THE WILLIAM STALLINGS BOOKS ON COMPUTER
Oct 17, 2022
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
0132642832.pdfDATA AND COMPUTER COMMUNICATIONS, EIGHTH EDITION A comprehensive survey that has become the standard in the field, covering (1) data communications, including transmission, media, signal encoding, link control, and multiplexing; (2) communication networks, including circuit- and packet-switched, frame relay, ATM, and LANs; (3) the TCP/IP protocol suite, including IPv6, TCP, MIME, and HTTP, as well as a detailed treatment of network security. Received the 2007 Text and Academic Authors Association (TAA) award for the best Computer Science and Engineering Textbook of the year. ISBN 0-13-243310-9
COMPUTER ORGANIZATION AND ARCHITECTURE, EIGHTH EDITION
A unified view of this broad field. Covers fundamentals such as CPU, control unit, microprogramming, instruction set, I/O, and memory. Also covers advanced topics such as RISC, superscalar, and parallel organization. Fourth and fifth editions received the TAA award for the best Computer Science and Engineering Textbook of the year. ISBN 978-0-13-607373-4
OPERATING SYSTEMS, SIXTH EDITION A state-of-the art survey of operating system principles. Covers fundamental technology as well as contemporary design issues, such as threads, microkernels, SMPs, real-time systems, multiprocessor scheduling, embedded OSs, distributed systems, clusters, security, and object-oriented design. Received the 2009 Text and Academic Authors Association (TAA) award for the best Computer Science and Engineering Textbook of the year. ISBN 978-0-13-600632-9
BUSINESS DATA COMMUNICATIONS, SIXTH EDITION A comprehensive presentation of data communications and telecommunications from a business perspective. Covers voice, data, image, and video communications and applications technology and includes a number of case studies. ISBN 978-0-13-606741-2
COMPUTER NETWORKS WITH INTERNET PROTOCOLS AND TECHNOLOGY
An up-to-date survey of developments in the area of Internet-based protocols and algorithms. Using a top-down approach, this book covers applications, transport layer, Internet QoS, Internet routing, data link layer and computer networks, security, and network management. ISBN 0-13141098-9
THE WILLIAM STALLINGS BOOKS ON COMPUTER
NETWORK SECURITY ESSENTIALS, FOURTH EDITION A tutorial and survey on network security technology. The book covers important network security tools and applications, including S/MIME, IP Security, Kerberos, SSL/TLS, SET, and X509v3. In addition, methods for countering hackers and viruses are explored.
COMPUTER SECURITY (with Lawrie Brown) A comprehensive treatment of computer security technology, including algorithms, protocols, and applications. Covers cryptography, authentication, access control, database security, intrusion detection and prevention, malicious software, denial of service, firewalls, software security, physical security, human factors, auditing, legal and ethical aspects, and trusted systems. Received the 2008 Text and Academic Authors Association (TAA) award for the best Computer Science and Engineering Textbook of the year. ISBN 0-13-600424-5
WIRELESS COMMUNICATIONS AND NETWORKS, Second Edition A comprehensive, state-of-the art survey. Covers fundamental wireless communications topics, including antennas and propagation, signal encoding techniques, spread spectrum, and error correction techniques. Examines satellite, cellular, wireless local loop networks and wireless LANs, including Bluetooth and 802.11. Covers Mobile IP and WAP. ISBN 0-13-191835-4
HIGH-SPEED NETWORKS AND INTERNETS, SECOND EDITION A state-of-the art survey of high-speed networks. Topics covered include TCP congestion control, ATM traffic management, Internet traffic management, differentiated and integrated services, Internet routing protocols and multicast routing protocols, resource reservation and RSVP, and lossless and lossy compression. Examines important topic of self-similar data traffic. ISBN 0-13-03221-0
AND DATA COMMUNICATIONS TECHNOLOGY
FIFTH EDITION
William Stallings
Prentice Hall
Boston Columbus Indianapolis New York San Francisco Upper Saddle River Amsterdam Cape Town Dubai London Madrid
Milan Munich Paris Montreal Toronto Delhi Mexico City Sao Paulo Sydney Hong Kong Seoul Singapore Taipei Tokyo
Vice President and Editorial Director, ECS: Marcia Horton
Executive Editor: Tracy Dunkelberger Associate Editor: Melinda Haggerty Editorial Assistant: Allison Michael Senior Managing Editor: Scott Disanno Production Editor: Rose Kernan Senior Operations Supervisor: Alan Fischer Operations Specialist: Lisa McDowell Cover Design: Black Horse Designs
Art Director: Kristine Carney Director, Image Resource Center: Melinda
Patelli Manager, Rights and Permissions: Zina Arabia Senior Marketing Manager: Erin Davis Manager,Visual Research: Beth Brenzel Manager, Cover Visual Research & Permissions:
Karen Sanatar Composition: Integra Printer/Binder: Edwards Brothers
Credits and acknowledgments borrowed from other sources and reproduced, with permission, in this textbook appear on appropriate page within text.
If you purchased this book within the United States or Canada you should be aware that it has been wrongfully imported without the approval of the Publisher or the Author.
Copyright © 2011, 2006 Pearson Education, Inc., publishing as Prentice Hall. All rights reserved. Manufactured in the United States of America.This publication is protected by Copyright, and permission should be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise.To obtain permission(s) to use material from this work, please submit a written request to Pearson Education, Inc., Permissions Department, 1 Lake Street, Upper Saddle River, NY 07458
Many of the designations by manufacturers and seller to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations have been printed in initial caps or all caps.
