You are previewing Network Security: Private Communication in a Public World, Second Edition.
O'Reilly logo
Network Security: Private Communication in a Public World, Second Edition

Book Description

The classic guide to network security—now fully updated!"Bob and Alice are back!"

Widely regarded as the most comprehensive yet comprehensible guide to network security, the first edition of Network Security received critical acclaim for its lucid and witty explanations of the inner workings of network security protocols. In the second edition, this most distinguished of author teams draws on hard-won experience to explain the latest developments in this field that has become so critical to our global network-dependent society.

Network Security, Second Edition brings together clear, insightful, and clever explanations of every key facet of information security, from the basics to advanced cryptography and authentication, secure Web and email services, and emerging security standards. Coverage includes:

  • All-new discussions of the Advanced Encryption Standard (AES), IPsec, SSL, and Web security

  • Cryptography: In-depth, exceptionally clear introductions to secret and public keys, hashes, message digests, and other crucial concepts

  • Authentication: Proving identity across networks, common attacks against authentication systems, authenticating people, and avoiding the pitfalls of authentication handshakes

  • Core Internet security standards: Kerberos 4/5, IPsec, SSL, PKIX, and X.509

  • Email security: Key elements of a secure email system-plus detailed coverage of PEM, S/MIME, and PGP

  • Web security: Security issues associated with URLs, HTTP, HTML, and cookies

  • Security implementations in diverse platforms, including Windows, NetWare, and Lotus Notes

  • The authors go far beyond documenting standards and technology: They contrast competing schemes, explain strengths and weaknesses, and identify the crucial errors most likely to compromise secure systems. Network Security will appeal to a wide range of professionals, from those who design or evaluate security systems to system administrators and programmers who want a better understanding of this important field. It can also be used as a textbook at the graduate or advanced undergraduate level.

