William Stallings' Cryptography and Network Security: Principles and Practice, 5e is a practical survey of cryptography and network security with unmatched support for instructors and students. In this age of universal electronic connectivity, viruses and hackers, electronic eavesdropping, and electronic fraud, security is paramount. This text provides a practical survey of both the principles and practice of cryptography and network security. First, the basic issues to be addressed by a network security capability are explored through a tutorial and survey of cryptography and network security technology. Then, the practice of network security is explored via practical applications that have been implemented and are in use today. An unparalleled support package for instructors and students ensures a successful teaching and learning experience. The new edition has been updated to include coverage of the latest topics including expanded coverage of block cipher modes of operation, including authenticated encryption; revised and expanded coverage of AES; expanded coverage of pseudorandom number generation; new coverage of federated identity, HTTPS, Secure Shell (SSH) and wireless network security; completely rewritten and updated coverage of IPsec; and a new chapter on legal and ethical issues.

Table of Contents

NOTATION PREFACE Chapter 0 Reader's Guide 0.1 Outline of This Book 0.2 A Roadmap for Readers and Instructors 0.3 Internet and Web Resources 0.4 Standards Chapter 1 Overview 1.1 Computer Security Concepts 1.2 The OSI Security Architecture 1.3 Security Attacks 1.4 Security Services 1.5 Security Mechanisms 1.6 A Model for Network Security 1.7 Recommended Reading and Web Sites 1.8 Key Terms, Review Questions, and Problems PART ONE SYMMETRIC CIPHERS Chapter 2 Classical Encryption Techniques 2.1 Symmetric Cipher Model 2.2 Substitution Techniques 2.3 Transposition Techniques 2.4 Rotor Machines 2.5 Steganography 2.6 Recommended Reading and Web Sites 2.7 Key Terms, Review Questions, and Problems Chapter 3 Block Ciphers and the Data Encryption Standard 3.1 Block Cipher Principles 3.2 The Data Encryption Standard (DES) 3.3 A DES Example 3.4 The Strength of DES 3.5 Differential and Linear Cryptanalysis 3.6 Block Cipher Design Principles 3.7 Recommended Reading and Web Site 3.8 Key Terms, Review Questions, and Problems Chapter 4 Basic Concepts in Number Theory and Finite Fields 4.1 Divisibility and the Division Algorithm 4.2 The Euclidean Algorithm 4.3 Modular Arithmetic 4.4 Groups, Rings, and Fields 4.5 Finite Fields of the Form GF(p) 4.6 Polynomial Arithmetic 4.7 Finite Fields of the Form GF(2n) 4.8 Recommended Reading and Web Sites 4.9 Key Terms, Review Questions, and Problems APPENDIX 4A The Meaning of mod Chapter 5 Advanced Encryption Standard 5.1 The Origins AES 5.2 AES Structure 5.3 AES Round Functions 5.4 AES Key Expansion 5.5 An AES Example 5.6 AES Implementation 5.7 Recommended Reading and Web Sites 5.8 Key Terms, Review Questions, and Problems APPENDIX 5A Polynomials with Coefficients in GF(28) APPENDIX 5B Simplified AES Chapter 6 Block Cipher Operation 6.1 Multiple Encryption and Triple DES 6.2 Electronic Codebook Mode 6.3 Cipher Block Chaining Mode 6.4 Cipher Feedback Mode 6.5 Output Feedback Mode 6.6 Counter Mode 6.7 XTS Mode for Block-Oriented Storage Devices 6.8 Recommended Web Site 6.9 Key Terms, Review Questions, and Problems Chapter 7 Pseudorandom Number Generation and Stream Ciphers 7.1 Principles of Pseudorandom Number Generation 7.2 Pseudorandom Number Generators 7.3 Pseudorandom Number Generation Using a Block Cipher 7.4 Stream Ciphers 7.5 RC4 7.6 True Random Numbers 7.7 Recommended Reading 7.8 Key Terms, Review Questions, and Problems PART TWO ASYMMETRIC CIPHERS Chapter 8 More Number Theory 8.1 Prime Numbers 8.2 Fermat's and Euler's Theorems 8.3 Testing for Primality 8.4 The Chinese Remainder Theorem 