Efnisyfirlit

• Cryptography Engineering: Design Principles and Practical Applications
• Credits
• About the Authors
• Acknowledgments for Cryptography Engineering
• Acknowledgments for Practical Cryptography (the 1st Edition)
• Contents at a Glance
• Contents
• Preface to Cryptography Engineering
• History
• Example Syllabi
• Additional Information
• Preface to Practical Cryptography (the 1st Edition)
• How to Read this Book
• Part I: Introduction
• In This Part
• Chapter 1: The Context of Cryptography
• 1.1: The Role of Cryptography
• 1.2: The Weakest Link Property
• 1.3: The Adversarial Setting
• 1.4: Professional Paranoia
• 1.4.1: Broader Benefits
• 1.4.2: Discussing Attacks
• 1.5: Threat Model
• 1.6: Cryptography Is Not the Solution
• 1.7: Cryptography Is Very Difficult
• 1.8: Cryptography Is the Easy Part
• 1.9: Generic Attacks
• 1.10: Security and Other Design Criteria
• 1.10.1: Security Versus Performance
• 1.10.2: Security Versus Features
• 1.10.3: Security Versus Evolving Systems
• 1.11: Further Reading
• 1.12: Exercises for Professional Paranoia
• 1.12.1: Current Event Exercises
• 1.12.2: Security Review Exercises
• 1.13: General Exercises
• Chapter 2: Introduction to Cryptography
• 2.1: Encryption
• 2.1.1: Kerckhoffs’ Principle
• 2.2: Authentication
• 2.3: Public-Key Encryption
• 2.4: Digital Signatures
• 2.5: PKI
• 2.6: Attacks
• 2.6.1: The Ciphertext-Only Model
• 2.6.2: The Known-Plaintext Model
• 2.6.3: The Chosen-Plaintext Model
• 2.6.4: The Chosen-Ciphertext Model
• 2.6.5: The Distinguishing Attack Goal
• 2.6.6: Other Types of Attack
• 2.7: Under the Hood
• 2.7.1: Birthday Attacks
• 2.7.2: Meet-in-the-Middle Attacks
• 2.8: Security Level
• 2.9: Performance
• 2.10: Complexity
• 2.11: Exercises
• Part II: Message Security
• Chapter 3: Block Ciphers
• 3.1: What Is a Block Cipher?
• 3.2: Types of Attack
• 3.3: The Ideal Block Cipher
• 3.4: Definition of Block Cipher Security
• 3.4.1: Parity of a Permutation
• 3.5: Real Block Ciphers
• 3.5.1: DES
• 3.5.2: AES
• 3.5.3: Serpent
• 3.5.4: Twofish
• 3.5.5: Other AES Finalists
• 3.5.6: Which Block Cipher Should I Choose?
• 3.5.7: What Key Size Should I Use?
• 3.6: Exercises
• Chapter 4: Block Cipher Modes
• 4.1: Padding
• 4.2: ECB
• 4.3: CBC
• 4.3.1: Fixed IV
• 4.3.2: Counter IV
• 4.3.3: Random IV
• 4.3.4: Nonce-Generated IV
• 4.4: OFB
• 4.5: CTR
• 4.6: Combined Encryption and Authentication
• 4.7: Which Mode Should I Use?
• 4.8: Information Leakage
• 4.8.1: Chances of a Collision
• 4.8.2: How to Deal With Leakage
• 4.8.3: About Our Math
• 4.9: Exercises
• Chapter 5: Hash Functions
• 5.1: Security of Hash Functions
• 5.2: Real Hash Functions
• 5.2.1: A Simple But Insecure Hash Function
• 5.2.2: MD5
• 5.2.3: SHA-1
• 5.2.4: SHA-224, SHA-256, SHA-384, and SHA-512
• 5.3: Weaknesses of Hash Functions
• 5.3.1: Length Extensions
• 5.3.2: Partial-Message Collision
• 5.4: Fixing the Weaknesses
• 5.4.1: Toward a Short-term Fix
• 5.4.2: A More Efficient Short-term Fix
• 5.4.3: Another Fix
• 5.5: Which Hash Function Should I Choose?
• 5.6: Exercises
• Chapter 6: Message Authentication Codes
• 6.1: What a MAC Does
• 6.2: The Ideal MAC and MAC Security
• 6.3: CBC-MAC and CMAC
• 6.4: HMAC
• 6.5: GMAC
• 6.6: Which MAC to Choose?
