CRYPTOGRAPHY AND NETWORK SECURITY

Transcription

1 CRYPTOGRAPHY AND NETWORK SECURITY PRINCIPLES AND PRACTICE FIFTH EDITION William Stallings Prentice Hall Boston Columbus Indianapolis New York San Francisco Upper Saddle River Amsterdam Cape Town Dubai London Madrid Milan Munich Paris Montreal Toronto Delhi Mexico City Sao Paulo Sydney Hong Kong Seoul Singapore Taipei Tokyo

2 CONTENTS Notation 13 Preface 15 About the Author 23 Chapter 0 Reader's Guide Outline of This Book A Roadmap for Readers and Instructors Internet and Web Resources Standards 29 Chapter 1 Overview Computer Security Concepts The OSI Security Architecture Security Attacks Security Services Security Mechanisms A Model for Network Security Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 53 PART ONE SYMMETRIC CIPHERS 55 Chapter 2 Classical Encryption Techniques Symmetric Cipher Model Substitution Techniques Transposition Techniques Rotor Machines Steganography Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 84 Chapter 3 Block Ciphers and the Data Encryption Standard Block Cipher Principles The Data Encryption Standard (DES) A DES Example The Strength of DES Differential and Linear Cryptanalysis Block Cipher Design Principles Recommended Reading and Web Site Key Terms, Review Questions, and Problems 121 Chapter 4 Basic Concepts in Number Theory and Finite Fields Divisibility and the Division Algorithm The Euclidean Algorithm 129

3 6 CONTENTS 4.3 Modular Arithmetic Groups, Rings, and Fields Finite Fields of the Form GF(p) Polynomial Arithmetic Finite Fields of the Form GF(2") Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 165 Appendix 4 A The Meaning of mod 168 Chapter 5 Advanced Encryption Standard Finite Field Arithmetic AES Structure AES Transformation Functions AES Key Expansion An AES Example AES Implementation Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 203 Appendix 5A Polynomials with Coefficients in GF(2 ) 204 Appendix 5B Simplified AES 207 Chapter 6 Block Cipher Operation Multiple Encryption and Triple DES Electronic Code Book Cipher Block Chaining Mode Cipher Feedback Mode Output Feedback Mode Counter Mode XTS-AES Mode for Block-Oriented Storage Devices Recommended Web Site Key Terms, Review Questions, and Problems 238 Chapter 7 Pseudorandom Number Generation and Stream Ciphers Principles of Pseudorandom Number Generation Pseudorandom Number Generators Pseudorandom Number Generation Using a Block Cipher Stream Ciphers RC True Random Number Generators Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 263 PART TWO ASYMMETRIC CIPHERS 267 Chapter 8 Introduction to Number Theory Prime Numbers Fermat's and Euler's Theorems Testing for Primality The Chinese Remainder Theorem 278

4 8.5 Discrete Logarithms Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 287 Chapter 9 Public-Key Cryptography and RSA Principles of Public-Key Cryptosystems The RS A Algorithm Recommended Reading and Web Site Key Terms, Review Questions, and Problems 315 Appendix 9A Proof of the RSA Algorithm 320 Appendix 9B The Complexity of Algorithms 321 Chapter 10 Other Public-Key Cryptosystems Diffie-Hellman Key Exchange ElGamal Cryptographic system Elliptic Curve Arithmetic Elliptic Curve Cryptography Pseudorandom Number Generation Based on an Asymmetric Cipher Recommended Reading and Web Site Key Terms, Review Questions, and Problems 348 PART THREE CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS 351 Chapter 11 Cryptographic Hash Functions Applications of Cryptographic Hash Functions Two Simple Hash Functions Requirements and Security Hash Functions Based on Cipher Block Chaining Secure Hash Algorithm (SHA) SHA Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 377 Appendix IIA Mathematical Basis of the Birthday Attack 380 Chapter 12 Message Authentication Codes Message Authentication Requirements Message Authentication Functions Requirements for Message Authentication Codes Security of MACs MACs Based on Hash Functions: HMAC MACs Based on Block Ciphers: DAA and CMAC Authenticated Encryption: CCM and GCM Pseudorandom Number Generation Using Hash Functions and MACs Recommended Reading and Web Site Key Terms, Review Questions, and Problems 417 Chapter 13 Digital Signatures Digital Signatures ElGamal Digital Signature Scheme 424

5 8 CONTENTS 13.3 Schnorr Digital Signature Scheme Digital Signature Standard Recommended Reading and Web Site Key Terms, Review Questions, and Problems 431 PART FOUR MUTUAL TRUST 435 Chapter 14 Key Management and Distribution Symmetric Key Distribution Using Symmetric Encryption Symmetric Key Distribution Using Asymmetric Encryption Distribution of Public Keys X.509 Certificates Public-Key Infrastructure Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 464 Chapter 15 User Authentication Remote User-Authentication Principles Remote User-Authentication Using Symmetric Encryption Kerberos Remote User Authentication Using Asymmetric Encryption Federated Identity Management Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 503 Appendix 15A Kerberos Encryption Techniques 505 PART FIVE NETWORK AND INTERNET SECURITY 509 Chapter 16 Transport-Level Security Web Security Considerations Secure Socket Layer and Transport Layer Security Transport Layer Security HTTPS Secure SheU (SSH) Recommended Reading andweb Sites Key Terms, Review Questions, and Problems 543 Chapter 17 Wireless Network Security IEEE Wireless LAN Overview IEEE 802. Hi Wireless LAN Security Wireless Application Protocol Overview Wireless Transport Layer Security WAP End-to-End Security Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 588 Chapter 18 Electronic Mail Security Pretty Good Privacy S/MIME 611

