The
Cryptography and Security Services: Mechanisms and Applications
book is organized into three sections. In sections 1 and 2, crypto systems, security mechanisms, and security services are discussed and reviewed. Section 3 discusses how those crypto services and mechanisms are used in applications such as email security, VPNs, IPsec, TLS, Web services, and wireless security.
The following is a brief description of each chapter:
Chapter1, “Classic Cryptography,” provides a historical perspective of cryptography and code breaking, including some of the techniques employed over the centuries to attempt to encode information. Some early crypto machines and the Vernam Cipher, developed by Gilbert Vernam in 1917, are discussed in this chapter.
Chapter 2, “Information Assurance,” discusses the TCP/IP protocol. When data communications security is discussed in this book, it refers to communications security for the TCP/IP protocol and to the security mechanisms implemented at the different layers of the TCP/IP stack protocol.
Chapter 3, “Number Theory and Finite Fields,” describes certain basic concepts of number theory such as modular arithmetic and congruence, which are necessary for an understanding of Public-Key crypto systems.
Chapter 4, “Confidentiality – Symmetric Encryption,” covers confidentiality using the different types of symmetric encryption stream ciphers and block ciphers. The theory for using shift registers as stream ciphers is also covered in this chapter, as well as DES and Advanced Encryption Standard (AES) block encryption algorithms.
Chapter 5, “Confidentiality – Asymmetric Encryption (Public Key),” covers confidentiality using asymmetric encryption (public key). The most used Public-Key Ciphers, including the Pohlig-Hellman Algorithm, RSA Algorithm, ElGamal Algorithm, and Diffie-Hellman are discussed in this chapter.
Chapter 6, “Integrity and Authentication,” discusses methods that are used to check if a message was modified using hash functions and ways to verify a sender’s identity by using digital signatures.
Chapter 7, “Access Authentication,” describes authentication mechanisms such as (1) IEEE 802.1X Access Control Protocol; (2) Extensible Authentication Protocol (EAP) and EAP methods; (3) Traditional Passwords; (4) Remote Authentication Dial-in- Service (RADIUS); (5) Kerberos Authentication Service; and (6) X.509 Authentication.
Chapter 8, “Elliptic Curve Cryptography,” covers ECC Public-Key crypto systems, which offer the same level of security as other public-key cryptosystems, but with smaller key sizes. This chapter is written for those with some knowledge of cryptography and public-key systems who want a quick understanding of the basic concepts and definitions of Elliptic Curve Cryptography.
Chapter 9, “Certificates and Public-Key Architecture,” discusses how the authenticity of a public-key is guaranteed by using certificates signed by a Certificate Authority. When Public-Key is used, it is necessary to have a comprehensive system that provides public-key encryption and digital signature services to ensure confidentiality, access control, data integrity, authentication, and non-repudiation. That system, called Public-Key
Infrastructure or PKI, is also discussed in this chapter.
Chapter 10, “Electronic Mail Security,” covers two ways of securing electronic mail, Secure MIME and Pretty Good Privacy (PGP).
Chapter 11, “VPNs and IPsec,” covers Virtual Private Networks (VPNs), which emulate a private Wide Area Network (WAN) facility using IP networks, such as the public Internet, or private IP backbones. IPsec, also covered in this chapter, provides security services at the IP network layer such as data origin authentication, access control, confidentiality (encryption), connectionless integrity, rejection of replayed packets (a form of partial
sequence integrity), and limited traffic flow confidentiality.
Chapter 12, “TLS, SSL, Secure Electronic Transactions (SET),” describes how Transport Layer Security (TLS) or Secure Socket Layer (SSL) protocols are used to secure an Internet transaction between a secure Web server and a client’s computer that is using a Web browser. Secure Electronic Transaction (SET), a secure payment process that was proposed by VISA and MasterCard, is also described.
Chapter 13, “Web Services,” explains Web services and open standards such as Extensible Markup Language (XML), and Simple Object Access Protocol (SOAP). The following Web services mechanisms are also discussed in this chapter: (1) XML Encryption, XML Signature, and XML Key Management Specification (XKMS); (2) Security Association Markup Language (SAML), and Web Services Security (WS-Security).
Chapter 14, “Wireless Security,” discusses the three primary categories of wireless networks: Wireless Local Area Network (WLAN), Wireless Metropolitan-Area Network (WMAN), and Wireless Personal Area Network (WPAN), as well as the security services and mechanisms for each of them.