Cover -- Title Page -- Copyright -- Contents -- Preface -- About the Authors -- Chapter 1 Network Security Overview -- 1.1 Mission and Definitions -- 1.2 Common Attacks and Defense Mechanisms -- 1.2.1 Eavesdropping -- 1.2.2 Cryptanalysis -- 1.2.3 Password Pilfering -- 1.2.4 Identity Spoofing -- 1.2.5 Buffer-Overflow Exploitations -- 1.2.6 Repudiation -- 1.2.7 Intrusion -- 1.2.8 Traffic Analysis -- 1.2.9 Denial of Service Attacks -- 1.2.10 Malicious Software -- 1.3 Attacker Profiles -- 1.3.1 Hackers -- 1.3.2 Script Kiddies -- 1.3.3 Cyber Spies -- 1.3.4 Vicious Employees -- 1.3.5 Cyber Terrorists -- 1.3.6 Hypothetical Attackers -- 1.4 Basic Security Model -- 1.5 Security Resources -- 1.5.1 CERT -- 1.5.2 SANS Institute -- 1.5.3 Microsoft Security -- 1.5.4 NTBugtraq -- 1.5.5 Common Vulnerabilities and Exposures -- 1.6 Closing Remarks -- 1.7 Exercises -- 1.7.1 Discussions -- 1.7.2 Homework -- Chapter 2 Data Encryption Algorithms -- 2.1 Data Encryption Algorithm Design Criteria -- 2.1.1 ASCII Code -- 2.1.2 XOR Encryption -- 2.1.3 Criteria of Data Encryptions -- 2.1.4 Implementation Criteria -- 2.2 Data Encryption Standard -- 2.2.1 Feistel's Cipher Scheme -- 2.2.2 DES Subkeys -- 2.2.3 DES Substitution Boxes -- 2.2.4 DES Encryption -- 2.2.5 DES Decryption and Correctness Proof -- 2.2.6 DES Security Strength -- 2.3 Multiple DES -- 2.3.1 Triple-DES with Two Keys -- 2.3.2 2DES and 3DES/3 -- 2.3.3 Meet-in-the-Middle Attacks on 2DES -- 2.4 Advanced Encryption Standard -- 2.4.1 AES Basic Structures -- 2.4.2 AES S-Boxes -- 2.4.3 AES-128 Round Keys -- 2.4.4 Add Round Keys -- 2.4.5 Substitute-Bytes -- 2.4.6 Shift-Rows -- 2.4.7 Mix-Columns -- 2.4.8 AES-128 Encryption -- 2.4.9 AES-128 Decryption and Correctness Proof -- 2.4.10 Galois Fields -- 2.4.11 Construction of the AES S-Box and Its Inverse -- 2.4.12 AES Security Strength.

2.5 Standard Block Cipher Modes of Operations -- 2.5.1 Electronic-Codebook Mode -- 2.5.2 Cipher-Block-Chaining Mode -- 2.5.3 Cipher-Feedback Mode -- 2.5.4 Output-Feedback Mode -- 2.5.5 Counter Mode -- 2.6 Offset Codebook Mode of Operations -- 2.6.1 Basic Operations -- 2.6.2 OCB Encryption and Tag Generation -- 2.6.3 OCB Decryption and Tag Verification -- 2.7 Stream Ciphers -- 2.7.1 RC4 Stream Cipher -- 2.7.2 RC4 Security Weaknesses -- 2.8 Key Generations -- 2.8.1 ANSI X9.17 PRNG -- 2.8.2 BBS Pseudorandom Bit Generator -- 2.9 Closing Remarks -- 2.10 Exercises -- 2.10.1 Discussions -- 2.10.2 Homework -- Chapter 3 Public-Key Cryptography and Key Management -- 3.1 Concepts of Public-Key Cryptography -- 3.2 Elementary Concepts and Theorems in Number Theory -- 3.2.1 Modular Arithmetic and Congruence Relations -- 3.2.2 Modular Inverse -- 3.2.3 Primitive Roots -- 3.2.4 Fast Modular Exponentiation -- 3.2.5 Finding Large Prime Numbers -- 3.2.6 The Chinese Remainder Theorem -- 3.2.7 Finite Continued Fractions -- 3.3 Diffie-Hellman Key Exchange -- 3.3.1 Key Exchange Protocol -- 3.3.2 Man-in-the-Middle Attacks -- 3.3.3 Elgamal PKC -- 3.4 RSA Cryptosystem -- 3.4.1 RSA Key Pairs, Encryptions, and Decryptions -- 3.4.2 RSA Parameter Attacks -- 3.4.3 RSA Challenge Numbers -- 3.5 Elliptic-Curve Cryptography -- 3.5.1 Commutative Groups on Elliptic Curves -- 3.5.2 Discrete Elliptic Curves -- 3.5.3 ECC Encodings -- 3.5.4 ECC Encryption and Decryption -- 3.5.5 ECC Key Exchange -- 3.5.6 ECC Strength -- 3.6 Key Distributions and Management -- 3.6.1 Master Keys and Session Keys -- 3.6.2 Public-Key Certificates -- 3.6.3 CA Networks -- 3.6.4 Key Rings -- 3.7 Closing Remarks -- 3.8 Exercises -- 3.8.1 Discussions -- 3.8.2 Homework -- Chapter 4 Data Authentication -- 4.1 Cryptographic Hash Functions.

