Cryptography and Network Security: Principles and …

1 Cryptography AND Network SECURITYPRINCIPLES AND PRACTICESEVENTH EDITIONGLOBAL EDITIONW illiam Stallings Boston Columbus Indianapolis New York San Francisco Hoboken Amsterdam Cape Town Dubai London Madrid Milan Munich Paris Montr al Toronto Delhi Mexico City S o Paulo Sydney Hong Kong Seoul Singapore Taipei TokyoFor Tricia: never dull, never boring, the smartest and bravest person I knowISBN 10:1-292-15858-1 ISBN 13: 978-1-292-15858-710 9 8 7 6 5 4 3 2 1 British Library Cataloguing-in-Publication DataA catalogue record for this book is available from the British LibraryVice President and Editorial Director, ECS: Marcia J. HortonExecutive Editor: Tracy Johnson (Dunkelberger)Editorial Assistant: Kristy AlauraAcquisitions Editor, Global Editions: Abhijit BaroiProgram Manager: Carole SnyderProject Manager: Robert Engelhardt Project Editor, Global Editions: NeelakantanMedia Team Lead: Steve WrightR&P Manager: Rachel YoudelmanR&P Senior Project Manager: William OpaluchSenior Operations Specialist: Maura Zaldivar-Garcia Inventory Manager: Meredith MarescaInventory Manager: Meredith MarescaSenior Manufacturing Controller, Global Editions: Trudy KimberMedia Production Manager, Global Editions: Vikram KumarProduct Marketing Manager: Bram Van KempenMarketing Assistant: Jon BryantCover Designer: Lumina DatamaticsCover Art: goghy73 / ShutterstockFull-Service Project Management: Chandrakala Prakash, SPi Global Composition.

2 SPi GlobalCredits and acknowledgments borrowed from other sources and reproduced, with permission, in this textbook appear on page 753. Pearson Education Limited 2017 The right of William Stallings to be identified as the author of this work has been asserted by him in accordance with the Copyright, Designs and Patents Act adaptation from the United States edition, entitled Cryptography and Network security : Principles and Practice, 7th Edition, ISBN 978-0-13-444428-4, by William Stallings published by Pearson Education rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without either the prior written permission of the publisher or a license permitting restricted copying in the United Kingdom issued by the Copyright Licensing Agency Ltd, Saffron House, 6 10 Kirby Street, London EC1N trademarks used herein are the property of their respective owners.

3 The use of any trademark in this text does not vest in the author or publisher any trademark ownership rights in such trademarks, nor does the use of such trademarks imply any affiliation with or endorsement of this book by such Education LimitedEdinburgh GateHarlowEssex CM20 2 JEEnglandand Associated Companies throughout the worldVisit us on the World Wide Web by SPi GlobalPrinted and bound in Malaysia. 3 CONTENTSN otation 10 Preface 12 About the Author 18 PART ONE: BACKGROUND 19 Chapter 1 Computer and Network security Concepts 19 Computer security Concepts 21 The OSI security Architecture 26 security Attacks 27 security Services 29 security Mechanisms 32 Fundamental security Design Principles 34 Attack Surfaces and Attack Trees 37 A Model for Network security 41 Standards 43 Key Terms, Review Questions, and Problems 44 Chapter 2 Introduction to Number Theory 46 Divisibility and the Division Algorithm 47 The Euclidean Algorithm 49 Modular Arithmetic 53 Prime Numbers 61 Fermat s and Euler s Theorems 64 Testing for Primality 68 The Chinese Remainder Theorem 71 Discrete Logarithms 73 Key Terms, Review Questions, and Problems 78 Appendix 2A The Meaning of Mod 82 PART TWO.

4 SYMMETRIC CIPHERS 85 Chapter 3 Classical Encryption Techniques 85 Symmetric Cipher Model 86 Substitution Techniques 92 Transposition Techniques 107 Rotor Machines 108 Steganography 110 Key Terms, Review Questions, and Problems 112 Chapter 4 Block Ciphers and the Data Encryption Standard 118 Traditional Block Cipher Structure 119 The Data Encryption Standard 129 A DES Example 131 The Strength of DES 1344 CONTENTS Block Cipher Design Principles 135 Key Terms, Review Questions, and Problems 137 Chapter 5 Finite Fields 141 Groups 143 Rings 145 Fields 146 Finite Fields of the Form GF(p) 147 Polynomial Arithmetic 151 Finite Fields of the Form GF(2n) 157 Key Terms, Review Questions, and Problems 169 Chapter 6 Advanced Encryption Standard 171 Finite Field Arithmetic 172 AES Structure 174 AES Transformation Functions 179 AES Key Expansion 190 An AES Example 193 AES Implementation 197 Key Terms, Review Questions, and Problems 202 Appendix 6A Polynomials with Coefficients in GF(28)

