Muutke küpsiste eelistusi

E-raamat: Everyday Cryptography: Fundamental Principles and Applications

4.29/5 (104 hinnangut Goodreads-ist)
(Professor of Information Security, Royal Holloway, University of London)
  • Formaat: 672 pages
  • Ilmumisaeg: 22-Jun-2017
  • Kirjastus: Oxford University Press
  • Keel: eng
  • ISBN-13: 9780191092060
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 48,15 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Everyday Cryptography: Fundamental Principles and ApplicationsSuurem pilt
  • Formaat: 672 pages
  • Ilmumisaeg: 22-Jun-2017
  • Kirjastus: Oxford University Press
  • Keel: eng
  • ISBN-13: 9780191092060
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

Cryptography is a vital technology that underpins the security of information in computer networks. This book presents a comprehensive introduction to the role that cryptography plays in providing information security for various technologies.

Cryptography is a vital technology that underpins the security of information in computer networks. This book presents a comprehensive introduction to the role that cryptography plays in providing information security for everyday technologies such as the Internet, mobile phones, Wi-Fi networks, payment cards, Tor, and Bitcoin.

This book is intended to be introductory, self-contained, and widely accessible. It is suitable as a first read on cryptography. Almost no prior knowledge of mathematics is required since the book deliberately avoids the details of the mathematics techniques underpinning cryptographic mechanisms. Instead our focus will be on what a normal user or practitioner of information security needs to know about cryptography in order to understand the design and use of everyday cryptographic applications.

By focusing on the fundamental principles of modern cryptography rather than the technical details of current cryptographic technology, the main part this book is relatively timeless, and illustrates the application of these principles by considering a number of contemporary applications of cryptography. Following the revelations of former NSA contractor Edward Snowden, the book considers the wider societal impact of use of cryptography and strategies for addressing this.

A reader of this book will not only be able to understand the everyday use of cryptography, but also be able to interpret future developments in this fascinating and crucially important area of technology.

Arvustused

Review from previous edition Overall, this book is a good nontechnical introduction to cryptography. The author covers essential topics, presents the ideas clearly, and provides problems for further explorations and a good bibliography of other sources * MAA Review * It is a very leisurely reading, well-structured and very detailed. It does not assume any mathematical knowledge, making it suitable for being used as a manual for a course on introduction to cryptography * Vicente Muñoz, the European Mathematical Society * On a page per page basis it actually represents great value, and should achieve a long shelf life as both textbook and good reference source In terms of a score; for students a 9.5, practitioners 8.5 and general interest readers 8.5, giving an overall average of 9/10. Overall, an excellent book * Mike Rees MBCS CITP, The British Computer Society * Everyday Cryptography: Fundamental Principles and Applications is an excellent reference * Jawa Eyes *

Preface to the Second Edition v
Preface vii
List of Figures xxviii
List of Tables xxxi
I Setting the Scene 1(114)
1 Basic Principles
3(49)