10 9 8 7 6 5 4 3 2 1
ISBN 10: 0-13-609704-9 ISBN 13: 978-0-13-609704-4
Library of Congress Cataloging-in-Publication Data On File
To Antigone never dull never boring
the smartest person I know
This page intentionally left blank
CONTENTS
Chapter 0 Reader’s Guide 1
0.1 Outline of This Book 2 0.2 A Roadmap for Readers and Instructors 2 0.3 Internet and Web Resources 4 0.4 Standards 5
Chapter 1 Overview 7
1.1 Computer Security Concepts 9 1.2 The OSI Security Architecture 14 1.3 Security Attacks 15 1.4 Security Services 19 1.5 Security Mechanisms 23 1.6 A Model for Network Security 25 1.7 Recommended Reading and Web Sites 27 1.8 Key Terms, Review Questions, and Problems 29
PART ONE SYMMETRIC CIPHERS 31
Chapter 2 Classical Encryption Techniques 31
2.1 Symmetric Cipher Model 33 2.2 Substitution Techniques 38 2.3 Transposition Techniques 53 2.4 Rotor Machines 55 2.5 Steganography 57 2.6 Recommended Reading and Web Sites 59 2.7 Key Terms, Review Questions, and Problems 60
Chapter 3 Block Ciphers and the Data Encryption Standard 66
3.1 Block Cipher Principles 68 3.2 The Data Encryption Standard (DES) 77 3.3 A DES Example 85 3.4 The Strength of DES 88 3.5 Differential and Linear Cryptanalysis 89 3.6 Block Cipher Design Principles 92 3.7 Recommended Reading and Web Site 96 3.8 Key Terms, Review Questions, and Problems 97
Chapter 4 Basic Concepts in Number Theory and Finite Fields 101
4.1 Divisibility and the Division Algorithm 103 4.2 The Euclidean Algorithm 105
v
vi CONTENTS
4.3 Modular Arithmetic 108 4.4 Groups, Rings, and Fields 116 4.5 Finite Fields of the Form GF(p) 120 4.6 Polynomial Arithmetic 122 4.7 Finite Fields of the Form GF(2n) 129 4.8 Recommended Reading and Web Sites 141 4.9 Key Terms, Review Questions, and Problems 141
Appendix 4A The Meaning of mod 144
Chapter 5 Advanced Encryption Standard 47
5.1 The Origins AES 148 5.2 AES Structure 150 5.3 AES Round Functions 155 5.4 AES Key Expansion 166 5.5 An AES Example 169 5.6 AES Implementation 174 5.7 Recommended Reading and Web Sites 178 5.8 Key Terms, Review Questions, and Problems 179
Appendix 5A Polynomials with Coefficients in GF(28) 180 Appendix 5B Simplified AES 183
Chapter 6 Block Cipher Operation 192
6.1 Multiple Encryption and Triple DES 193 6.2 Electronic Codebook Mode 198 6.3 Cipher Block Chaining Mode 201 6.4 Cipher Feedback Mode 203 6.5 Output Feedback Mode 205 6.6 Counter Mode 206 6.7 XTS Mode for Block-Oriented Storage Devices 210 6.8 Recommended Web Site 214 6.9 Key Terms, Review Questions, and Problems 214
Chapter 7 Pseudorandom Number Generation and Stream Ciphers 218
7.1 Principles of Pseudorandom Number Generation 219 7.2 Pseudorandom Number Generators 226 7.3 Pseudorandom Number Generation Using a Block Cipher 229 7.4 Stream Ciphers 232 7.5 RC4 234 7.6 True Random Numbers 237 7.7 Recommended Reading 238 7.8 Key Terms, Review Questions, and Problems 239
PART TWO ASYMMETRIC CIPHERS 243
Chapter 8 More Number Theory 243
8.1 Prime Numbers 245 8.2 Fermat’s and Euler’s Theorems 248 8.3 Testing for Primality 251 8.4 The Chinese Remainder Theorem 254
CONTENTS vii
8.5 Discrete Logarithms 257 8.6 Recommended Reading and Web Sites 262 8.7 Key Terms, Review Questions, and Problems 263
Chapter 9 Public-Key Cryptography and RSA 266
9.1 Principles of Public-Key Cryptosystems 269 9.2 The RSA Algorithm 277 9.3 Recommended Reading and Web Sites 291 9.4 Key Terms, Review Questions, and Problems 291
Appendix 9A Proof of the RSA Algorithm 296 Appendix 9B The Complexity of Algorithms 297
Chapter 10 Other Public-Key Cryptosystems 300
10.1 Diffie-Hellman Key Exchange 301 10.2 ElGamal Cryptosystem 305 10.3 Elliptic Curve Arithmetic 308 10.4 Elliptic Curve Cryptography 317 10.5 Pseudorandom Number Generation Based on an Asymmetric Cipher 321 10.6 Recommended Reading and Web Sites 323 10.7 Key Terms, Review Questions, and Problems 324
PART THREE CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS 327
Chapter 11 Cryptographic Hash Functions 327
11.1 Applications of Cryptographic Hash Functions 329 11.2 Two Simple Hash Functions 333 11.3 Requirements and Security 335 11.4 Hash Functions Based on Cipher Block Chaining 341 11.5 Secure Hash Algorithm (SHA) 342 11.6 SHA-3 352 11.7 Recommended Reading and Web Sites 353 11.8 Key Terms, Review Questions, and Problems 353
Appendix 11A Mathematical Basis of Birthday Attack 356
Chapter 12 Message Authentication Codes 362
12.1 Message Authentication Requirements 364 12.2 Message Authentication Functions 365 12.3 Message Authentication Codes 372 12.4 Security of MACs 374 12.5 MACs Based on Hash Functions: HMAC 375 12.6 MACs Based on Block Ciphers: DAA and CMAC 380 12.7 Authenticated Encryption: CCM and GCM 383 12.8 Pseudorandom Number Generation Using Hash Functions and MACs 389 12.9 Recommended Reading 392 12.10 Key Terms, Review Questions, and Problems 393
Chapter 13 Digital Signatures 395
13.1 Digital Signatures 396 13.2 ElGamal Digital Signature Scheme 400
viii CONTENTS
