◆PREY NEXT◆ [Page 4] 0.3.Internet and Web Resources There are a number of resources available on the Intemet and the Web to support this book and to help one keep up with developments in this field. Web Sites for This Book A special Web page has been set up for this book at WilliamStallings.com/Crypto/Crypto4e.html.The site includes the following: Useful Web sites:There are links to other relevant Web sites,organized by chapter.including the sites listed in this section and throughout this book. Errata sheet:An errata list for this book will be maintained and updated as needed.Please e-mail any errors that you spot to me.Errata sheets for my other books are at WilliamStallings.com. Figures:All of the figures in this book in PDF(Adobe Acrobat)format. Tables:All of the tables in this book in PDF format. Slides:A set of PowerPoint slides,organized by chapter. Cryptography and network security courses:There are links to home pages for courses based on this book:these pages may be useful to other instructors in providing ideas about how to structure their course. I also maintain the Computer Science Student Resource Site,at WilliamStallings.com/StudentSupport.html.The purpose of this site is to provide documents,information,and links for computer science students and professionals.Links and documents are organized into four categories: Math:Includes a basic math refresher,a queuing analysis primer.a number system primer,and links to numerous math sites How-to:Advice and guidance for solving homework problems,writing technical reports,and preparing technical presentations Research resources:Links to important collections of papers,technical reports,and bibliographies Miscellaneous:A variety of other useful documents and links Other Web Sites There are numerous Web sites that provide information related to the topics of this book.In subsequent chapters,pointers to specific Web sites can be found in the Recommended Reading and Web Sites section.Because the addresses for Web sites tend to change frequently,I have not included URLs in the book.For all of the Web sites listed in the book,the appropriate link can be found at this book's Web site.Other links not mentioned in this book will be added to the Web site over time
[Page 4] 0.3. Internet and Web Resources There are a number of resources available on the Internet and the Web to support this book and to help one keep up with developments in this field. Web Sites for This Book A special Web page has been set up for this book at WilliamStallings.com/Crypto/Crypto4e.html. The site includes the following: Useful Web sites: There are links to other relevant Web sites, organized by chapter, including the sites listed in this section and throughout this book. Errata sheet: An errata list for this book will be maintained and updated as needed. Please e-mail any errors that you spot to me. Errata sheets for my other books are at WilliamStallings.com. Figures: All of the figures in this book in PDF (Adobe Acrobat) format. Tables: All of the tables in this book in PDF format. Slides: A set of PowerPoint slides, organized by chapter. Cryptography and network security courses: There are links to home pages for courses based on this book; these pages may be useful to other instructors in providing ideas about how to structure their course. I also maintain the Computer Science Student Resource Site, at WilliamStallings.com/StudentSupport.html. The purpose of this site is to provide documents, information, and links for computer science students and professionals. Links and documents are organized into four categories: Math: Includes a basic math refresher, a queuing analysis primer, a number system primer, and links to numerous math sites How-to: Advice and guidance for solving homework problems, writing technical reports, and preparing technical presentations Research resources: Links to important collections of papers, technical reports, and bibliographies Miscellaneous: A variety of other useful documents and links Other Web Sites There are numerous Web sites that provide information related to the topics of this book. In subsequent chapters, pointers to specific Web sites can be found in the Recommended Reading and Web Sites section. Because the addresses for Web sites tend to change frequently, I have not included URLs in the book. For all of the Web sites listed in the book, the appropriate link can be found at this book's Web site. Other links not mentioned in this book will be added to the Web site over time
[Page 5] USENET Newsgroups A number of USENET newsgroups are devoted to some aspect of cryptography or network security.As with virtually all USENET groups,there is a high noise-to-signal ratio,but it is worth experimenting to see if any meet your needs.The most relevant are sci.crypt.research:The best group to follow.This is a moderated newsgroup that deals with research topics;postings must have some relationship to the technical aspects of cryptology. sci.crypt:Ageneral discussion of cryptology and related topics. scicrypt.random-numbers:A discussion of cryptographic-strength random number generators. alt.security:A general discussion of security topics ● comp.security.misc:A general discussion of computer security topics. ● comp.security.firewalls:A discussion of firewall products and technology comp.security.announce:News.announcements from CERT. comp.risks:A discussion of risks to the public from computers and users. ● comp.virus:A moderated discussion of computer viruses. 卓PREV NEXT◆