    Prentice Hall Series in Computer Networking and Distributed Systems

    Table of Contents

    1. Copyright
      1. Dedication
    2. The Radia Perlman Series in Computer Networking and Security
    3. Acknowledgments
    4. 1. Introduction
      1. 1.1. Roadmap to the Book
      2. 1.2. What Type of Book Is This?
      3. 1.3. Terminology
      4. 1.4. Notation
      5. 1.5. Primer on Networking
        1. 1.5.1. OSI Reference Model
        2. 1.5.2. IP, UDP, and TCP
        3. 1.5.3. Directory Service
        4. 1.5.4. Replicated Services
        5. 1.5.5. Packet Switching
        6. 1.5.6. Network Components
        7. 1.5.7. Destinations: Ultimate and Next-Hop
        8. 1.5.8. Address Structure
      6. 1.6. Active vs. Passive Attacks
      7. 1.7. Layers and Cryptography
      8. 1.8. Authorization
      9. 1.9. Tempest
      10. 1.10. Key Escrow for Law Enforcement
      11. 1.11. Key Escrow for Careless Users
      12. 1.12. Viruses, Worms, Trojan Horses
        1. 1.12.1. Where Do They Come From?
        2. 1.12.2. Spreading Pests from Machine to Machine
        3. 1.12.3. Virus Checkers
        4. 1.12.4. What Can We Do Today?
        5. 1.12.5. Wish List for the Future
      13. 1.13. The Multi-Level Model of Security
        1. 1.13.1. Mandatory (Nondiscretionary) Access Controls
        2. 1.13.2. Levels of Security
        3. 1.13.3. Mandatory Access Control Rules
        4. 1.13.4. Covert Channels
        5. 1.13.5. The Orange Book
        6. 1.13.6. Successors to the Orange Book
      14. 1.14. Legal Issues
        1. 1.14.1. Patents
        2. 1.14.2. Export Controls
    5. 1. Cryptography
      1. 2. Introduction to Cryptography
        1. 2.1. What Is Cryptography?
          1. 2.1.1. Computational Difficulty
          2. 2.1.2. To Publish or Not to Publish
          3. 2.1.3. Secret Codes
        2. 2.2. Breaking an Encryption Scheme
          1. 2.2.1. Ciphertext Only
          2. 2.2.2. Known Plaintext
          3. 2.2.3. Chosen Plaintext
        3. 2.3. Types of Cryptographic Functions
        4. 2.4. Secret Key Cryptography
          1. 2.4.1. Security Uses of Secret Key Cryptography
          2. 2.4.2. Transmitting Over an Insecure Channel
          3. 2.4.3. Secure Storage on Insecure Media
          4. 2.4.4. Authentication
          5. 2.4.5. Integrity Check
        5. 2.5. Public Key Cryptography
          1. 2.5.1. Security Uses of Public Key Cryptography
          2. 2.5.2. Transmitting Over an Insecure Channel
          3. 2.5.3. Secure Storage on Insecure Media
          4. 2.5.4. Authentication
          5. 2.5.5. Digital Signatures
        6. 2.6. Hash Algorithms
          1. 2.6.1. Password Hashing
          2. 2.6.2. Message Integrity
          3. 2.6.3. Message Fingerprint
          4. 2.6.4. Downline Load Security
          5. 2.6.5. Digital Signature Efficiency
        7. 2.7. Homework
      2. 3. Secret Key Cryptography
        1. 3.1. Introduction
        2. 3.2. Generic Block Encryption
        3. 3.3. Data Encryption Standard (DES)
          1. 3.3.1. DES Overview
          2. 3.3.2. The Permutations of the Data
          3. 3.3.3. Generating the Per-Round Keys
          4. 3.3.4. A DES Round
          5. 3.3.5. The Mangler Function
          6. 3.3.6. Weak and Semi-Weak Keys
          7. 3.3.7. What’s So Special About DES?
        4. 3.4. International Data Encryption Algorithm (IDEA)
          1. 3.4.1. Primitive Operations
          2. 3.4.2. Key Expansion
          3. 3.4.3. One Round
            1. 3.4.3.1. Odd Round
            2. 3.4.3.2. Even Round
          4. 3.4.4. Inverse Keys for Decryption
          5. 3.4.5. Does IDEA Work?
        5. 3.5. Advanced Encryption Standard (AES)
          1. 3.5.1. Basic Structure
          2. 3.5.2. Primitive Operations
            1. 3.5.2.1. What about the inverse cipher?
          3. 3.5.3. Key Expansion
          4. 3.5.4. Rounds
          5. 3.5.5. Inverse Rounds
          6. 3.5.6. Optimization
        6. 3.6. RC4
        7. 3.7. Homework
      3. 4. Modes of Operation
        1. 4.1. Introduction
        2. 4.2. Encrypting a Large Message
          1. 4.2.1. Electronic Code Book (ECB)
          2. 4.2.2. Cipher Block Chaining (CBC)
