www.ebook777.com THE WILLIAM STALLINGS BOOKS ON COMPUTER DATA AND COMPUTER COMMUNICATIONS, EIGHTH EDITION A comprehensive survey that has become the standard in the field, covering (1) data communications, including transmission, media, signal encoding, link control, and multiplexing; (2) communication networks, including circuit- and packet-switched, frame relay, ATM, and LANs; (3) the TCP/IP protocol suite, including IPv6, TCP, MIME, and HTTP, as well as a detailed treatment of network security Received the 2007 Text and Academic Authors Association (TAA) award for the best Computer Science and Engineering Textbook of the year ISBN 0-13-243310-9 COMPUTER ORGANIZATION AND ARCHITECTURE, EIGHTH EDITION A unified view of this broad field Covers fundamentals such as CPU, control unit, microprogramming, instruction set, I/O, and memory Also covers advanced topics such as RISC, superscalar, and parallel organization Fourth and fifth editions received the TAA award for the best Computer Science and Engineering Textbook of the year ISBN 978-0-13-607373-4 OPERATING SYSTEMS, SIXTH EDITION A state-of-the art survey of operating system principles Covers fundamental technology as well as contemporary design issues, such as threads, microkernels, SMPs, real-time systems, multiprocessor scheduling, embedded OSs, distributed systems, clusters, security, and object-oriented design Received the 2009 Text and Academic Authors Association (TAA) award for the best Computer Science and Engineering Textbook of the year ISBN 978-0-13-600632-9 BUSINESS DATA COMMUNICATIONS, SIXTH EDITION A comprehensive presentation of data communications and telecommunications from a business perspective Covers voice, data, image, and video communications and applications technology and includes a number of case studies ISBN 978-0-13-606741-2 COMPUTER NETWORKS WITH INTERNET PROTOCOLS AND TECHNOLOGY An up-to-date survey of developments in the area of Internet-based protocols and algorithms Using a top-down approach, this book covers applications, transport layer, Internet QoS, Internet routing, data link layer and computer networks, security, and network management ISBN 0-13141098-9 AND DATA COMMUNICATIONS TECHNOLOGY NETWORK SECURITY ESSENTIALS, FOURTH EDITION A tutorial and survey on network security technology The book covers important network security tools and applications, including S/MIME, IP Security, Kerberos, SSL/TLS, SET, and X509v3 In addition, methods for countering hackers and viruses are explored COMPUTER SECURITY (with Lawrie Brown) A comprehensive treatment of computer security technology, including algorithms, protocols, and applications Covers cryptography, authentication, access control, database security, intrusion detection and prevention, malicious software, denial of service, firewalls, software security, physical security, human factors, auditing, legal and ethical aspects, and trusted systems Received the 2008 Text and Academic Authors Association (TAA) award for the best Computer Science and Engineering Textbook of the year ISBN 0-13-600424-5 WIRELESS COMMUNICATIONS AND NETWORKS, Second Edition A comprehensive, state-of-the art survey Covers fundamental wireless communications topics, including antennas and propagation, signal encoding techniques, spread spectrum, and error correction techniques Examines satellite, cellular, wireless local loop networks and wireless LANs, including Bluetooth and 802.11 Covers Mobile IP and WAP ISBN 0-13-191835-4 HIGH-SPEED NETWORKS AND INTERNETS, SECOND EDITION A state-of-the art survey of high-speed networks Topics covered include TCP congestion control, ATM traffic management, Internet traffic management, differentiated and integrated services, Internet routing protocols and multicast routing protocols, resource reservation and RSVP, and lossless and lossy compression Examines important topic of self-similar data traffic ISBN 0-13-03221-0 www.ebook777.com CRYPTOGRAPHY AND NETWORK SECURITY PRINCIPLES AND PRACTICE FIFTH EDITION William Stallings Prentice Hall Boston Columbus Indianapolis New York San Francisco Upper Saddle River Amsterdam Cape Town Dubai London Madrid Milan Munich Paris Montreal Toronto Delhi Mexico City Sao Paulo Sydney Hong Kong Seoul Singapore Taipei Tokyo Vice President and Editorial Director, ECS: Marcia Horton Executive Editor: Tracy Dunkelberger Associate Editor: Melinda Haggerty Editorial Assistant: Allison Michael Senior Managing Editor: Scott Disanno Production Editor: Rose Kernan Senior Operations Supervisor: Alan Fischer Operations Specialist: Lisa McDowell Cover Design: Black Horse Designs Art Director: Kristine Carney Director, Image Resource Center: Melinda Patelli Manager, Rights and Permissions: Zina Arabia Senior Marketing Manager: Erin Davis Manager,Visual Research: Beth Brenzel Manager, Cover Visual Research & Permissions: Karen Sanatar Composition: Integra Printer/Binder: Edwards Brothers Credits and acknowledgments borrowed from other sources and reproduced, with permission, in this textbook appear on appropriate page within text If you purchased this book within the United States or Canada you should be aware that it has been wrongfully imported without the approval of the Publisher or the Author Copyright © 2011, 2006 Pearson