8.5 Discrete Logarithms 8.6 Recommended Reading and Web Sites 8.7 Key Terms, Review Questions, and Problems Chapter 9 Public-Key Cryptography and RSA 9.1 Principles of Public-Key Cryptosystems 9.2 The RSA Algorithm 9.3 Recommended Reading and Web Sites 9.4 Key Terms, Review Questions, and Problems Appendix 9A: Proof of the RSA Algorithm Appendix 9B: The Complexity of Algorithms Chapter 10 Other Public-Key Cryptosystems 10.1 Diffie-Hellman Key Exchange 10.2 ElGamal Cryptosystem 10.3 Elliptic Curve Arithmetic 10.4 Elliptic Curve Cryptography 10.5 Pseudorandom Number Generation Based on an Asymmetric Cipher 10.6 Recommended Reading and Web Sites 10.7 Key Terms, Review Questions, and Problems PART THREE CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS Chapter 11 Cryptographic Hash Functions 11.1 Applications of Cryptographic Hash Functions 11.2 Two Simple Hash Functions 11.3 Requirements and Security 11.4 Hash Functions Based on Cipher Block Chaining 11.5 Secure Hash Algorithm (SHA) 11.6 SHA-3 11.7 Recommended Reading and Web Sites 11.8 Key Terms, Review Questions, and Problems Appendix 11A: Mathematical Basis of Birthday Attack Chapter 12 Message Authentication Codes 12.1 Message Authentication Requirements 12.2 Message Authentication Functions 12.3 Message Authentication Codes 12.4 Security of MACs 12.5 MACs Based on Hash Functions: HMAC 12.6 MACs Based on Block Ciphers: DAA and CMAC 12.7 Authenticated Encryption: CCM and GCM 12.8 Pseudorandom Number Generation using Hash Functions and MACs 12.9 Recommended Reading 12.10 Key Terms, Review Questions, and Problems Chapter 13 Digital Signatures 13.1 Digital Signatures 13.2 ElGamal Digital Signature Scheme 13.3 Schnorr Digital Signature Scheme 13.4 Digital Signature Standard (DSS) 13.5 Recommended Reading and Web Sites 13.6 Key Terms, Review Questions, and Problems PART FOUR MUTUAL TRUST Chapter 14 Key Management and Distribution 14.1 Symmetric Key Distribution Using Symmetric Encryption 14.2 Symmetric Key Distribution Using Asymmetric Encryption 14.3 Distribution of Public Keys 14.4 X.509 Certificates 14.5 Public Key Infrastructure 14.6 Recommended Reading and Web Sites 14.7 Key Terms, Review Questions, and Problems Chapter 15 User Authentication Protocols 15.1 Remote User Authentication Principles 15.2 Remote User Authentication Using Symmetric Encryption 15.3 Kerberos 15.4 Remote User Authentication Using Asymmetric Encryption 15.5 Federated Identity Management 15.6 Recommended Reading and Web Sites 15.7 Key Terms, Review Questions, and Problems Appendix 15A: Kerberos Encryption Techniques PART FIVE NETWORK AND INTERNET SECURITY Chapter 16 Transport-Level Security 16.1 Web Security Issues 16.2 Secure Sockets Layer (SSL) 16.3 Transport Layer Security (TLS) 16.4 HTTPS 16.5 Secure Shell (SSH) 16.6 Recommended Reading and Web Sites 16.7 Key Terms, Review Questions, and Problems Chapter 17 Wireless Network Security 17.1 IEEE 802.11 Wireless LAN Overview 17.2 IEEE 802.11i Wireless LAN Security 17.3 Wireless Application Protocol Overview 17.4 Wireless Transport Layer Security 17.5 WAP End-to-End Security 17.6 Recommended Reading and Web Sites 17.7 Key Terms, Review Questions, and Problems Chapter 18 Electronic Mail Security 18.1 Pretty Good Privacy (PGP) 18.2 S/MIME 18.3 DomainKeys Identified Mail (DKIM) 18.4 Recommended Web Sites 18.5 Key Terms, Review Questions, and Problems Appendix 18A: Radix-64 Conversion Chapter 19 IP Security 19.1 IP Security Overview 19.2 IP Security Policy 19.3 Encapsulating Security Payload 19.4 Combining Security Associations 19.5 Internet Key Exchange 19.6 Cryptographic Suites 19.7 Recommended Reading and Web Sites 19.8 Key Terms, Review Questions, and Problems APPENDICES Appendix A Projects for Teaching Cryptography and Network Security A.1 Sage Computer Algebra Projects A.2 Hacking Project A.3 Block Cipher Projects A.4 Laboratory Exercises