            1. 4.2.2.1. CBC Threat 1—Modifying Ciphertext Blocks
            2. 4.2.2.2. CBC Threat 2—Rearranging Ciphertext Blocks
          3. 4.2.3. Output Feedback Mode (OFB)
          4. 4.2.4. Cipher Feedback Mode (CFB)
          5. 4.2.5. Counter Mode (CTR)
        3. 4.3. Generating MACs
          1. 4.3.1. Ensuring Privacy and Integrity Together
          2. 4.3.2. CBC with a Weak Cryptographic Checksum
          3. 4.3.3. CBC Encryption and CBC Residue with Related Keys
          4. 4.3.4. CBC with a Cryptographic Hash
          5. 4.3.5. Offset Codebook Mode (OCB)
        4. 4.4. Multiple Encryption DES
          1. 4.4.1. How Many Encryptions?
            1. 4.4.1.1. Encrypting Twice with the Same Key
            2. 4.4.1.2. Encrypting Twice with Two Keys
            3. 4.4.1.3. Triple Encryption with only Two Keys
          2. 4.4.2. CBC Outside vs. Inside
        5. 4.5. Homework
      4. 5. Hashes and Message Digests
        1. 5.1. Introduction
        2. 5.2. Nifty Things to Do with a Hash
          1. 5.2.1. Authentication
          2. 5.2.2. Computing a MAC with a Hash
          3. 5.2.3. Encryption with a Message Digest
            1. 5.2.3.1. Generating a One-Time Pad
            2. 5.2.3.2. Mixing In the Plaintext
          4. 5.2.4. Using Secret Key for a Hash
            1. 5.2.4.1. UNIX Password Hash
            2. 5.2.4.2. Hashing Large Messages
        3. 5.3. MD2
          1. 5.3.1. MD2 Padding
          2. 5.3.2. MD2 Checksum Computation
          3. 5.3.3. MD2 Final Pass
        4. 5.4. MD4
          1. 5.4.1. MD4 Message Padding
          2. 5.4.2. Overview of MD4 Message Digest Computation
          3. 5.4.3. MD4 Message Digest Pass 1
          4. 5.4.4. MD4 Message Digest Pass 2
          5. 5.4.5. MD4 Message Digest Pass 3
        5. 5.5. MD5
          1. 5.5.1. MD5 Message Padding
          2. 5.5.2. Overview of MD5 Message Digest Computation
          3. 5.5.3. MD5 Message Digest Pass 1
          4. 5.5.4. MD5 Message Digest Pass 2
          5. 5.5.5. MD5 Message Digest Pass 3
          6. 5.5.6. MD5 Message Digest Pass 4
        6. 5.6. SHA-1
          1. 5.6.1. SHA-1 Message Padding
          2. 5.6.2. Overview of SHA-1 Message Digest Computation
          3. 5.6.3. SHA-1 Operation on a 512-bit Block
        7. 5.7. HMAC
        8. 5.8. Homework
      5. 6. Public Key Algorithms
        1. 6.1. Introduction
        2. 6.2. Modular Arithmetic
          1. 6.2.1. Modular Addition
          2. 6.2.2. Modular Multiplication
          3. 6.2.3. Modular Exponentiation
        3. 6.3. RSA
          1. 6.3.1. RSA Algorithm
          2. 6.3.2. Why Does RSA Work?
          3. 6.3.3. Why Is RSA Secure?
          4. 6.3.4. How Efficient Are the RSA Operations?
            1. 6.3.4.1. Exponentiating with Big Numbers
            2. 6.3.4.2. Generating RSA Keys
              1. 6.3.4.2.1. Finding Big Primes p and q
              2. 6.3.4.2.2. Finding d and e
            3. 6.3.4.3. Having a Small Constant e
            4. 6.3.4.4. Optimizing RSA Private Key Operations
          5. 6.3.5. Arcane RSA Threats
            1. 6.3.5.1. Smooth Numbers
            2. 6.3.5.2. The Cube Root Problem
          6. 6.3.6. Public-Key Cryptography Standard (PKCS)
            1. 6.3.6.1. Encryption
            2. 6.3.6.2. Encryption—Take 2
            3. 6.3.6.3. Signing
        4. 6.4. Diffie-Hellman
          1. 6.4.1. The Bucket Brigade/Man-in-the-Middle Attack
          2. 6.4.2. Defenses Against Man-in-the-Middle Attack
            1. 6.4.2.1. Published Diffie-Hellman Numbers
            2. 6.4.2.2. Authenticated Diffie-Hellman
          3. 6.4.3. Encryption with Diffie-Hellman
          4. 6.4.4. ElGamal Signatures
          5. 6.4.5. Diffie-Hellman Details—Safe Primes
        5. 6.5. Digital Signature Standard (DSS)
          1. 6.5.1. The DSS Algorithm
          2. 6.5.2. Why Does the Verification Procedure Work?
          3. 6.5.3. Why Is This Secure?
          4. 6.5.4. The DSS Controversy
          5. 6.5.5. Per-Message Secret Number
        6. 6.6. How Secure Are RSA and Diffie-Hellman?
        7. 6.7. Elliptic Curve Cryptography (ECC)
        8. 6.8. Zero Knowledge Proof Systems
          1. 6.8.1. Zero Knowledge Signatures
