𝔖 Scriptorium
✦   LIBER   ✦
πŸ“

Cryptography and Public Key Infrastructure on the Internet

✍ Scribed by Klaus Schmeh

Year
2003
Tongue
English
Leaves
491
Edition
1
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Synopsis

A practical guide to Cryptography and its use in the Internet and other communication networks.This overview takes the reader through basic issues and on to more advanced concepts, to cover all levels of interest. Coverage includes all key mathematical concepts, standardisation, authentication, elliptic curve cryptography, and algorithm modes and protocols (including SSL, TLS, IPSec, SMIME, & PGP protocols). Details what the risks on the internet are and how cryptography can help Includes a chapter on interception which is unique amongst competing books in this field Explains Public Key Infrastructures (PKIs) - currently the most important issue when using cryptography in a large organisation Includes up-to-date referencing of people, organisations, books and Web sites and the latest information about recent acts and standards affecting encryption practice* Tackles the practical issues such as the difference between SSL and IPSec, which companies are active on the market and where to get further information

✦ Table of Contents

Cryptography and Public Key Infrastructure on the Internet......Page 4
Contents......Page 8
Foreword by Carl Ellison......Page 14
PART 1 WHY CRYPTOGRAPHY ON THE INTERNET?......Page 20
1.1 If the Internet were a car …......Page 22
1.2 Security on the Internet......Page 23
1.4 Why yet another cryptography book?......Page 25
1.5 My regrets, my requests and my thanks......Page 27
2.1 The name of the game......Page 28
2.2 Why is cryptography so important?......Page 32
2.3 Uses of cryptography......Page 34
2.4 And who the devil is Alice?......Page 35
2.5 Summary......Page 36
3 How is it possible to eavesdrop on the Internet?......Page 38
3.1 The structure of the Internet......Page 39
3.2 How is it possible to eavesdrop on the Internet?......Page 43
3.3 Some practical examples......Page 55
3.4 Summary......Page 57
PART 2 THE PRINCIPLES OF CRYPTOGRAPHY......Page 58
4 Symmetric encryption......Page 60
4.1 What is symmetric encryption?......Page 61
4.2 Elementary encryption methods......Page 65
4.3 Polyalphabetic ciphers......Page 68
4.4 The Enigma and other rotor cipher machines......Page 71
5.1 The Data Encryption Standard (DES)......Page 78
5.2 Other symmetrical ciphers......Page 86
5.3 AES......Page 94
6.1 The key exchange problem......Page 102
6.2 A little maths......Page 105
6.3 One-way functions and trapdoor functions......Page 111
6.4 The Diffie–Hellman key exchange......Page 112
6.5 RSA......Page 114
6.6 Other asymmetrical algorithms......Page 119
6.7 Hybrid algorithms......Page 120
6.8 Differences between public and secret key......Page 121
7.1 What is a digital signature?......Page 124
7.2 RSA as a signature algorithm......Page 125
7.3 Signatures based on the discrete logarithm......Page 126
7.4 Security of signature algorithms......Page 130
7.5 Differences between DLSSs and RSA......Page 131
7.6 Other signature algorithms......Page 132
8 Cryptographic hash functions......Page 134
8.1 What is a cryptographic hash function?......Page 135
8.2 The most important cryptographic hash functions......Page 142
8.3 Key-dependent hash functions......Page 147
8.4 Further applications......Page 148
9 Cryptographic random generators......Page 150
9.2 Random numbers in cryptography......Page 151
9.3 The most important pseudo-random generators......Page 155
9.4 Stream ciphers......Page 158
9.5 Prime number generators......Page 162
PART 3 ADVANCED CRYPTOGRAPHY......Page 164
10.1 Standards......Page 166
10.2 Standards in the real world......Page 168
10.4 PKCS standards......Page 169
10.5 IEEE P1363......Page 172
11.1 Block cipher modes of operation......Page 174
11.2 Data transformation for the RSA algorithm......Page 179
12.1 Protocols......Page 184
12.2 Protocol properties......Page 187
12.4 Attributes of cryptographic protocols......Page 189
12.5 Attacks on cryptographic protocols......Page 192
12.6 An example of a protocol: blind signatures......Page 196
12.7 Other protocols......Page 197
13.1 Authentication and identification......Page 198
13.2 Authentication procedures......Page 199
13.3 Biometric authentication......Page 202
13.4 Authentication on the Internet......Page 210
13.5 Kerberos......Page 216
13.6 RADIUS and TACACS......Page 218
13.7 Packaging of authentication mechanisms......Page 221
14.1 Mathematical principles......Page 224
14.2 Cryptosystems based on elliptic curves......Page 227
14.3 Examples and standards for ECCs......Page 228
15.1 Crypto hardware and software......Page 232
15.2 Smart cards......Page 234
15.3 Other crypto hardware......Page 239
15.4 Crypto software......Page 242
15.5 Universal crypto interfaces......Page 245
15.6 Real-world attacks......Page 248
15.7 Evaluation and certification......Page 252
PART 4 PUBLIC KEY INFRASTRUCTURES......Page 256
16.1 Trust models in public key cryptography......Page 258
16.2 Variants of hierarchical PKIs......Page 266
16.3 PKI standards......Page 268
17.1 Components of a PKI......Page 274
17.2 Certificate management......Page 279
17.3 Enrolment......Page 282
17.4 Certificate policy and CPS......Page 284
18 Digital certificates......Page 288
18.2 X.509v2 certificates......Page 289
18.3 PKCS#6 certificates......Page 290
18.4 X.509v3 certificates......Page 291
18.5 The PKIX and ISIS X.509v3 extensions......Page 294
18.6 Attribute certificates......Page 295
18.8 PGP certificates......Page 297
19.1 Directory service......Page 300
19.2 Certificate servers and directory services......Page 304
19.3 Requesting certificate revocation information......Page 305
20.1 The course of the construction of a PKI......Page 314
20.2 Basic questions about PKI construction......Page 315
20.3 The most important PKI suppliers......Page 319
PART 5 CRYPTO PROTOCOLS FOR THE INTERNET......Page 328
21.1 The OSI model......Page 330
21.2 In which layer can encryption be undertaken?......Page 334
22.1 Crypto extensions for ISDN (Layer 1)......Page 340
22.2 Cryptography in the GSM standard (Layer 1)......Page 342
22.3 Crypto extensions for PPP (Layer 2)......Page 344
22.4 Virtual private networks......Page 346
23.1 IPSec and IKE......Page 352
23.2 IPSec......Page 353
23.3 IKE......Page 355
23.4 SKIP......Page 358
23.5 Critical assessment of IPSec......Page 359
23.6 Virtual private networks with IPSec......Page 360
24 SSL, TLS and WTLS (Layer 4)......Page 362
24.1 SSL working method......Page 363
24.2 SSL protocol operation......Page 364
24.4 Technical comparison between IPSec and SSL......Page 366
24.5 WTLS......Page 367
25 Cryptographic standards for the World Wide Web (Layer 7)......Page 370
25.2 Digest Access Authentication......Page 371
25.3 HTTP on top of SSL (HTTPS)......Page 372
25.4 Digital signatures on the World Wide Web......Page 373
25.5 Sundries......Page 376
26.1 E-mails on the Internet......Page 378
26.2 PEM......Page 380
26.3 OpenPGP......Page 382
26.4 S/MIME......Page 384
26.5 Mailtrust......Page 386
26.6 Which standard is standard?......Page 388
26.7 Retrieving e-mails: POP and IMAP......Page 389
27.1 Internet payment systems in general......Page 392
27.2 Credit card systems......Page 393
27.3 Account systems......Page 397
27.4 Cash systems......Page 399
27.5 The payment system crisis......Page 403
28.1 Secure Shell (SecSH)......Page 404
28.2 SASL......Page 406
28.3 Crypto extensions for SNMP......Page 407
28.4 Online banking with HBCI......Page 408
28.5 Crypto extensions for SAP R/3......Page 410
PART 6 MORE ABOUT CRYPTOGRAPHY......Page 412
29 Political aspects of cryptography......Page 414
29.1 How governments control encryption......Page 415
29.2 The German signature law......Page 419
29.3 Cryptography and policy in the USA......Page 423
30.1 The ten most important people......Page 426
30.2 The ten most important companies......Page 432
30.3 The ten most important non-profit organisations......Page 436
31.1 The ten most important sources of information......Page 442
31.2 The ten most important cryptography books......Page 445
31.3 The ten most important Web sites......Page 449
32.1 The ten greatest crypto flops......Page 452
32.2 Ten indications of snake oil......Page 456
32.3 Ten examples of snake oil......Page 458
32.4 Ten popular crypto misapprehensions......Page 462
32.5 Murphy’s ten laws of cryptography......Page 464
Appendix A: List of abbreviations......Page 466
Appendix B: Bibliography......Page 472
Index......Page 482