1.1 Why information security?
3(6)
1.1.1 The rising profile of information security
4(1)
1.1.2 Two very different office environments
4(2)
1.1.3 Differing perspectives
6(2)
1.1.4 The importance of security infrastructure
8(1)
1.2 Security risks
9(3)
1.2.1 Types of attack
9(1)
1.2.2 Security risks for a simple scenario
10(1)
1.2.3 Choosing security mechanisms
11(1)
1.3 Security services
12(4)
1.3.1 Basic definitions
12(2)
1.3.2 Relationships between security services
14(2)
1.4 Fundamentals of cryptosystems
16(11)
1.4.1 Different cryptographic concepts
16(1)
1.4.2 Cryptographic primitives for security services
17(2)
1.4.3 Basic model of a cryptosystem
19(3)
1.4.4 Codes
22(1)
1.4.5 Steganography
23(1)
1.4.6 Access control
23(1)
1.4.7 Two types of cryptosystem
24(1)
1.4.8 Secrecy of the encryption key
25(2)
1.5 Cryptosystem security assumptions
27(6)
1.5.1 Standard assumptions
27(1)
1.5.2 Theoretical attack models
28(1)
1.5.3 Knowledge of the encryption algorithm
29(2)
1.5.4 Use of publicly known algorithms
31(2)
1.6 Breaking cryptosystems
33(11)
1.6.1 Some useful preliminaries
33(2)
1.6.2 Key lengths and keyspaces
35(2)
1.6.3 Breaking encryption algorithms
37(1)
1.6.4 Exhaustive key searches
38(3)
1.6.5 Classes of attack
41(2)
1.6.6 Academic attacks
43(1)
1.7 Summary
44(1)
1.8 Further reading
45(1)
1.9 Activities
46(6)
2 Historical Cryptosystems
52(31)
2.1 Monoalphabetic ciphers
53(11)
2.1.1 Caesar Cipher
53(3)
2.1.2 Simple Substitution Cipher
56(3)
2.1.3 Frequency analysis
59(3)
2.1.4 A study of theory versus practice
62(2)
2.2 Historical advances
64(13)
2.2.1 Design improvements
64(1)
2.2.2 Playfair Cipher
65(5)
2.2.3 Homophonic encoding
70(3)
2.2.4 Vigenere Cipher
73(4)
2.3 Summary
77(1)
2.4 Further reading
77(1)
2.5 Activities
78(5)
3 Theoretical versus Practical Security
83(32)
3.1 Theoretical security
83(11)
3.1.1 Perfect secrecy
84(1)
3.1.2 A simple cryptosystem offering perfect secrecy
85(2)
3.1.3 One-time pads
87(7)
3.1.4 Theoretical security summary
94(1)
3.2 Practical security
94(15)
3.2.1 One-time pad in practice
95(2)
3.2.2 Cover time
97(1)
3.2.3 Computational complexity
98(5)
3.2.4 Design process of a cryptosystem
103(2)
3.2.5 Evaluating security
105(2)
3.2.6 Adequate security
107(1)
3.2.7 Towards a notion of practical security
108(1)
3.3 Summary
109(1)
3.4 Further reading
110(1)
3.5 Activities
110(5)
II The Cryptographic Toolkit 115(258)
4 Symmetric Encryption
117(51)
4.1 Classification of symmetric encryption algorithms
117(3)
4.2 Stream ciphers
120(6)
4.2.1 Model of a stream cipher
120(1)
4.2.2 Key management of stream ciphers
121(1)
4.2.3 The impact of errors
122(2)
4.2.4 Properties of stream ciphers
124(1)
4.2.5 Examples of stream ciphers
125(1)
4.3 Block ciphers
126(4)
4.3.1 Model of a block cipher
127(1)
4.3.2 Properties of block ciphers
128(1)
4.3.3 Block cipher algorithms
129(1)
4.4 The Data Encryption Standard
130(9)
4.4.1 Feistel Cipher
131(2)
4.4.2 Specification of DES
133(1)
4.4.3 Brief history of DES
133(4)
4.4.4 Triple DES
137(2)
4.5 The Advanced Encryption Standard
139(4)
4.5.1 Development of AES
139(1)
4.5.2 Design of AES
140(2)
4.5.3 AES today
142(1)
4.6 Modes of operation
143(17)
4.6.1 Electronic Code Book mode
143(3)
