Free ebooks ==> www.Ebook777.com www.Ebook777.com Free ebooks ==> www.Ebook777.com  Cryptography and Security Services: Mechanisms and Applications Manuel Mogollon University of Dallas, USA Cybertech Publishing Hershey • New York www.Ebook777.com ii Acquisition Editor: Senior Managing Editor: Managing Editor: Development Editor: Assistant Development Editor: Editorial Assistant: Copy Editor: Typesetter: Cover Design: Printed at: Kristin Klinger Jennifer Neidig Sara Reed Kristin M Roth Meg Stocking Deborah Yahnke Erin Meyer Jeff Ash Lisa Tosheff Yurchak Printing Inc Published in the United States of America by CyberTech Publishing (an imprint of IGI Global) 701 E Chocolate Avenue Hershey PA 17033 Tel: 717-533-8845 Fax: 717-533-8661 E-mail: cust@igi-pub.com Web site: http://www.cybertech-pub.com and in the United Kingdom by CyberTech Publishing (an imprint of IGI Global) Henrietta Street Covent Garden London WC2E 8LU Tel: 44 20 7240 0856 Fax: 44 20 7379 0609 Web site: http://www.eurospanonline.com Copyright © 2007 by IGI Global All rights reserved No part of this book may be reproduced in any form or by any means, electronic or mechanical, including photocopying, without written permission from the publisher Product or company names used in this book are for identification purposes only Inclusion of the names of the products or companies does not indicate a claim of ownership by IGI Global of the trademark or registered trademark Library of Congress Cataloging-in-Publication Data Mogollon, Manuel Cryptography and security services : mechanisms and applications / Manuel Mogollon p cm Summary: "This book addresses cryptography from the perspective of security services and mechanisms available to implement them: discussing issues such as e-mail security, public-key architecture, virtual private networks, Web services security, wireless security, and confidentiality and integrity It provides scholars and practitioners working knowledge of fundamental encryption algorithms and systems supported in information technology and secure communication networks" Provided by publisher Includes bibliographical references and index ISBN 978-1-59904-837-6 (hardcover) ISBN 978-1-59904-839-0 (ebook) Computers Access control Data encryption (Computer science) I Title QA76.9.A25M663 2007 005.8 dc22 British Cataloguing in Publication Data A Cataloguing in Publication record for this book is available from the British Library All work contributed to this book is original material The views expressed in this book are those of the authors, but not necessarily of the publisher iii Cryptography and Security Sevices: Mechanisms and Applications Table of Contents Foreword x Preface xi Acknowledgment xv Chapter I Classic Cryptography Classic Cryptography Objectives Introduction Classic Cipher Techniques Early Cipher Machines Cryptanalysis in World War II 12 Summary 12 Learning Objectives Review 13 References 14 Chapter II Information Assurance 15 Information Assistance 15 Objectives 15 Introduction 15 Computer Network Architecture 16 Free ebooks ==> www.Ebook777.com iv The OSI Model 17 The TCP/IP Model 20 Security Policies, Services, and Mechanisms 22 Placeholder Names Used in Cryptography 26 The Transformation of the Crypto Industry 27 U.S Export Regulations for Encryption Equipment 29 Summary 30 Learning Objectives Review 31 References 32 Chapter III Number Theory and Finite Fields 33 Number Theory and Finite Fields 33 Objectives 33 Introduction 33 Principle of Counting 34 Exponentiation and Prime Numbers 35 The Euclidean Algorithm 35 Congruence Arithmetic 36 Summary of Properties 41 Calculation of the Reciprocal (Multiplicative Inverse) 42 Multiplication and Exponentiation in Modulo p 43 RSA Algorithm 45 Finite Fields 45 Boolean Binary Expressions 48 Summary 49 Learning Objectives Review 49 References 50 Chapter IV Confidentiality: Symmetric Encryption 51 Confidentiality: Symmetric Encryption 51 Objectives 51 Introduction 52 Crypto Systems 54 Stream Cypher Symmetric Encryption 54 Basic Theory of Enciphering 58 Perfect Secrecy 62 Shift Registers 64 Block Encryption Algorithms 80 Block Cipher Modes of Operation 90 Summary 97 Learning Objectives Review 97 References 99 Chapter V Confidentiality: Asymmetric Encryption 101 Confidentiality: Asymmetric Encryption 101 Objectives 101 Introduction 102 Exponentiation and Public-Key Ciphers 104 www.Ebook777.com Pohlig-Hellman Algorithm 105 The RSA Algorithm 106 ElGamal Algorithm 109 Key Management 110 Security Services and Public-Key Encryption 110 Combining Asymmetric and Symmetric Ciphers 110 The Diffie-Hellman Key Agreement System 111 The Diffie-Hellman Key Agreement Method 114 The RSA Key Transport System 115 Variation of ElGamal System 116 Summary 118 Learning Objectives Review 119 References 121 Chapter VI Integrity and Authentication 122 Integrity and Authentication 122 Objectives 122 Introduction 123 Message Authentication Code (MAC) 123 Hash Functions 125 Secure Hash Standard 127 Secure Hash Algorithm: SHA-1 131 MD5 Message Digest Algorithm 137 Keyed-Hash Message Authentication Code (HMAC) 138 Authentication (Digital Signatures) 141 Digital Signature Standard (FIPS 186-2) 143 Digital Signature Algorithm (ANSI X9.30) 143 RSA Digital Signature (ANSI X9.31) 145 Elliptic Curve Digital Signature Algorithm (ANSI X9.62) 146 ElGamal Digital Signature 146 