5 203 Chapter 7 Block Cipher Operation 207 Multiple Encryption and Triple DES 208 Electronic Codebook 213 Cipher Block Chaining Mode 216 Cipher Feedback Mode 218 Output Feedback Mode 220 Counter Mode 222 XTS-AES Mode for Block-Oriented Storage Devices 224 Format-Preserving Encryption 231 Key Terms, Review Questions, and Problems 245 Chapter 8 Random Bit Generation and Stream Ciphers 250 Principles of Pseudorandom Number Generation 252 Pseudorandom Number Generators 258 Pseudorandom Number Generation Using a Block Cipher 261 Stream Ciphers 267 RC4 269 True Random Number Generators 271 Key Terms, Review Questions, and Problems 280 PART THREE: ASYMMETRIC CIPHERS 283 Chapter 9 Public-Key Cryptography and RSA 283 Principles of Public-Key Cryptosystems 285 The RSA Algorithm 294 Key Terms, Review Questions, and Problems 308 CONTENTS 5 Chapter 10 Other Public-Key Cryptosystems 313 Diffie-Hellman Key Exchange 314 Elgamal Cryptographic System 318 Elliptic Curve Arithmetic 321 Elliptic Curve Cryptography 330 Pseudorandom Number Generation Based on an Asymmetric Cipher 334 Key Terms, Review Questions, and Problems 336 PART FOUR.

6 CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS 339 Chapter 11 Cryptographic Hash Functions 339 Applications of Cryptographic Hash Functions 341 Two Simple Hash Functions 346 Requirements and security 348 Hash Functions Based on Cipher Block Chaining 354 Secure Hash Algorithm (SHA) 355 SHA-3 365 Key Terms, Review Questions, and Problems 377 Chapter 12 Message Authentication Codes 381 Message Authentication Requirements 382 Message Authentication Functions 383 Requirements for Message Authentication Codes 391 security of MACs 393 MACs Based on Hash Functions: HMAC 394 MACs Based on Block Ciphers: DAA and CMAC 399 Authenticated Encryption: CCM and GCM 402 Key Wrapping 408 Pseudorandom Number Generation Using Hash Functions and MACs 413 Key Terms, Review Questions, and Problems 416 Chapter 13 Digital Signatures 419 Digital Signatures 421 Elgamal Digital Signature Scheme 424 Schnorr Digital Signature Scheme 425 NIST Digital Signature Algorithm 426 Elliptic Curve Digital Signature Algorithm 430 RSA-PSS Digital Signature Algorithm 433 Key Terms, Review Questions, and Problems 438 PART FIVE.

7 MUTUAL TRUST 441 Chapter 14 Key Management and Distribution 441 Symmetric Key Distribution Using Symmetric Encryption 442 Symmetric Key Distribution Using Asymmetric Encryption 451 Distribution of Public Keys 454 Certificates 4596 CONTENTS Public-Key Infrastructure 467 Key Terms, Review Questions, and Problems 469 Chapter 15 User Authentication 473 Remote User-Authentication Principles 474 Remote User-Authentication Using Symmetric Encryption 478 Kerberos 482 Remote User-Authentication Using Asymmetric Encryption 500 Federated Identity Management 502 Personal Identity Verification 508 Key Terms, Review Questions, and Problems 515 PART SIX: Network AND INTERNET security 519 Chapter 16 Network Access Control and Cloud security 519 Network Access Control 520 Extensible Authentication Protocol 523 IEEE Port-Based Network Access Control 527 Cloud Computing 529 Cloud security Risks and Countermeasures 535 Data Protection in the Cloud 537 Cloud security as a Service 541 Addressing Cloud Computing security Concerns 544 Key Terms, Review Questions, and Problems 545 Chapter 17 Transport-Level security 546 Web security Considerations 547 Transport Layer security 549 HTTPS 566 Secure Shell (SSH)