        9. 6.9. Homework Problems
      6. 7. Number Theory
        1. 7.1. Introduction
        2. 7.2. Modular Arithmetic
        3. 7.3. Primes
        4. 7.4. Euclid’s Algorithm
          1. 7.4.1. Finding Multiplicative Inverses in Modular Arithmetic
        5. 7.5. Chinese Remainder Theorem
        6. 7.6. Zn*
        7. 7.7. Euler’s Totient Function
        8. 7.8. Euler’s Theorem
          1. 7.8.1. A Generalization of Euler’s Theorem
        9. 7.9. Homework Problems
      7. 8. Math with AES and Elliptic Curves
        1. 8.1. Introduction
        2. 8.2. Notation
        3. 8.3. Groups
        4. 8.4. Fields
          1. 8.4.1. Polynomials
          2. 8.4.2. Finite Fields
            1. 8.4.2.1. What Sizes Can Finite Fields Be?
            2. 8.4.2.2. Representing a Field
        5. 8.5. Mathematics of Rijndael
          1. 8.5.1. A Rijndael Round
        6. 8.6. Elliptic Curve Cryptography
        7. 8.7. Homework
    6. 2. Authentication
      1. 9. Overview of Authentication Systems
        1. 9.1. Password-Based Authentication
          1. 9.1.1. Off- vs. On-Line Password Guessing
          2. 9.1.2. Storing User Passwords
        2. 9.2. Address-Based Authentication
          1. 9.2.1. Network Address Impersonation
        3. 9.3. Cryptographic Authentication Protocols
        4. 9.4. Who Is Being Authenticated?
        5. 9.5. Passwords as Cryptographic Keys
        6. 9.6. Eavesdropping and Server Database Reading
        7. 9.7. Trusted Intermediaries
          1. 9.7.1. KDCs
          2. 9.7.2. Certification Authorities (CAs)
          3. 9.7.3. Certificate Revocation
          4. 9.7.4. Multiple Trusted Intermediaries
            1. 9.7.4.1. Multiple KDC Domains
            2. 9.7.4.2. Multiple CA Domains
        8. 9.8. Session Key Establishment
        9. 9.9. Delegation
        10. 9.10. Homework
      2. 10. Authentication of People
        1. 10.1. Passwords
        2. 10.2. On-Line Password Guessing
        3. 10.3. Off-Line Password Guessing
        4. 10.4. How Big Should a Secret Be?
        5. 10.5. Eavesdropping
        6. 10.6. Passwords and Careless Users
          1. 10.6.1. Using a Password in Multiple Places
          2. 10.6.2. Requiring Frequent Password Changes
          3. 10.6.3. A Login Trojan Horse to Capture Passwords
          4. 10.6.4. Non-Login Use of Passwords
        7. 10.7. Initial Password Distribution
        8. 10.8. Authentication Tokens
        9. 10.9. Physical Access
        10. 10.10. Biometrics
        11. 10.11. Homework
      3. 11. Security Handshake Pitfalls
        1. 11.1. Login Only
          1. 11.1.1. Shared Secret
          2. 11.1.2. One-Way Public Key
        2. 11.2. Mutual Authentication
          1. 11.2.1. Reflection Attack
          2. 11.2.2. Password Guessing
          3. 11.2.3. Public Keys
          4. 11.2.4. Timestamps
        3. 11.3. Integrity/Encryption for Data
          1. 11.3.1. Shared Secret
          2. 11.3.2. Two-Way Public Key Based Authentication
          3. 11.3.3. One-Way Public Key Based Authentication
          4. 11.3.4. Privacy and Integrity
        4. 11.4. Mediated Authentication (with KDC)
          1. 11.4.1. Needham-Schroeder
          2. 11.4.2. Expanded Needham-Schroeder
          3. 11.4.3. Otway-Rees
        5. 11.5. Nonce Types
        6. 11.6. Picking Random Numbers
        7. 11.7. Performance Considerations
        8. 11.8. Authentication Protocol Checklist
        9. 11.9. Homework
      4. 12. Strong Password Protocols
        1. 12.1. Introduction
        2. 12.2. Lamport’s Hash
        3. 12.3. Strong Password Protocols
          1. 12.3.1. The Basic Form
          2. 12.3.2. Subtle Details
          3. 12.3.3. Augmented Strong Password Protocols
          4. 12.3.4. SRP (Secure Remote Password)
        4. 12.4. Strong Password Credentials Download Protocols
        5. 12.5. Homework
    7. 3. Standards
      1. 13. Kerberos V4
        1. 13.1. Introduction
        2. 13.2. Tickets and Ticket-Granting Tickets
        3. 13.3. Configuration
        4. 13.4. Logging Into the Network
          1. 13.4.1. Obtaining a Session Key and TGT
          2. 13.4.2. Alice Asks to Talk to a Remote Node
        5. 13.5. Replicated KDCs