[Page 5] USENET Newsgroups A number of USENET newsgroups are devoted to some aspect of cryptography or network security. As with virtually all USENET groups, there is a high noise-to-signal ratio, but it is worth experimenting to see if any meet your needs. The most relevant are sci.crypt.research: The best group to follow. This is a moderated newsgroup that deals with research topics; postings must have some relationship to the technical aspects of cryptology. sci.crypt: A general discussion of cryptology and related topics. sci.crypt.random-numbers: A discussion of cryptographic-strength random number generators. alt.security: A general discussion of security topics. comp.security.misc: A general discussion of computer security topics. comp.security.firewalls: A discussion of firewall products and technology. comp.security.announce: News, announcements from CERT. comp.risks: A discussion of risks to the public from computers and users. comp.virus: A moderated discussion of computer viruses
◆PREY NEXT◆ [Page 6] Chapter 1.Introduction 1.1 Security Trends 1.2 The OSI Security Architecture 1.3 Security Attacks Passive Attacks Active Attacks 1.4 Security Services Authentication Access Control Data Confidentiality Data Integrity Nonrepudiation Availability Service 1.5 Security Mechanisms 1.6 A Model for Network Security 1.7 Recommended Reading and Web Sites 1.8 Key Terms,Review Questions,and Problems Key Terms Review Questions Problems
[Page 6] Chapter 1. Introduction 1.1 Security Trends 1.2 The OSI Security Architecture 1.3 Security Attacks Passive Attacks Active Attacks 1.4 Security Services Authentication Access Control Data Confidentiality Data Integrity Nonrepudiation Availability Service 1.5 Security Mechanisms 1.6 A Model for Network Security 1.7 Recommended Reading and Web Sites 1.8 Key Terms, Review Questions, and Problems Key Terms Review Questions Problems
[Page 7] The combination of space,time,and strength that must be considered as the basic elements of this theory of defense makes this a fairly complicated matter.Consequently,it is not easy to find a fixed point of departure. On War.Carl Von Clausewitz Key Points The OSI(open systems interconnection)security architecture provides a systematic framework for defining security attacks,mechanisms,and services ● Security attacks are classified as either passive attacks,which include unauthorized reading of a message of file and traffic analysis;and active attacks,such as modification of messages or files,and denial of service A security mechanism is any process(or a device incorporating such a process)that is designed to detect,prevent,or recover from a security attack.Examples of mechanisms are encryption algorithms, digital signatures,and authentication protocols. ● Security services include authentication,access control,data confidentiality,data integrity, nonrepudiation,and availability. The requirements of information security within an organization have undergone two major changes in the last several decades. Before the widespread use of data processing equipment,the security of information felt to be valuable to an organization was provided primarily by physical and administrative means.An example of the former is the use of rugged filing cabinets with a combination lock for storing sensitive documents.An example of the latter is personnel screening procedures used during the hiring process. With the introduction of the computer,the need for automated tools for protecting files and other information stored on the computer became evident.This is especially the case for a shared system,such as a time-sharing system,and the need is even more acute for systems that can be accessed over a public telephone network,data network,or the Internet.The generic name for the collection of tools designed to protect data and to thwart hackers is computer security. The second major change that affected security is the introduction of distributed systems and the use of networks and communications facilities for carrying data between terminal user and computer and between computer and computer.Network security measures are needed to protect data during their transmission.In fact,the term network security is somewhat misleading,because virtually all business,government,and academic organizations interconnect their data processing equipment with a collection of interconnected networks.Such a collection is often referred to as an internet and the terminteret security is used. [1]We use the termintemet,with a lowercase"i,"to refer to any interconnected collection of networks.A corporate intranet is an example of an internet.The Internet with a capital "I"may be one of the facilities used by an organization to construct its internet. [Page 8] There are no clear boundaries between these two forms of security.For example,one of the most publicized types of attack on information systems is the computer virus.A virus may be introduced into a system physically when it arrives on a diskette or optical disk and is subsequently loaded onto a computer.Viruses may also arrive over an internet.In either case,once the virus is resident on a
[Page 7] The combination of space, time, and strength that must be considered as the basic elements of this theory of defense makes this a fairly complicated matter. Consequently, it is not easy to find a fixed point of departure. On War, Carl Von Clausewitz Key Points The OSI (open systems interconnection) security architecture provides a systematic framework for defining security attacks, mechanisms, and services. Security attacks are classified as either passive attacks, which include unauthorized reading of a message of file and traffic analysis; and active attacks, such as modification of messages or files, and denial of service. A security mechanism is any process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack. Examples of mechanisms are encryption algorithms, digital signatures, and authentication protocols. Security services include authentication, access control, data confidentiality, data integrity, nonrepudiation, and availability. The requirements of information security within an organization have undergone two major changes