Front Matter
 1 Network Security Overview
  1.1 Mission and Definitions
   1.2 Common Attacks and Defense Mechanisms
   1.2.1 Eavesdropping
   1.2.2 Cryptanalysis
   1.2.3 Password Pilfering
   1.2.4 Identity Spoofing
   1.2.5 Buffer-Overflow Exploitations
   1.2.6 Repudiation
   1.2.7 Intrusion
   1.2.8 Traffic Analysis
   1.2.9 Denial of Service Attacks
   1.2.10 Malicious Software
  1.3 Attacker Profiles
   1.3.1 Hackers
   1.3.2 Script Kiddies
   1.3.3 Cyber Spies
   1.3.4 Vicious Employees
   1.3.5 Cyber Terrorists
   1.3.6 Hypothetical Attackers
  1.4 Basic Security Model
  1.5 Security Resources
  1.6 Closing Remarks
  1.7 Exercises
 2 Data Encryption Algorithms
  2.1 Data Encryption Algorithm Design Criteria
   2.1.1 ASCII Code
   2.1.2 XOR Encryption
   2.1.3 Criteria of Data Encryptions
   2.1.4 Implementation Criteria
  2.2 Data Encryption Standard
   2.2.1 Feistel's Cipher Scheme
   2.2.2 DES Subkeys
   2.2.3 DES Substitution Boxes
   2.2.4 DES Encryption
   2.2.5 DES Decryption and Correctness Proof
   2.2.6 DES Security Strength
  2.3 Multiple DES
   2.3.1 Triple-DES with Two Keys
   2.3.2 2DES and 3DES/
   2.3.3 Meet-in-the-Middle Attacks on 2DES
  2.4 Advanced Encryption Standard
   2.4.1 AES Basic Structures
   2.4.2 AES S-Boxes
   2.4.3 AES-128 Round Keys
   2.4.4 Add Round Keys
   2.4.5 Substitute-Bytes
   2.4.6 Shift-Rows
   2.4.7 Mix-Columns
   2.4.8 AES-128 Encryption
   2.4.9 AES-128 Decryption and Correctness Proof
   2.4.10 Galois Fields
   2.4.11 Construction of the AES S-Box and Its Inverse
   2.4.12 AES Security Strength
  2.5 Standard Block-Cipher Modes of Operations
   2.5.1 Electronic-Codebook Mode
   2.5.2 Cipher-Block-Chaining Mode
   2.5.3 Cipher-Feedback Mode
   2.5.4 Output-Feedback Mode
   2.5.5 Counter Mode
  2.6 Stream Ciphers
   2.6.1 RC4 Stream Cipher
   2.6.2 RC4 Security Weaknesses
  2.7 Key Generations
   2.7.1 ANSI X9.17 PRNG
   2.7.2 BBS Pseudorandom Bit Generator
  2.8 Closing Remarks
  2.9 Exercises
 3 Public-Key Cryptography and Key Management
  3.1 Concepts of Public-Key Cryptography
  3.2 Elementary Concepts and Theorems in Number Theory
   3.2.1 Modular Arithmetic and Congruence Relations
   3.2.2 Modular Inverse
   3.2.3 Primitive Roots
   3.2.4 Fast Modular Exponentiation
   3.2.5 Finding Large Prime Numbers
   3.2.6 The Chinese Remainder Theorem
   3.2.7 Finite Continued Fractions
  3.3 Diffie-Hellman Key Exchange
   3.3.1 Key Exchange Protocol
   3.3.2 Man-in-the-Middle Attacks
   3.3.3 Elgamal PKC
  3.4 RSA Cryptosystem
   3.4.1 RSA Key Pairs, Encryptions, and Decryptions
   3.4.2 RSA Parameter Attacks
   3.4.3 RSA Challenge Numbers
  3.5 Elliptic-Curve Cryptography
   3.5.1 Commutative Groups on Elliptic Curves
   3.5.2 Discrete Elliptic Curves
   3.5.3 ECC Encodings
   3.5.4 ECC Encryption and Decryption
   3.5.5 ECC Key Exchange
   3.5.6 ECC Strength
  3.6 Key Distributions and Management
   3.6.1 Master Keys and Session Keys
   3.6.2 Public-Key Certificates
   3.6.3 CA Networks
   3.6.4 Key Rings
  3.7 Closing Remarks
  3.8 Exercises
 4 Data Authentication
  4.1 Cryptographic Hash Functions
   4.1.1 Design Criteria of Cryptographic Hash Functions
   4.1.2 Quest for Cryptographic Hash Functions
   4.1.3 Basic Structure of Standard Hash Functions
   4.1.4 SHA-
   4.1.5 WHIRLPOOL
  4.2 Cryptographic Checksums
   4.2.1 Exclusive-OR Cryptographic Checksums
   4.2.2 Design Criteria of MAC Algorithms
   4.2.3 Data Authentication Algorithm
  4.3 HMAC
   4.3.1 Design Criteria of HMAC
   4.3.2 HMAC Algorithm
  4.4 Offset Codebook Mode of Operations
   4.4.1 Basic Operations
   4.4.2 OCB Encryption and Tag Generation
   4.4.3 OCB Decryption and Tag Verification
  4.5 Birthday Attacks
   4.5.1 Complexity Upper Bound of Breaking Strong Collision Resistance
   4.5.2 Set Intersection Attack
  4.6 Digital Signature Standard
  4.7 Dual Signatures and Electronic Transactions
   4.7.1 Dual Signature Applications
   4.7.2 Dual Signatures and Electronic Transactions
  4.8 Blind Signatures and Electronic Cash
   4.8.1 RSA Blind Signatures
   4.8.2 Electronic Cash
  4.9 Closing Remarks
  4.10 Exercises
 5 Network Security Protocols in Practice
  5.1 Crypto Placements in Networks
   5.1.1 Crypto Placement at the Application Layer
   5.1.2 Crypto Placement at the Transport Layer
   5.1.3 Crypto Placement at the Network Layer
   5.1.4 Crypto Placement at the Data-Link Layer
   5.1.5 Hardware versus Software Implementations of Cryptographic Algorithms
  5.2 Public-Key Infrastructure
   5.2.1 X.509 Public-Key Infrastructure
   5.2.2 X.509 Certificate Formats
  5.3 IPsec: A Security Protocol at the Network Layer
   5.3.1 Security Association
   5.3.2 Application Modes and Security Associations
   5.3.3 AH Format
   5.3.4 ESP Format
   5.3.5 Secret Key Determination and Distribution
  5.4 SSL/TLS: Security Protocols at the Transport Layer
   5.4.1 SSL Handshake Protocol
   5.4.2 SSL Record Protocol
  5.5 PGP and S/MIME: Email Security Protocols
   5.5.1 Basic Email Security Mechanisms
   5.5.2 PGP
   5.5.3 S/MIME
  5.6 Kerberos: An Authentication Protocol
   5.6.1 Basic Ideas
   5.6.2 Single-Realm Kerberos
   5.6.3 Multiple-Realm Kerberos
  5.7 SSH: Security Protocols for Remote Logins
  5.8 Closing Remarks
  5.9 Exercises
 6 Wireless Network Security
  6.1 Wireless Communications and 802.11 WLAN Standards
   6.1.1 WLAN Architecture
   6.1.2 802.11 Essentials
   6.1.3 Wireless Security Vulnerabilities
  6.2 WEP
   6.2.1 Device Authentication and Access Control
   6.2.2 Data Integrity Check
   6.2.3 LLC Frame Encryption
   6.2.4 Security Flaws of WEP
  6.3 WPA
   6.3.1 Device Authentication and Access Controls
   6.3.2 TKIP Key Generations
   6.3.3 TKIP Message Integrity Code
   6.3.4 TKIP Key Mixing
   6.3.5 WPA Encryption and Decryption
   6.3.6 WPA Security Strength and Weaknesses
  6.4 IEEE 802.11i/WPA
   6.4.1 Key Generations
   6.4.2 CCMP Encryptions and MIC
   6.4.3 802.11i Security Strength and Weaknesses
  6.5 Bluetooth Security
   6.5.1 Piconets
   6.5.2 Secure Pairings
   6.5.3 SAFER+ Block Ciphers
   6.5.4 Bluetooth AlgorithmsE1$,E21,andE22
   6.5.5 Bluetooth Authentication
   6.5.6 A PIN Cracking Attack
   6.5.7 Bluetooth Secure Simple Pairing
  6.6 Wireless Mesh Network Security
  6.7 Closing Remarks
  6.8 Exercises
 7 Network Perimeter Security