4.1.1 Design Criteria of Cryptographic Hash Functions -- 4.1.2 Quest for Cryptographic Hash Functions -- 4.1.3 Basic Structure of Standard Hash Functions -- 4.1.4 SHA-512 -- 4.1.5 WHIRLPOOL -- 4.1.6 SHA-3 Standard -- 4.2 Cryptographic Checksums -- 4.2.1 Exclusive-OR Cryptographic Checksums -- 4.2.2 Design Criteria of MAC Algorithms -- 4.2.3 Data Authentication Algorithm -- 4.3 HMAC -- 4.3.1 Design Criteria of HMAC -- 4.3.2 HMAC Algorithm -- 4.4 Birthday Attacks -- 4.4.1 Complexity of Breaking Strong Collision Resistance -- 4.4.2 Set Intersection Attack -- 4.5 Digital Signature Standard -- 4.5.1 Signing -- 4.5.2 Signature Verifying -- 4.5.3 Correctness Proof of Signature Verification -- 4.5.4 Security Strength of DSS -- 4.6 Dual Signatures and Electronic Transactions -- 4.6.1 Dual Signature Applications -- 4.6.2 Dual Signatures and Electronic Transactions -- 4.7 Blind Signatures and Electronic Cash -- 4.7.1 RSA Blind Signatures -- 4.7.2 Electronic Cash -- 4.7.3 Bitcoin -- 4.8 Closing Remarks -- 4.9 Exercises -- 4.9.1 Discussions -- 4.9.2 Homework -- Chapter 5 Network Security Protocols in Practice -- 5.1 Crypto Placements in Networks -- 5.1.1 Crypto Placement at the Application Layer -- 5.1.2 Crypto Placement at the Transport Layer -- 5.1.3 Crypto Placement at the Network Layer -- 5.1.4 Crypto Placement at the Data-Link Layer -- 5.1.5 Implementations of Crypto Algorithms -- 5.2 Public-Key Infrastructure -- 5.2.1 X.509 Public-Key Infrastructure -- 5.2.2 X.509 Certificate Formats -- 5.3 IPsec: A Security Protocol at the Network Layer -- 5.3.1 Security Association -- 5.3.2 Application Modes and Security Associations -- 5.3.3 AH Format -- 5.3.4 ESP Format -- 5.3.5 Secret Key Determination and Distribution -- 5.4 SSL/TLS: Security Protocols at the Transport Layer -- 5.4.1 SSL Handshake Protocol -- 5.4.2 SSL Record Protocol.

