密码编码学与网络安全：原理与实践（第七版 英文版）

Part One： Background 1
Chapter 1 Computer and Network Security Concepts 1
1．1 Computer Security Concepts 3
1．2 The OSI Security Architecture 8
1．3 Security Attacks 9
1．4 Security Services 11
1．5 Security Mechanisms 14
1．6 Fundamental Security Design Principles 16
1．7 Attack Surfaces and Attack Trees 19
1．8 A Model for Network Security 23
1．9 Standards 25
1．10 Key Terms， Review Questions， and Problems 26
Chapter 2 Introduction to Number Theory 28
2．1 Divisibility and the Division Algorithm 29
2．2 The Euclidean Algorithm 31
2．3 Modular Arithmetic 35
2．4 Prime Numbers 43
2．5 Fermat’s and Euler’s Theorems 46
2．6 Testing for Primality 50
2．7 The Chinese Remainder Theorem 53
2．8 Discrete Logarithms 55
2．9 Key Terms， Review Questions， and Problems 60
Appendix 2A The Meaning of Mod 64
Part Two： Symmetric Ciphers 67
Chapter 3 Classical Encryption Techniques 67
3．1 Symmetric Cipher Model 68
3．2 Substitution Techniques 74
3．3 Transposition Techniques 89
3．4 Rotor Machines 90
3．5 Steganography 92
3．6 Key Terms， Review Questions， and Problems 94
Chapter 4 Block Ciphers and the Data Encryption Standard 100
4．1 Traditional Block Cipher Structure 101
4．2 The Data Encryption Standard 111
4．3 A DES Example 113
4．4 The Strength of DES 116
4．5 Block Cipher Design Principles 117
4．6 Key Terms， Review Questions， and Problems 119
Chapter 5 Finite Fields 123
5．1 Groups 125
5．2 Rings 127
5．3 Fields 128
5．4 Finite Fields of the Form GF(p) 129
5．5 Polynomial Arithmetic 133
5．6 Finite Fields of the Form GF(2n) 139
5．7 Key Terms， Review Questions， and Problems 151
Chapter 6 Advanced Encryption Standard 153
6．1 Finite Field Arithmetic 154
6．2 AES Structure 156
6．3 AES Transformation Functions 161
6．4 AES Key Expansion 172
6．5 An AES Example 175
6．6 AES Implementation 179
6．7 Key Terms， Review Questions， and Problems 184
Appendix 6A Polynomials with Coefficients in GF(28) 185
Chapter 7 Block Cipher Operation 189
7．1 Multiple Encryption and Triple DES 190
7．2 Electronic Codebook 195
7．3 Cipher Block Chaining Mode 198
7．4 Cipher Feedback Mode 200
7．5 Output Feedback Mode 202
7．6 Counter Mode 204
7．7 XTS-AES Mode for Block-Oriented Storage Devices 206
7．8 Format-Preserving Encryption 213
7．9 Key Terms， Review Questions， and Problems 227
Chapter 8 Random Bit Generation and Stream Ciphers 232
8．1 Principles of Pseudorandom Number Generation 234
8．2 Pseudorandom Number Generators 240
8．3 Pseudorandom Number Generation Using a Block Cipher 243
8．4 Stream Ciphers 249
8．5 RC4 251
8．6 True Random Number Generators 253
8．7 Key Terms， Review Questions， and Problems 262
Part Three： Asymmetric Ciphers 265
Chapter 9 Public-Key Cryptography and RSA 265
9．1 Principles of Public-Key Cryptosystems 267
9．2 The RSA Algorithm 276
9．3 Key Terms， Review Questions， and Problems 290
Chapter 10 Other Public-Key Cryptosystems 295
10．1 Diffie-Hellman Key Exchange 296
10．2 Elgamal Cryptographic System 300
10．3 Elliptic Curve Arithmetic 303
10．4 Elliptic Curve Cryptography 312
10．5 Pseudorandom Number Generation Based on an Asymmetric Cipher 316
10．6 Key Terms， Review Questions， and Problems 318
Part Four： Cryptographic Data Integrity Algorithms 321
Chapter 11 Cryptographic Hash Functions 321
11．1 Applications of Cryptographic Hash Functions 323
11．2 Two Simple Hash Functions 328
11．3 Requirements and Security 330
11．4 Hash Functions Based on Cipher Block Chaining 336
11．5 Secure Hash Algorithm (SHA) 337
11．6 SHA-3 347
11．7 Key Terms， Review Questions， and Problems 359
Chapter 12 Message Authentication Codes 363
12．1 Message Authentication Requirements 364
12．2 Message Authentication Functions 365
12．3 Requirements for Message Authentication Codes 373
12．4 Security of MACs 375
12．5 MACs Based on Hash Functions： HMAC 376
12．6 MACs Based on Block Ciphers： DAA and CMAC 381
12．7 Authenticated Encryption： CCM and GCM 384
12．8 Key Wrapping 390
12．9 Pseudorandom Number Generation Using Hash Functions and MACs 395
12．10 Key Terms， Review Questions， and Problems 398
Chapter 13 Digital Signatures 401
13．1 Digital Signatures 403
13．2 Elgamal Digital Signature Scheme 406
13．3 Schnorr Digital Signature Scheme 407
13．4 NIST Digital Signature Algorithm 408
13．5 Elliptic Curve Digital Signature Algorithm 412
13．6 RSA-PSS Digital Signature Algorithm 415
13．7 Key Terms， Review Questions， and Problems 420
Part Five： Mutual Trust 423
Chapter 14 Key Management and Distribution 423
14．1 Symmetric Key Distribution Using Symmetric Encryption 424
14．2 Symmetric Key Distribution Using Asymmetric Encryption 433
14．3 Distribution of Public Keys 436
14．4 X．509 Certificates 441
14．5 Public-Key Infrastructure 449
14．6 Key Terms， Review Questions， and Problems 451
Chapter 15 User Authentication 455
15．1 Remote User-Authentication Principles 456
15．2 Remote User-Authentication Using Symmetric Encryption 460
15．3 Kerberos 464
15．4 Remote User-Authentication Using Asymmetric Encryption 482
15．5 Federated Identity Management 484
15．6 Personal Identity Verification 490
15．7 Key Terms， Review Questions， and Problems 497
Part Six： Network And Internet Security 501
Chapter 16 Network Access Control and Cloud Security 501
16．1 Network Access Control 502
16．2 Extensible Authentication Protocol 505
16．3 IEEE 802．1X Port-Based Network Access Control 509
16．4 Cloud Computing 511
16．5 Cloud Security Risks and Countermeasures 517
16．6 Data Protection in the Cloud 519
16．7 Cloud Security as a Service 523
16．8 Addressing Cloud Computing Security Concerns 526
16．9 Key Terms， Review Questions， and Problems 527
Chapter 17 Transport-Level Security 528
17．1 Web Security Considerations 529
17．2 Transport Layer Security 531
17．3 HTTPS 548
17．4 Secure Shell (SSH) 549
17．5 Key Terms， Review Questions， and Problems 561
Chapter 18 Wireless Network Security 563
18．1 Wireless Security 564
18．2 Mobile Device Security 567
18．3 IEEE 802．11 Wireless LAN Overview 571
18．4 IEEE 802．11i Wireless LAN Security 577
18．5 Key Terms， Review Questions， and Problems 592
Chapter 19 Electronic Mail Security 594
19．1 Internet Mail Architecture 595
19．2 Email Formats 599
19．3 Email Threats and Comprehensive Email Security 607
19．4 S/MIME 609
19．5 Pretty Good Privacy 620
19．6 DNSSEC 621
19．7 DNS-Based Authentication of Named Entities 625
19．8 Sender Policy Framework 627
19．9 DomainKeys Identified Mail 630
19．10 Domain-Based Message Authentication， Reporting， and Conformance 636
19．11 Key Terms， Review Questions， and Problems 641
Chapter 20 IP Security 643
20．1 IP Security Overview 644
20．2 IP Security Policy 650
20．3 Encapsulating Security Payload 655
20．4 Combining Security Associations 663
20．5 Internet Key Exchange 666