8 567 Key Terms, Review Questions, and Problems 579 Chapter 18 wireless Network security 581 wireless security 582 Mobile Device security 585 IEEE wireless LAN Overview 589 IEEE wireless LAN security 595 Key Terms, Review Questions, and Problems 610 Chapter 19 Electronic Mail security 612 Internet Mail Architecture 613 Email Formats 617 Email Threats and Comprehensive Email security 625 S/MIME 627 Pretty Good Privacy 638 DNSSEC 639 DNS-Based Authentication of Named Entities 643 Sender Policy Framework 645 DomainKeys Identified Mail 648 CONTENTS 7 Domain-Based Message Authentication, Reporting, and Conformance 654 Key Terms, Review Questions, and Problems 659 Chapter 20 IP security 661 IP security Overview 662 IP security Policy 668 Encapsulating security Payload 673 Combining security Associations 681 Internet Key Exchange 684 Cryptographic Suites 692 Key Terms, Review Questions, and Problems 694 APPENDICES 696 Appendix A Projects for Teaching Cryptography and Network security 696 Sage Computer Algebra Projects 697 Hacking Project 698 Block Cipher Projects 699 Laboratory Exercises 699 Research Projects 699 Programming Projects 700 Practical security Assessments 700 Firewall Projects 701 Case Studies 701 Writing Assignments 701 Reading/Report Assignments 702 Discussion Topics 702 Appendix B Sage Examples 703 Linear Algebra and Matrix Functionality 704 Chapter 2: Number Theory 705 Chapter 3: Classical Encryption 710 Chapter 4.

9 Block Ciphers and the Data Encryption Standard 713 Chapter 5: Basic Concepts in Number Theory and Finite Fields 717 Chapter 6: Advanced Encryption Standard 724 Chapter 8: Pseudorandom Number Generation and Stream Ciphers 729 Chapter 9: Public-Key Cryptography and RSA 731 Chapter 10: Other Public-Key Cryptosystems 734 Chapter 11: Cryptographic Hash Functions 739 Chapter 13: Digital Signatures 741 References 744 Credits 753 Index 7548 CONTENTSONLINE CHAPTERS AND APPENDICES1 PART SEVEN: SYSTEM SECURITYC hapter 21 Malicious Software Types of Malicious Software (Malware) Advanced Persistent Threat Propagation Infected Content Viruses Propagation Vulnerability Exploit Worms Propagation Social Engineering Spam E-mail, Trojans Payload System Corruption Payload Attack Agent Zombie, Bots Payload Information Theft Keyloggers, Phishing, Spyware Payload Stealthing Backdoors, Rootkits Countermeasures Distributed Denial of Service Attacks References Key Terms, Review Questions, and ProblemsChapter 22 Intruders Intruders Intrusion Detection Password Management References Key Terms, Review Questions.

10 And ProblemsChapter 23 Firewalls The Need for Firewalls Firewall Characteristics and Access Policy Types of Firewalls Firewall Basing Firewall Location and Configurations References Key Terms, Review Questions, and ProblemsPART EIGHT: LEGAL AND ETHICAL ISSUESC hapter 24 Legal and Ethical Aspects Cybercrime and Computer Crime Intellectual Property Privacy Ethical Issues Recommended Reading References Key Terms, Review Questions, and Problems Information Privacy1 Online chapters, appendices, and other documents are at the Companion Website, available via the access card at the front of this 9 Appendix C Sage Exercises Appendix D Standards and Standard-Setting OrganizationsAppendix E Basic Concepts from Linear AlgebraAppendix F Measures of Secrecy and SecurityAppendix G Simplified DESA ppendix H Evaluation Criteria for AESA ppendix I Simplified AESA ppendix J The Knapsack AlgorithmAppendix K Proof of the Digital Signature AlgorithmAppendix L TCP/IP and OSIA ppendix M Java Cryptographic APIsAppendix N MD5 Hash FunctionAppendix O Data Compression Using ZIPA ppendix P PGPA ppendix Q The International Reference AlphabetAppendix R Proof of the RSA AlgorithmAppendix S Data Encryption StandardAppendix T Kerberos Encryption TechniquesAppendix U Mathematical Basis of the Birthday AttackAppendix V Evaluation Criteria for SHA-3 Appendix W The Complexity of AlgorithmsAppendix X Radix-64 ConversionAppendix Y