Summary 148 Learning Objectives Review 148 References 150 Chapter VII Access Authentication 152 Access Authentication 152 Objectives 152 Introduction 153 Authentication Concepts 154 IEEE 802.1X Authentication 155 Extensible Authentication Protocol (EAP) 157 Other Password Mechanisms 167 Password Security Considerations 169 EAP Authentication Servers 171 Remote Authentication Dial-In User Service (RADIUS) 171 Needham and Schroeder 173 Kerberos 174 ITU-T X.509: Authentication Framework 177 Hash and Encryption Recommendations 182 Summary 184 Learning Objectives Review 185 References 187 Chapter VIII Elliptic Curve Cryptography 189 Elliptic Curve Cryptography 189 Objectives 189 Introduction 190 Finite Fields 192 Elliptic Curves and Points 193 Arithmetic in an Elliptic Curve Group over Fp 194 Arithmetic in an Elliptic Curve Group over F2m 196 Order of a Point 198 Curve Order 199 Selecting an Elliptic Curve and G, the Generator Point 199 Elliptic Curve Domain Parameters 200 Elliptic Curve Domain Parameters over Fp 201 Elliptic Curve Domain Parameters over F2m 202 Cryptography Using Elliptic Curves 202 Attacks on the Elliptic Curve Discrete Logarithm Problem (ECDLP) 203 Public Key Systems Public Key Size Comparisons 206 Software Implementations 207 Key Pair Generation 207 Enciphering and Deciphering a Message Using ElGamal 208 ECDH Key Agreement 210 ECDSA Signature Generation 211 ECDSA Signature Verification 211 EC Cipher Suites 212 Summary 214 Learning Objectives Review 214 References 215 Chapter IX Certificates and Public Key Infrastructure 217 Certificates and Public Key Infrastructure 217 Objectives 217 Introduction 218 X.509 Basic Certificate Fields 219 RSA Certification 220 Cylink (Seek) Certification 220 Cylink Certification Based on ElGamal 222 Variation of ElGamal Certification 223 Public-Key Infrastructure (PKI) 226 PKI Management Model 227 PKI Management Requirements 230 Certificate Life-Cycle 231 PKI Management Operations 231 CRL Basic Fields 236 CA Trust Models 237 Encryption Algorithms Supported in PKI 240 Private Key Proof of Possession (POP) 242 Two Models for PKI Deployment 242 Summary 243 Learning Objectives Review 243 References 245 Chapter X Electronic Mail Security 246 Electronic Mail Security 246 Objectives 246 Introduction 247 Pretty Good Privacy (PGP) 247 PGP E-Mail Compatibility 248 RADIX 64: E-Mail Format Compatibility 248 E-Mail Size Compatibility 250 Key Rings 250 PGP Digital Certificates 251 Establishment of Trust 253 Secure MIME (S/MIME) 256 S/MIME Message Formats 258 Creating a Signed-Only Message 258 Creating a Enveloped-Only Message 261 Signed and Enveloped MIME Entities 262 Summary 262 Learning Objectives Review 263 References 265 Chapter XI VPNS and IPSEC 266 VPNS and IPSEC 266 Objectives 266 Introduction 267 VPN Services 268 IP Tunneling Mechanisms 269 IPsec 269 IPsec Architecture 270 IPsec Protocols 271 IPsec Negotiation 272 Security Associations 273 Security Protocols 274 Authentication Header 275 Encapsulating Security Protocol (ESP) 277 AH and ESP Modes of Operation 280 Algorithms for Encryption and Authentication in IPsec 281 Internet Key Exchange (IKE v2) 281 IKE Message Exchanges 283 IKE_SA_INIT 284 IKE_SA_AUTH 285 CREATE_CHILD_SAs 286 Informational Exchange in IKE 288 Integrity and Authentication in IKE 290 Diffie-Hellman Group Descriptors 291 IPsec and IKE v2 Identifiers 293 Summary 297 Learning Objectives Review 297 References 299 Chapter XII TLS, SSL, and SET 300 TLS, SSL, and SET 300 Objectives 300 Introduction 301 Transport Layer Security (TLS) 302 Handshake Protocol 305 Alert Message Protocol 312 Change Cipher Spec Protocol 313 Application Protocol 313 SSL VPN 314 Secure Electronic Transaction Protocol (SET) 315 Summary 330 Learning Objectives Review 331 References 332 Chapter XIII Web Services Security 334 Web Services Security 334 Objectives 334 Web Services 335 Extensible Markup Language, XML 338 Simple Object Access Protocol (SOAP) 341 Universal Discovery, Description, and Integration (UDDI) 342 Web Services Description Language, WSDL 343 Web Services Security 344 XML Security 345 XML Encryption 345 XML Signature 361 XML Key Management Specification 375 Security Assertion Markup Languages (SAML) 389 Web Services Security Language (WS-Security) 395 Summary 405 Learning Objectives Review 406 References 407 Chapter XIV Wireless Security 409 Wireless Security 409 Objectives 409 Introduction 409 WIMAX 411 Free ebooks ==> www.Ebook777.com WIMAX (IEEE 802.16e) Security 412 Wi-Fi 420 IEE802.11 Wireless LAN 422 802.11i: WLAN Security Enhancement 424 Wi-Fi Protected Access (WPA or WPA1) and WPA2 425 Bluetooth 436 Summary 443 Learning Objectives Review 444 References 445 Glossary of Terms 447 About the Author 467 Index 468 www.Ebook777.com ... Manuel Cryptography and security services : mechanisms and applications / Manuel Mogollon p cm Summary: "This book addresses cryptography from the perspective of security services and mechanisms. .. discussed and reviewed The third section discusses how those crypto services and mechanisms are used in applications such as e-mail security, VPNs, IPsec, TLS, Web services, and wireless security. .. Classc Cryptography  Chapter.I Classic .Cryptography Classic .Cryptography Chapters and cover information on classic cryptography and the aspects of information security related to security services