4.6.2 Cipher Block Chaining mode
146(6)
4.6.3 Cipher Feedback mode
152(4)
4.6.4 Counter mode
156(3)
4.6.5 Comparing modes of operation
159(1)
4.7 Use of symmetric encryption
160(2)
4.7.1 Other types of symmetric encryption
160(1)
4.7.2 The future for symmetric encryption
161(1)
4.8 Summary
162(1)
4.9 Further reading
162(2)
4.10 Activities
164(4)
5 Public-Key Encryption
168(42)
5.1 Public-key cryptography
169(11)
5.1.1 Motivation for public-key cryptography
169(2)
5.1.2 Properties of public-key cryptosystems
171(3)
5.1.3 Some mathematical preliminaries
174(2)
5.1.4 One-way functions for public-key cryptography
176(4)
5.2 RSA
180(8)
5.2.1 Setting up RSA
180(2)
5.2.2 Encryption and decryption using RSA
182(1)
5.2.3 Security of RSA
183(3)
5.2.4 RSA in practice
186(2)
5.3 ElGamal and elliptic curve variants
188(7)
5.3.1 Setting up ElGamal
189(1)
5.3.2 Encryption and decryption using ElGamal
190(2)
5.3.3 Security of ElGamal
192(1)
5.3.4 ElGamal in practice
193(1)
5.3.5 Elliptic Curve Cryptography
194(1)
5.4 Comparison of RSA, EIGamal, and ECC
195(4)
5.4.1 Popularity of RSA
195(1)
5.4.2 Performance issues
195(1)
5.4.3 Security issues
196(3)
5.5 Use of public-key encryption
199(4)
5.5.1 Limiting factors
199(1)
5.5.2 Hybrid encryption
200(1)
5.5.3 Other types of public-key cryptosystem
201(2)
5.5.4 The future for public-key cryptosystems
203(1)
5.6 Summary
203(1)
5.7 Further reading
204(1)
5.8 Activities
205(5)
6 Data Integrity
210(45)
6.1 Different levels of data integrity
211(1)
6.2 Hash functions
212(21)
6.2.1 Properties of a hash function
213(4)
6.2.2 Applications of hash functions
217(6)
6.2.3 Attacking hash functions in theory
223(5)
6.2.4 Hash functions in practice
228(5)
6.2.5 SHA-3
233(1)
6.3 Message authentication codes
233(16)
6.3.1 Does symmetric encryption provide data origin authentication?
234(1)
6.3.2 MAC properties
235(3)
6.3.3 CBC-MAC
238(4)
6.3.4 HMAC
242(1)
6.3.5 MACs and non-repudiation
243(1)
6.3.6 Using MACs with encryption
244(5)
6.4 Summary
249(1)
6.5 Further reading
249(1)
6.6 Activities
250(5)
7 Digital Signature Schemes
255(33)
7.1 Digital signatures
255(4)
7.1.1 The basic idea
256(1)
7.1.2 Electronic signatures
256(2)
7.1.3 Digital signature scheme fundamentals
258(1)
7.2 Non-repudiation using symmetric techniques
259(4)
7.2.1 Arbitrated digital signature schemes
259(2)
7.2.2 Asymmetric trust relationships
261(1)
7.2.3 Enforced trust
262(1)
7.3 Digital signature schemes based on RSA
263(12)
7.3.1 Complementary requirements
263(1)
7.3.2 Basic model of a digital signature scheme
264(1)
7.3.3 Two different approaches
265(1)
7.3.4 RSA digital signature scheme with appendix
266(5)
7.3.5 RSA digital signature scheme with message recovery
271(3)
7.3.6 Other digital signature schemes
274(1)
7.4 Digital signature schemes in practice
275(8)
7.4.1 Security of digital signature schemes
275(2)
7.4.2 Using digital signature schemes with encryption
277(1)
7.4.3 Relationship with handwritten signatures
278(4)
7.4.4 Relationship with advanced electronic signatures
282(1)
7.5 Summary
283(1)
7.6 Further reading
283(1)
7.7 Activities
284(4)
8 Entity Authentication
288(37)
8.1 Random number generation
288(7)
8.1.1 The need for randomness
289(1)