πŸ“œ SIMILAR VOLUMES

Cryptography and Public Key Infrastructu
πŸ“ Cryptography and Public Key Infrastructure on the Internet
✍ Klaus Schmeh πŸ“‚ Library πŸ“… 2003 πŸ› Wiley 🌐 English

<I>Cryptography and Public Key Infrastructure on the Internet</I> provides a thorough overview of the subject. It explains how susceptible networks are to hacking and how cryptography can help. This comprehensive and practical guide covers: <UL><LI>Public Key Infrastructures (PKIs); important w

RSA and Public-Key Cryptography
πŸ“ RSA and Public-Key Cryptography
✍ Richard A. Mollin πŸ“‚ Library πŸ“… 2002 πŸ› Chapman and Hall/CRC 🌐 English

Although a vast literature exists on the subject of RSA and public-key cryptography, until now there has been no single source that reveals recent developments in the area at an accessible level. Acclaimed author Richard A. Mollin brings together all of the relevant information available on public-k

RSA and public-key cryptography
πŸ“ RSA and public-key cryptography
✍ Richard A. Mollin πŸ“‚ Library πŸ“… 2003 πŸ› Chapman & Hall/CRC 🌐 English

Although a vast literature exists on the subject of RSA and public-key cryptography, until now there has been no single source that reveals recent developments in the area at an accessible level. Acclaimed author Richard A. Mollin brings together all of the relevant information available on public-k

RSA and Public-Key Cryptography
πŸ“ RSA and Public-Key Cryptography
✍ Richard A. Mollin πŸ“‚ Library πŸ“… 2003 πŸ› CRC 🌐 English

Although much literature exists on the subject of RSA and public-key cryptography, until now there has been no single source that reveals recent developments in the area at an accessible level. Acclaimed author Richard A. Mollin brings together all of the relevant information available on public-key