Education, Inc., publishing as Prentice Hall All rights reserved Manufactured in the United States of America.This publication is protected by Copyright, and permission should be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise.To obtain permission(s) to use material from this work, please submit a written request to Pearson Education, Inc., Permissions Department, Lake Street, Upper Saddle River, NY 07458 Many of the designations by manufacturers and seller to distinguish their products are claimed as trademarks Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations have been printed in initial caps or all caps Library of Congress Cataloging-in-Publication Data On File 10 ISBN 10: 0-13-609704-9 ISBN 13: 978-0-13-609704-4 www.ebook777.com To Antigone never dull never boring the smartest person I know This page intentionally left blank www.ebook777.com CONTENTS Notation xiii Preface xv About the Author xxiii Chapter Reader’s Guide 0.1 Outline of This Book 0.2 A Roadmap for Readers and Instructors 0.3 Internet and Web Resources 0.4 Standards Chapter Overview 1.1 Computer Security Concepts 1.2 The OSI Security Architecture 14 1.3 Security Attacks 15 1.4 Security Services 19 1.5 Security Mechanisms 23 1.6 A Model for Network Security 25 1.7 Recommended Reading and Web Sites 27 1.8 Key Terms, Review Questions, and Problems 29 PART ONE SYMMETRIC CIPHERS 31 Chapter Classical Encryption Techniques 31 2.1 Symmetric Cipher Model 33 2.2 Substitution Techniques 38 2.3 Transposition Techniques 53 2.4 Rotor Machines 55 2.5 Steganography 57 2.6 Recommended Reading and Web Sites 59 2.7 Key Terms, Review Questions, and Problems 60 Chapter Block Ciphers and the Data Encryption Standard 66 3.1 Block Cipher Principles 68 3.2 The Data Encryption Standard (DES) 77 3.3 A DES Example 85 3.4 The Strength of DES 88 3.5 Differential and Linear Cryptanalysis 89 3.6 Block Cipher Design Principles 92 3.7 Recommended Reading and Web Site 96 3.8 Key Terms, Review Questions, and Problems 97 Chapter Basic Concepts in Number Theory and Finite Fields 101 4.1 Divisibility and the Division Algorithm 103 4.2 The Euclidean Algorithm 105 v vi CONTENTS 4.3 4.4 4.5 4.6 4.7 4.8 4.9 Modular Arithmetic 108 Groups, Rings, and Fields 116 Finite Fields of the Form GF(p) 120 Polynomial Arithmetic 122 Finite Fields of the Form GF(2n) 129 Recommended Reading and Web Sites 141 Key Terms, Review Questions, and Problems 141 Appendix 4A The Meaning of mod 144 Chapter Advanced Encryption Standard 47 5.1 The Origins AES 148 5.2 AES Structure 150 5.3 AES Round Functions 155 5.4 AES Key Expansion 166 5.5 An AES Example 169 5.6 AES Implementation 174 5.7 Recommended Reading and Web Sites 178 5.8 Key Terms, Review Questions, and Problems 179 Appendix 5A Polynomials with Coefficients in GF(28) 180 Appendix 5B Simplified AES 183 Chapter Block Cipher Operation 192 6.1 Multiple Encryption and Triple DES 193 6.2 Electronic Codebook Mode 198 6.3 Cipher Block Chaining Mode 201 6.4 Cipher Feedback Mode 203 6.5 Output Feedback Mode 205 6.6 Counter Mode 206 6.7 XTS Mode for Block-Oriented Storage Devices 210 6.8 Recommended Web Site 214 6.9 Key Terms, Review Questions, and Problems 214 Chapter Pseudorandom Number Generation and Stream Ciphers 218 7.1 Principles of Pseudorandom Number Generation 219 7.2 Pseudorandom Number Generators 226 7.3 Pseudorandom Number Generation Using a Block Cipher 229 7.4 Stream Ciphers 232 7.5 RC4 234 7.6 True Random Numbers 237 7.7 Recommended Reading 238 7.8 Key Terms, Review Questions, and Problems 239 PART TWO ASYMMETRIC CIPHERS 243 Chapter More Number Theory 243 8.1 Prime Numbers 245 8.2 Fermat’s and Euler’s Theorems 248 8.3 Testing for Primality 251 8.4 The Chinese Remainder Theorem 254 www.ebook777.com CONTENTS 8.5 8.6 8.7 Discrete Logarithms 257 Recommended Reading and Web Sites 262 Key Terms, Review Questions, and Problems 263 Chapter Public-Key Cryptography and RSA 266 9.1 Principles of Public-Key Cryptosystems 269 9.2 The RSA Algorithm 277 9.3 Recommended Reading and Web Sites 291 9.4 Key Terms, Review Questions, and Problems 291 Appendix 9A Proof of the RSA Algorithm 296 Appendix 9B The Complexity of Algorithms 297 Chapter 10 Other Public-Key Cryptosystems 300 10.1 Diffie-Hellman Key Exchange 301 10.2 ElGamal Cryptosystem 305 10.3 Elliptic Curve Arithmetic 308 10.4 Elliptic Curve Cryptography 317 10.5 Pseudorandom Number Generation Based on an Asymmetric Cipher 321 10.6 Recommended Reading and Web Sites 323 10.7 Key Terms, Review Questions, and Problems 324 PART THREE CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS 327 Chapter 11 Cryptographic Hash Functions 327 11.1 Applications of Cryptographic Hash Functions 329 11.2 Two Simple Hash Functions 333 11.3 Requirements and Security 335 11.4 Hash Functions Based on Cipher Block Chaining 341 11.5 Secure Hash Algorithm (SHA) 342 11.6 SHA-3 352 11.7 Recommended Reading and Web Sites 353 11.8 Key Terms, Review Questions, and Problems 353 Appendix 11A Mathematical Basis of Birthday Attack 356 Chapter 12 Message Authentication Codes 362 12.1 Message Authentication Requirements 364 12.2 Message Authentication Functions 365 12.3 Message Authentication Codes 372 12.4 Security of MACs 374 12.5 MACs Based on Hash Functions: HMAC 375 12.6 MACs Based on Block Ciphers: DAA and CMAC 