8.1.2 What is randomness?
290(1)
8.1.3 Non-deterministic generators
290(2)
8.1.4 Deterministic generators
292(3)
8.2 Providing freshness
295(6)
8.2.1 Clock-based mechanisms
295(1)
8.2.2 Sequence numbers
296(3)
8.2.3 Nonce-based mechanisms
299(1)
8.2.4 Comparison of freshness mechanisms
300(1)
8.3 Fundamentals of entity authentication
301(5)
8.3.1 A problem with entity authentication
302(1)
8.3.2 Applications of entity authentication
303(1)
8.3.3 General categories of identification information
303(3)
8.4 Passwords
306(4)
8.4.1 Problems with passwords
306(2)
8.4.2 Cryptographic password protection
308(2)
8.5 Dynamic password schemes
310(4)
8.5.1 Idea behind dynamic password schemes
310(1)
8.5.2 Example dynamic password scheme
311(3)
8.6 Zero-knowledge mechanisms
314(4)
8.6.1 Motivation for zero-knowledge
315(1)
8.6.2 Zero-knowledge analogy
315(2)
8.6.3 Zero-knowledge in practice
317(1)
8.7 Summary
318(1)
8.8 Further reading
318(1)
8.9 Activities
319(6)
9 Cryptographic Protocols
325(48)
9.1 Protocol basics
326(2)
9.1.1 Operational motivation for protocols
326(1)
9.1.2 Environmental motivation for protocols
327(1)
9.1.3 Components of a cryptographic protocol
327(1)
9.2 From objectives to a protocol
328(5)
9.2.1 Stages of protocol design
329(1)
9.2.2 Challenges of the stages of protocol design
330(1)
9.2.3 Assumptions and actions
331(2)
9.2.4 The wider protocol design process
333(1)
9.3 Analysing a simple protocol
333(18)
9.3.1 A simple application
334(1)
9.3.2 Protocol 1
335(4)
9.3.3 Protocol 2
339(1)
9.3.4 Protocol 3
340(3)
9.3.5 Protocol 4
343(2)
9.3.6 Protocol 5
345(3)
9.3.7 Protocol 6
348(1)
9.3.8 Protocol 7
349(2)
9.3.9 Simple protocol summary
351(1)
9.4 Authentication and key establishment protocols
351(16)
9.4.1 Typical AKE protocol goals
352(2)
9.4.2 Diffie-Hellman key agreement protocol
354(8)
9.4.3 An AKE protocol based on key distribution
362(4)
9.4.4 Perfect forward secrecy
366(1)
9.5 Summary
367(1)
9.6 Further reading
367(1)
9.7 Activities
368(5)
III Key Management 373(94)
10 Key Management
375(56)
10.1 Key management fundamentals
376(5)
10.1.1 What is key management?
376(1)
10.1.2 The key lifecycle
377(1)
10.1.3 Fundamental key management requirements
378(2)
10.1.4 Key management systems
380(1)
10.2 Key lengths and lifetimes
381(3)
10.2.1 Key lifetimes
381(2)
10.2.2 Choosing a key length
383(1)
10.3 Key generation
384(5)
1o.3.1 Direct key generation
385(1)
10.3.2 Key derivation
385(2)
10.3.3 Key generation from components
387(1)
10.3.4 Public-key pair generation
388(1)
10.4 Key establishment
389(13)
10.4.1 Key hierarchies
390(5)
10.4.2 Unique key per transaction schemes
395(4)
10.4.3 Quantum key establishment
399(3)
10.5 Key storage
402(10)
10.5.1 Avoiding key storage
402(1)
10.5.2 Key storage in software
403(2)
10.5.3 Key storage in hardware
405(3)
10.5.4 Key storage risk factors
408(2)
10.5.5 Key backup, archival, and recovery
410(2)
10.6 Key usage
412(9)
10.6.1 Key separation
412(4)
10.6.2 Key change
416(3)
10.6.3 Key activation
419(1)
10.6.4 Key destruction
420(1)
10.7 Governing key management
421(3)
10.7.1 Key management policies, practices, and procedures
421(1)
10.7.2 Example procedure: key generation ceremony
422(2)
10.8 Summary