6 Л.Л 18.3 DomainKeys Identified Mail Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 635 Appendix 18A Radix-64 Conversion 636 Chapter 19 IP Security IP Security Overview IP Security Policy Encapsulating Security Payload Combining Security Associations Internet Key Exchange Cryptographic Suites Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 673 APPENDICES 675 Appendix A Projects for Teaching Cryptography and Network Security 675 A.l Sage Computer Algebra Projects 676 A.2 Hacking Project 677 A.3 Block Cipher Projects 677 A.4 Laboratory Exercises 678 A.5 Research Projects 678 A.6 Programming Projects 679 A.7 Practical Security Assessments 679 A.8 Writing Assignments 679 A.9 Reading/Report Assignments 680 Appendix В Sage Examples 681 B. 1 Linear Algebra and Matrix Functionality 682 B.2 Chapter 2: Classical Encryption 683 B.3 Chapter 3: Block Ciphers and the Data Encryption Standard 686 B.4 Chapter 4: Basic Concepts in Number Theory and Finite Fields 690 B.5 Chapter 5: Advanced Encryption Standard 697 B.6 Chapter 6: Pseudorandom Number Generation and Stream Ciphers 702 B. 7 Chapter 8: Number Theory 704 B.8 Chapter 9: Public-Key Cryptography and RSA 709 B.9 Chapter 10: Other Public-Key Cryptosystems 712 B.10 Chapter 11: Cryptographic Hash Functions 717 B. 11 Chapter 13: Digital Signatures 719 References 723 Index 735 ONLINE CHAPTERS PART SIX SYSTEM SECURITY Chapter 20 Intruders 20.1 Intruders 20.2 Intrusion Detection

7 10 CONTENTS 20.3 Password Management 20.4 Recommended Reading and Web Sites 20.5 Key Terms, Review Questions, and Problems Appendix 20A The Base-Rate Fallacy Chapter 21 Malicious Software 21.1 Types of Malicious Software 21.2 Viruses 21.3 Virus Countermeasures 21.4 Worms 21.5 Distributed Denial of Service Attacks 21.6 Recommended Reading and Web Sites 21.7 Key Terms, Review Questions, and Problems Chapter 22 Firewalls 22.1 The Need for Firewalls 22.2 Firewall Characteristics 22.3 Types of Firewalls 22.4 Firewall Basing 22.5 Firewall Location and Configurations 22.6 Recommended Reading and Web Sites 22.7 Key Terms, Review Questions, and Problems PART SEVEN LEGAL AND ETHICAL ISSUES Chapter 23 Legal and Ethical Issues 23.1 Cybercrime and Computer Crime 23.2 Intellectual Property 23.3 Privacy 23.4 Ethical Issues 23.5 Recommended Reading andweb Sites 23.6 Key Terms, Review Questions, and Problems ONLINE APPENDICES WilliamStallings.com/Crypto/Crypto5e.html Appendix С Sage Problems C. 1 Getting Started with Sage C.2 Programming with Sage C.3 Chapter 2: Classical Encryption Techniques C.4 Chapter 3: Block Ciphers and the Data Encryption Standard C.5 Chapter 4: Basic Concepts in Number Theory and Finite Fields C.6 Chapter 5: Advanced Encryption Standard C.7 Chapter 7: Pseudorandom Number Generation and Stream Ciphers C.8 Chapter 8: Number Theory C.9 Chapter 9: Public-Key Cryptography and RS A CIO Chapter 10: Other Public-Key Cryptosystems C.ll Chapter 11: Cryptographic Hash Functions C.12 Chapter 13: Digital Signatures

8 CONTENTS 11 Appendix D Standards and Standards-Setting Organizations D.l The Importance of Standards D.2 Internet Standards and the Internet Society D.3 National Institute of Standards and Technology Appendix E Basic Concepts from Linear Algebra E.l Operations on Vectors and Matrices E.2 Linear Algebra Operations over Z n Appendix F Measures of Security and Secrecy F.l E2 E3 Perfect Secrecy Information and Entropy Entropy and Secrecy Appendix G Simplified DES G. 1 Overview G.2 S-DES Key Generation G.3 S-DES Encryption G.4 Analysis of Simplified DES G.5 Relationship to DES Appendix H Evaluation Criteria for AES H.l The Origins of AES H.2 AES Evaluation Appendix I More on Simplified AES 1.1 Arithmetic in GF(2 4 ) 1.2 The Mix Column Function Appendix J Knapsack Public-Key Algorithm J.l The Knapsack Problem ' J. 2 The Knapsack Cryptosystem J.3 Example Appendix К Proof of the Digital Signature Algorithm Appendix L TCP/IP and OSI L.l Protocols and Protocol Architectures L.2 The TCP/IP Protocol Architecture L.3 The Role of an Internet Protocol L.4 IPv4 L.5 IPv6 L.6 The OSI Protocol Architecture Appendix M Java Cryptographic APIs M.l Introduction M.2 JCA and JCE Architecture M.3 JCA Classes M.4 JCE Classes M.5 Conclusion and References

9 12 CONTENTS M.6 Using the Cryptographic Application M.7 JCA/JCE Cryptography Example Appendix N The Whirlpool Hash Function N.l Whirlpool Hash Structure N.2 Block Cipher W N.3 Performance of Whirlpool Appendix О Data Compression Using ZIP O.l Compression Algorithm 0.2 Decompression Algorithm Appendix P PGP Random Number Generation P.l True Random Numbers P.2 Pseudorandom Numbers Appendix Q International Reference Alphabet Glossary