5.5 PGP and S/MIME: Email Security Protocols -- 5.5.1 Basic Email Security Mechanisms -- 5.5.2 PGP -- 5.5.3 S/MIME -- 5.6 Kerberos: An Authentication Protocol -- 5.6.1 Basic Ideas -- 5.6.2 Single-Realm Kerberos -- 5.6.3 Multiple-Realm Kerberos -- 5.7 SSH: Security Protocols for Remote Logins -- 5.8 Electronic Voting Protocols -- 5.8.1 Interactive Proofs -- 5.8.2 Re-encryption Schemes -- 5.8.3 Threshold Cryptography -- 5.8.4 The Helios Voting Protocol -- 5.9 Closing Remarks -- 5.10 Exercises -- 5.10.1 Discussions -- 5.10.2 Homework -- Chapter 6 Wireless Network Security -- 6.1 Wireless Communications and 802.11 WLAN Standards -- 6.1.1 WLAN Architecture -- 6.1.2 802.11 Essentials -- 6.1.3 Wireless Security Vulnerabilities -- 6.2 Wired Equivalent Privacy -- 6.2.1 Device Authentication and Access Control -- 6.2.2 Data Integrity Check -- 6.2.3 LLC Frame Encryption -- 6.2.4 Security Flaws of WEP -- 6.3 Wi-Fi Protected Access -- 6.3.1 Device Authentication and Access Controls -- 6.3.2 TKIP Key Generations -- 6.3.3 TKIP Message Integrity Code -- 6.3.4 TKIP Key Mixing -- 6.3.5 WPA Encryption and Decryption -- 6.3.6 WPA Security Strength and Weaknesses -- 6.4 IEEE 802.11i/WPA2 -- 6.4.1 Key Generations -- 6.4.2 CCMP Encryptions and MIC -- 6.4.3 802.11i Security Strength and Weaknesses -- 6.5 Bluetooth Security -- 6.5.1 Piconets -- 6.5.2 Secure Pairings -- 6.5.3 SAFER+ Block Ciphers -- 6.5.4 Bluetooth Algorithms E1, E21, and E22 -- 6.5.5 Bluetooth Authentication -- 6.5.6 A PIN Cracking Attack -- 6.5.7 Bluetooth Secure Simple Pairing -- 6.6 ZigBee Security -- 6.6.1 Joining a Network -- 6.6.2 Authentication -- 6.6.3 Key Establishment -- 6.6.4 Communication Security -- 6.7 Wireless Mesh Network Security -- 6.7.1 Blackhole Attacks -- 6.7.2 Wormhole Attacks -- 6.7.3 Rushing Attacks -- 6.7.4 Route-Error-Injection Attacks.

6.8 Closing Remarks -- 6.9 Exercises -- 6.9.1 Discussions -- 6.9.2 Homework -- Chapter 7 Cloud Security -- 7.1 The Cloud Service Models -- 7.1.1 The REST Architecture -- 7.1.2 Software-as-a-Service -- 7.1.3 Platform-as-a-Service -- 7.1.4 Infrastructure-as-a-Service -- 7.1.5 Storage-as-a-Service -- 7.2 Cloud Security Models -- 7.2.1 Trusted-Third-Party -- 7.2.2 Honest-but-Curious -- 7.2.3 Semi-Honest-but-Curious -- 7.3 Multiple Tenancy -- 7.3.1 Virtualization -- 7.3.2 Attacks -- 7.4 Access Control -- 7.4.1 Access Control in Trusted Clouds -- 7.4.2 Access Control in Untrusted Clouds -- 7.5 Coping with Untrusted Clouds -- 7.5.1 Proofs of Storage -- 7.5.2 Secure Multiparty Computation -- 7.5.3 Oblivious Random Access Machines -- 7.6 Searchable Encryption -- 7.6.1 Keyword Search -- 7.6.2 Phrase Search -- 7.6.3 Searchable Encryption Attacks -- 7.6.4 Searchable Symmetric Encryptions for the SHBC Clouds -- 7.7 Closing Remarks -- 7.8 Exercises -- 7.8.1 Discussions -- 7.8.2 Homework -- Chapter 8 Network Perimeter Security -- 8.1 General Firewall Framework -- 8.2 Packet Filters -- 8.2.1 Stateless Filtering -- 8.2.2 Stateful Filtering -- 8.3 Circuit Gateways -- 8.3.1 Basic Structures -- 8.3.2 SOCKS -- 8.4 Application Gateways -- 8.4.1 Cache Gateways -- 8.4.2 Stateful Packet Inspections -- 8.5 Trusted Systems and Bastion Hosts -- 8.5.1 Trusted Operating Systems -- 8.5.2 Bastion hosts and Gateways -- 8.6 Firewall Configurations -- 8.6.1 Single-Homed Bastion Host System -- 8.6.2 Dual-Homed Bastion Host System -- 8.6.3 Screened Subnets -- 8.6.4 Demilitarized Zones -- 8.6.5 Network Security Topology -- 8.7 Network Address Translations -- 8.7.1 Dynamic NAT -- 8.7.2 Virtual Local Area Networks -- 8.7.3 Small Office and Home Office Firewalls -- 8.8 Setting Up Firewalls -- 8.8.1 Security Policy.

8.8.2 Building a Linux Stateless Packet Filter.