in the last several decades. Before the widespread use of data processing equipment, the security of information felt to be valuable to an organization was provided primarily by physical and administrative means. An example of the former is the use of rugged filing cabinets with a combination lock for storing sensitive documents. An example of the latter is personnel screening procedures used during the hiring process. With the introduction of the computer, the need for automated tools for protecting files and other information stored on the computer became evident. This is especially the case for a shared system, such as a time-sharing system, and the need is even more acute for systems that can be accessed over a public telephone network, data network, or the Internet. The generic name for the collection of tools designed to protect data and to thwart hackers is computer security. The second major change that affected security is the introduction of distributed systems and the use of networks and communications facilities for carrying data between terminal user and computer and between computer and computer. Network security measures are needed to protect data during their transmission. In fact, the term network security is somewhat misleading, because virtually all business, government, and academic organizations interconnect their data processing equipment with a collection of interconnected networks. Such a collection is often referred to as an internet, [1] and the term internet security is used. [1] We use the term internet, with a lowercase "i," to refer to any interconnected collection of networks. A corporate intranet is an example of an internet. The Internet with a capital "I" may be one of the facilities used by an organization to construct its internet. [Page 8] There are no clear boundaries between these two forms of security. For example, one of the most publicized types of attack on information systems is the computer virus. A virus may be introduced into a system physically when it arrives on a diskette or optical disk and is subsequently loaded onto a computer. Viruses may also arrive over an internet. In either case, once the virus is resident on a
computer system,intemal computer security tools are needed to detect and recover from the virus. This book focuses on internet security,which consists of measures to deter,prevent,detect,and correct security violations that involve the transmission of information.That is a broad statement that covers a host of possibilities.To give you a feel for the areas covered in this book,consider the following examples of security violations: 1.User A transmits a file to user B.The file contains sensitive information (e.g..payroll records)that is to be protected from disclosure.User C,who is not authorized to read the file,is able to monitor the transmission and capture a copy of the file during its transmission. 2.A network manager,D,transmits a message to a computer,E,under its management.The message instructs computer E to update an authorization file to include the identities of a number of new users who are to be given access to that computer. User F intercepts the message,alters its contents to add or delete entries,and then forwards the message to E,which accepts the message as coming from manager D and updates its authorization file accordingly. 3.Rather than intercept a message,user F constructs its own message with the desired entries and transmits that message to E as if it had come from manager D.Computer E accepts the message as coming from manager D and updates its authorization file accordingly 4.An employee is fired without warning.The personnel manager sends a message to a server system to invalidate the employee's account.When the invalidation is accomplished,the server is to post a notice to the employee's file as confirmation of the action.The employee is able to intercept the message and delay it long enough to make a final access to the server to retrieve sensitive information.The message is then forwarded,the action taken,and the confirmation posted. The employee's action may go unnoticed for some considerable time 5.A message is sent from a customer to a stockbroker with instructions for various transactions.Subsequently,the investments lose value and the customer denies sending the message Although this list by no means exhausts the possible types of security violations,it illustrates the range of concemns of network security [Page 9] Internetwork security is both fascinating and complex.Some of the reasons follow 1.Security involving communications and networks is not as simple as it might first appear to the novice.The requirements seem to be straightforward;indeed,most of the major requirements for security services can be given self-explanatory one-word labels:confidentiality,authentication,nonrepudiation,integrity.But the mechanisms used to meet those requirements can be quite complex,and understanding them may involve rather subtle reasoning. 2.In developing a particular security mechanism or algorithm,one must always consider potential attacks on those security features.In many cases,successful attacks are designed by looking at the problem in a completely different way,therefore exploiting an unexpected weakness in the mechanism. 3.Because of point 2,the procedures used to provide particular services are often counterintuitive:It is not obvious from the statement of a particular requirement that such elaborate measures are needed.It is only when the various countermeasures are considered that the measures used make sense. 4.Having designed various security mechanisms,it is necessary to decide where to use them.This is true both in terms of physical placement (e.g.,at what points in a network are certain security mechanisms needed)and in a logical sense [e.g.,at what layer or layers of an architecture such as TCP/IP(Transmission Control Protocol/Intemet Protocol)should mechanisms be placed]. 