        6. 13.6. Realms
        7. 13.7. Interrealm Authentication
        8. 13.8. Key Version Numbers
        9. 13.9. Encryption for Privacy and Integrity
        10. 13.10. Encryption for Integrity Only
        11. 13.11. Network Layer Addresses in Tickets
        12. 13.12. Message Formats
          1. 13.12.1. Tickets
          2. 13.12.2. Authenticators
          3. 13.12.3. Credentials
          4. 13.12.4. AS_REQ
          5. 13.12.5. TGS_REQ
          6. 13.12.6. AS_REP and TGS_REP
          7. 13.12.7. Error Reply from KDC
          8. 13.12.8. AP_REQ
          9. 13.12.9. AP_REP
          10. 13.12.10. Encrypted Data (KRB_PRV)
          11. 13.12.11. Integrity-Checked Data (SAFE)
          12. 13.12.12. AP_ERR
        13. 13.13. Homework
      2. 14. Kerberos V5
        1. 14.1. ASN.1
        2. 14.2. Names
        3. 14.3. Delegation of Rights
        4. 14.4. Ticket Lifetimes
          1. 14.4.1. Renewable Tickets
          2. 14.4.2. Postdated Tickets
        5. 14.5. Key Versions
        6. 14.6. Making Master Keys in Different Realms Different
        7. 14.7. Optimizations
        8. 14.8. Cryptographic Algorithms
          1. 14.8.1. Integrity-Only Algorithms
            1. 14.8.1.1. rsa-md5-des
            2. 14.8.1.2. des-mac
            3. 14.8.1.3. des-mac-k
            4. 14.8.1.4. rsa-md4-des
            5. 14.8.1.5. rsa-md4-des-k
          2. 14.8.2. Encryption for Privacy and Integrity
        9. 14.9. Hierarchy of Realms
        10. 14.10. Evading Password-Guessing Attacks
        11. 14.11. Key Inside Authenticator
        12. 14.12. Double TGT Authentication
        13. 14.13. PKINIT—Public Keys for Users
        14. 14.14. KDC Database
        15. 14.15. Kerberos V5 Messages
          1. 14.15.1. Authenticator
          2. 14.15.2. Ticket
          3. 14.15.3. AS_REQ
          4. 14.15.4. TGS_REQ
          5. 14.15.5. AS_REP
          6. 14.15.6. TGS_REP
          7. 14.15.7. AP_REQ
          8. 14.15.8. AP_REP
          9. 14.15.9. KRB_SAFE
          10. 14.15.10. KRB_PRIV
          11. 14.15.11. KRB_CRED
          12. 14.15.12. KRB_ERROR
        16. 14.16. Homework
      3. 15. PKI (Public Key Infrastructure)
        1. 15.1. Introduction
        2. 15.2. Some Terminology
        3. 15.3. PKI Trust Models
          1. 15.3.1. Monopoly Model
          2. 15.3.2. Monopoly plus Registration Authorities (RAs)
          3. 15.3.3. Delegated CAs
          4. 15.3.4. Oligarchy
          5. 15.3.5. Anarchy Model
          6. 15.3.6. Name Constraints
          7. 15.3.7. Top-Down with Name Constraints
          8. 15.3.8. Bottom-Up with Name Constraints
          9. 15.3.9. Relative Names
          10. 15.3.10. Name Constraints in Certificates
          11. 15.3.11. Policies in Certificates
        4. 15.4. Revocation
          1. 15.4.1. Revocation Mechanisms
            1. 15.4.1.1. Delta CRLs
            2. 15.4.1.2. First Valid Certificate
          2. 15.4.2. OLRS Schemes
          3. 15.4.3. Good-lists vs. Bad-lists
        5. 15.5. Directories and PKI
          1. 15.5.1. Store Certificates with Subject or Issuer?
          2. 15.5.2. Finding Certificate Chains
        6. 15.6. PKIX and X.509
          1. 15.6.1. Names
          2. 15.6.2. OIDs
          3. 15.6.3. Specification of Time
        7. 15.7. X.509 and PKIX Certificates
          1. 15.7.1. X.509 and PKIX CRLs
        8. 15.8. Authorization Futures
          1. 15.8.1. ACL (Access Control List)
          2. 15.8.2. Central Administration/Capabilities
          3. 15.8.3. Groups
            1. 15.8.3.1. Cross-Organizational and Nested Groups
          4. 15.8.4. Roles
          5. 15.8.5. Anonymous Groups
        9. 15.9. Homework
      4. 16. Real-Time Communication Security
        1. 16.1. What Layer?
        2. 16.2. Session Key Establishment
        3. 16.3. Perfect Forward Secrecy
        4. 16.4. PFS-Foilage
        5. 16.5. Denial-of-Service/Clogging Protection
          1. 16.5.1. Cookies
          2. 16.5.2. Puzzles
        6. 16.6. Endpoint Identifier Hiding
        7. 16.7. Live Partner Reassurance
        8. 16.8. Arranging for Parallel Computation
        9. 16.9. Session Resumption
        10. 16.10. Plausible Deniability