380 12.7 Authenticated Encryption: CCM and GCM 383 12.8 Pseudorandom Number Generation Using Hash Functions and MACs 389 12.9 Recommended Reading 392 12.10 Key Terms, Review Questions, and Problems 393 Chapter 13 Digital Signatures 395 13.1 Digital Signatures 396 13.2 ElGamal Digital Signature Scheme 400 vii C.8 / NUMBER THEORY 8.7 8.8 8.9 8.10 C-17 positive integer f such Yf K X mod P Your function should return a tuple (rngstate, f) where rngstate, is a valid rng state like the function from part (b) returns f Generalize your attack function from part (d) to work given a block of output, with the Y and f values you generated in part (e) g How would you modify this RNG to overcome this problem? The example version of the Chinese Remainder Theorem has several inefficiencies Observe that in the Chinese Remainder Theorem the first step is to initialize the M array, where the value of M[i] is the product of all the moduli except moduli[i] This is performed at the beginning of every function call, which is somewhat inefficient, because it could just be done once, for a single set of moduli Furthermore, the output of this function is larger than it needs to be, indeed, it need be no larger than the product of all the moduli In this question, not merely call built in Sage functions a Write a function to pre-compute the M array, it should also compute the product of all the moduli b Write a version of the CRT function that takes the precomputed M array and a list of residues Make sure that the output of this function is no larger than it needs to be The purpose of this question is to become more familiar with the Chinese Remainder Theorem functionality in Sage Use Sage to compute the following questions about the CRT a Find a number that reduces to and modulo 10 and 17, respectively b Find a number that reduces to 17, 89, 77, 65, and 100 modulo 23, 199, 503, 647, and 593, respectively c Find a number that reduces to 98189, 78089, and 13418 mod 519787, 722299 and 166169, respectively d Compute the CRT basis of the moduli 100, 501, 999 e Find three numbers that reduce mod the moduli 49, 99, 1003, and 33191 to i) 1,2,3,4 ii) 2,3,5,7 iii) 101, 99, 102, 98 f Use Sage to compute an integer that is relatively prime to through modulo the first primes, respectively The purpose of this question is to become more familiar with the Sage functionality for modular exponentiation Use Sage to compute: a 123¿456 mod 789 b 100¿797 mod 797 c 15¿30 mod 1000 d 111¿222 mod 987654321 e 1217¿2833 mod 3836311 f Compute N, a product of two primes, both greater than 1,000,000 and then compute The purpose of this function is to show how to use the Euler totient functionality built into Sage Using the built-in functionality in Sage, compute the C-18 APPENDIX C / SAGE EXERCISES Euler totient function on the following inputs: a 781 b 10245 c 110 d Find an exponent x and one or two integers such that raising to the x power mod 547689 results in Find at least one integer such that modular exponentiation with x and this modulus does not result in e Find an exponent x and one or two integers such that raising to the x power mod 999999 results in Find at least one integer such that modular exponentiation with x and this modulus does not result in C.9 CHAPTER 9: PUBLIC-KEY CRYPTOGRAPHY AND RSA 9.1 Use Sage to answer the following questions Show all your Sage input/output: a Suppose your RSA public key factors as p = 6569 and q = 8089, and the public exponent e is 11 Suppose you were sent the Ciphertext 28901722 Perform the RSA Decryption and recover the plaintext b Suppose that you want to encrypt the number 449 and send it to someone with public key N = 37617577, and e = 529 c Suppose that you forgot your public exponent, but you know that the prime factors of your key’s modulus are 1723 and 5381 and your private exponent is 223 Find the public exponent d Use Sage to generate an RSA public/private key pair and perform an encryption and decryption 9.2 Use Sage to solve the following problems: In part (a)-(c) determine if the following signatures are good or bad: a N = 13962799 and e = value to sign = 821 and signature = 8674413 b N = 34300129 and e = 61 value to sign = 2478 and signature = 27535246 c N = 5898461 and e = 23 value to sign = 419 and signature = 2607727 d Suppose that you have an RSA modulus with prime factors p = 3181 and q = 2677 and the public exponent is 163 Calculate the signature of 521 and then verify it 9.3 The purpose of this question is to implement RSA encrypt and decrypt functions with Sage a Implement an RSA key generation function b Implement an RSA encrypt function c Implement an RSA decrypt function d Show that your functions work by simulating an RSA encrypt and decrypt with them 9.4 The purpose of this question is to implement Sage functions for creating and verifying RSA signatures For these questions you may use any answers from previous questions a Implement a Sage function that takes an integer and an RSA private key and produces an RSA signature of it www.ebook777.com C.10 / OTHER PUBLIC-KEY CRYPTOSYSTEMS C-19 b Implement a Sage function that takes an RSA signature and a hash value and determines if the signature is valid c Show your functions work by simulating a sign and verify Show at least one