Information Security Principles and Practices (version 2nd)

Original Title: Information security: Principles and Practice, 2nd Edition Author: (US) Mark stamp Translator: Zhang Ge series name: classic Security Technology Translation Press: Tsinghua University Press ISBN: 9787302317852 Release Date: May 2013 published: 16 open pages: 463 versions: 1-1 category: computer> Security> data security more about Information Security Principles and Practices (version 2nd) computer books are now updated-Information Security Guidelines for the 21st century-information security is a rapidly developing field. Focusing on the most modern security issues, covering a wide range of fresh information, this fully updated and comprehensively revised information security Principles and Practices (2nd edition) provides readers with the necessary knowledge and skills to solve any information security problems. The main content is to focus on real-world vivid examples and adopt a practical information security narration method. This article describes the principles and practices of information security (2nd) it is organized around the following four important topics: Cryptography technology: including the classic cryptographic system, symmetric key encryption technology, public key encryption technology, hash function, random number Technology, Information Hiding Technology, and password analysis technology. Access control: including identity authentication and authorization, password-based security, access control list and access capability list, multi-level security and separation technology, hidden channel and interface control, security models such as BLP and Biba, firewalls, and intrusion detection systems. Protocol: includes simple identity authentication protocol, session key, full forward secrecy, timestamp technology, SSH protocol, SSL protocol, IPSec protocol, Kerberos protocol, WEP protocol, and GSM protocol. Software Security: includes software defects and malware, buffer overflow, viruses and worms, Malware detection, software reverse engineering, digital copyright management, security software development, and operating system security. In "Information Security Principles and Practices (2nd edition)" 2nd edition, some new contents are introduced in particular, the security topics involved include the SSH protocol and WEP protocol, the actual RSA Timing Attack technology, botnets, and security certificates. At the same time, we have added some new background knowledge, including the enigma cryptographic machine and some content about the security concept of the classic "Orange Book. In addition, this book has a major feature, that is, to greatly expand and update after-school thinking questions, and to add a number of new diagrams, tables, and graphics to clarify and clarify some complex theme and problems. Finally, for course development, there is also a comprehensive set of PowerPoint slides and Question Answering manuals for classroom testing. Contents of Information Security Principles and Practices (version 2nd) chapter 1st introduction 11.1 role list 11.2 of Alice's online banking 21.2.1 confidentiality, integrity and availability 21.2.2 not all CIA 31.3 of this book about 41.3.1 Cryptography technology 51.3.2 Access Control 51.3.3 protocol 61.3.4 71.4 persons of software security question 71.5 principles and practices 81.6 questions 9 part I encryption Chapter 1 encryption basics 2nd introduction 172.1 what is "encryption" 172.2 classic encryption 192.3.1 simple password replacement 1272.3.2 simple password replacement analysis 222.3.3 security definition 232.3.4 dual-switch password 232.3.5 one-time password book 242.3.6 venona project 282.3.7 telegraph password book 292.3.8 1876 election password 312.4 History of Modern encryption technology 332.5 classification of encryption technology 352.6 classification of password Analysis Technology 372.7 conclusion 382.8 questions 38 chapter 2 symmetric key encryption 3rd introduction 453.1 stream password encryption 463.2.1 A5/1 algorithm 473.2.2 RC4 algorithm 453.2 group password encryption 503.3.1 feistel password 503.3.2 des513.3.3 triple des573.3.4 aes593.3.5 other three group password