and Countermeasures
SECURITY POLICIESTRUSTED CLIENT SOFTWAREAUTOMATIC TELLER MACHINESCOMPUTERIZED LOTTERY TERMINALSSMART CARDS VS. MEMORY CARDSRATIONAL COUNTERMEASURES
CHAPTER 21: Attack Trees
BASIC ATTACK TREESPGP ATTACK TREECREATING AND USING ATTACK TREES
CHAPTER 22: Product Testing and Verification
THE FAILURE OF TESTINGDISCOVERING SECURITY FLAWS AFTER THE FACTOPEN STANDARDS AND OPEN SOURCE SOLUTIONSREVERSE ENGINEERING AND THE LAWCRACKING AND HACKING CONTESTSEVALUATING AND CHOOSING SECURITY PRODUCTS
CHAPTER 23: The Future of Products
SOFTWARE COMPLEXITY AND SECURITYTECHNOLOGIES TO WATCHWILL WE EVER LEARN?
CHAPTER 24: Security Processes
PRINCIPLESDETECTION AND RESPONSECOUNTERATTACKMANAGE RISKOUTSOURCING SECURITY PROCESSES
CHAPTER 25: Conclusion
Afterword
Resources
Acknowledgments
Index

Content preview from Secrets and Lies: Digital Security in a Networked World, 15th Anniversary Edition

6 Cryptography

Cryptography is pretty amazing. On one level, it's a bunch of complicated mathematics. It's cryptographers designing ever more complicated mathematical transformations and cryptanalysts countering with ever more ingenious ways of breaking the mathematics. It also has a long and proud history: confidants, lovers, secret societies, and governments have been using cryptography to protect their secrets for millennia.

On another level, cryptography is a core technology of cyberspace. It lets us take all of the business and social constructs we're used to in the physical world, and move them to cyberspace. It's the technology that lets us build security into cyberspace, to deal with the attacks and attackers discussed in Part 1. Without cryptography, e-commerce could never enter the mainstream. Cryptography is not a panacea—you need a lot more than cryptography to have security—but it is essential.

In order to understand security in cyberspace, you need to understand cryptography. You don't have to understand the math, but you have to understand its ramifications. You need to know what cryptography can do, and more importantly, what cryptography cannot do. You need to know how to think about cryptography in the context of computer and network security. These two chapters won't turn you into a cryptographer, only an intelligent consumer of cryptography.

To the consumer, cryptography is a shadowy protective entity—something like Batman—kind of menacing but on the side of ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

ISC2 CISSP Certified Information Systems Security Professional Official Study Guide, 10th Edition

Publisher Resources

ISBN: 9781119092438Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Secrets and Lies: Digital Security in a Networked World, 15th Anniversary Edition

by Bruce Schneier

6

Cryptography

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.