13.3 Schnorr Digital Signature Scheme 402 13.4 Digital Signature Standard (DSS) 403 13.5 Recommended Reading and Web Sites 406 13.6 Key Terms, Review Questions, and Problems 407
PART FOUR MUTUAL TRUST 410
Chapter 14 Key Management and Distribution 410
14.1 Symmetric Key Distribution Using Symmetric Encryption 412 14.2 Symmetric Key Distribution Using Asymmetric Encryption 421 14.3 Distribution of Public Keys 423 14.4 X.509 Certificates 428 14.5 Public Key Infrastructure 436 14.6 Recommended Reading and Web Sites 438 14.7 Key Terms, Review Questions, and Problems 439
Chapter 15 User Authentication Protocols 444
15.1 Remote User Authentication Principles 445 15.2 Remote User Authentication Using Symmetric Encryption 448 15.3 Kerberos 452 15.4 Remote User Authentication Using Asymmetric Encryption 470 15.5 Federated Identity Management 472 15.6 Recommended Reading and Web Sites 478 15.7 Key Terms, Review Questions, and Problems 479
Appendix 15A Kerberos Encryption Techniques 481
PART FIVE NETWORK AND INTERNET SECURITY 485
Chapter 16 Transport-Level Security 485
16.1 Web Security Issues 486 16.2 Secure Sockets Layer (SSL) 489 16.3 Transport Layer Security (TLS) 502 16.4 HTTPS 506 16.5 Secure Shell (SSH) 508 16.6 Recommended Reading and Web Sites 519 16.7 Key Terms, Review Questions, and Problems 519
Chapter 17 Wireless Network Security 521
17.1 IEEE 802.11 Wireless LAN Overview 523 17.2 IEEE 802.11i Wireless LAN Security 529 17.3 Wireless Application Protocol Overview 543 17.4 Wireless Transport Layer Security 550 17.5 WAP End-to-End Security 560 17.6 Recommended Reading and Web Sites 563 17.7 Key Terms, Review Questions, and Problems 563
Chapter 18 Electronic Mail Security 567
18.1 Pretty Good Privacy (PGP) 568 18.2 S/MIME 587
CONTENTS ix
18.3 DomainKeys Identified Mail (DKIM) 603 18.4 Recommended Web Sites 610 18.5 Key Terms, Review Questions, and Problems 611
Appendix 18A Radix-64 Conversion 612
Chapter 19 IP Security 615
19.1 IP Security Overview 616 19.2 IP Security Policy 622 19.3 Encapsulating Security Payload 627 19.4 Combining Security Associations 634 19.5 Internet Key Exchange 638 19.6 Cryptographic Suites 647 19.7 Recommended Reading and Web Sites 648 19.8 Key Terms, Review Questions, and Problems 649
APPENDICES 651
Appendix A Projects for Teaching Cryptography and Network Security 651
A.1 Sage Computer Algebra Projects 652 A.2 Hacking Project 653 A.3 Block Cipher Projects 653 A.4 Laboratory Exercises 654 A.5 Research Projects 654 A.6 Programming Projects 655 A.7 Practical Security Assessments 655 A.8 Writing Assignments 655 A.9 Reading/Report Assignments 656
Appendix B Sage Examples 657
B.1 Chapter 2: Classical Encryption Techniques 659 B.2 Chapter 3: Block Ciphers and the Data Encryption Standard 662 B.3 Chapter 4: Basic Concepts in Number Theory and Finite Fields 666 B.4 Chapter 5:Advanced Encryption Standard 673 B.5 Chapter 6: Pseudorandom Number Generation and Stream Ciphers 678 B.6 Chapter 8: Number Theory 680 B.6 Chapter 9: Public-Key Cryptography and RSA 685 B.7 Chapter 10: Other Public-Key Cryptosystems 688 B.8 Chapter 11: Cryptographic Hash Functions 693 B.9 Chapter 13: Digital Signatures 695
References 699
Index 711
ONLINE CHAPTERS
x CONTENTS
20.3 Password Management 20.4 Recommended Reading and Web Sites 20.5 Key Terms, Review Questions, and Problems
Appendix 20A The Base-Rate Fallacy
Chapter 21 Malicious Software
21.1 Types of Malicious Software 21.2 Viruses 21.3 Virus Countermeasures 21.4 Worms 21.5 Distributed Denial of Service Attacks 21.6 Recommended Reading and Web Sites 21.7 Key Terms, Review Questions, and Problems
Chapter 22 Firewalls
22.1 The Need for Firewalls 22.2 Firewall Characteristics 22.3 Types of Firewalls 22.4 Firewall Basing 22.5 Firewall Location and Configurations 22.6 Recommended Reading and Web Sites 22.7 Key Terms, Review Questions, and Problems
PART SEVEN LEGAL AND ETHICAL ISSUES
Chapter 23 Legal and Ethical Issues
23.1 Cybercrime and Computer Crime 23.2 Intellectual Property 23.3 Privacy 23.4 Ethical Issues 23.5 Recommended Reading and Web Sites 23.6 Key Terms, Review Questions, and Problems
ONLINE APPENDICES WilliamStallings.com/Crypto/Crypto5e.html
Appendix C Sage Problems
C.1 Getting Started with Sage C.2 Programming with Sage C.3 Chapter 2: Classical Encryption Techniques C.4 Chapter 3: Block Ciphers and the Data Encryption Standard C.5 Chapter 4: Basic Concepts in Number Theory and Finite Fields C.6 Chapter 5:Advanced Encryption Standard C.7 Chapter 7: Pseudorandom Number Generation and Stream Ciphers C.8 Chapter 8: Number Theory C.9 Chapter 9: Public-Key Cryptography and RSA C.10 Chapter 10: Other Public-Key Cryptosystems C.11 Chapter 11: Cryptographic Hash Functions C.12 Chapter 13: Digital Signatures
CONTENTS xi
Appendix D Standards and Standards-Setting Organizations
D.1 The Importance of Standards D.2 Internet Standards and the Internet Society D.3 National Institute of Standards and Technology