5.Security mechanisms usually involve more than a particular algorithm or protocol.They usually also require that participants be in possession of some secret information(e.g.,an encryption key),which raises questions about the creation,distribution and protection of that secret information.There is also a reliance on communications protocols whose behavior may complicate the task of developing the security mechanism.For example,if the proper functioning of the security mechanism requires setting time limits on the transit time of a message from sender to receiver,then any protocol or network that introduces variable,unpredictable delays may render such time limits meaningless. Thus,there is much to consider.This chapter provides a general overview of the subject matter that structures the material in the remainder of the book.We begin with a general discussion of network security services and mechanisms and of the types of attacks they
computer system, internal computer security tools are needed to detect and recover from the virus. This book focuses on internet security, which consists of measures to deter, prevent, detect, and correct security violations that involve the transmission of information. That is a broad statement that covers a host of possibilities. To give you a feel for the areas covered in this book, consider the following examples of security violations: User A transmits a file to user B. The file contains sensitive information (e.g., payroll records) that is to be protected from disclosure. User C, who is not authorized to read the file, is able to monitor the transmission and capture a copy of the file during its transmission. 1. A network manager, D, transmits a message to a computer, E, under its management. The message instructs computer E to update an authorization file to include the identities of a number of new users who are to be given access to that computer. User F intercepts the message, alters its contents to add or delete entries, and then forwards the message to E, which accepts the message as coming from manager D and updates its authorization file accordingly. 2. Rather than intercept a message, user F constructs its own message with the desired entries and transmits that message to E as if it had come from manager D. Computer E accepts the message as coming from manager D and updates its authorization file accordingly. 3. An employee is fired without warning. The personnel manager sends a message to a server system to invalidate the employee's account. When the invalidation is accomplished, the server is to post a notice to the employee's file as confirmation of the action. The employee is able to intercept the message and delay it long enough to make a final access to the server to retrieve sensitive information. The message is then forwarded, the action taken, and the confirmation posted. The employee's action may go unnoticed for some considerable time. 4. A message is sent from a customer to a stockbroker with instructions for various transactions. Subsequently, the investments lose value and the customer denies sending the message. 5. Although this list by no means exhausts the possible types of security violations, it illustrates the range of concerns of network security. [Page 9] Internetwork security is both fascinating and complex. Some of the reasons follow: Security involving communications and networks is not as simple as it might first appear to the novice. The requirements seem to be straightforward; indeed, most of the major requirements for security services can be given self-explanatory one-word labels: confidentiality, authentication, nonrepudiation, integrity. But the mechanisms used to meet those requirements can be quite complex, and understanding them may involve rather subtle reasoning. 1. In developing a particular security mechanism or algorithm, one must always consider potential attacks on those security features. In many cases, successful attacks are designed by looking at the problem in a completely different way, therefore exploiting an unexpected weakness in the mechanism. 2. Because of point 2, the procedures used to provide particular services are often counterintuitive: It is not obvious from the statement of a particular requirement that such elaborate measures are needed. It is only when the various countermeasures are considered that the measures used make sense. 3. Having designed various security mechanisms, it is necessary to decide where to use them. This is true both in terms of physical placement (e.g., at what points in a network are certain security mechanisms needed) and in a logical sense [e.g., at what layer or layers of an architecture such as TCP/IP (Transmission Control Protocol/Internet Protocol) should mechanisms be placed]. 4. Security mechanisms usually involve more than a particular algorithm or protocol. They usually also require that participants be in possession of some secret information (e.g., an encryption key), which raises questions about the creation, distribution, and protection of that secret information. There is also a reliance on communications protocols whose behavior may complicate the task of developing the security mechanism. For example, if the proper functioning of the security mechanism requires setting time limits on the transit time of a message from sender to receiver, then any protocol or network that introduces variable, unpredictable delays may render such time limits meaningless. 5. Thus, there is much to consider. This chapter provides a general overview of the subject matter that structures the material in the remainder of the book. We begin with a general discussion of network security services and mechanisms and of the types of attacks they