        11. 16.11. Data Stream Protection
        12. 16.12. Negotiating Crypto Parameters
        13. 16.13. Easy Homework
        14. 16.14. Homework
      5. 17. IPsec: AH and ESP
        1. 17.1. Overview of IPsec
          1. 17.1.1. Security Associations
          2. 17.1.2. Security Association Database
          3. 17.1.3. Security Policy Database
          4. 17.1.4. AH and ESP
          5. 17.1.5. Tunnel, Transport Mode
          6. 17.1.6. Why Protect the IP Header?
        2. 17.2. IP and IPv6
          1. 17.2.1. NAT (Network Address Translation)
          2. 17.2.2. Firewalls
          3. 17.2.3. IPv4 Header
          4. 17.2.4. IPv6 Header
        3. 17.3. AH (Authentication Header)
          1. 17.3.1. Mutable, Immutable
          2. 17.3.2. Mutable but Predictable
        4. 17.4. ESP (Encapsulating Security Payload)
        5. 17.5. So, Do We Need AH?
        6. 17.6. Comparison of Encodings
        7. 17.7. Easy Homework
        8. 17.8. Homework
      6. 18. IPsec: IKE
        1. 18.1. Photuris
        2. 18.2. SKIP
        3. 18.3. History of IKE
        4. 18.4. IKE Phases
        5. 18.5. Phase 1 IKE
          1. 18.5.1. Aggressive Mode and Main Mode
          2. 18.5.2. Key Types
          3. 18.5.3. Proof of Identity
          4. 18.5.4. Cookie Issues
          5. 18.5.5. Negotiating Cryptographic Parameters
          6. 18.5.6. Session Keys
          7. 18.5.7. Message IDs
          8. 18.5.8. Phase 2/Quick Mode
          9. 18.5.9. Traffic Selectors
          10. 18.5.10. The IKE Phase 1 Protocols
            1. 18.5.10.1. Public Signature Keys, Main Mode
            2. 18.5.10.2. Public Signature Keys, Aggressive Mode
            3. 18.5.10.3. Public Encryption Key, Main Mode, Original
            4. 18.5.10.4. Public Encryption Key, Aggressive Mode, Original
            5. 18.5.10.5. Public Encryption Key, Main Mode, Revised
            6. 18.5.10.6. Public Encryption Key, Aggressive Mode, Revised
            7. 18.5.10.7. Shared Secret Key, Main Mode
            8. 18.5.10.8. Shared Secret Key, Aggressive Mode
        6. 18.6. Phase-2 IKE: Setting up IPsec SAs
        7. 18.7. ISAKMP/IKE Encoding
          1. 18.7.1. Fixed Header
          2. 18.7.2. Payload Portion of ISAKMP Messages
          3. 18.7.3. SA Payload
            1. 18.7.3.1. Ps and Ts within the SA Payload
            2. 18.7.3.2. Payload Length in SA, P, and T Payloads
            3. 18.7.3.3. Type of Next Payload
            4. 18.7.3.4. SA Payload Fields
          4. 18.7.4. P Payload
          5. 18.7.5. T Payload
          6. 18.7.6. KE Payload
          7. 18.7.7. ID Payload
          8. 18.7.8. Cert Payload
          9. 18.7.9. Certificate Request Payload
          10. 18.7.10. Hash/Signature/Nonce Payloads
          11. 18.7.11. Notify Payload
          12. 18.7.12. Vendor ID Payload
        8. 18.8. Homework
      7. 19. SSL/TLS
        1. 19.1. Introduction
        2. 19.2. Using TCP
        3. 19.3. Quick History
        4. 19.4. SSL/TLS Basic Protocol
        5. 19.5. Session Resumption
        6. 19.6. Computing the Keys
        7. 19.7. Client Authentication
        8. 19.8. PKI as Deployed by SSL
        9. 19.9. Version Numbers
        10. 19.10. Negotiating Cipher Suites
          1. 19.10.1. Who Makes the Decision?
          2. 19.10.2. Cipher Suite Names
        11. 19.11. Negotiating Compression Method
        12. 19.12. Attacks Fixed in v3
          1. 19.12.1. Downgrade Attack
          2. 19.12.2. Truncation Attack
        13. 19.13. Exportability
          1. 19.13.1. Exportability in SSLv2
          2. 19.13.2. Exportability in SSLv3
          3. 19.13.3. Server Gated Cryptography/Step-Up
        14. 19.14. Encoding
          1. 19.14.1. Encrypted Records
          2. 19.14.2. Handshake Messages
            1. 19.14.2.1. ClientHello
            2. 19.14.2.2. ServerHello
            3. 19.14.2.3. ServerHelloDone
            4. 19.14.2.4. ClientKeyExchange
            5. 19.14.2.5. ServerKeyExchange
            6. 19.14.2.6. CertificateRequest
            7. 19.14.2.7. Certificate
            8. 19.14.2.8. CertificateVerify
            9. 19.14.2.9. HandshakeFinished
          3. 19.14.3. ChangeCipherSpec