424(1)
10.9 Further reading
424(1)
10.10 Activities
425(6)
11 Public-Key Management
431(36)
11.1 Certification of public keys
432(6)
11.1.1 Motivation for public-key certificates
432(3)
11.1.2 Public-key certificates
435(3)
11.2 The certificate lifecycle
438(8)
11.2.1 Differences in the certificate lifecycle
438(1)
11.2.2 Certificate creation
439(5)
11.2.3 Key pair change
444(2)
11.3 Public-key management models
446(8)
11.3.1 Choosing a CA
447(1)
11.3.2 Public-key certificate management models
447(4)
11.3.3 Joining CA domains
451(3)
11.4 Alternative approaches
454(6)
11.4.1 Webs of trust
455(1)
11.4.2 Identity-based encryption
456(4)
11.5 Summary
460(1)
11.6 Further reading
461(1)
11.7 Activities
462(5)
IV Use of Cryptography 467(165)
12 Cryptographic Applications
469(113)
12.1 Cryptography for securing the Internet
471(14)
12.1.1 TLS background
471(1)
12.1.2 TLS security requirements
472(1)
12.1.3 Cryptography used in TLS
472(1)
12.1.4 TLS 1.2 and earlier versions
473(5)
12.1.5 TLS 1.3
478(3)
12.1.6 TLS key management
481(2)
12.1.7 TLS security issues
483(1)
12.1.8 TLS design considerations
484(1)
12.2 Cryptography for wireless local area networks
485(14)
12.2.1 WLAN background
485(2)
12.2.2 WLAN security requirements
487(1)
12.2.3 WEP
488(3)
12.2.4 Attacks on WEP
491(4)
12.2.5 WPA and WPA2
495(3)
12.2.6 WLAN security issues
498(1)
12.2.7 WLAN design considerations
498(1)
12.3 Cryptography for mobile telecommunications
499(15)
12.3.1 Mobile telecommunications background
500(1)
12.3.2 GSM security requirements
500(2)
12.3.3 Cryptography used in GSM
502(5)
12.3.4 UMTS
507(2)
12.3.5 LTE
509(2)
12.3.6 GSM, UMTS, and LTE key management
511(2)
12.3.7 Mobile telecommunications security issues
513(1)
12.3.8 Mobile telecommuncations design considerations
513(1)
12.4 Cryptography for secure payment card transactions
514(15)
12.4.1 Background to payment card services
514(1)
12.4.2 Magnetic stripe cards
515(3)
12.4.3 EMV cards
518(3)
12.4.4 Using EMV cards for Internet transactions
521(2)
12.4.5 Using EMV cards for authentication
523(1)
12.4.6 Using EMV cards for mobile payments
524(2)
12.4.7 Payment card key management
526(2)
12.4.8 Payment card security issues
528(1)
12.4.9 Payment card cryptographic design considerations
528(1)
12.5 Cryptography for video broadcasting
529(9)
12.5.1 Video broadcasting background
529(2)
12.5.2 Video broadcasting security requirements
531(1)
12.5.3 Cryptography used in video broadcasting
532(1)
12.5.4 Key management for video broadcasting
533(4)
12.5.5 Video broadcast security issues
537(1)
12.5.6 Video broadcast design considerations
537(1)
12.6 Cryptography for identity cards
538(12)
12.6.1 eID background
538(2)
12.6.2 eID security requirements
540(1)
12.6.3 Cryptography used in eID cards
541(1)
12.6.4 Provision of the eID card core functions
541(3)
12.6.5 eID key management
544(5)
12.6.6 eID security issues
549(1)
12.6.7 eID design considerations
549(1)
12.7 Cryptography for anonymity
550(11)
12.7.1 Tor background
550(1)
12.7.2 Tor security requirements
551(1)
12.7.3 How Tor works
552(8)
12.7.4 Tor security issues
560(1)
12.7.5 Tor design considerations
560(1)
12.8 Cryptography for digital currency
561(13)
12.8.1 Bitcoin background