sign and verify and also show an example that if the hash or signature are incorrect, your verify function correctly fails (You may use the key generation function from an earlier problem.) C.10 CHAPTER 10: OTHER PUBLIC-KEY CRYPTOSYSTEMS 10.1 For all of the following questions related to Diffie-Hellman show all of your Sage input and output a Suppose that you are Bob and you have agreed on the domain parameters p = 70849 and g = Further suppose that Alice has sent the value X = 39674 Compute a secret value y and compute Y, and the shared secret b Suppose that Alice and Bob have agreed on the domain parameters p = 6779 and g = 3, further suppose that Alice chooses the secret value x = 384 and Bob chooses the secret value y = 152 Perform a simulated key exchange as in the example c Find a prime q and a prime p such that p = 2q + 1, find an element in the finite field with p elements that has multiplicative order q Perform a simulated DH Secret Exchange as in the examples 10.2 a Implement a Sage function that takes a bound and returns elements: p, q, g, and F Satisfying: p and q are prime, such that p = 2*q + 1, g is an integer with multiplicative order q in the finite field with p elements, F is a Sage field object with p elements b Implement a Sage function that takes the output from your function in part (a) and returns the pair (X, x) where X = g¿x mod p and x is greater than and less than q c Implement a Sage function that takes a public value from the other party in the DH key exchange and the secret value and returns the shared secret d Show an example key exchange with your functions from parts (a) - (c) 10.3 The purpose of this question is to use Sage to explore how solving the discrete logarithm can break DH In Sage, if a is an element of a finite field, and g generates a, then if the order of the finite field is small enough a.log(g) will return the discrete log of g with respect to a Use this functionality to solve the following problems a Suppose p = 499, g = 7, and X = 297 Find x such that X = g¿x b Suppose p = 863, g = 5, X = 543, and Y = 239 Find x and y such that X = g¿x and Y = g¿y c Suppose p = 7589, g = 2, X = 6075 and Y = 1318 Find the shared secret value 10.4 Recall the Dual DL PRNG (Problem 8.6) There is an actual crypto algorithm, called the Dual EC DL PRNG, where instead of an element in a multiplicative group mod a prime and exponentiation, we consider a point on an elliptic curve over a prime order finite field and scalar multiplication (see NIST SP-800-90, C-20 APPENDIX C / SAGE EXERCISES Recommendation for Random Number Generation Using Deterministic Random Bit Generators.) We need to define some auxiliary functions: • x(P): maps the x-coordinate of an elliptic curve point, P, to the integer the smallest positive integer that maps to x mod P • LSBm(a): returns the least significant m bits of integer a And we also denote the following values: • p: a prime, with n bits • E: an elliptic curve over a finite field with p elements, given by equation y2 = x3 + ax + b • P: a point on E, with prime order q (for maximum security q should be roughly the same size as p.) • Q: a point in the cyclic subgroup of E generated by P At the beginning of iteration i we have internal state s[i], and we define the following values: t[i] = s[i] s[i + 1] = x(t[i] P) r[i] = x(t[i] Q) o[i] = LSBn - (r[i]) Here o[i] is the output of the ith iteration block, and s[i + 1] The following diagram shows the flow for generating one block of output with this Crypto Algorithm # # # x1t[i] P2 s[i + 1]/ s[i] t[i] # x1t[i] Q2 r[i] LSBn - 81r[i]2 o[i] The following problems outline a similar problem with this algorithm as the one described in Problem 8.6 a Implement a Sage function to generate a single output block from this algorithm (Your function should take an internal state represented as a list with the following elements [E,P,Q,si], where E is a Sage Elliptic Curve object, P is a point on E, with prime order q, and Q is a point on E, generated by Q b Write a Sage function that takes an output of this PRNG (i.e., the x coordinate of a point with the top bits truncated off) and returns the possible values for R = t[i] Q that could have generated that output [Hint: try the is_x_coordinate function on Elliptic Curve objects.] c Suppose you have E defined by y ¿ = x ¿ + 2x + 4, P = (42,980956284 88211854), Q = (6396452788131036613,9671497098832291002), and you know that the P has order q = 1227273995918533091 and also Q = 99689 P Write a Sage function that takes an output from one iteration of this function and returns a list of the possible next internal states # # www.ebook777.com C.10 / OTHER PUBLIC-KEY CRYPTOSYSTEMS C-21 d Suppose you know that o[i] = 58246156843038996, and o[i + 1] = 10.5 10.6 10.7 10.8 64511473570997445, use the fact that you have two subsequent outputs to determine the possible internal states that could have generated these two outputs For all of the following questions show your Sage input/output a Compute the order of the curve defined by y2 = x3 + 7*x + 25 over the finite field with 47 elements b On the curve defined by y2 + x*y = x3 + x over GF(28) compute the inverse of the point (1,1) c On the curve defined by y2 + y = x3 + x2 + x + over the finite field with 701 elements, find