          4. 19.14.4. Alerts
        15. 19.15. Further Reading
        16. 19.16. Easy Homework
        17. 19.17. Homework
    8. 4. Electronic Mail
      1. 20. Electronic Mail Security
        1. 20.1. Distribution Lists
        2. 20.2. Store and Forward
        3. 20.3. Security Services for Electronic Mail
        4. 20.4. Establishing Keys
          1. 20.4.1. Establishing Public Keys
          2. 20.4.2. Establishing Secret Keys
        5. 20.5. Privacy
          1. 20.5.1. End-to-End Privacy
          2. 20.5.2. Privacy with Distribution List Exploders
        6. 20.6. Authentication of the Source
          1. 20.6.1. Source Authentication Based on Public Key Technology
          2. 20.6.2. Source Authentication Based on Secret Keys
          3. 20.6.3. Source Authentication with Distribution Lists
        7. 20.7. Message Integrity
          1. 20.7.1. Message Integrity without Source Authentication
        8. 20.8. Non-Repudiation
          1. 20.8.1. Non-Repudiation Based on Public Key Technology
          2. 20.8.2. Plausible Deniability Based on Public Key Technology
          3. 20.8.3. Non-Repudiation with Secret Keys
        9. 20.9. Proof of Submission
        10. 20.10. Proof of Delivery
        11. 20.11. Message Flow Confidentiality
        12. 20.12. Anonymity
        13. 20.13. Containment
        14. 20.14. Annoying Text Format Issues
          1. 20.14.1. Disguising Data as Text
        15. 20.15. Names and Addresses
        16. 20.16. Verifying When a Message was Really Sent
          1. 20.16.1. Preventing Backdating
          2. 20.16.2. Preventing Postdating
        17. 20.17. Homework
      2. 21. PEM & S/MIME
        1. 21.1. Introduction
        2. 21.2. Structure of a PEM Message
        3. 21.3. Establishing Keys
        4. 21.4. Some PEM History
        5. 21.5. PEM Certificate Hierarchy
        6. 21.6. Certificate Revocation Lists (CRLs)
        7. 21.7. Reformatting Data to Get Through Mailers
        8. 21.8. General Structure of a PEM Message
        9. 21.9. Encryption
        10. 21.10. Source Authentication and Integrity Protection
        11. 21.11. Multiple Recipients
        12. 21.12. Bracketing PEM Messages
        13. 21.13. Forwarding and Enclosures
          1. 21.13.1. Forwarding a Message
        14. 21.14. Unprotected Information
        15. 21.15. Message Formats
          1. 21.15.1. ENCRYPTED, Public Key Variant
          2. 21.15.2. ENCRYPTED, Secret Key Variant
          3. 21.15.3. MIC-ONLY or MIC-CLEAR, Public Key Variant
          4. 21.15.4. MIC-ONLY and MIC-CLEAR, Secret Key Variant
          5. 21.15.5. CRL-Retrieval-Request
          6. 21.15.6. CRL
        16. 21.16. DES-CBC as MIC Doesn’t Work
        17. 21.17. Differences in S/MIME
        18. 21.18. S/MIME Certificate Hierarchy
          1. 21.18.1. S/MIME with a Public Certifier
          2. 21.18.2. S/MIME with an Organizational Certifier
          3. 21.18.3. S/MIME with Certificates from Any Old CA
        19. 21.19. Homework
      3. 22. PGP (Pretty Good Privacy)
        1. 22.1. Introduction
        2. 22.2. Overview
        3. 22.3. Key Distribution
        4. 22.4. Efficient Encoding
        5. 22.5. Certificate and Key Revocation
        6. 22.6. Signature Types
        7. 22.7. Your Private Key
        8. 22.8. Key Rings
        9. 22.9. Anomalies
          1. 22.9.1. File Name
          2. 22.9.2. People Names
        10. 22.10. Object Formats
          1. 22.10.1. Message Formats
            1. Encrypted Message
            2. Signed Message
            3. Encrypted Signed Message
            4. Signed Human-Readable Message
          2. 22.10.2. Primitive Object Formats
            1. Key Encrypted under a Public Key (0001 in CTB)
            2. IDEA key before RSA-encryption
            3. Signature (0010 in CTB)
            4. Private key encrypted with password (0101 in CTB)
            5. Public key (0110 in CTB)
            6. Compressed Data (1000 in CTB)
            7. Something Encrypted with a Secret Key (1001 in CTB)
            8. Plaintext Data (1011 in CTB)
            9. Key Ring
            10. Key Ring Trust Information (1100 in CTB)
            11. User Identification (1101 in CTB)