561(1)
12.8.2 Bitcoin security requirements
562(1)
12.8.3 Bitcoin transactions
563(2)
12.8.4 Bitcoin blockchain
565(3)
12.8.5 Bitcoin mining
568(4)
12.8.6 Bitcoin security issues
572(1)
12.8.7 Bitcoin design considerations
573(1)
12.9 Summary
574(1)
12.10 Further reading
575(1)
12.11 Activities
576(6)
13 Cryptography for Personal Devices
582(22)
13.1 File protection
583(5)
13.1.1 Full disk encryption
584(2)
13.1.2 Virtual disk encryption
586(1)
13.1.3 Individual file encryption
587(1)
13.2 Email security
588(4)
13.2.1 The need for email security
588(2)
13.2.2 Techniques for securing email
590(2)
13.3 Messaging security
592(4)
13.3.1 WhatsApp security requirements
593(1)
13.3.2 Cryptography used in WhatsApp
593(3)
13.4 Platform security
596(4)
13.4.1 Cryptographic protection of iOS user data
596(2)
13.4.2 Cryptographic protection of iOS Internet services
598(1)
13.4.3 Further iOS cryptographic support
599(1)
13.5 Summary
600(1)
13.6 Further reading
600(1)
13.7 Activities
601(3)
14 Control of Cryptography
604(26)
14.1 The cryptography dilemma
605(4)
14.1.1 The case for controlling the use of cryptography
606(1)
14.1.2 The case against controlling the use of cryptography
606(1)
14.1.3 Seeking a balance
607(1)
14.1.4 Strategies for controlling the use of cryptography
608(1)
14.2 Backdoors in algorithms
609(3)
14.2.1 Use of backdoors
609(2)
14.2.2 Dual_EC_DRBG
611(1)
14.3 Legal mechanisms
612(3)
14.3.1 Export restrictions
612(1)
14.3.2 Key escrow
613(2)
14.3.3 Legal requirements to access plaintext
615(1)
14.4 Control of cryptography in an age of complexity
615(9)
14.4.1 The Snowden revelations
616(1)
14.4.2 Changes to the cryptographic environment
617(3)
14.4.3 Strategies for controlling ubiquitous cryptography
620(4)
14.5 Summary
624(1)
14.6 Further reading
625(1)
14.7 Activities
626(4)
15 Closing Remarks
630(2)
Mathematics Appendix 632(23)
A.1 Decimal, binary, and hex
632(8)
A.1.1 Decimal
633(1)
A.1.2 Binary
634(3)
A.1.3 XOR
637(1)
A.1.4 Hex
638(2)
A.1.5 ASCII
640(1)
A.2 Modular arithmetic
640(6)
A.2.1 Motivation
641(1)
A.2.2 Modular numbers
642(3)
A.2.3 Modular arithmetic operations
645(1)
A.3 The mathematics of RSA
646(5)
A.3.1 Primes and coprimes
646(1)
A.3.2 Multiplicative inverses
647(2)
A.3.3 RSA key pair setup
649(1)
A.3.4 Why RSA works
650(1)
A.4 The mathematics of ElGamal
651(2)
A.4.1 ElGamal public keys
651(2)
A.4.2 Why ElGamal works
653(1)
A.5 Further reading
653(2)
Bibliography 655(12)
Index 667
Prof. Keith Martin is a Professor of Information Security at Royal Holloway, University of London. He first studied cryptography at Royal Holloway in the late 1980s. After research positions at the University of Adelaide, Australia and the University of Leuven, Belgium, he rejoined Royal Holloway in 2000. He was Director of Royal Holloway's renowned Information Security Group between 2010 and 2015. As well as being an active member of the cryptographic research community, he has considerable experience in teaching cryptography to non-mathematical students, including to Royal Holloway's pioneering MSc Information Security, industrial courses, and young audiences.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97801910920606e.html
Märksõnad: