Muutke küpsiste eelistusi

Security without Obscurity: A Guide to Cryptographic Architectures [Kõva köide]

4.00/5 (2 hinnangut Goodreads-ist)
  • Formaat: Hardback, 193 pages, kõrgus x laius: 234x156 mm, kaal: 290 g
  • Ilmumisaeg: 17-Jul-2018
  • Kirjastus: CRC Press Inc
  • ISBN-10: 0815396414
  • ISBN-13: 9780815396413
Teised raamatud teemal:
Security without Obscurity: A Guide to Cryptographic ArchitecturesSuurem pilt
  • Formaat: Hardback, 193 pages, kõrgus x laius: 234x156 mm, kaal: 290 g
  • Ilmumisaeg: 17-Jul-2018
  • Kirjastus: CRC Press Inc
  • ISBN-10: 0815396414
  • ISBN-13: 9780815396413
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9780815396413.html
Märksõnad:
Information security has a major gap when cryptography is implemented. Cryptographic algorithms are well defined, key management schemes are well known, but the actual deployment is typically overlooked, ignored, or unknown. Cryptography is everywhere. Application and network architectures are typically well-documented but the cryptographic architecture is missing. This book provides a guide to discovering, documenting, and validating cryptographic architectures. Each chapter builds on the next to present information in a sequential process. This approach not only presents the material in a structured manner, it also serves as an ongoing reference guide for future use.
Preface vii
Author ix
1 Introduction
1(16)
1.1 Book Organization
2(1)
1.2 Book Applicability
3(1)
1.3 Network Cartoons
4(3)
1.4 Cryptography Lexicon
7(5)
1.5 Industry Standards
12(5)
2 Cryptography Basics
17(16)
2.1 Encryption
18(2)
2.2 Hash Functions
20(1)
2.3 Integrity and Authentication
21(2)
2.4 Non-Repudiation
23(5)
2.5 Tokenization
28(5)
3 Cryptographic Keys
33(18)
3.1 Symmetric Keys
33(9)
3.2 Asymmetric Keys
42(5)
3.3 Certificates and PKI
47(1)
3.4 Certificate Validation
48(3)
4 Authentication Protocols
51(14)
4.1 Domain Name System Security (DNSSEC)
51(4)
4.2 Domain Keys Identified Mail (DKIM)
55(1)
4.3 Security Assertion Markup Language (SAML)
56(3)
4.4 Open Authorization (OAUTH)
59(1)
4.5 Password and PIN Verification
60(3)
4.6 One-Time Password (OTP)
63(2)
5 Encryption Protocols
65(10)
5.1 Transport Layer Security (TLS)
65(2)
5.2 Internet Protocol Security (IPsec)
67(1)
5.3 Secure Shell (SSH)
68(2)
5.4 Pretty Good Privacy (OpenPGP)
70(1)
5.5 Password and Personal Identification Number Encryption
71(4)
6 Architectures
75(24)
6.1 Application Architecture
75(5)
6.2 Network Architecture
80(3)
6.3 Information Architecture
83(3)
6.4 Cryptographic Architecture
86(6)
6.5 Cryptographic Inventory
92(7)
7 Risk Management
99(24)
7.1 Facility Security
102(2)
7.2 System Security
104(1)
7.3 Cryptographic Modules
105(6)
7.4 Key Management
111(7)
7.5 Data Management
118(5)
8 Security Assessments
123(16)
8.1 Documentation
124(4)
8.2 Interviews
128(2)
8.3 Testing
130(2)
8.4 Analysis
132(2)
8.5 Reporting
134(5)
9 Illustrations
139(16)
9.1 Hypothetical Mobile Transaction
139(2)
9.2 EMV Payment Cards
141(5)
9.3 Secure Electronic Transactions (SET)
146(3)
9.4 ATM Remote Key Load (RKL)
149(3)
9.5 Database Encryption (DBE)
152(3)
Annex Quick References 155(28)
Bibliography 183(6)
Index 189
Jeff Stapleton has 30 plus years experience in the financial services industry with 25 years as a security professional involved in developing ANSI and ISO security standards including payments, cryptography, key management, public key infrastructures (PKI) and biometrics. Jeff earned his bachelor and master degrees in computer science from the Universities of Missouri in St. Louis (UMSL) and Rolla (UMR) and has taught information security at Washington University in St. Louis (WUSTL) and the University of Teas in San Antonio (UTSA). He has conducted security assessments of payment networks, financial institutions, and assisted in developing secure payment systems. He has authored numerous ISSA Journal articles, IEEE papers, and other periodicals. His book series Security without Obscurity is available from CRC Press.