20．6 Cryptographic Suites 674
20．7 Key Terms， Review Questions， and Problems 676
APPENDICES 678
Appendix A Projects for Teaching Cryptography and Network Security 678
A．1 Sage Computer Algebra Projects 679
A．2 Hacking Project 680
A．3 Block Cipher Projects 681
A．4 Laboratory Exercises 681
A．5 Research Projects 681
A．6 Programming Projects 682
A．7 Practical Security Assessments 682
A．8 Firewall Projects 683
A．9 Case Studies 683
A．10 Writing Assignments 683
A．11 Reading/Report Assignments 684
A．12 Discussion Topics 684
Appendix B Sage Examples 685
B．1 Linear Algebra and Matrix Functionality 686
B．2 Chapter 2： Number Theory 687
B．3 Chapter 3： Classical Encryption 692
B．4 Chapter 4： Block Ciphers and the Data Encryption Standard 695
B．5 Chapter 5： Basic Concepts in Number Theory and Finite Fields 699
B．6 Chapter 6： Advanced Encryption Standard 706
B．7 Chapter 8： Pseudorandom Number Generation and Stream Ciphers 711
B．8 Chapter 9： Public-Key Cryptography and RSA 713
B．9 Chapter 10： Other Public-Key Cryptosystems 716
B．10 Chapter 11： Cryptographic Hash Functions 721
B．11 Chapter 13： Digital Signatures 723
References 726
Credits 735
Index 736
Online Chapters and Appendices1
Part Seven： System Security
Chapter 21 Malicious Software
21．1 Types of Malicious Software (Malware)
21．2 Advanced Persistent Threat
21．3 Propagation―Infected Content―Viruses
21．4 Propagation―Vulnerability Exploit―Worms
21．5 Propagation―Social Engineering―Spam E-mail， Trojans
21．6 Payload―System Corruption
21．7 Payload―Attack Agent―Zombie， Bots
21．8 Payload―Information Theft―Keyloggers， Phishing， Spyware
21．9 Payload―Stealthing―Backdoors， Rootkits
21．10 Countermeasures
21．11 Distributed Denial of Service Attacks
21．12 References
21．13 Key Terms， Review Questions， and Problems
Chapter 22 Intruders
22．1 Intruders
22．2 Intrusion Detection
22．3 Password Management
22．4 References
22．5 Key Terms， Review Questions， and Problems
Chapter 23 Firewalls
23．1 The Need for Firewalls
23．2 Firewall Characteristics and Access Policy
23．3 Types of Firewalls
23．4 Firewall Basing
23．5 Firewall Location and Configurations
23．6 References
23．7 Key Terms， Review Questions， and Problems
Part EIGHT： Legal And Ethical Issues
Chapter 24 Legal and Ethical Aspects
24．1 Cybercrime and Computer Crime
24．2 Intellectual Property
24．3 Privacy
24．4 Ethical Issues
24．5 Recommended Reading
24．6 References
24．7 Key Terms， Review Questions， and Problems
24．A Information Privacy
Appendix C Sage Exercises
Appendix D Standards and Standard-Setting Organizations
Appendix E Basic Concepts from Linear Algebra
Appendix F Measures of Secrecy and Security
Appendix G Simplified DES
Appendix H Evaluation Criteria for AES
Appendix I Simplified AES
Appendix J The Knapsack Algorithm
Appendix K Proof of the Digital Signature Algorithm
Appendix L TCP/IP and OSI
Appendix M Java Cryptographic APIs
Appendix N MD5 Hash Function
Appendix O Data Compression Using ZIP
Appendix P PGP
Appendix Q The International Reference Alphabet
Appendix R Proof of the RSA Algorithm
Appendix S Data Encryption Standard
Appendix T Kerberos Encryption Techniques
Appendix U Mathematical Basis of the Birthday Attack
Appendix V Evaluation Criteria for SHA-3
Appendix W The Complexity of Algorithms
Appendix X Radix-64 Conversion
Appendix Y The Base Rate Fallacy
Glossary