• 6.7: Using a MAC
• 6.8: Exercises
• Chapter 7: The Secure Channel
• 7.1: Properties of a Secure Channel
• 7.1.1: Roles
• 7.1.2: Key
• 7.1.3: Messages or Stream
• 7.1.4: Security Properties
• 7.2: Order of Authentication and Encryption
• 7.3: Designing a Secure Channel: Overview
• 7.3.1: Message Numbers
• 7.3.2: Authentication
• 7.3.3: Encryption
• 7.3.4: Frame Format
• 7.4: Design Details
• 7.4.1: Initialization
• 7.4.2: Sending a Message
• 7.4.3: Receiving a Message
• 7.4.4: Message Order
• 7.5: Alternatives
• 7.6: Exercises
• Chapter 8: Implementation Issues (I)
• 8.1: Creating Correct Programs
• 8.1.1: Specifications
• 8.1.2: Test and Fix
• 8.1.3: Lax Attitude
• 8.1.4: So How Do We Proceed?
• 8.2: Creating Secure Software
• 8.3: Keeping Secrets
• 8.3.1: Wiping State
• 8.3.2: Swap File
• 8.3.3: Caches
• 8.3.4: Data Retention by Memory
• 8.3.5: Access by Others
• 8.3.6: Data Integrity
• 8.3.7: What to Do
• 8.4: Quality of Code
• 8.4.1: Simplicity
• 8.4.2: Modularization
• 8.4.3: Assertions
• 8.4.4: Buffer Overflows
• 8.4.5: Testing
• 8.5: Side-Channel Attacks
• 8.6: Beyond this Chapter
• 8.7: Exercises
• Part III: Key Negotiation
• Chapter 9: Generating Randomness
• 9.1: Real Random
• 9.1.1: Problems With Using Real Random Data
• 9.1.2: Pseudorandom Data
• 9.1.3: Real Random Data and PRNGS
• 9.2: Attack Models for a PRNG
• 9.3: Fortuna
• 9.4: The Generator
• 9.4.1: Initialization
• 9.4.2: Reseed
• 9.4.3: Generate Blocks
• 9.4.4: Generate Random Data
• 9.4.5: Generator Speed
• 9.5: Accumulator
• 9.5.1: Entropy Sources
• 9.5.2: Pools
• 9.5.3: Implementation Considerations
• 9.5.3.1: Distribution of Events Over Pools
• 9.5.3.2: Running Time of Event Passing
• 9.5.4: Initialization
• 9.5.5: Getting Random Data
• 9.5.6: Add an Event
• 9.6: Seed File Management
• 9.6.1: Write Seed File
• 9.6.2: Update Seed File
• 9.6.3: When to Read and Write the Seed File
• 9.6.4: Backups and Virtual Machines
• 9.6.5: Atomicity of File System Updates
• 9.6.6: First Boot
• 9.7: Choosing Random Elements
• 9.8: Exercises
• Chapter 10: Primes
• 10.1: Divisibility and Primes
• 10.2: Generating Small Primes
• 10.3: Computations Modulo a Prime
• 10.3.1: Addition and Subtraction
• 10.3.2: Multiplication
• 10.3.3: Groups and Finite Fields
• 10.3.4: The GCD Algorithm
• 10.3.5: The Extended Euclidean Algorithm
• 10.3.6: Working Modulo 2
• 10.4: Large Primes
• 10.4.1: Primality Testing
• 10.4.2: Evaluating Powers
• 10.5: Exercises
• Chapter 11: Diffie-Hellman
• 11.1: Groups
• 11.2: Basic DH
• 11.3: Man in the Middle
• 11.4: Pitfalls
• 11.5: Safe Primes
• 11.6: Using a Smaller Subgroup
• 11.7: The Size of p
• 11.8: Practical Rules
• 11.9: What Can Go Wrong?