a generator and show its order d On the curve defined by y2 = x3 + 4187*x + 3814 over finite field of size 6421 compute the sum of the points (3711,373) and (4376,2463) e On the elliptic curve defined by y2 = x3 + 3361*x + 6370 over finite field of size 8461 compute 1001 times the point (1735, 3464) f On the elliptic curve defined by y2 = x3 + 1800*x + 1357 over finite field of size 8191, let P1 = (1794, 1318) and P2 = (3514, 409), compute the sum of 13 times P1 plus 28 times P2 In this problem, use the domain parameters E is the elliptic curve defined by y2 = x3 + 8871*x + 7063 over the finite field with order 70177 The generator point G = (49359,30149) has order 70393 Show your Sage input/output a Suppose you are Bob and Alice has sent the point (10117, 64081) compute an integer y the point Y and the shared secret b Suppose that Alice chooses the secret value x = 2532 and Bob chooses the secret value y = 15276 c Perform a full simulated secret agreement between Alice and Bob The purpose of this question is to implement Sage functions to perform ECDH a Write a function that takes a curve, and a base point on the curve and generates the secret value x and the public value X as per ECDH b Write a function that takes a public value and a secret value and computes the shared secret c Assume that your domain parameters are: Elliptic Curve defined by y2 = x3 + 26484*x + 15456 over Finite Field of size 63709 q = 63839 G = (53819,6786) Show your functions work by simulating an ECDH key exchange Recall that for cryptographic purposes, we use curves with prime order The purpose of this question is to show why Let E be the elliptic curve defined by y2 = x3 + 7489*x + 12591 over Finite Field of size 23431 This curve has order 23304 Let the base point be (20699, 19493) a Compute 10 random multiples of this base point What you notice? b Why is this bad? (Hint: What would happen if this was Alice or Bob’s public point?) C-22 APPENDIX C / SAGE EXERCISES C.11 CHAPTER 11: CRYPTOGRAPHIC HASH FUNCTIONS 11.1 The following describes a simple hash function: Choose p, q primes and compute N = pq Choose g relatively prime to N and less than N Then a number n is hashed as follows: H = gn mod N If there is an m that hashes to the same value as n, then gm K gn mod N so gm - n K mod N which implies that m - n K mod f(N) So breaking this amounts to finding a multiple of f(N), which is the hard problem in RSA a Write a function that takes a bitlength n and generates a modulus N of bitlength n and g less than N and relatively prime to it b Show the output of your function from part (a) for a few outputs Using N, g, n as arguments write a function to perform the hashing For parts (c) - (e) compute the simple hash: c N = 600107, g = 154835, n = 239715 d N = 548155966307, g = 189830397891, n = 44344313866 e N = 604766153, g = 12075635, n = 443096843 f Write a function that creates a collision given p and q Show that your function works for a couple of examples C.12 CHAPTER 13: DIGITAL SIGNATURES 13.1 Use Sage to solve the following problems For these questions assume that we are using DSA with domain parameters: p = 7,877,914,592,603,328,881 q = 44449 g = 2,860,021,798,868,462,661 Use these domain parameters to determine if the signatures are valid in parts (a) - (c) a public key y = 3798043471854149631, hash value H = 59367, and signature (r,s) = (31019,4047) b public key y = 1829820126190370021, hash value H = 77241, and signature (r,s) = (24646,43556) c public key y = 4519088706115097514, hash value H = 48302, and signature (r,s) = (36283,32514) Perform a signing operation in parts (d)-(e) www.ebook777.com C.12 / DIGITAL SIGNATURES C-23 d private key x = 8146, hash value H = 22655 e private key x = 1548, hash value H = 32782 13.2 The purpose of this question is to implement a DSA signature verification function a Implement a function that takes domain parameters p, q, and g Also, a Hash value H (in {1, 2, Á , p - 1}), a public key y, and a signature (r,s) b Use the function you wrote in part (a) as well as the functions from the DSA examples to simulate a DSA signature and verify as in the examples This page intentionally left blank www.ebook777.com GLOSSARY In studying the Imperium, Arrakis, and the whole culture which produced Maud’Dib, many unfamiliar terms occur To increase understanding is a laudable goal, hence the definitions and explanations given below —Dune, Frank Herbert Some of the terms in this glossary are from the Internet Security Glossary[RFC 2828] These are indicated in the glossary by an asterisk asymmetric encryption A form of cryptosystem in which encryption and decryption are performed using two different keys, one of which is referred to as the public key and one of which is referred to as the private key Also known as public-key encryption authentication* The process of verifying an identity claimed by or for a system entity authenticator Additional information appended to a message to enable the receiver to verify that the message should be accepted as authentic The authenticator may be functionally independent of the content of the message itself (e.g., a nonce or a source identifier) or it may be a function of the message contents (e.g., a hash value or a cryptographic checksum) avalanche effect