Index

A

active attacks, 2–3

additive cipher, 25–26

Advanced Encryption Standard (AES), 56–58

keyexpansion in, 58–60

AES. See Advanced Encryption Standard (AES)

AH. See Authentication Header (AH)

alert protocol, 161

algebraic structure, 19

antivirus, 175–176

antivirussoftware, 176

application-level gateways, 180–181

arbitrated digital signature, 114–115

asymmetric-key cryptography, 76

characteristics of, 76

asymmetric-key encipherment, 11

audit records, 169

Authentication Header (AH), 151–152

autokey cipher, 28–29

avalanche effect, 51

B

bastion host, 182

behavior-blocking software, 178

birthday bound, 95

birthday paradox, 95

bit-oriented cipher, 33

block ciphers, 33, 61–64

mode of operation in, 61–64

boot sector virus, 173

C

Caesar cipher, 26

certificate renewable, 137–138

Certificate Revocation List (CRL), 137

change cipher spec protocol, 161

Chinese Remainder Theorem (CRT), 69–70

chosen-ciphertext attack, 77–78

Cipher Block Chaining (CBC) mode, 62

Cipher Feedback (CFB)mode, 62–63

cipher key, 45

ciphers, 10

ciphertext, 9

classical encryption techniques, 25

different categories of, 25

columnar transposition cipher, 32

common modulus attack, 78

completeness effect, 51

compression function, 96

congruence, 17

conventional encryption model, 24–25

issuesin, 25

co-prime, 65

CRT. See Chinese Remainder Theorem (CRT)

cryptography, 9

D

Data Encryption Standard (DES), 45

key generation of, 47–48

strength of, 49

weakness of, 49–50

decryption, 10

DES. See Data Encryption Standard (DES)

detection-specific audit records, 169

differential cryptanalysis, 50

Diffie-Hellman key exchange algorithm, 81–82

advantages of, 82

limitations of, 82

security and, 81–82

diffusion, 35

digital immune system, 176–177

digital signature, 111–112

attacks on, 113

process of, 112

properties and requirements of, 113

variations of, 120–121

Digital Signature Standard (DSS), 117–119

direct digital signature, 114

directory authentication service, 138

discrete logarithmic problems, 70–71

distributed intrusion detection, 170

architecture of, 170

distributed intrusion detection systems, 170–171

double DES (2-DES), 51–52

DSS. See Digital Signature Standard (DSS)

dual signatures, 163–164

E

ECC. See elliptic curve cryptosystem (ECC)

Electronic Code Book (ECB) mode, 61

ElGamal algorithm, 85

attacks on, 85

encryption and decryption process, 83–84

ElGamal encryption system, 83–84

elliptic curve cryptosystem (ECC), 86

elliptic curves, 85

Encapsulating Security Payload (ESP), 151

encryption, 10

ESP protocol, 154–155

transport and tunnel mode of, 155–157

ESP. See Encapsulating Security Payload (ESP)

Euclidean algorithm, 15–16

Euler's theorem, 66–67

Euler's totient function, 66

F

factorization attack, 77

Federal Information Processing Standard (FIPS 186), 117–119

Feistel cipher, 36–38

final design of, 37–38

model of, 36

Fermat's theorem, 65–66

field, 19–20

file-infecting virus, 173

firewall, 178

limitations of, 178

firewall configurations, 182–83

forwardable ticket, 135

G

group, 19

H

handshake protocol, 160–161

hash function, 93

hash-based MAC (HMAC), 106–109

design objectives of, 107

implementation of, 107–108

security of, 108–109

Hill cipher, 30–31

HMAC. See Hash-based MAC (HMAC)

honeypots, 171

I

IDEA algorithm, 55–56

IDEA. See International Data

Encryption Algorithm (IDEA)

IKE. See Internet Key Exchange (IKE)

Improved PES (IPES), 53

International Data Encryption Algorithm (IDEA), 53

Internet Key Exchange (IKE), 157

Internet Security Association and Key Management Protocol (ISAKMP), 159

header format of, 159

intruders, 167

intrusion detection, 168

intrusion techniques, 167

IP address spoofing, 180

IP security, 149–150

IPES. See Improved PES (IPES)