A.5 Research Projects A.6 Programming Projects A.7 Practical Security Assessments A.8 Writing Assignments A.9 Reading/Report Assignments Appendix B Sage Examples B.1 Appendix C Sage Problems C.1 ONLINE CHAPTERS PART SIX SYSTEM SECURITY Chapter 20 Intruders 20.1 Intruders 20.2 Intrusion Detection 20.3 Password Management 20.4 Recommended Reading and Web Sites 20.5 Key Terms, Review Questions, and Problems Appendix 20A The Base-Rate Fallacy Chapter 21 Malicious Software 21.1 Types of Malicious Software 21.2 Viruses 21.3 Virus Countermeasures 21.4 Worms 21.5 Distributed Denial of Service Attacks 21.6 Recommended Reading and Web Sites 21.7 Key Terms, Review Questions, and Problems Chapter 22 Firewalls 22.1 The Need for Firewalls 22.2 Firewall Characteristics 22.3 Types of Firewalls 22.4 Firewall Basing 22.5 Firewall Location and Configurations 22.6 Recommended Reading and Web Sites 22.7 Key Terms, Review Questions, and Problems PART SEVEN LEGAL AND ETHICAL ISSUES Chapter 23 Legal and Ethical Issues 23.1 Cybercrime and Computer Crime 23.2 Intellectual Property 23.3 Privacy 23.4 Ethical Issues 23.5 Recommended Reading and Web Sites 23.6 Key Terms, Review Questions, and Problems ONLINE APPENDICES WilliamStallings.com/Crypto/Crypto5e.html APPENDIX D Standards and Standards-Setting Organizations D.1 The Importance of Standards D.2 Internet Standards and the Internet Society D.3 National Institute of Standards and Technology APPENDIX E Basic Concepts from Linear Algebra APPENDIX F Measures of Security and Secrecy APPENDIX G Simplified DES E.1 Overview E.2 S-DES Key Generation E.3 S-DES Encryption E.4 Analysis of Simplified DES E.5 Relationship to DES APPENDIX H Evaluation Criteria for AES H.1 The Origins of AES H.2 AES Evaluation APPENDIX I More on Simplified AES G.1 Arithmetic in GF(24) G.2 The Mix Column Function APPENDIX J Knapsack Public-Key Algorithm I.1 The Knapsack Problem I.2 The Knapsack Cryptosystem I.3 Example APPENDIX K Proof of the Digital Signature Algorithm APPENDIX L TCP/IP and OSI K.1 Protocols and Protocol Architectures K.2 The TCP/IP Protocol Architecture K.3 The Role of an Internet Protocol K.4 IPv4 K.5 IPv6 K.6 The OSI Protocol Architecture APPENDIX M Java Cryptographic APIs M.1 Introduction M.2 JCA and JCE Architecture M.3 JCA Classes M.4 JCE Classes M.5 Conclusion and References M.6 Using the Cryptographic Application M.7 JCA/JCE Cryptography Example APPENDIX N The Whirlpool Hash Function N.1 Whirlpool Hash Structure N.2 Block Cipher W N.3 Performance of Whirlpool APPENDIX O Data Compression Using ZIP APPENDIX P PGP Random Number Generation GLOSSARY REFERENCES INDEX LIST OF ACRONYMS

Author Biography

William Stallings has made a unique contribution to understanding the broad sweep of technical developments in computer networking and computer architecture. He has authored 18 titles, and counting revised editions, a total of 35 books on various aspects of these subjects. In over 20 years in the field, he has been a technical contributor, technical manager, and an executive with several high-technology firms. Currently he is an independent consultant whose clients have included computer and networking manufacturers and customers, software development firms, and leading-edge government research institutions. He has received the prize for best Computer Science and Engineering textbook of the year from the Textbook and Academic Authors Association six times. Bill has designed and implemented both TCP/IP-based and OSI-based protocol suites on a variety of computers and operating systems, ranging from microcomputers to mainframes. As a consultant, he has advised government agencies, computer and software vendors, and major users on the design, selection, and use of networking software and products. Dr. Stallings holds a Ph.D. from M.I.T. in Computer Science and a B.S. from Notre Dame in Electrical Engineering.