A characteristic of an encryption algorithm in which a small change in the plaintext or key gives rise to a large change in the ciphertext For a hash code, the avalanche effect is a characteristic in which a small change in the message gives rise to a large change in the message digest bacteria Program that consumes system resources by replicating itself birthday attack This cryptanalytic attack attempts to find two values in the domain of a function that map to the same value in its range block chaining A procedure used during symmetric block encryption that makes an output block dependent not only on the current plaintext input block and key, but also on earlier input and/or output The effect of block chaining is that two instances of the same plaintext input block will produce different ciphertext blocks, making cryptanalysis more difficult block cipher A symmetric encryption algorithm in which a block of plaintext bits (typically 64 or 128) is transformed as a whole into a ciphertext block of the same length byte A sequence of bits Also referred to as an octet cipher An algorithm for encryption and decryption A cipher replaces a piece of information (an element in plaintext) with another object with the intent to conceal meaning Typically, the replacement rule is governed by a secret key ciphertext The output of an encryption algorithm; the encrypted form of a message or data code An unvarying rule for replacing a piece of information (e.g., letter, word, phrase) with another object not necessarily of the same sort Generally, there is no intent to conceal G-1 G-2 GLOSSARY meaning Examples include the ASCII character code (each character is represented by bits) and frequency-shift keying (each binary value is represented by a particular frequency) computationally secure Secure because the time and/or cost of defeating the security are too high to be feasible confusion A cryptographic technique that seeks to make the relationship between the statistics of the ciphertext and the value of the encryption key as complex as possible This is achieved by the use of a complex scrambling algorithm that depends on the key and the input conventional encryption Symmetric encryption covert channel A communications channel that enables the transfer of information in a way unintended by the designers of the communications facility cryptanalysis The branch of cryptology dealing with the breaking of a cipher to recover information or forging encrypted information that will be accepted as authentic cryptographic checksum An authenticator that is a cryptographic function of both the data to be authenticated and a secret key Also referred to as a message authentication code (MAC) cryptography The branch of cryptology dealing with the design of algorithms for encryption and decryption, intended to ensure the secrecy and/or authenticity of messages cryptology The study of secure communications, which encompasses both cryptography and cryptanalysis decryption The translation of encrypted text or data (called ciphertext) into original text or data (called plaintext) Also called deciphering differential cryptanalysis A technique in which chosen plaintexts with particular XOR difference patterns are encrypted The difference patterns of the resulting ciphertext provide information that can be used to determine the encryption key diffusion A cryptographic technique that seeks to obscure the statistical structure of the plaintext by spreading out the influence of each individual plaintext digit over many ciphertext digits digital signature An authentication mechanism that enables the creator of a message to attach a code that acts as a signature The signature is formed by taking the hash of the message and encrypting the message with the creator’s private key The signature guarantees the source and integrity of the message digram A two-letter sequence In English and other languages, the relative frequency of various digrams in plaintext can be used in the cryptanalysis of some ciphers Also called digraph discretionary access control* An access control service that enforces a security policy based on the identity of system entities and their authorizations to access system resources This service is termed “discretionary” because an entity might have access rights that permit the entity, by its own volition, to enable another entity to access some resource www.ebook777.com GLOSSARY G-3 divisor One integer is said to be a devisor of another integer if there is no remainder on division encryption The conversion of plaintext or data into unintelligible form by means of a reversible translation, based on a translation table or algorithm Also called enciphering firewall A dedicated computer that interfaces with computers outside a network and has special security precautions built into it in order to protect sensitive files on computers within the network It is used to service outside networks connections, especially the Internet and dial-in lines greatest common divisor The greatest common divisor of two integers, a and b, is the largest positive integer that divides both a and b One integer is said to divide another integer if there is no remainder on division hash function A function that maps a variable-length data block