IPSec RFC documents, 150–151

ISAKMP. See Internet Security Association and Key Management Protocol (ISAKMP)

iterated hash functions, 96

K

Kerberos

requirements of, 130–131

Kerberos principal, 131

Kerberos protocol, 129–130

Kerberos realm, 131

key, 10

key clustering, 50

key expansion, 58–59

key management, 14

functions of, 14

rules for maintaining, 14

keyed transposition cipher, 25, 32

keyless transposition cipher, 25, 31

L

logic bomb, 175

M

MAC. See message authentication code (MAC)

malicious software, 173

man-in-the-middle attack, 83

MD5 (message digest, version 5), 96–99

meet-in-the-middle attack, 52

message authentication, 91

attacks on, 91

functions, 91–92

types of authentication, 91

message authentication code (MAC), 92–93

Miller-Rabin algorithm, 68

modern block cipher, 33–35

modular arithmetic, 16

monoalphabetic cipher, 25

different techniques of, 25

multiplicative cipher, 27

mutual authentication protocol, 121–124

N

National Institute of Standards and Technology (NIST), 45

native audit records, 169

NESSIE. See New European Schemes for Signatures, Integrity, and Encryption (NESSIE)

network security, 1–7

overview of, 1–7

principles of, 2–3

model for, 6–7

network security attack, 2, 7

New European Schemes for Signatures, Integrity, and Encryption (NESSIE), 104

NIST. See National Institute of Standards and Technology (NIST)

non-Feistel cipher, 38

O

Oakley algorithm, 158–159

features of, 158–159

onetime pad, 33

one-way authentication protocol, 124–125

Output Feedback (OFB) mode, 63–64

P

packet-filtering router, 179–180

passive attack, 2

password protection approaches, 168

password selection strategies, 172

PES. See Proposed Encryption Standard (PES)

PGP. See pretty good privacy (PGP)

plaintext, 9

plaintext attack, 78

Playfair cipher, 29–30

polyalphabetic ciphers, 25, 28

technique of, 28

polymorphic virus, 173

possible weak keys, 50

postdatable ticket, 135

pretty good privacy (PGP), 139–142

concept of trust and legitimacy, 142–143

general format of, 145

key rings and, 142

services of, 139–142

steps followed for transmission and reception of, 142

structure of key rings of, 143–145

primality testing, 67–68

categories of, 67–68

prime number, 65

private key, 112

product cipher, 36

Proposed Encryption Standard (PES), 53

public announcement, 78

public directory, 78

public key, 78–81, 112

distribution of, 78–80

public-key authority, 79

public-key certificates, 79–80

public-key cryptography, 80–81

distribution of secret keys using, 80–81

public-key encryption technique, 125

R

Rabin-Miller test. See Miller-Rabin algorithm

renewable ticket, 135

ring, 19

RSA cryptosystem, 76–77

RSA digital signature scheme, 115–117

S

secret key, 113

Secure Electronic Transaction (SET), 162–164

Secure Hash Algorithm (SHA), 99–103

secure hash function, 94–95

characteristics of, 94–95

Secure Hash Standard (SHS), 99

Secure Socket Layer (SSL), 160–161

secure/multipurpose Internet mail extension (S/MIME), 146–149

security mechanisms, 4–5

semi-weak keys, 50

set of residues, 16–17

SHA. See Secure Hash Algorithm (SHA)

Shannon's theory of diffusion and confusion, 35

shift cipher, 26

SHS. See Secure Hash Standard (SHS)

simple hash function, 93–94

source routing attack, 180

spyware, 175

SSL record protocol, 160

stealth virus, 173–174

steganography, 15

stream cipher, 32

substitution cipher, 25

symmetric-key cipher, 24

symmetric-key encipherment, 10

symmetric-key encryption technique, 124–125

T

timing attack, 78

tiny fragment attack, 180

Transport Layer Security (TLS), 162

transposition cipher, 25

triple DES, 52–54

Trojan horse, 175

trusted system, 183

V

Vigenere cipher, 30

Vital Information Resources Under Seize (Virus), 173–174

W

weak keys, 50

Whirlpool, 104

Whirlpool cryptographic hash function, 104–106

worms, 174–175

X

X.509, 137–138

certificate renewable and, 137–138

certificate revocation and, 137–138

authentication procedure of, 138–139

X.509 authentication service, 135–137

certificates and, 135–137