  7.1 General Framework
  7.2 Packet Filters
   7.2.1 Stateless Filtering
   7.2.2 Stateful Filtering
  7.3 Circuit Gateways
   7.3.1 Basic Structures
   7.3.2 SOCKS
  7.4 Application Gateways
   7.4.1 Cache Gateways
   7.4.2 Stateful Packet Inspections
  7.5 Trusted Systems and Bastion Hosts
   7.5.1 Trusted Operating Systems
   7.5.2 Bastion hosts and Gateways
  7.6 Firewall Configurations
   7.6.1 Single-Homed Bastion Host System
   7.6.2 Dual-Homed Bastion Host System
   7.6.3 Screened Subnets
   7.6.4 Demilitarized Zones
   7.6.5 Network Security Topology
  7.7 Network Address Translations
   7.7.1 Dynamic NAT
   7.7.2 Virtual Local-Area Networks
   7.7.3 Small Office and Home Office Firewalls
  7.8 Setting Up Firewalls
   7.8.1 Security Policy
   7.8.2 Building A Linux Stateless Packet Filter
  7.9 Closing Remarks
  7.10 Exercises
 8 The Art of Anti Malicious Software
  8.1 Viruses
   8.1.1 Virus Types
   8.1.2 Virus Infection Schemes
   8.1.3 Virus Structures
   8.1.4 Compressor Viruses
   8.1.5 Virus Disseminations
   8.1.6 Win32 Virus Infection Dissection
   8.1.7 Virus Creation Toolkits
  8.2 Worms
   8.2.1 Common Worm Types
   8.2.2 The Morris Worm
   8.2.3 The Melissa Worm
   8.2.4 Email Attachments
   8.2.5 The Code Red Worm
   8.2.6 Other Worms Targeted at Microsoft Products
  8.3 Virus Defense
   8.3.1 Standard Scanning Methods
   8.3.2 Anti-Virus Software Products
   8.3.3 Virus Emulator
  8.4 Trojan Horses
  8.5 Hoaxes
  8.6 Peer-to-Peer Security
   8.6.1 P2P Security Vulnerabilities
   8.6.2 P2P Security Measures
   8.6.3 Instant Messaging
  8.7 Web Security
   8.7.1 Basic Types of Web Documents
   8.7.2 Security of Web Documents
   8.7.3 ActiveX
   8.7.4 Cookies
   8.7.5 Spyware
   8.7.6 AJAX Security
   8.7.7 Safe Web Surfing
  8.8 Distributed Denial of Service Attacks
   8.8.1 Master-Slave DDoS Attacks
   8.8.2 Master-Slave-Reflector DDoS Attacks
   8.8.3 DDoS Attacks Countermeasures
  8.9 Closing Remarks
  8.10 Exercises
 9 The Art of Intrusion Detection
  9.1 Basic Ideas of Intrusion Detection
   9.1.1 Basic Methodology
   9.1.2 Auditing
   9.1.3 IDS Components
   9.1.4 IDS Architecture
   9.1.5 Intrusion Detection Policies
   9.1.6 Unacceptable Behaviors
  9.2 Network-Based Detections and Host-Based Detections
   9.2.1 Network-Based Detections
   9.2.2 Host-Based Detections
  9.3 Signature Detections
   9.3.1 Network Signatures
   9.3.2 Host-Based Signatures
   9.3.3 Outsider Behaviors and Insider Misuses
   9.3.4 Signature Detection Systems
  9.4 Statistical Analysis
   9.4.1 Event Counter
   9.4.2 Event Gauge
   9.4.3 Event Timer
   9.4.4 Resource Utilization
   9.4.5 Statistical Techniques
  9.5 Behavioral Data Forensics
   9.5.1 Data Mining Techniques
   9.5.2 A Behavioral Data Forensic Example
  9.6 Honeypots
   9.6.1 Types of Honeypots
   9.6.2 Honeyd
   9.6.3 MWCollect Projects
   9.6.4 Honeynet Projects
  9.7 Closing Remarks
  9.8 Exercises
 A 7-bit ASCII code
 B SHA-512 Constants (in hexadecimal)
 C Data Compression using ZIP
 D Base64 Encoding
 E Cracking WEP Keys using {\sf WEPCrack
  E.1 System Setup
  E.2 Experiment Details
  E.3 Sample Code
 F Acronyms
 Reference
 Index