or message into a fixedlength value called a hash code The function is designed in such a way that, when protected, it provides an authenticator to the data or message Also referred to as a message digest honeypot A decoy system designed to lure a potential attacker away from critical systems A form of intrusion detection initialization vector A random block of data that is used to begin the encryption of multiple blocks of plaintext, when a block-chaining encryption technique is used The IV serves to foil known-plaintext attacks intruder An individual who gains, or attempts to gain, unauthorized access to a computer system or to gain unauthorized privileges on that system intrusion detection system A set of automated tools designed to detect unauthorized access to a host system Kerberos The name given to Project Athena’s code authentication service key distribution center A system that is authorized to transmit temporary session keys to principals Each session key is transmitted in encrypted form using a master key that the key distribution center shares with the target principal logic bomb Logic embedded in a computer program that checks for a certain set of conditions to be present on the system When these conditions are met, it executes some function resulting in unauthorized actions mandatory access control A means of restricting access to objects based on fixed security attributes assigned to users and to files and other objects The controls are mandatory in the sense that they cannot be modified by users or their programs man-in-the-middle attack A form of active wiretapping attack in which the attacker intercepts and selectively modifies communicated data in order to masquerade as one or more of the entities involved in a communication master key A long-lasting key that is used between a key distribution center and a principal for the purpose of encoding the transmission of session keys Typically, the master keys are distributed by noncryptographic means Also referred to as a key-encrypting key G-4 GLOSSARY meet-in-the-middle attack This is a cryptanaltytic attack that attempts to find a value in each of the range and domain of the composition of two functions such that the forward mapping of one through the first function is the same as the inverse image of the other through the second function—quite literally meeting in the middle of the composed function message authentication A process used to verify the integrity of a message message authentication code (MAC) message digest Cryptographic checksum Hash function modular arithmetic A kind of integer arithmetic that reduces all numbers to one of a fixed set [0, Á ,n - 1] for some number n Any integer outside this range is reduced to one in this range by taking the remainder after division by n mode of operation A technique for enhancing the effect of a cryptographic algorithm or adapting the algorithm for an application, such as applying a block cipher to a sequence of data blocks or a data stream multilevel security A capability that enforces access control across multiple levels of classification of data multiple encryption Repeated use of an encryption function with different keys to produce a more complex mapping from plaintext to ciphertext nibble A sequence of four bits nonce An identifier or number that is used only once one-way function A function that is easily computed, but the calculation of its inverse is infeasible password* A secret data value, usually a character string, that is used as authentication information A password is usually matched with a user identifier that is explicitly presented in the authentication process, but in some cases, the identity may be implicit plaintext The input to an encryption function or the output of a decryption function primitive root If r and n are relatively prime integers with n and if f(n) is the least positive exponent m such that rm K mod n, then r is called a primitive root modulo n private key One of the two keys used in an asymmetric encryption system For secure communication, the private key should only be known to its creator pseudorandom number generator A function that deterministically produces a sequence of numbers that are apparently statistically random public key One of the two keys used in an asymmetric encryption system The public key is made public and is to be used in conjunction with a corresponding private key public-key certificate Consists of a public key plus a User ID of the key owner with the whole block signed by a trusted third party Typically, the third party is a certificate authority (CA) that is trusted by the user community, such as a government agency or a financial institution public-key encryption Asymmetric encryption www.ebook777.com GLOSSARY G-5 public-key infrastructure (PKI) The set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates based on asymmetric cryptography relatively prime Two numbers are relatively prime if they have no prime factors in common; that is, their only common divisor is replay attacks An attack in which a service already authorized and completed is forged by another “duplicate request” in an attempt to repeat authorized commands residue When the integer a is divided by the integer n, the remainder r is referred to