Computer Communications Security

Designed as both a tutorial and reference, the goal of this book is to create an awareness and understanding of standardized methods for securing computer networks and their applications. It is divided into two parts.

• Part I provides a technical tutorial spanning the computer communications security field. It includes an introduction to the terminology, concepts, methods, and overall architectural approaches used throughout the field.
• Part II focuses on computer communications security protocols and techniques that have been standardized by groups such as ISO, ANSI, or the Internet community. Topics covered include security architectures and frameworks; security techniques, including key management, upper- and lower-layer security protocols; electronic mail and EDI security; directory systems security; and network management security.

1. Introduction
1. Typical Security Requirements
• Banking
• Electronic Trading
• Government
• Public Telecommunications Carriers
• Corporate/Private Networks
2. Security and Open Systems
• Summary; References
• Part I —Technical Background
2. Network Security Fundamentals
1. Security Policy
• Authorization
• Access Control Policies
• Accountability
2. Threats and Safeguards
• Basic Concepts
• Fundamental Threats
• Primary Enabling Threats
• Underlying Threats
• Safeguards
• Viruses
3. Security Services
• Authentication
• Access Control
• Confidentiality
• Data Integrity
• Non-repudiation
• Application Examples
4. Intrusion Detection and Security Audit
• Summary; Exercises; References
3. Security in a Layered Protocol Architecture
1. Protocol Layering — Principles and Terminology
• History
• Layering Principles
• The Seven OSI Layers
• Upper Layers and Lower Layers
• Layer Services and Facilities
• Connection-Oriented and Connectionless Services
2. The OSI Layer Structures, Services, and Protocols
• Application Layer
• Presentation Layer
• Session Layer
• Transport Layer
• Network Layer
• Subnetwork Technology Functions
3. Internet (TCP/IP) Protocol Suite
• Application Layer Protocols
• Transport and Network Layer Protocols
4. Architectural Placement of Security Services
• Application Level Security
• End-System Level Security
• Subnetwork Level Security
• Direct-Link Level Security
• Human User Interactions
5. Management of Security Services
• Summary; Exercises; References
4. Cryptographic Techniques
1. Symmetric Cryptosystems
• Data Encryption Standard (DES)
• Modes of Operation
• Strength of DES
• U.S. Government DES Replacement
2. Public Key Cryptosystems
• RSA Algorithm
• ElGamal Algorithm
3. Integrity Check-Values (Seals)
4. Digital Signatures
• Digital Signature with Message Recovery
• The U.S. Digital Signature Standard
• Hash Functions
5. Introduction to Key Management
6. Distribution of Secret Keys
• Key Distribution Using Symmetric Techniques
• Key Usage Control
• Key Distribution via Access Enforcement Key Server
• Key Distribution Using Reversible Public Public-Key Techniques
• Diffie-Hellman Key Derivations
7. Distribution of Public-Key Cryptosystem Keys
• Public-Key Distribution
• Key Pair Generation
• Certificate Revocation
• Case Study: PEM Certification Infrastructure
• Summary; Exercises; References
5. Authentication
1. General Concepts
2. Password
• Countering External Disclosure and Password Guessing
• Countering Line Eavesdropping
• Countering Verifier Compromise
• Countering Replay
3. Other Non-cryptographic Mechanisms
• One-Time Passwords
• Challenger-Response
• Address-Based Mechanisms
• Mechanisms Using Personal Characteristics
• Personal Authentication Tokens
4. Use of Cryptographic Techniques
• Role of On-Line Servers
• Role of Off-Line Servers
• Zero-Knowledge Techniques
• Personal Authentication
5. Authentication Protocol Subtleties
• Replay and Interception Attacks
• Use of Non-repeating Values
• Mutual Authentication Protocols
• Preserving Authentication
6. Some Specific Mechanisms
• Kerberos
• X.509 Authentication Exchanges
• Authenticated Diffie-Hellman Exchange
7. Data Origin Authentication
8. Protocol Requirements
• Authentication Exchanges
• On-line Server Communications
• Certificate Communications
9. Architectural Placement
• Entry Authentication
• Data Origin Authentication
• Summary; Exercises; References
6. Access Control
1. Access Control Policies
• Individual-Based Policies
• Group-Based Policies
• Role-Based Policies
• Multi-Level Policies
• Compartment-Based Policies
• Value-Dependent Controls
• Multiple-User Control
• Context-Based Controls
• Target Granularity and Policy Interactions
2. Access Control Mechanisms
• Access Control Lists
• Capabilities
• Security Labels
• Information Model Relating the Mechanisms
• Password-Based Mechanisms
3. Case Study: FTAM Access Control