• 11.10: Exercises
• Chapter 12: RSA
• 12.1: Introduction
• 12.2: The Chinese Remainder Theorem
• 12.2.1: Garner’s Formula
• 12.2.2: Generalizations
• 12.2.3: Uses
• 12.2.4: Conclusion
• 12.3: Multiplication Modulo n
• 12.4: RSA Defined
• 12.4.1: Digital Signatures with RSA
• 12.4.2: Public Exponents
• 12.4.3: The Private Key
• 12.4.4: The Size of n
• 12.4.5: Generating RSA Keys
• 12.5: Pitfalls Using RSA
• 12.6: Encryption
• 12.7: Signatures
• 12.8: Exercises
• Chapter 13: Introduction to Cryptographic Protocols
• 13.1: Roles
• 13.2: Trust
• 13.2.1: Risk
• 13.3: Incentive
• 13.4: Trust in Cryptographic Protocols
• 13.5: Messages and Steps
• 13.5.1: The Transport Layer
• 13.5.2: Protocol and Message Identity
• 13.5.3: Message Encoding and Parsing
• 13.5.4: Protocol Execution States
• 13.5.5: Errors
• 13.5.6: Replay and Retries
• 13.6: Exercises
• Chapter 14: Key Negotiation
• 14.1: The Setting
• 14.2: A First Try
• 14.3: Protocols Live Forever
• 14.4: An Authentication Convention
• 14.5: A Second Attempt
• 14.6: A Third Attempt
• 14.7: The Final Protocol
• 14.8: Different Views of the Protocol
• 14.8.1: Alice’s View
• 14.8.2: Bob’s View
• 14.8.3: Attacker’s View
• 14.8.4: Key Compromise
• 14.9: Computational Complexity of the Protocol
• 14.9.1: Optimization Tricks
• 14.10: Protocol Complexity
• 14.11: A Gentle Warning
• 14.12: Key Negotiation from a Password
• 14.13: Exercises
• Chapter 15: Implementation Issues (II)
• 15.1: Large Integer Arithmetic
• 15.1.1: Wooping
• 15.1.2: Checking DH Computations
• 15.1.3: Checking RSA Encryption
• 15.1.4: Checking RSA Signatures
• 15.1.5: Conclusion
• 15.2: Faster Multiplication
• 15.3: Side-Channel Attacks
• 15.3.1: Countermeasures
• 15.4: Protocols
• 15.4.1: Protocols Over a Secure Channel
• 15.4.2: Receiving a Message
• 15.4.3: Timeouts
• 15.5: Exercises
• Part IV: Key Management
• Chapter 16: The Clock
• 16.1: Uses for a Clock
• 16.1.1: Expiration
• 16.1.2: Unique Value
• 16.1.3: Monotonicity
• 16.1.4: Real-Time Transactions
• 16.2: Using the Real-Time Clock Chip
• 16.3: Security Dangers
• 16.3.1: Setting the Clock Back
• 16.3.2: Stopping the Clock
• 16.3.3: Setting the Clock Forward
• 16.4: Creating a Reliable Clock
• 16.5: The Same-State Problem
• 16.6: Time
• 16.7: Closing Recommendations
• 16.8: Exercises
• Chapter 17: Key Servers
• 17.1: Basics
• 17.2: Kerberos
• 17.3: Simpler Solutions
• 17.3.1: Secure Connection
• 17.3.2: Setting Up a Key
• 17.3.3: Rekeying
• 17.3.4: Other Properties
• 17.4: What to Choose
• 17.5: Exercises
• Chapter 18: The Dream of PKI
• 18.1: A Very Short PKI Overview
• 18.2: PKI Examples
• 18.2.1: The Universal PKI
• 18.2.2: VPN Access
• 18.2.3: Electronic Banking
• 18.2.4: Refinery Sensors
• 18.2.5: Credit Card Organization
• 18.3: Additional Details
• 18.3.1: Multilevel Certificates
• 18.3.2: Expiration
• 18.3.3: Separate Registration Authority
• 18.4: Summary
• 18.5: Exercises
• Chapter 19: PKI Reality
• 19.1: Names
• 19.2: Authority
• 19.3: Trust
• 19.4: Indirect Authorization
• 19.5: Direct Authorization
• 19.6: Credential Systems
• 19.7: The Modified Dream
• 19.8: Revocation
• 19.8.1: Revocation List
• 19.8.2: Fast Expiration
• 19.8.3: Online Certificate Verification
• 19.8.4: Revocation Is Required
• 19.9: So What Is a PKI Good For?
• 19.10: What to Choose
• 19.11: Exercises
• Chapter 20: PKI Practicalities
• 20.1: Certificate Format
• 20.1.1: Permission Language
• 20.1.2: The Root Key
• 20.2: The Life of a Key
• 20.3: Why Keys Wear Out
• 20.4: Going Further
• 20.5: Exercises
• Chapter 21: Storing Secrets
• 21.1: Disk
• 21.2: Human Memory
• 21.2.1: Salting and Stretching
• 21.3: Portable Storage
• 21.4: Secure Token
• 21.5: Secure UI
• 21.6: Biometrics
• 21.7: Single Sign-On
• 21.8: Risk of Loss
• 21.9: Secret Sharing
• 21.10: Wiping Secrets
• 21.10.1: Paper
• 21.10.2: Magnetic Storage
• 21.10.3: Solid-State Storage
• 21.11: Exercises
• Part V: Miscellaneous
• Chapter 22: Standards and Patents
• 22.1: Standards
• 22.1.1: The Standards Process
• 22.1.1.1: The Standard
• 22.1.1.2: Functionality
• 22.1.1.3: Security
• 22.1.2: SSL
• 22.1.3: AES: Standardization by Competition
• 22.2: Patents
• Chapter 23: Involving Experts
• Bibliography
• Index