718 INDEX
Schnorr digital signature scheme, 402–403
Secret key, 33–34, 271, 422–424
distribution, 422–424
hybrid distribution scheme, 424
symmetric encryption using, 33–34, 271
Secure hash algorithm (SHA), 342–353
logic, 343–346
round function, 346–349
SHA-512 algorithm, 343–346
SHA-3 algorithm, 352–353
Secure Shell (SSH), 486, 508–518
channels, 515–516
Connection Protocol, 509, 514–518
host keys, 509
key exchange and generation, 511–513
message exchange, 513–514
packet exchange, 509–511
port forwarding, 516–518
Transport Layer Protocol, 508–513
User Authentication Protocol, 509, 513–514
Secure Socket Layer (SSL), 486, 488–501
Alert Protocol, 489, 494–495
architecture, 489–490
Change Cipher Spec Protocol, 489, 493–494, 500
cryptographic computations, 500–501
Handshake Protocol, 489, 495–500
Hypertext Transfer Protocol (HTTP), 489,
master secret, 501
message authentication code (MAC), 491–493
Record Protocol, 489, 491–493
session, 489–490
Secure/Multipurpose Internet Mail Extension (S/MIME),
568, 587–603
certificate processing, 601–603
clear signing, 599–600
cryptographic algorithms, 595–597
functionality, 593–597
messages, 597–600
Multipurpose Internet Mail Extensions (MIME), 588–593
Security, 3, 5–30, 285–291, 320, 335–351, 374–375, 378–380.
See also Attacks; Authentication; Cryptanalysis; Internet
security
attacks, 8, 15–19
authentication, 8, 20–21
availability, 10–13, 22
challenges of, 13–14
CIA triad, 10–11
confidentiality, 10–12, 20–21
cryptographic algorithms and protocols, 8
elliptic curve cryptography (ECC), 320
hash function requirements, 335–341
HMAC, 378–380
integrity, 10–13, 20, 22–23
mechanism, 8, 23–25
message authentication code (MAC), 374–375
models for, 25–27
network, 3, 8–9, 25–27
NIST definition of, 9–10
Open Systems Interconnection (OSI) security architecture,
8, 14–25
Rivest-Shamir-Adleman (RSA) algorithm, 285–291
services, 8, 19–22, 24–25
standards, 5–6
threats, 15, 27
Security Assertion Markup Language (SAML), 476
Security association (SA), IP, 622–624, 634–638
Security association database (SAD), 622–624
Security policy database (SPD), 622, 624–625
Seed, PRNG, 221–222, 224–225
Selective–field confidentiality and integrity, 20
Service request, SSH, 513
Service threats, 27
Session, SSL, 489–490
Session key, 417, 466, 576–579
Session security module (SSM), 417–419
Shannon diffusion/confusion concepts, 72–73
Shift row (SR) function, S-AES, 184–185, 187
ShiftRows transformation, AES, 150, 153–155, 161–162
SignedData, S/MIME, 599
Simplified Advanced Encryption Standard (S-AES), 183–191
add key (A
K
) function, 184–186
decryption (inverse), 183–188
encryption, 183–188
key expansion algorithm, 188–189
mix column (MC) function, 184–185, 187–188
nibble substitution (NS) function, 184–185, 187
S-box construction, 188–191
shift row (SR) function, 184–185, 187
structure of, 190–191
Single round, DES, 81–83
Single sign-on (SSO), 472–473
Skew, TRNG, 237–238
Special Publications (SP), 6
SSH, see Secure Shell (SSH)
SSL, see Secure Socket Layer (SSL)
State array, 150, 155
State vector (S) initialization, RC4, 235
Steganography, 57–58
Storage encryption, XTS-AES for, 210–214
Stream ciphers, 35, 68–69, 203–209, 232–237
block ciphers and, 68–69, 203–209
cipher feedback (CFB) mode, 203–204
conversion from block ciphers (modes), 203–209
counter (CTR) mode, 203, 206–209
keystream, 232–233
output feedback (OFB) mode, 203, 205–206
pseudorandom number generators (PRNG), 232–237
RC4, 234–237
Strict avalanche criterion (SAC), 94
SubBytes (substitute bytes) transformation, AES,
150, 153–161
Substitution cipher techniques, 38–53, 68–77
autokey system, 51
Caesar cipher, 39–41
determinant, 46–47
Feistel cipher, 68–77
Hill cipher, 46–49
monoalphabetic ciphers, 41–44
one-time pad, 52–53
permutation and, 41, 72
Playfair cipher, 44–46
polyalphabetic ciphers, 49–52
Substitution/permutation network (SPN), 72–75
Supress-replay attacks, 450
Symmetric ciphers, 8, 33–38, 66–240, 365–368, 413–422,
448–452
Advanced Encryption Standard (AES), 67, 102, 132–133,
147–191
block ciphers, 35, 66–100, 192–217, 229–232
cryptosystem model, 34–35
Data Encryption Standard (DES), 67–68, 77–96
encryption, 8, 33–38, 66–100, 365–368, 413–422, 448–452
key distribution using, 413–422
message authentication and confidentiality, 365–368
model for, 33–34
modular arithmetic for, 108–115, 131–137
number theory of, 101–146
plaintext, 33, 35
polynomial arithmetic for, 122–129, 131–134, 180–183
pseudorandom number generation (PRNG), 218–241
secret key for encryption, 33–34
stream ciphers, 35, 68–69, 203–209, 232–237
substitution techniques, 68–77
user authentication (remote) using, 448–452
Symmetric key distribution, 413–422
asymmetric encryption used for, 422–424
decentralized key control, 419–420
end-to-end encryption, 413–415
key control hierarchy, 415, 417
key distribution center (KDC), 415–417, 424