Appendix E Basic Concepts from Linear Algebra
E.1 Operations on Vectors and Matrices E.2 Linear Algebra Operations over Zn
Appendix F Measures of Security and Secrecy
F.1 Perfect Secrecy F.2 Information and Entropy F.3 Entropy and Secrecy
Appendix G Simplified DES
G.1 Overview G.2 S-DES Key Generation G.3 S-DES Encryption G.4 Analysis of Simplified DES G.5 Relationship to DES
Appendix H Evaluation Criteria for AES
H.1 The Origins of AES H.2 AES Evaluation
Appendix I More on Simplified AES
I.1 Arithmetic in GF(24) I.2 The Mix Column Function
Appendix J Knapsack Public-Key Algorithm
J.1 The Knapsack Problem J.2 The Knapsack Cryptosystem J.3 Example
Appendix K Proof of the Digital Signature Algorithm
Appendix L TCP/IP and OSI
L.1 Protocols and Protocol Architectures L.2 The TCP/IP Protocol Architecture L.3 The Role of an Internet Protocol L.4 IPv4 L.5 IPv6 L.6 The OSI Protocol Architecture
Appendix M Java Cryptographic APIs
M.1 Introduction M.2 JCA and JCE Architecture M.3 JCA Classes M.4 JCE Classes M.5 Conclusion and References
xii CONTENTS
Appendix N The Whirlpool Hash Function
N.1 Whirlpool Hash Structure N.2 Block Cipher W N.3 Performance of Whirlpool
Appendix O Data Compression Using ZIP
O.1 Compression Algorithm O.2 Decompression Algorithm
Appendix P PGP Random Number Generation
P.1 True Random Numbers P.2 Pseudorandom Numbers
Appendix Q International Reference Alphabet
Glossary
NOTATION
Symbol Expression Meaning
D, K D1K, Y2 Symmetric decryption of ciphertext using secret key KY
D, PRa D1PRa, Y2 Asymmetric decryption of ciphertext using A’s private key PRaY
D, PUa D1PUa, Y2 Asymmetric decryption of ciphertext using A’s public key PUaY
E, K E1K, X2 Symmetric encryption of plaintext using secret key KX
E, PRa E( , )XPRa Asymmetric encryption of plaintext using A’s private key PRaX
E, PUa E( , )XPUa Asymmetric encryption of plaintext using A’s public key PUaX
K Secret key
PRa Private key of user A
PUa Public key of user A
MAC, K MAC(K, X) Message authentication code of message using secret key KX
GF(p) The finite field of order , where is prime. The field is defined as the set together with the arithmetic operations modulo .pZp
pp
Zn Set of nonnegative integers less than n
gcd gcd( )i, j Greatest common divisor; the largest positive integer that divides both and with no remainder on division.ji
mod mod ma Remainder after division of by ma
mod, K (mod )ma K b mod mod mm = ba
mod, [ (mod )ma [ b mod mod mm Z ba
dlog dloga, p(b) Discrete logarithm of the number for the base (mod )pab
w f(n) The number of positive integers less than and relatively prime to . This is Euler’s totient function.
nn
ß q n
Even the natives have difficulty mastering this peculiar vocabulary.
—The Golden Bough, Sir James George Frazer
xiii
xiv NOTATION
| i | j i divides , which means that there is no remainder when is divided by i
jj
L x L y is approximately equal to yx
x y Exclusive-OR of and for single-bit variables;
Bitwise exclusive-OR of and for multiple-bit variablesyx
yx
: ,; :x; The largest integer less than or equal to x
x S The element is contained in the set S.x
· Á , ak2 A · (a1, a2, The integer A corresponds to the sequence of integers
( , )a2, Á , aka1
xv
PREFACE
“The tie, if I might suggest it, sir, a shade more tightly knotted. One aims at the perfect butterfly effect. If you will permit me —”
“What does it matter, Jeeves, at a time like this? Do you realize that Mr. Little’s domestic happiness is hanging in the scale?”
“There is no time, sir, at which ties do not matter.”
—Very Good, Jeeves! P. G. Wodehouse
In this age of universal electronic connectivity, of viruses and hackers, of electronic eaves- dropping and electronic fraud, there is indeed no time at which security does not matter.Two trends have come together to make the topic of this book of vital interest. First, the explosive growth in computer systems and their interconnections via networks has increased the dependence of both organizations and individuals on the information stored and communi- cated using these systems. This, in turn, has led to a heightened awareness of the need to protect data and resources from disclosure, to guarantee the authenticity of data and messages, and to protect systems from network-based attacks. Second, the disciplines of cryptography and network security have matured, leading to the development of practical, readily available applications to enforce network security.
OBJECTIVES
It is the purpose of this book to provide a practical survey of both the principles and practice of cryptography and network security. In the first part of the book, the basic issues to be addressed by a network security capability are explored by providing a tutorial and survey of cryptography and network security technology. The latter part of the book deals with the practice of network security: practical applications that have been implemented and are in use to provide network security.
The subject, and therefore this book, draws on a variety of disciplines. In particular, it is impossible to appreciate the significance of some of the techniques discussed in this book without a basic understanding of number theory and some results from probability theory. Nevertheless, an attempt has been made to make the book self-contained.The book presents not only the basic mathematical results that are needed but provides the reader with an intuitive understanding of those results. Such background material is introduced as needed. This approach helps to motivate the material that is introduced, and the author considers this preferable to simply presenting all of the mathematical material in a lump at the begin- ning of…
COMPUTER ORGANIZATION AND ARCHITECTURE, EIGHTH EDITION
A unified view of this broad field. Covers fundamentals such as CPU, control unit, microprogramming, instruction set, I/O, and memory. Also covers advanced topics such as RISC, superscalar, and parallel organization. Fourth and fifth editions received the TAA award for the best Computer Science and Engineering Textbook of the year. ISBN 978-0-13-607373-4
OPERATING SYSTEMS, SIXTH EDITION A state-of-the art survey of operating system principles. Covers fundamental technology as well as contemporary design issues, such as threads, microkernels, SMPs, real-time systems, multiprocessor scheduling, embedded OSs, distributed systems, clusters, security, and object-oriented design. Received the 2009 Text and Academic Authors Association (TAA) award for the best Computer Science and Engineering Textbook of the year. ISBN 978-0-13-600632-9
BUSINESS DATA COMMUNICATIONS, SIXTH EDITION A comprehensive presentation of data communications and telecommunications from a business perspective. Covers voice, data, image, and video communications and applications technology and includes a number of case studies. ISBN 978-0-13-606741-2
COMPUTER NETWORKS WITH INTERNET PROTOCOLS AND TECHNOLOGY
An up-to-date survey of developments in the area of Internet-based protocols and algorithms. Using a top-down approach, this book covers applications, transport layer, Internet QoS, Internet routing, data link layer and computer networks, security, and network management. ISBN 0-13141098-9
THE WILLIAM STALLINGS BOOKS ON COMPUTER
NETWORK SECURITY ESSENTIALS, FOURTH EDITION A tutorial and survey on network security technology. The book covers important network security tools and applications, including S/MIME, IP Security, Kerberos, SSL/TLS, SET, and X509v3. In addition, methods for countering hackers and viruses are explored.
COMPUTER SECURITY (with Lawrie Brown) A comprehensive treatment of computer security technology, including algorithms, protocols, and applications. Covers cryptography, authentication, access control, database security, intrusion detection and prevention, malicious software, denial of service, firewalls, software security, physical security, human factors, auditing, legal and ethical aspects, and trusted systems. Received the 2008 Text and Academic Authors Association (TAA) award for the best Computer Science and Engineering Textbook of the year. ISBN 0-13-600424-5
WIRELESS COMMUNICATIONS AND NETWORKS, Second Edition A comprehensive, state-of-the art survey. Covers fundamental wireless communications topics, including antennas and propagation, signal encoding techniques, spread spectrum, and error correction techniques. Examines satellite, cellular, wireless local loop networks and wireless LANs, including Bluetooth and 802.11. Covers Mobile IP and WAP. ISBN 0-13-191835-4
HIGH-SPEED NETWORKS AND INTERNETS, SECOND EDITION A state-of-the art survey of high-speed networks. Topics covered include TCP congestion control, ATM traffic management, Internet traffic management, differentiated and integrated services, Internet routing protocols and multicast routing protocols, resource reservation and RSVP, and lossless and lossy compression. Examines important topic of self-similar data traffic. ISBN 0-13-03221-0
AND DATA COMMUNICATIONS TECHNOLOGY
FIFTH EDITION
William Stallings
Prentice Hall
Boston Columbus Indianapolis New York San Francisco Upper Saddle River Amsterdam Cape Town Dubai London Madrid
Milan Munich Paris Montreal Toronto Delhi Mexico City Sao Paulo Sydney Hong Kong Seoul Singapore Taipei Tokyo
Vice President and Editorial Director, ECS: Marcia Horton
Executive Editor: Tracy Dunkelberger Associate Editor: Melinda Haggerty Editorial Assistant: Allison Michael Senior Managing Editor: Scott Disanno Production Editor: Rose Kernan Senior Operations Supervisor: Alan Fischer Operations Specialist: Lisa McDowell Cover Design: Black Horse Designs
Art Director: Kristine Carney Director, Image Resource Center: Melinda
Patelli Manager, Rights and Permissions: Zina Arabia Senior Marketing Manager: Erin Davis Manager,Visual Research: Beth Brenzel Manager, Cover Visual Research & Permissions:
Karen Sanatar Composition: Integra Printer/Binder: Edwards Brothers
Credits and acknowledgments borrowed from other sources and reproduced, with permission, in this textbook appear on appropriate page within text.
If you purchased this book within the United States or Canada you should be aware that it has been wrongfully imported without the approval of the Publisher or the Author.
Copyright © 2011, 2006 Pearson Education, Inc., publishing as Prentice Hall. All rights reserved. Manufactured in the United States of America.This publication is protected by Copyright, and permission should be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise.To obtain permission(s) to use material from this work, please submit a written request to Pearson Education, Inc., Permissions Department, 1 Lake Street, Upper Saddle River, NY 07458
Many of the designations by manufacturers and seller to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations have been printed in initial caps or all caps.
10 9 8 7 6 5 4 3 2 1
ISBN 10: 0-13-609704-9 ISBN 13: 978-0-13-609704-4
Library of Congress Cataloging-in-Publication Data On File
To Antigone never dull never boring
the smartest person I know
This page intentionally left blank
CONTENTS
Chapter 0 Reader’s Guide 1
0.1 Outline of This Book 2 0.2 A Roadmap for Readers and Instructors 2 0.3 Internet and Web Resources 4 0.4 Standards 5
Chapter 1 Overview 7
1.1 Computer Security Concepts 9 1.2 The OSI Security Architecture 14 1.3 Security Attacks 15 1.4 Security Services 19 1.5 Security Mechanisms 23 1.6 A Model for Network Security 25 1.7 Recommended Reading and Web Sites 27 1.8 Key Terms, Review Questions, and Problems 29
PART ONE SYMMETRIC CIPHERS 31
Chapter 2 Classical Encryption Techniques 31
2.1 Symmetric Cipher Model 33 2.2 Substitution Techniques 38 2.3 Transposition Techniques 53 2.4 Rotor Machines 55 2.5 Steganography 57 2.6 Recommended Reading and Web Sites 59 2.7 Key Terms, Review Questions, and Problems 60
Chapter 3 Block Ciphers and the Data Encryption Standard 66
3.1 Block Cipher Principles 68 3.2 The Data Encryption Standard (DES) 77 3.3 A DES Example 85 3.4 The Strength of DES 88 3.5 Differential and Linear Cryptanalysis 89 3.6 Block Cipher Design Principles 92 3.7 Recommended Reading and Web Site 96 3.8 Key Terms, Review Questions, and Problems 97
Chapter 4 Basic Concepts in Number Theory and Finite Fields 101
4.1 Divisibility and the Division Algorithm 103 4.2 The Euclidean Algorithm 105
v
vi CONTENTS
4.3 Modular Arithmetic 108 4.4 Groups, Rings, and Fields 116 4.5 Finite Fields of the Form GF(p) 120 4.6 Polynomial Arithmetic 122 4.7 Finite Fields of the Form GF(2n) 129 4.8 Recommended Reading and Web Sites 141 4.9 Key Terms, Review Questions, and Problems 141
Appendix 4A The Meaning of mod 144
Chapter 5 Advanced Encryption Standard 47
5.1 The Origins AES 148 5.2 AES Structure 150 5.3 AES Round Functions 155 5.4 AES Key Expansion 166 5.5 An AES Example 169 5.6 AES Implementation 174 5.7 Recommended Reading and Web Sites 178 5.8 Key Terms, Review Questions, and Problems 179
Appendix 5A Polynomials with Coefficients in GF(28) 180 Appendix 5B Simplified AES 183
Chapter 6 Block Cipher Operation 192
6.1 Multiple Encryption and Triple DES 193 6.2 Electronic Codebook Mode 198 6.3 Cipher Block Chaining Mode 201 6.4 Cipher Feedback Mode 203 6.5 Output Feedback Mode 205 6.6 Counter Mode 206 6.7 XTS Mode for Block-Oriented Storage Devices 210 6.8 Recommended Web Site 214 6.9 Key Terms, Review Questions, and Problems 214
Chapter 7 Pseudorandom Number Generation and Stream Ciphers 218
7.1 Principles of Pseudorandom Number Generation 219 7.2 Pseudorandom Number Generators 226 7.3 Pseudorandom Number Generation Using a Block Cipher 229 7.4 Stream Ciphers 232 7.5 RC4 234 7.6 True Random Numbers 237 7.7 Recommended Reading 238 7.8 Key Terms, Review Questions, and Problems 239
PART TWO ASYMMETRIC CIPHERS 243
Chapter 8 More Number Theory 243
8.1 Prime Numbers 245 8.2 Fermat’s and Euler’s Theorems 248 8.3 Testing for Primality 251 8.4 The Chinese Remainder Theorem 254
CONTENTS vii
8.5 Discrete Logarithms 257 8.6 Recommended Reading and Web Sites 262 8.7 Key Terms, Review Questions, and Problems 263
Chapter 9 Public-Key Cryptography and RSA 266
9.1 Principles of Public-Key Cryptosystems 269 9.2 The RSA Algorithm 277 9.3 Recommended Reading and Web Sites 291 9.4 Key Terms, Review Questions, and Problems 291
Appendix 9A Proof of the RSA Algorithm 296 Appendix 9B The Complexity of Algorithms 297
Chapter 10 Other Public-Key Cryptosystems 300
10.1 Diffie-Hellman Key Exchange 301 10.2 ElGamal Cryptosystem 305 10.3 Elliptic Curve Arithmetic 308 10.4 Elliptic Curve Cryptography 317 10.5 Pseudorandom Number Generation Based on an Asymmetric Cipher 321 10.6 Recommended Reading and Web Sites 323 10.7 Key Terms, Review Questions, and Problems 324
PART THREE CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS 327
Chapter 11 Cryptographic Hash Functions 327
11.1 Applications of Cryptographic Hash Functions 329 11.2 Two Simple Hash Functions 333 11.3 Requirements and Security 335 11.4 Hash Functions Based on Cipher Block Chaining 341 11.5 Secure Hash Algorithm (SHA) 342 11.6 SHA-3 352 11.7 Recommended Reading and Web Sites 353 11.8 Key Terms, Review Questions, and Problems 353
Appendix 11A Mathematical Basis of Birthday Attack 356
Chapter 12 Message Authentication Codes 362
12.1 Message Authentication Requirements 364 12.2 Message Authentication Functions 365 12.3 Message Authentication Codes 372 12.4 Security of MACs 374 12.5 MACs Based on Hash Functions: HMAC 375 12.6 MACs Based on Block Ciphers: DAA and CMAC 380 12.7 Authenticated Encryption: CCM and GCM 383 12.8 Pseudorandom Number Generation Using Hash Functions and MACs 389 12.9 Recommended Reading 392 12.10 Key Terms, Review Questions, and Problems 393
Chapter 13 Digital Signatures 395
13.1 Digital Signatures 396 13.2 ElGamal Digital Signature Scheme 400
viii CONTENTS
13.3 Schnorr Digital Signature Scheme 402 13.4 Digital Signature Standard (DSS) 403 13.5 Recommended Reading and Web Sites 406 13.6 Key Terms, Review Questions, and Problems 407
PART FOUR MUTUAL TRUST 410
Chapter 14 Key Management and Distribution 410
14.1 Symmetric Key Distribution Using Symmetric Encryption 412 14.2 Symmetric Key Distribution Using Asymmetric Encryption 421 14.3 Distribution of Public Keys 423 14.4 X.509 Certificates 428 14.5 Public Key Infrastructure 436 14.6 Recommended Reading and Web Sites 438 14.7 Key Terms, Review Questions, and Problems 439
Chapter 15 User Authentication Protocols 444
15.1 Remote User Authentication Principles 445 15.2 Remote User Authentication Using Symmetric Encryption 448 15.3 Kerberos 452 15.4 Remote User Authentication Using Asymmetric Encryption 470 15.5 Federated Identity Management 472 15.6 Recommended Reading and Web Sites 478 15.7 Key Terms, Review Questions, and Problems 479
Appendix 15A Kerberos Encryption Techniques 481
PART FIVE NETWORK AND INTERNET SECURITY 485
Chapter 16 Transport-Level Security 485
16.1 Web Security Issues 486 16.2 Secure Sockets Layer (SSL) 489 16.3 Transport Layer Security (TLS) 502 16.4 HTTPS 506 16.5 Secure Shell (SSH) 508 16.6 Recommended Reading and Web Sites 519 16.7 Key Terms, Review Questions, and Problems 519
Chapter 17 Wireless Network Security 521
17.1 IEEE 802.11 Wireless LAN Overview 523 17.2 IEEE 802.11i Wireless LAN Security 529 17.3 Wireless Application Protocol Overview 543 17.4 Wireless Transport Layer Security 550 17.5 WAP End-to-End Security 560 17.6 Recommended Reading and Web Sites 563 17.7 Key Terms, Review Questions, and Problems 563
Chapter 18 Electronic Mail Security 567
18.1 Pretty Good Privacy (PGP) 568 18.2 S/MIME 587
CONTENTS ix
18.3 DomainKeys Identified Mail (DKIM) 603 18.4 Recommended Web Sites 610 18.5 Key Terms, Review Questions, and Problems 611
Appendix 18A Radix-64 Conversion 612
Chapter 19 IP Security 615
19.1 IP Security Overview 616 19.2 IP Security Policy 622 19.3 Encapsulating Security Payload 627 19.4 Combining Security Associations 634 19.5 Internet Key Exchange 638 19.6 Cryptographic Suites 647 19.7 Recommended Reading and Web Sites 648 19.8 Key Terms, Review Questions, and Problems 649
APPENDICES 651
Appendix A Projects for Teaching Cryptography and Network Security 651
A.1 Sage Computer Algebra Projects 652 A.2 Hacking Project 653 A.3 Block Cipher Projects 653 A.4 Laboratory Exercises 654 A.5 Research Projects 654 A.6 Programming Projects 655 A.7 Practical Security Assessments 655 A.8 Writing Assignments 655 A.9 Reading/Report Assignments 656
Appendix B Sage Examples 657
B.1 Chapter 2: Classical Encryption Techniques 659 B.2 Chapter 3: Block Ciphers and the Data Encryption Standard 662 B.3 Chapter 4: Basic Concepts in Number Theory and Finite Fields 666 B.4 Chapter 5:Advanced Encryption Standard 673 B.5 Chapter 6: Pseudorandom Number Generation and Stream Ciphers 678 B.6 Chapter 8: Number Theory 680 B.6 Chapter 9: Public-Key Cryptography and RSA 685 B.7 Chapter 10: Other Public-Key Cryptosystems 688 B.8 Chapter 11: Cryptographic Hash Functions 693 B.9 Chapter 13: Digital Signatures 695
References 699
Index 711
ONLINE CHAPTERS
x CONTENTS
20.3 Password Management 20.4 Recommended Reading and Web Sites 20.5 Key Terms, Review Questions, and Problems
Appendix 20A The Base-Rate Fallacy
Chapter 21 Malicious Software
21.1 Types of Malicious Software 21.2 Viruses 21.3 Virus Countermeasures 21.4 Worms 21.5 Distributed Denial of Service Attacks 21.6 Recommended Reading and Web Sites 21.7 Key Terms, Review Questions, and Problems
Chapter 22 Firewalls
22.1 The Need for Firewalls 22.2 Firewall Characteristics 22.3 Types of Firewalls 22.4 Firewall Basing 22.5 Firewall Location and Configurations 22.6 Recommended Reading and Web Sites 22.7 Key Terms, Review Questions, and Problems
PART SEVEN LEGAL AND ETHICAL ISSUES
Chapter 23 Legal and Ethical Issues
23.1 Cybercrime and Computer Crime 23.2 Intellectual Property 23.3 Privacy 23.4 Ethical Issues 23.5 Recommended Reading and Web Sites 23.6 Key Terms, Review Questions, and Problems
ONLINE APPENDICES WilliamStallings.com/Crypto/Crypto5e.html
Appendix C Sage Problems
C.1 Getting Started with Sage C.2 Programming with Sage C.3 Chapter 2: Classical Encryption Techniques C.4 Chapter 3: Block Ciphers and the Data Encryption Standard C.5 Chapter 4: Basic Concepts in Number Theory and Finite Fields C.6 Chapter 5:Advanced Encryption Standard C.7 Chapter 7: Pseudorandom Number Generation and Stream Ciphers C.8 Chapter 8: Number Theory C.9 Chapter 9: Public-Key Cryptography and RSA C.10 Chapter 10: Other Public-Key Cryptosystems C.11 Chapter 11: Cryptographic Hash Functions C.12 Chapter 13: Digital Signatures
CONTENTS xi
Appendix D Standards and Standards-Setting Organizations
D.1 The Importance of Standards D.2 Internet Standards and the Internet Society D.3 National Institute of Standards and Technology
Appendix E Basic Concepts from Linear Algebra
E.1 Operations on Vectors and Matrices E.2 Linear Algebra Operations over Zn
Appendix F Measures of Security and Secrecy
F.1 Perfect Secrecy F.2 Information and Entropy F.3 Entropy and Secrecy
Appendix G Simplified DES
G.1 Overview G.2 S-DES Key Generation G.3 S-DES Encryption G.4 Analysis of Simplified DES G.5 Relationship to DES
Appendix H Evaluation Criteria for AES
H.1 The Origins of AES H.2 AES Evaluation
Appendix I More on Simplified AES
I.1 Arithmetic in GF(24) I.2 The Mix Column Function
Appendix J Knapsack Public-Key Algorithm
J.1 The Knapsack Problem J.2 The Knapsack Cryptosystem J.3 Example
Appendix K Proof of the Digital Signature Algorithm
Appendix L TCP/IP and OSI
L.1 Protocols and Protocol Architectures L.2 The TCP/IP Protocol Architecture L.3 The Role of an Internet Protocol L.4 IPv4 L.5 IPv6 L.6 The OSI Protocol Architecture
Appendix M Java Cryptographic APIs
M.1 Introduction M.2 JCA and JCE Architecture M.3 JCA Classes M.4 JCE Classes M.5 Conclusion and References
xii CONTENTS
Appendix N The Whirlpool Hash Function
N.1 Whirlpool Hash Structure N.2 Block Cipher W N.3 Performance of Whirlpool
Appendix O Data Compression Using ZIP
O.1 Compression Algorithm O.2 Decompression Algorithm
Appendix P PGP Random Number Generation
P.1 True Random Numbers P.2 Pseudorandom Numbers
Appendix Q International Reference Alphabet
Glossary
NOTATION
Symbol Expression Meaning
D, K D1K, Y2 Symmetric decryption of ciphertext using secret key KY
D, PRa D1PRa, Y2 Asymmetric decryption of ciphertext using A’s private key PRaY
D, PUa D1PUa, Y2 Asymmetric decryption of ciphertext using A’s public key PUaY
E, K E1K, X2 Symmetric encryption of plaintext using secret key KX
E, PRa E( , )XPRa Asymmetric encryption of plaintext using A’s private key PRaX
E, PUa E( , )XPUa Asymmetric encryption of plaintext using A’s public key PUaX
K Secret key
PRa Private key of user A
PUa Public key of user A
MAC, K MAC(K, X) Message authentication code of message using secret key KX
GF(p) The finite field of order , where is prime. The field is defined as the set together with the arithmetic operations modulo .pZp
pp
Zn Set of nonnegative integers less than n
gcd gcd( )i, j Greatest common divisor; the largest positive integer that divides both and with no remainder on division.ji
mod mod ma Remainder after division of by ma
mod, K (mod )ma K b mod mod mm = ba
mod, [ (mod )ma [ b mod mod mm Z ba
dlog dloga, p(b) Discrete logarithm of the number for the base (mod )pab
w f(n) The number of positive integers less than and relatively prime to . This is Euler’s totient function.
nn
ß q n
Even the natives have difficulty mastering this peculiar vocabulary.
—The Golden Bough, Sir James George Frazer
xiii
xiv NOTATION
| i | j i divides , which means that there is no remainder when is divided by i
jj
L x L y is approximately equal to yx
x y Exclusive-OR of and for single-bit variables;
Bitwise exclusive-OR of and for multiple-bit variablesyx
yx
: ,; :x; The largest integer less than or equal to x
x S The element is contained in the set S.x
· Á , ak2 A · (a1, a2, The integer A corresponds to the sequence of integers
( , )a2, Á , aka1
xv
PREFACE
“The tie, if I might suggest it, sir, a shade more tightly knotted. One aims at the perfect butterfly effect. If you will permit me —”
“What does it matter, Jeeves, at a time like this? Do you realize that Mr. Little’s domestic happiness is hanging in the scale?”
“There is no time, sir, at which ties do not matter.”
—Very Good, Jeeves! P. G. Wodehouse
In this age of universal electronic connectivity, of viruses and hackers, of electronic eaves- dropping and electronic fraud, there is indeed no time at which security does not matter.Two trends have come together to make the topic of this book of vital interest. First, the explosive growth in computer systems and their interconnections via networks has increased the dependence of both organizations and individuals on the information stored and communi- cated using these systems. This, in turn, has led to a heightened awareness of the need to protect data and resources from disclosure, to guarantee the authenticity of data and messages, and to protect systems from network-based attacks. Second, the disciplines of cryptography and network security have matured, leading to the development of practical, readily available applications to enforce network security.
OBJECTIVES
It is the purpose of this book to provide a practical survey of both the principles and practice of cryptography and network security. In the first part of the book, the basic issues to be addressed by a network security capability are explored by providing a tutorial and survey of cryptography and network security technology. The latter part of the book deals with the practice of network security: practical applications that have been implemented and are in use to provide network security.
The subject, and therefore this book, draws on a variety of disciplines. In particular, it is impossible to appreciate the significance of some of the techniques discussed in this book without a basic understanding of number theory and some results from probability theory. Nevertheless, an attempt has been made to make the book self-contained.The book presents not only the basic mathematical results that are needed but provides the reader with an intuitive understanding of those results. Such background material is introduced as needed. This approach helps to motivate the material that is introduced, and the author considers this preferable to simply presenting all of the mathematical material in a lump at the begin- ning of…
Related Documents