encryption algorithms 613.3.6 tea Algorithm 623.3.7 grouping password encryption mode 633.4 integrity 673.5 summary 693.6 questions 69 chapter 4th public key encryption 774.1 introduction 774.2 backpack encryption solution 794.3 rsa2.16.3.1 textbook-style RSA System example 844.3.2 repeated square method 854.3.3 acceleration RSA encryption system 864.4 Diffie-Hellman Key Exchange Algorithm 874.5 Elliptic Curve Encryption 894.5.1 mathematical principle of Elliptic Curve 894.5.2 Diffie-Hellman Key Exchange Solution Based on Elliptic Curve 914.5.3 real-world elliptic curve encryption case 924.6 public key system representation Method 934.7 application of public key encryption system 934.7.1 confidentiality in the real world 944.7.2 digital signature and non-repudiation 944.7.3 confidentiality and non-repudiation 954.8 Public Key Infrastructure 974.9 summary 994.10 questions 100 chapter hash functions and others 1095.1 introduction 1095.2 what is an encrypted hash function 1105.3 birthday issue 1115.4 birthday attack 1135.5 non-encrypted hash 1135.6 tiger hash1155.7 hmac1205.8 purpose of the hash function 1215.8.1 online bid 1225.8.2 spam Drag Reduction 1225.9 others and Encryption related Topics Secret Sharing 1245.9.2 random number 1275.9.3 Information Hiding 1295.10 summary 1335.11 questions 134 chapter 6th advanced password analysis 1456.1 introduction 1456.2 enigma cryptographic Machine Analysis 1466.2.1 enigma cryptographic machine 1476.2.2 enigma key space 1496.2.3 rotor 1516.2.4 to Enigma password server attack 1536.3 rc41556.3.1 RC4 algorithm 1566.3.2 RC4 password analysis attack 1576.3.3 RC4 attack prevention 1616.4 linear and differential password analysis 1616.4.1 Data Encryption Standard des quick view 1626.4.2 differential password Analysis overview 1636.4.3 linear password analysis overview 1656.4.4 tiny des1666.4.5 differential password Analysis for TDES encryption scheme 1696.4.6 linear password Analysis for TDES encryption scheme attack 1736.4.7 tip 1756.5 protocol and backpack for group encryption scheme design encryption 1766.6 RSA Timing Attack 1826.6.1 a simple Timing Attack 1836.6.2 Kocher Timing Attack 1856.7 summary 1896.8 questions 189 Part II Access Control 7th chapter authentication 1997.1 introduction 1997.2 identity authentication method 2007.3 password 2007.3.1 key and password 2017.3.2 password selection 2027.3.3 Mathematical Analysis in password cracking 2037.3.4 password verification 2047.3.5 password analysis 2057.3.6 other password problems 2087.4 biometric technology 2097.4.1 error classification 2117.4.2 biometric technology instance 2127.4.3 feature Technology error rate 2167.4.4 biometric technology summary 2167.5 proof of identity 2177.6 two-factor authentication 2187.7 Single Sign-on and web cookie2187.8 summary 2197.9 questions 220 chapter 8th authorization 2298.1 introduction 2298.2 introduction to the development history of authorization technology 2308.2.1 apsara stack 2308.2.2 general guidelines 2338.3 access control matrix 2348.3.1 Access Control List and access capability list 2348.3.2 obfuscators 2368.4 multi-level security model 2378.4.1 bell-LaPadula model 2388.4.2 Biba model 2408.5 separated items (compartment) 2418.6 hidden channel 2428.7 Reasoning Control 2448.8 captcha2458.9 firewall 2478.9.1 packet filtering Firewall 2488.9.2 stateful packet filtering Firewall 2508.9.3 application proxy 2508.9.4 Personal Firewall 2528.9.5 deep defense 2528.10 Intrusion Detection System 2538.10.1 feature-based Intrusion Detection System 2548.10.2 anomaly-based Intrusion Detection System 2558.11 summary 2598.12 questions 259 Part III protocol Chapter 1 simple authentication protocol 9th introduction 2699.1 simple security protocol 2699.2 authentication protocol 2729.3.1 Using symmetric keys for authentication 2759.3.2 using public keys authentication 2789.3.3 session key 2799.3.4 fully forward confidentiality (perfect forward secrecy) 2819.3.5 mutual authentication, session key and pfs2839.3.6 timestamp 2839.4 identity authentication and TCP protocol 2859.5 zero knowledge proof 2879.6 best authentication protocol 2919.7 summary 2919.8 questions 291 Chapter 10th real-world security protocol 301