as the residue Equivalently, r = a mod n residue class All the integers that have the same remainder when divided by n form a residue class (mod n) Thus, for a given remainder r, the residue class (mod n) to which it belongs consists of the integers r, r ; n, r ; 2n, Á RSA algorithm A public-key encryption algorithm based on exponentiation in modular arithmetic It is the only algorithm generally accepted as practical and secure for public-key encryption secret key The key used in a symmetric encryption system Both participants must share the same key, and this key must remain secret to protect the communication security attack* An assault on system security that derives from an intelligent threat; that is, an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system security mechanism A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack security service A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service security threat* A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm That is, a threat is a possible danger that might exploit a vulnerability session key A temporary encryption key used between two principals steganography Methods of hiding the existence of a message or other data This is different than cryptography, which hides the meaning of a message but does not hide the message itself stream cipher A symmetric encryption algorithm in which ciphertext output is produced bit-by-bit or byte-by-byte from a stream of plaintext input symmetric encryption A form of cryptosystem in which encryption and decryption are performed using the same key Also known as conventional encryption trapdoor Secret undocumented entry point into a program used to grant access without normal methods of access authentication G-6 GLOSSARY trapdoor one-way function A function that is easily computed, and the calculation of its inverse is infeasible unless certain privileged information is known Trojan horse* A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program trusted system A computer and operating system that can be verified to implement a given security policy unconditionally secure Secure even against an opponent with unlimited time and unlimited computing resources virtual private network Consists of a set of computers that interconnect by means of a relatively unsecure network and that make use of encryption and special protocols to provide security virus Code embedded within a program that causes a copy of itself to be inserted in one or more other programs In addition to propagation, the virus usually performs some unwanted function worm Program that can replicate itself and send copies from computer to computer across network connections Upon arrival, the worm may be activated to replicate and propagate again In addition to propagation, the worm usually performs some unwanted function zombie A program that secretly takes over another Internet-attached computer and then uses that computer to launch attacks that are difficult to trace to the zombie’s creator www.ebook777.com ACRONYMS 3DES AES AH ANSI CBC CC CESG CFB CMAC CRT DDoS DES DoS DSA DSS ECB ESP FIPS IAB IETF IP IPsec ISO ITU ITU-T IV Triple Data Encryption Standard Advanced Encryption Standard Authentication Header American National Standards Institute Cipher Block Chaining Common Criteria Communications-Electronics Security Group Cipher Feedback Cipher-Based Message Authentication Code Chinese Remainder Theorem Distributed Denial of Service Data Encryption Standard Denial of Service Digital Signature Algorithm Digital Signature Standard Electronic Codebook Encapsulating Security Payload Federal Information Processing Standard Internet Architecture Board Internet Engineering Task Force Internet Protocol IP Security International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector Initialization Vector KDC LAN MAC MIC MIME MD5 MTU NIST NSA OFB PCBC PGP PKI PRNG RFC RNG RSA SET SHA SHS S/MIME SNMP SNMPv3 SSL TCP TLS UDP WAN Key Distribution Center Local Area Network Message Authentication Code Message Integrity Code Multipurpose Internet Mail Extension Message Digest, Version Maximum Transmission Unit National Institute of Standards and Technology National Security Agency Output Feedback Propagating Cipher Block Chaining Pretty Good Privacy Public Key Infrastructure Pseudorandom Number Generator Request for Comments Random Number Generator Rivest-Shamir-Adelman Secure Electronic Transaction Secure Hash Algorithm Secure Hash Standard Secure MIME Simple Network Management Protocol Simple Network Management Protocol Version Secure Sockets Layer Transmission Control Protocol Transport Layer Security User Datagram Protocol Wide Area Network ... algorithms and security protocols to provide security over networks and the Internet Topics covered include transport-level security, wireless network security, e-mail security, and IP security. .. Readers and Instructors 0.3 Internet and Web Resources 0.4 Standards Chapter Overview 1.1 Computer Security Concepts 1.2 The OSI Security Architecture 14 1.3 Security Attacks 15 1.4 Security. .. Questions, and Problems 214 Chapter Pseudorandom Number Generation and Stream Ciphers 218 7.1 Principles of Pseudorandom Number Generation 219 7.2 Pseudorandom Number Generators 226 7.3 Pseudorandom