4. Network Access Control Function Distribution
• Incoming, Outgoing, and Interposed Access Control
• Example Configurations
• Policy Mapping Through Cooperating Domains
• Access Control Forwarding
5. Management of Access Control Information
• Generation, Distribution, and Storage
• Revocation
6. Communications Access Control and Routing Control
7. Protocol Requirements and Architectural Placement
• Summary; Exercises; References
7. Confidentiality and Integrity
1. Provision of Confidentiality
• Two Approaches to Confidentiality
• Flow Controls
• Data Granularity
2. Confidentiality Mechanisms
• Encryption
• Data Padding
• Traffic Padding
• Other Mechanisms
3. Provision of Data Integrity
• Data Granulariity
• Recovery
4. Data Integrity Mechanisms
• Testwords
• Seals or Signatures
• Encryption
• Sequence Integrity
• Replication
• Integrity Recovery
5. Combining Confidentiality and Data Integrity
6. Protocol Requirements
• Security Transformations
• Protocol Control Information
• Security Labels
7. Architectural Placement
• Selective Field Confidentiality and Integrity
• Connection and Connectionless Confidentiality and Integrity
• Traffic Flow Confidentiality
• Integrity Recovery
• Key Management
8. Physical Equipment Options
• Summary; Exercises; References
8. Non-repudiation
1. Phase and Roles in the Non-repudiation Process
• Service Request
• Evidence Generation
• Evidence Transfer/Storage
• Evidence Verification
• Dispute Resolution
2. Non-repudiation of Origin
• Originator's Digital Signature
• Trusted Third Party Digital Signature on Data
• Trusted Third Party Digital Signature on Digest
• Trusted Third Party Token
• In-line Trusted Third Party
• Mechanisms Combinations
• Time-Stamping
3. Non-repudiation of Delivery
• Recipient Acknowledgment with Signature
• Recipient Acknowledgment with Token
• Trusted Delivery Agent
• Two-Stage Delivery
• Progressive Delivery Reports
4. Functions of Trusted Third Parties
5. Protocol Requirements
• Summary; Exercises; References
• Part II — Standard Protocols and Techniques
9. Security Architecture and Frameworks
1. The OSI Security Architecture
• Background
• Terminology
2. OSI Security Services and Mechanisms
• Security Services
• Security Mechanisms
• Placement of Services in OSI Layers
3. The Security Frameworks Project
• Background
• General Concepts
4. The Framework Parts
• Frameworks Overview
• Authentication Framework
• Access Control Framework
• Other Frameworks
5. Use of the Security Architecture and Framework Standards
6. Introduction to the Techniques and protocols Standards
• Summary; References
10. Standard Security Techniques
1. Cryptographic Algorithms
• ISO Policy on Standardization of Algorithms
• Register of Algorithms
• Modes of Operation
2. Seals and Digital Signatures
• Message Authentication Code
• Digital Signature with Appendix
• Digital Signature with Message Recovery
3. Entity Authentication
• Techniques Using Symmetric Cryptography
• Techniques Using Public-Key Cryptography
4. Key Management Using Symmetric Techniques
• ANSI X9.17
• Multiple-Center Key Management
• Other Standards
5. Key Management Using Public-Key Techniques
• Directory Authentication Framework
• Financial Industry Standards
• Other Standards
6. Security Labels
7. Other Standardization Projects
• Miscellaneous International Security Techniques Projects
• Miscellaneous Banking Security Projects
8. Smart Card Standards
• Summary; References
11. Lower Layers Security Protocols
1. Security Services
2. General Security Architectural Concepts
• Security Associations
• Agreed Set of Security Rules
• Protection Quality-of-Service
3. Transport Layer Security Protocol
• Background
• Architecture
• Security Mechanisms
• Security Encapsulation
• Security Association Attributes
• Security Association Protocol
4. Network Layer Security Protocol
• Background
• Architecture
• Secure Data Transfer
• Connection Establishment and Release
5. IEEE LAN Security Protocol
• Background
• Architecture
• Secure Data Exchange Protocol
• Security Associations and Key Management
6. Other Standards
• Packet-Switching Protocols
• Connectionless Network Protocols
• Physical Layer
• Summary; Exercises; References
12. Upper Layers Security Protocols
1. OSI Upper Layers Architectural Overview
• Application Layer Structure
• Operations of the Presentation Layer
• Role of ASN.1 Notation
• Relaying of Presentation Data Values
2. Upper Layers Security Model
• Security Functions
• Security Exchanges and Security Transformations
• Security Associations
3. Authentication at Association Establishment
4. Security Exchanges
• Defining a Security Exchange
• The Security Exchange Service Element (SESE)
• Use of SESE in an Application-Context
5. Security Transformations
