Network Security

Private Communication in a Public World

Charlie Kaufman, Radia Perlman, Mike Speciner

Publisher: Prentice Hall, 1995, 504 pages

ISBN: 0-13-061466-1

Keywords: Networks, IT Security

Last modified: April 20, 2021, 12:58 p.m.

A comprehensive yet comprehensible and witty guide to the latest advances in computer network security protocols. The author team includes Charlie Kaufman, currently chief security architect for Lotus Notes, and formerly Network Security Architect at Digital Equipment Corporation; best-selling author Radia Perlman, currently with Novell, anda specialist in the areas of bridging and routing, as well as sabotage-proof networks; and Mike Speciner, Chief Architect at ColorAge, an expert in number theory and operating systems, and formerly the security for Camex, Inc.

Network Security

  • examines the state of computer network security — what works, what doesn't, and why.
  • explains clearly the cryptographic algorithms on which most network data systems depend.
  • provides comprehensive descriptions of many authentication systems, including Kerberos, NetWare, Lotus Notes, DASS, and KryptoKnight.
  • offers a rigorous treatment of secure electronic mail standards, including PEM, PGP, and X.400
  • describes classic security pitfalls and how to avoid them when designing protocols.

In this book, the authors go beyond documenting standards and technology; they contrast competing schemes, explain weaknesses and strengths, and describe common mistakes people make when intending to design secure systems.

Network Security will appeal to a broad range of professionals, from those who have to design or evaluate security systems to system administrators and programmers who want a better understanding of this important field. It can also be used as a textbook at the graduate or advanced undergraduate level.

