Cryptography and Data Security

Electronic computers have evolved from exiguous experimental enterprises in the 1940s to prolific practical data processing systems in the 1980s. As we have come to rely on these systems to process and store data, we have also come to wonder about their ability to protect valuable data.

Data security is the science and study of methods of protecting data in computer and communication systems from unauthorized disclosure and modification. The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks. The book is for students and professionals seeking an introduction to these principles. There are many references for those who would like to study specific topics further.

Data security has evolved rapidly since 1975. We have seen exciting developments in cryptography: public-key encryption, digital signatures, the Data Encryption Standard (DES), key safeguarding schemes, and key distribution protocols. We have developed techniques for verifying that programs do not leak confidential data, or transmit classified data to users with lower security clearances. We have found new controls for protecting data in statistical databases — and new methods of attacking these databases. We have come to a better understanding of the theoretical and practical limitations to security.

Because the field is evolving so rapidly, it has been difficult to write a book that is both coherent and current. Even as the manuscript was in production, there were new developments in the field. Although I was able to incorporate a few of these developments, they are not as well integrated into the book as I would like. In many cases, I was only able to include references.

Some areas are still unsettled, and I was unable to treat them to my satisfaction. One such area is operating system verification; another is the integration of cryptographic controls into operating systems and database systems. I hope to cover these topics better in later editions of the book.

Data security draws heavily from mathematics and computer science. I have assumed my audience has some background in programming, data structures, operating systems, database systems, computer architecture, probability theory, and linear algebra. Because I have found most computer science students have little background in information theory and number theory, I have included self-contained tutorials on these subjects. Because complexity theory is a relatively new area, I have also summarized it.

This book is used in a one-semester graduate computer science course at Purdue University. The students are assigned exercises, programming projects, and a term project. The book is suitable for a graduate or advanced undergraduate course and for independent study. There are a few exercises at the end of each chapter, most of which are designed so the reader can recognize the right answer. I have purposely not included solutions. There is also a puzzle.

1. Introduction
1. Cryptography
2. Data Security
3. Cryptographic Systems
1. Public-Key Systems
2. Digital Signatures
4. Information Theory
1. Entropy and Equivocation
2. Perfect Secrecy
3. Unicity Distance
5. Complexity Theory
1. Algorithm Complexity
2. Problem Complexity and NP-Completeness
3. Ciphers Based on Computationally Hard Problems
6. Number Theory
1. Congruences and Modular Arithmetic
2. Computing Inverses
3. Computing in Galois Fields
2. Encryption Algorithms
1. Transposition Ciphers
2. Simple Substitution Ciphers
1.  Single-Letter Frequency Analysis
3. Homophonic Substitution Ciphers
1. Beale Ciphers
2. Higher-Order Homophonics
4. Polyalphabetic Substitution Ciphers
1. Vigenère and Beaufort Ciphers
2. Index of Coincidence
3. Kasiski Method
4. Running-Key Ciphers
5. Rotor and Hagelin Machines
6. Vernam Cipher and One-Time Pads
5. Polygram Substitution Ciphers
1. Playfair Cipher
2. Hill Cipher
6. Product Ciphers
1. Substitution-Permutation Ciphers
2. The Data Encryption Standard (DES)
3. Time-Memory Tradeoff
7. Exponentiation Ciphers
1. Pohlig-Hellman Scheme
2. Rivest-Shamir-Adleman (RSA) Scheme
3. Mental Poker
4. Oblivious Transfer
8. Knapsack Ciphers
1. Merkle-Hellman Knapsacks
2. Graham-Shamir Knapsacks
3. Shamir Signature-Only Knapsacks
4. A Breakable NP-Complete Knapsack
3. Cryptograhic Techniques
1. Block and Stream Ciphers
2. Synchronous Stream Ciphers
1. Linear Feedback Shift Registers
2. Output-Block Feedback Mode
3. Counter Method
3. Self-Synchronous Stream Ciphers
1. Autokey Ciphers
2. Cipher Feedback
4. Block Ciphers
1. Block Chaining and Cipher Block Chaining
2. Block Ciphers with Subkeys
5. Endpoints of Encryption
1. End-to-End versus Link Encryption
2. Privacy Homomorphisms
6. One-Way Ciphers
1. Passwords and User Authentication
7. Key Management
1. Secret Keys
2. Public Keys
3. Generating Block Encryption Keys
4. Distribution of Session Keys
8. Threshold Schemes
1. Lagrange Interpolating Polynomial Scheme
2. Congruence Class Scheme
4. Access Controls
1. Access-Matrix Model
1. The Protection State
2. State Transitions
3. Protection Policies
2. Access Control Mechanisms
1. Security and Precision
2. Reliability and Sharing
3. Design Principles
3. Access Hierarchies
1. Privileged Modes
2. Nested Program Units
4. Authorization Lists
1. Owned Objects
2. Revocation
5. Capabilities
1. Domain Switching with Protected Entry Points
2. Abstract Data Types
3. Capability-Based Addressing
4. Revocation
5. Locks and Keys
6. Query Modification
6. Verifiably Secure Systems
1. Security Kernels
2. Levels of Abstraction
3. Verification
7. Theory of Safe Systems
1. Mono-Operational Systems
2. General Systems
3. Theories for General Systems
4. Take-Grant Systems
5. Information Flow Controls
1. Lattice Model of Information Flow
1. Information Flow Policy
2. Information State
3. State Transitions and Information Flow
4. Lattice Structure
5. Flow Properties of Lattices
2. Flow Control Mechanisms
1. Security and Precision
2. Channels of Flow
3. Execution-Based Mechanisms
1. Dynamically Enforcing Security for Implicit Flow
2. Flow-Secure Access Controls
3. Data Mark Machine
4. Single Accumulator Machine
4. Compiler-Based Mechanism
1. Flow Specifications
2. Security Requirements
3. Certification Semantics
4. General Data and Control Structures
5. Concurrency and Synchronization
6. Abnormal Terminations
5. Program Verification
1. Assignment
2. Compound
3. Alternation
4. Iteration
5. Procedure Call
6. Security
6. Flow Controls in Practice
1. System Verification
2. Extensions
3. A Guard Application
6. Inference Controls
1. Statistical Database Model
1. Information State
2. Types of Statistics
3. Disclosure of Sensitive Statistics
4. Perfect Secrecy and Protection
5. Complexity of Disclosure
2. Inference Control Mechanisms
1. Security and Precision
2. Methods of Release
3. Methods of Attack
1. Small and Large Query Set Attacks
2. Tracker Attacks
3. Linear System Attacks
4. Median Attacks
5. Insertion and Deletion Attacks
4. Mechanisms that Restrict Statistics
1. Cell Suppression
2. Implied Queries
3. Partitioning
5. Mechanisms that Add Noise
1. Response Perturbation (Rounding)
2. Random-Sample Queries
3. Data Perturbation
4. Data Swapping
5. Randomized Response (Inquiry)
6. Summary

One of the classical texts that you're supposed to have read. I fail to see why.