• Role of Security Associations
• Transformation Parameters
• The Generic Protecting Transfer Syntax
• Defining a Security Transformation
• The Need for a Single-Valued Encoding Rules
• Secure Binding of Protocol Fields
6. Selective Field Protection
• The Directory Authentication Framework Notation
• The generic Upper Layers Security Notation
• Compound Usage of Selective Field Notation
7. Building a Specific Application Protocol
• Summary; Exercises; References
13. Electronic Mail and EDI Security
1. MHS (X.400) Overview
• Background
• Functional Model
• MHS Protocol — Physical Configurations
• Message Structure
• Notifications
• Probes
• Names and Addresses
• Conversations
• Navigating the MHS Standards
2. MHS Security Services
• Threats
• Basic End-to-End Services
• Message Path Services
• MTS Corroborative Services
• Non-repudiation Services
• Security Management Services
• Unsupported Services
• Interaction Between Security Services and Other Services
3. MHS Security Protocol Elements
• Message Envelope Fields
• Tokens
• Probe Envelope Fields
• Security Protocol Fields Associated with Reports
• Submission Result Fields
• Bind Operation Fields
• Administration Operation Fields
4. Provision of the MHS Basic End-to-End Security Services
• Message Origin Authentication (End-to-End) and Content Integrity
• Proof of Delivery
• Content Confidentiality
• Message Sequence Integrity
5. Provision of Other MHS Security Services
• Peer-Entity Authentication
• Message Security Labeling
• Security Context
• Message Origin Authentication (MTS)
• Probe Origin Authentication
• Report Origin Authentication
• Proof of Submission
• Non-repudiation Services
• Security Management Services
6. Security Techniques Used by MHS
• Encryption
• Seals and Signatures
• Authentication Exchanges
• Security Labels
7. MHS Security Profiles
8. EDI Security
• The EDI Content Type
• Security Services
• Security Fields in EDI Messages and Notifications
• Provision of the Additional End-to-End Services
• Security Within an EDI Interchange — ANSI X12
9. Internet Privacy Enhanced Mail
• Background
• Security Services
• Security Techniques
• Message Representation
• PEM Message Format
• Certification Infrastructure
10. The SDNS Message Security Protocol
• Summary; Exercises; References
14. Directory Systems Security
1. Directory (X.500) Overview
• The Directory Information Base
• Functional Model
• Directory Services
• Directory Administrative Model
• Directory Protocols
• Navigating the Directory Standards
2. Security Requirements
• Directory Information Protection
• Public-Key Certificate Distribution
3. The Directory Authentication Framework (X.509)
• Simple Authentication Exchange
• Strong Authentication Exchanges
• Public-Key Certificates
• General-Purpose ASN.1 Constructs
• Certificate Management
• Cryptographic Algorithms
• Deficiencies
4. Directory Access Control Lists
• Access Control Statements
• Protected Items
• User Classes
• Permissions
• Precedence
• Authentication  Level
• Decision Procedure
• Example
5. Scope of Access Control Statements
• Access Control Specific Areas
• Access Control Inner Areas
• Directory Access Control Domains
• Basic and Simplified Access Control Schemes
6. Directory Protocol Security Elements
• Entity Authentication
• Signed Operations
• Access Control
• Summary; Exercises; References
15. Network Management
1. OSI Management Overview
• Framework Standards
• Protocol
2. OSI Management Security
• Security Alarm Reporting Function
• Security Audit Trail Function
• Access Control to Management Resources
• CMIP Security
3. Internet SNMP Overview
• Architectural Model
• Information Model
• Protocol
• Administrative Models
4. SNMP Security
• Security Services
• Digest Authentication Protocol
• Symmetric Privacy Protocol
• Management of SNMP Security
• Access Control
• Summary; Exercises; References
16. Security Evaluation Criteria
1. U.S. Department of Defense Criteria
• The Orange Book
• The Red Book
2. European Criteria
3. Other Criteria Projects
4. Cryptographic Devices
• Summary; References
17. Planning Considerations
1. Requirements Analysis
• Policy and Environment
• Security Functionality
• Performance
• Operational Cost
• International Considerations
• User Acceptability
2. Overall Solution
• Standards and Profiles
• Architectural Placement
• Security Techniques and Algorithms
• Registration
• Failure/Recovery Strategies
3. Supporting Infrastructure
• Naming and Name Management
• Security Management Infrastructures
4. Product Planning
• Product Life Cycle
• Evaluation and Endorsement
• Summary

1. The Standardization Process.
2. ASN.1 Notation and Registration.
3. How to Obtain Standards Documents.

A good book that is described by its title. Too old to include HTTP or equivalent protocols.