    1. Introduction
      1. Roadmap to the Book
      2. What Type of Book Is This?
      3. Terminology
      4. Notation
      5. Primer on Networking
        1. OSI Reference Model
        2. Directory Service
        3. Replicated Service
        4. Packet Switching
        5. Network Components
        6. Destinations: Ultimate and Intermediate
        7. Address Structure
      6. Tempest
      7. Firewalls/Security Gateways
        1. Packet Filters
        2. Application Level Gateway
        3. Encrypted Tunnels
      8. Key Escrow for Law Enforcement
      9. Key Escrow for Careless Users
      10. Viruses, Worms, Trojan Horses
        1. Where Do They Come From?
        2. Spreading Pests from Machine to Machine
        3. Virus Checkers
        4. What Can We Do Today?
        5. Wish List for the Future
      11. The Military Model of Security
        1. Mandatory (Nondiscretionary) Access Controls
        2. Levels of Security
        3. Mandatory Access Control Rules
        4. Covert Channels
        5. The Orange Book
      12. Legal Issues
        1. Patents
        2. Export Controls
  • Cryptography
    1. Introduction to Cryptography
      1. What Is Cryptography?
        1. Computational Difficulty
        2. To Publish or Not to Publish
        3. Secret Codes
      2. Breaking an Encryption Scheme
        1. Ciphertext Only
        2. Known Plaintext
        3. Chosen Plaintext
      3. Types of Cryptographic Functions
      4. Secret Key Cryptography
        1. Security Uses of Secret Key Cryptography
        2. Transmitting Over an Insecure Channel
        3. Secure Storage on Insecure Media
        4. Authentication
        5. Digital Signatures
      5. Public Key Cryptography
        1. Security Uses of Public Key Cryptography
        2. Transmitting Over an Insecure Channel
        3. Secure Storage on Insecure Media
        4. Authentication
        5. Digital Signatures
      6. Hash Algorithms
        1. Password Hashing
        2. Message Integrity
        3. Message Fingerprint
        4. Downline Load Security
        5. Digital Signature Efficiency
      7. Homework
    2. Secret Key Cryptography
      1. Introduction
      2. Generic Block Encryption
      3. Data Encryption Standard (DES)
        1. DES Overview
        2. The Permutations of the Data
        3. Generating the Per-Round Keys
        4. A DES Round
        5. The Mangler Function
        6. Weak and Semi-Weak Keys
        7. What's So Special About DES?
      4. International Data Encryption Algorithm (IDEA)
        1. Primitive Operations
        2. Key Expansion
        3. One Round
          1. Odd Round
          2. Even Round
        4. Inverse Keys for Decryption
        5. Does IDEA Work?
      5. Using Secret Key Cryptography in Protocols
      6. Encrypting a Large Message
        1. Electronic Code Book (ECB)
        2. Cipher Block Chaining (CBC)
          1. CBC Threat 1 — Modifying Ciphertext Blocks
          2. CBC Threat 2 — Rearranging Ciphertext Blocks
        3. Output Feedback Mode (OFB)
        4. Cipher Feedback Mode (CFB)
      7. Generating MICs
        1. Ensuring Privacy and Integrity Together
        2. CBC with a Weak Cryptographic Checksum
        3. CBC with a Cryptographic Hash
        4. CBC Encryption and CBC Residue with Related Keys
      8. Multiple Encryption DES
        1. How Many Encryptions?
          1. Encrypting Twice with the Same Key
          2. Encryption Twice with Two Keys
          3. Triple Encryption
        2. CBC Outside vs Inside
      9. Homework
    3. Hashes and Message Digests
      1. Introduction
      2. Nifty Things to Do with a Hash
        1. Authentication
        2. Computing a MIC with a Hash
        3. Encryption with a Message Digest
          1. Generating a One-Time Pad
          2. Mixing In the Plaintext
        4. Using Secret Key for a Hash
          1. UNIX Password Hash
          2. Hashing Large Messages
      3. MD2
        1. MD2 Padding
        2. MD2 Checksum Computation
        3. MD2 Final Pass
      4. MD4
        1. MD4 Message Padding
        2. Overview of MD4 Message Disgest Computation
        3. MD4 Message Digest Pass 1
        4. MD4 Message Digest Pass 2
        5. MD4 Message Digest Pass 3
      5. MD5
        1. MD5 Message Padding
        2. Overview of MD5 Message Disgest Computation
        3. MD5 Message Digest Pass 1
        4. MD5 Message Digest Pass 2
        5. MD5 Message Digest Pass 3
        6. MD5 Message Digest Pass 4
      6. SHS
        1. SHS Message Padding
        2. Overview of SHS Message Disgest Computation
        3. SHS Operations on a 512-bit Block
      7. Homework
    4. Public Key Algorithms
      1. Introduction
      2. Modular Arithmetic
        1. Modular Addition
        2. Modular Multiplication
        3. Modular Exponentiation
      3. RSA
        1. RSA Algorithm
        2. Why Does RSAWork?
        3. Why Is RSA Secure?
        4. How Efficient Are the RSA Operations?
          1. Exponentiating With Big Numbers
          2. Generating RSA Keys
            • Finding Big Primes p and q
            • Finding d and e
          3. Having a Small Constant e
          4. Optimizing RSA Private Key Operations
        5. Arcane RSA Threats
          1. Smooth Numbers
          2. The Cube Root Problem
        6. Public-Key Cryptography Standard (PKCS)
          1. Encryption
          2. Signing
      4. Diffie-Hellman
        1. The Bucket Brigade Attack
        2. Diffie-Hellman with Published Public Numbers
        3. Encryption with Diffie-Hellman
        4. El Gamal Signatures
        5. Diffie-Hellman Details — Strong Primes
      5. Digital Signature Standard (DSS)
        1. The DSS Algorithm
        2. Why Does the Verification Procedure Work?
        3. Why Is This Secure?
        4. The DSS Controversy
        5. Per-Message Secret Number
      6. Zero Knowledge Proof Systems
        1. Zero Knowledge Signatures
      7. Homework Problems
    5. Number Theory
      1. Introduction
      2. Modular Arithmetic
      3. Primes
      4. Euclid's Algorithm
        1. Finding Multiplicative Inverses in Modular Arithmetic
      5. Chinese Remainder Theorem
      6. Zn*
      7. Euler's Totient Function
      8. Euler's Theorem
        1. A Generalization of Euler's Theorem
      9. Homework Problems
  • Authentication
    1. Authentication Systems
      1. Password-Based Authentication
        1. Off- vs On-Line Password Guessing
        2. Storing User Passwords
      2. Address-Based Authentication
        1. Network Address Impersonation
      3. Cryptographic Authentication Protocols
      4. Who Is Being Authenticated?
      5. Passwords as Cryptographic Keys
      6. Eavesdropping and Server Database Reading
      7. Trusted Intermediaries
        1. KDCs
        2. Certificate Authorities (CAs)
        3. Certificate Revocation
        4. Multiple Trusted Intermediaries
          1. Multiple KDC Domains
          2. Multiple CA Domains
      8. Session Key Establishment
      9. Authorization
        1. Groups
        2. Hierarchical Groups
      10. Delegation
      11. Homework
    2. Authentication of People
      1. Passwords
      2. On-Line Password Guessing
      3. Off-Line Password Guessing
      4. How Big Should a Secret Be?
      5. Eavesdropping
      6. Passwords and Careless Users
        1. Using a Password in Multiple Places
        2. Requiring Frequent Password Changes
        3. A Login Trojan Horse to Capture Passwords
        4. Non-Login Use of Passwords
      7. Initial Password Distribution
      8. Authentication Tokens
      9. Physical Access
      10. Biometrics
      11. Homework
    3. Security Handshake Pitfalls
      1. Login Only
        1. Shared Secret
        2. One-Way Public Key
        3. Lamport's Hash
      2. Mutual Authentication
        1. Reflection Attack
        2. Password Guessing
        3. Public Keys
        4. Timestamps
      3. Integrity/Encryption for Data
        1. Shared Secret
        2. Two-Way Public Key Based Authentication
        3. One-Way Public Key Based Authentication
        4. Lamport Hash
        5. Privacy and Integrity
      4. Mediated Authentication (with KDC)
        1. Needham-Schroeder
        2. Expanded Needham-Schroeder
        3. Otway-Rees
      5. Belovin-Merritt
      6. Network Login and Password Guessing
      7. Nonce Types
      8. Picking Random Numbers
      9. X.509 Problems
      10. Performance Considerations
      11. Authentication Protocol Checklist
      12. Homework
    4. Kerberos V4
      1. Introduction
      2. Tickets and Ticket-Granting Tickets
      3. Configuration
      4. Logging Into the Network
        1. Obtaining a Session Key and TGT
        2. Alice Asks to Talk to a Remote Node
      5. Replicated KDCs
      6. Realms
      7. Interrealm Authentication
      8. Key Version Numbers
      9. Encryption for Privacy and Integrity
      10. Encryption for Integrity Only
      11. Network Layer Addresses in Tickets
      12. Message Formats
        1. Tickets
        2. Authenticators
        3. Credentials
        4. AS_REQ
        5. TGS_REQ
        6. AS_REP and TGS_REP
        7. Error Reply from KDC
        8. AP_REQ
        9. AP_REP
        10. Encrypted Data (KRB_PRV)
        11. Integrity-Checked Data (SAFE)
        12. AP_ERR
      13. Homework
    5. Kerberos V5
      1. ASN.1
      2. Names
      3. Delegation of Rights
      4. Ticket Lifetimes
        1. Renewable Ticket
        2. Postdated Ticket
      5. Key Versions
      6. Making Master Keys in Different Realms Different
      7. Optimizations
      8. Cryptographic Algorithms
        1. Integrity-Only Algorithms
          1. rsa-md5-des
          2. des-mac
          3. des-mac-k
          4. rsa-md4-des
          5. rsa-md4-de-k
        2. Encryption for Privacy and Integrity
      9. Hierarchy of Realms
      10. Evading Password-Guessing Attacks
      11. Key Inside Authenticator
      12. Double TGT Authentication
      13. KDC Database
      14. Kerberos V5 Messages
        1. Authenticator
        2. Ticket
        3. AS_REQ
        4. TGS_REQ
        5. AS_REP
        6. TGS_REP
        7. AP_REQ
        8. AP_REP
        9. KRB_SAFE
        10. KRB_PRIV
        11. KRB_CRED
        12. KRB_ERROR
      15. Homework
  • Electronic Mail
    1. Electronic Mail Security
      1. Distribution Lists
      2. Store and Forward
      3. Security Services for Electronic Mail
      4. Establishing Keys
        1. Establishing Public Keys
        2. Establishing Secret Keys
      5. Privacy
        1. End-to-End Privacy
        2. Privacy with Distribution List Exploders
      6. Authentication of the Source
        1. Source Authentication Based on Public Key Technology
        2. Source Authentication Based on Secret Keys
        3. Source Authentication with Distribution Lists
      7. Message Integrity
        1. Message Integrity Without Source Authentication
      8. Non-Repudiation
        1. Non-repudiation Based on Public Key Technology
        2. Plausible Deniability Based on Public Key Technology
        3. Non-repudiation with Secret Keys
      9. Proof of Submission
      10. Proof of Delivery
      11. Message Flow Confidentiality
      12. Anonymity
      13. Containment
      14. Annoying Text Format Issues
        1. Disguising Data as Text
      15. Names and Addresses
      16. Old Messages
        1. Case 1: The Dishonest Buyer
        2. Case 2: The Solution Looking for a Problem
      17. Homework
    2. Privacy Enhanced Mail (PEM)
      1. Introduction
        1. Structre of a PEM Message
      2. Establishing Keys
      3. Some PEM History
      4. Certificate Hierarchy
      5. Certificate Revocation Lists (CRLs)
      6. X.509 Certificates and CRLs
      7. Reformatting Data to Get Through Mailers
      8. General Structure of a PEM Message
      9. Encryption
      10. Source Authentication and Integrity Protection
      11. Multiple Recipients
      12. Bracketing PEM Messages
      13. Remote Distribution List Exploders
        1. Remote Exploding Using Public Keys
        2. Remote Exploding Using Secret Keys
        3. Mixing Key Types
      14. Forwarding and Enclosures
        1. Forwarding a Message
      15. Canonicalization
      16. Unprotected Information
      17. Message Formats
        1. ENCRYPTED, Public Key Variant
        2. ENCRYPTED, Secret Key Varient
        3. MIC-ONLY or MIC-CLEAR, Public Key Variant
        4. MIC-ONLY and MIC-CLEAR, Secret Key Variant
        5. CRL-RETRIEVAL-REQUEST
        6. CRL
      18. DES-CBC as MIC Doesn't Work
      19. Homework
    3. PGP (Pretty Good Privacy)
      1. Introduction
      2. Overview
      3. Key Distribution
      4. Efficient Encoding
      5. Certificate and Key Revocation
      6. Signature Types
      7. Your Private Key
      8. Key Rings
      9. Anomalies
        1. File Name
        2. People names
      10. Object Formats
        1. Message Formats
        2. Primitive Object Formats
    4. X.400
      1. Overview of X.400
      2. Security Functions Possible with X.400
      3. Structure of an X.400 Message
        1. Per-Message Security Fields
        2. Per-Recipient Security Fields
          1. Security Fields in the Token
          2. Unencrypted Part of the Token
          3. Encrypted Part of the Token
        3. Fields for Probe Messages
        4. Fields for Proof of Delivery
        5. Fields for Proof of Submission
        6. Security Fields for X.420
    5. A Comparison of PEM, PGP, and X.400
      1. Introduction
      2. Certification Hierarchy
      3. Certification Distribution
      4. Encryption
      5. Encoding of Transmitted Messages
      6. Cryptographic Algorithms Supported
      7. Recipients with Multiple Keys
      8. Main-Intermediary-Provided Functions
  • Leftovers
    1. More Security Systems
      1. NetWare V3
      2. NetWare V4
        1. NetWare's Gillou-Quisquater Authentication Scheme
      3. KryptoKnight
        1. KryptoKnight Tickets
        2. Authenticators
        3. Nonces vs. Timestamps
      4. SNMP
      5. DASS/SPX
        1. DASS Certification Hierarchy
        2. Obtaining the User's Private Key
        3. Login Key
        4. DASS Authentication Handshake
        5. DASS Authenticators
        6. DASS Delegation
        7. Saving Bits
      6. Lotus Notes Security
        1. ID Files
        2. Coping with Export Controls
        3. Certificates for Flat Names
        4. Certificates for Hierarchical Names
        5. Lotus Notes Authentication
        6. Authentication Long-Term Secret
        7. Mail
        8. Certificate Revocation
      7. DCE Security
      8. Microsoft Security
      9. Network Denial of Service
        1. Robust Broadcast
        2. Robust Packet Delivery
      10. Clipper
        1. Key Escrow
      11. Homework

Reviews

Network Security

Reviewed by Roland Buresund

Good ******* (7 out of 10)

Last modified: May 21, 2007, 3:16 a.m.

A very good book, that everybody that works with communications should read.

Comments

There are currently no comments

New Comment

required

required (not published)

optional

required

captcha

required