            12. Comment (1110 in CTB)
    9. 5. Leftovers
      1. 23. Firewalls
        1. 23.1. Packet Filters
        2. 23.2. Application Level Gateway
        3. 23.3. Encrypted Tunnels
        4. 23.4. Comparisons
        5. 23.5. Why Firewalls Don’t Work
        6. 23.6. Denial-of-Service Attacks
        7. 23.7. Should Firewalls Go Away?
      2. 24. More Security Systems
        1. 24.1. NetWare V3
        2. 24.2. NetWare V4
          1. 24.2.1. NetWare’s Guillou-Quisquater Authentication Scheme
        3. 24.3. KryptoKnight
          1. 24.3.1. KryptoKnight Tickets
          2. 24.3.2. Authenticators
          3. 24.3.3. Nonces vs. Timestamps
          4. 24.3.4. Data Encryption
        4. 24.4. DASS/SPX
          1. 24.4.1. DASS Certification Hierarchy
          2. 24.4.2. Login Key
          3. 24.4.3. DASS Authentication Handshake
          4. 24.4.4. DASS Authenticators
          5. 24.4.5. DASS Delegation
          6. 24.4.6. Saving Bits
        5. 24.5. Lotus Notes Security
          1. 24.5.1. ID Files
          2. 24.5.2. Coping with Export Controls
          3. 24.5.3. Certificates for Hierarchical Names
          4. 24.5.4. Certificates for Flat Names
          5. 24.5.5. Lotus Notes Authentication
          6. 24.5.6. The Authentication Long-Term Secret
          7. 24.5.7. Mail
          8. 24.5.8. Certification Revocation
        6. 24.6. DCE Security
        7. 24.7. Microsoft Windows Security
          1. 24.7.1. LAN Manager and NTLM
          2. 24.7.2. Windows 2000 Kerberos
        8. 24.8. Network Denial of Service
          1. 24.8.1. Robust Broadcast
          2. 24.8.2. Robust Packet Delivery
        9. 24.9. Clipper
          1. 24.9.1. Key Escrow
        10. 24.10. Homework
      3. 25. Web Issues
        1. 25.1. Introduction
        2. 25.2. URLs/URIs
        3. 25.3. HTTP
        4. 25.4. HTTP Digest Authentication
        5. 25.5. Cookies
          1. 25.5.1. Alternatives to Cookies
          2. 25.5.2. Cookie Rules
          3. 25.5.3. Tracking Users
        6. 25.6. Other Web Security Problems
          1. 25.6.1. Spoofing a Site to a User
          2. 25.6.2. Merchants Unclear on the Concept
          3. 25.6.3. Getting Impersonated by a Subsequent User
          4. 25.6.4. Cross-Site Scripting
          5. 25.6.5. Poisoning Cookies
          6. 25.6.6. Other Misuse of Cookies
        7. 25.7. Homework
      4. 26. Folklore
        1. 26.1. Perfect Forward Secrecy
        2. 26.2. Change Keys Periodically
        3. 26.3. Multiplexing Flows over a Single SA
          1. 26.3.1. The Splicing Attack
          2. 26.3.2. Service Classes
          3. 26.3.3. Different Cryptographic Algorithms
        4. 26.4. Use Different Keys in the Two Directions
        5. 26.5. Use Different Secret Keys for Encryption vs. Integrity Protection
        6. 26.6. Use Different Keys for Different Purposes
        7. 26.7. Use Different Keys for Signing vs. Encryption
        8. 26.8. Have Both Sides Contribute to the Master Key
        9. 26.9. Don’t Let One Side Determine the Key
        10. 26.10. Hash in a Constant When Hashing a Password
        11. 26.11. HMAC Rather than Simple MD
        12. 26.12. Key Expansion
        13. 26.13. Randomly Chosen IVs
        14. 26.14. Use of Nonces in Protocols
        15. 26.15. Don’t Let Encrypted Data Begin with a Constant
        16. 26.16. Don’t Let Encrypted Data Begin with a Predictable Value
        17. 26.17. Compress Data Before Encrypting It
        18. 26.18. Don’t Do Encryption Only
        19. 26.19. Avoiding Weak Keys
        20. 26.20. Minimal vs. Redundant Designs
        21. 26.21. Overestimate the Size of Key
        22. 26.22. Hardware Random Number Generators
        23. 26.23. Timing Attacks
        24. 26.24. Put Checksums at the End of Data
        25. 26.25. Forward Compatibility
          1. 26.25.1. Options
          2. 26.25.2. Version Numbers
            1. 26.25.2.1. Version Number Field Must Not Move
            2. 26.25.2.2. Negotiating Highest Version Supported
            3. 26.25.2.3. Minor Version Number Field
          3. 26.25.3. Vendor Options
        26. 26.26. Negotiating Parameters
        27. 26.27. Homework
    10. Bibliography
    11. Glossary