BIBLIOGRAPHY 385 37. Deering, S., and R. Hinden, ‘<strong>Internet</strong> Protocol, Version 6 (IPv6) Specification’, RFC 1883, January 1996. 38. Deering, S., and R. Hinden, ‘<strong>Internet</strong> Protocol, Version 6 (IPv6) Specification’, RFC 2460, December 1998. 39. deSouza, O., and M. Rodrigues, ‘Guidelines for Running OSPF Over Frame Relay Networks’, RFC 1586, March 1994. 40. Dierks, T., and C. Allen, ‘The TLS Protocol Version 1.0’, RFC 2246, January 1999. 41. Diffie, W., and M. Hellman, ‘New Directions in Cryptography’, IEEE Transactions on Information Theory, November 1976. 42. ElGamal, T., ‘A Public-Key Cryptosystem and a Signature Scheme based on Discrete Logarithms’, IEEE Transactions on Information Theory, July 1985. 43. Faltstrom, P., D. Crocker and E. Fair, ‘MIME Content Type for Encoded Files’, RFC 1741, December 1994. 44. Farrell, S., and C. Adams, ‘<strong>Internet</strong> Public Key Infrastructure Part III: Certificate Management Protocols’, <strong>Internet</strong> Draft, December 1996. 45. Fielding, R., J. Gettys, J. Mogul, H. Frystyk and T. Berners-Lee, ‘Hypertext Transfer Protocol – HTTP1.1’, RFC 2068, January 1997. 46. Finlayson, R., ‘IP Multicast and Firewalls’, RFC 2588, May 1999. 47. Finlayson, R., T. Mann, J. Mogul and M. Theimer, ‘Reverse Address Resolution Protocol’, RFC 903, June 1984. 48. FIPS Publication ZZZ, ‘Announcing the Advanced Encryption Standard (AES)’, US DoC/NIST, 2001. 49. Forouzan, B. A., TCP/IP Protocol Suite, New York: McGraw-Hill, 2000. 50. Fox, B., and B. Gleeson, ‘Virtual Private Networks Identifier’, RFC 2685, September 1999. 51. Freed, N., ‘Behavior of and Requirements for <strong>Internet</strong> Firewalls’, RFC 2979, October 2000. 52. Freier, A. O., P. Karlton and P. C. Kocher, ‘The SSL Protocol Version 3.0’, <strong>Internet</strong> Draft, Netscape Communications Corporation, March 1996. 53. Fuller, V., T. Li, J. Yu and K. Varadhan, ‘Classless Inter-Domain Routing (CIDR): an Address Assignment and Aggregation Strategy’, RFC 1519, September 1993. 54. Galvin, J., and K. McCloghrie, ‘<strong>Security</strong> Protocols for version 2 of the Simple Network Management Protocol (SNMPv2)’, RFC 1446, May 1993. 55. Galvin, J., S. Murphy, S. Crocker and N. Freed, ‘<strong>Security</strong> Multiparts for MIME: Multipart/Signed and Multipart/Encrypted’, RFC 1847, October 1995. 56. Garfinkel, S., and G. Spafford, Web <strong>Security</strong> & Commerce. Cambridge, MA: O’Reilly, 1997. 57. Gasser, M., Building a Secure Computer System. New York: Van Nostrand Reinhold, 1988. 58. Gleeson, B., A. Lin, J. Heinanen, G. Armitage and A. Malis, ‘A Framework for IP Based Virtual Private Networks’, RFC 2764, February 2000. 59. Goldsmith, D., and M. Davis, ‘Using Unicode with MIME’, RFC 1641, July 1994.
386 INTERNET SECURITY 60. Harkins, D., and D. Carrel, ‘The <strong>Internet</strong> Key Exchange (IKE)’, RFC 2409, November 1998. 61. Haskin, D., and E. Allen, ‘IP Version 6 over PPP’, RFC 2023, October 1996. 62. Hedrick, C., ‘Routing Information Protocol’, RFC 1058, June 1988. 63. Heinanen, J., ‘Multiprotocol Encapsulation over ATM’, RFC 1483, July 1993. 64. Hinden, R., and S. Deering, ‘IP Version 6 Addressing Architecture’, RFC 1884, January 1996. 65. Hinden, R., and J. Postel, ‘IPv6 Testing Address Allocation’, RFC 1897, January 1996. 66. Hodges, J., R. Morgan and M. Wahl, ‘Lightweight Directory Access Protocol (v3): Extension for Transport Layer <strong>Security</strong>’, RFC 2830, May 2000. 67. Hoffman, P., ‘Enhanced <strong>Security</strong> Services for S/MIME’, RFC 2634, June 1999. 68. Hoffman, P., ‘SMTP Service Extension for Secure SMTP over TLS’, RFC 2487, January 1999. 69. Horning, C., ‘Standard for the Transmission of IP Datagrams over Ethernet Networks’, RFC 894, April 1984. 70. Housley, R., W. Ford, W. Pok and D. Solo, ‘<strong>Internet</strong> X.509 Public Key Infrastructure Certificate and CRL Profile’, <strong>Internet</strong> Draft, September 1998. 71. Huitema, C., ‘An Experiment in DNS Based IP Routing’, RFC 138 3, December 1992. 72. Huitema, C., IPv6: The New <strong>Internet</strong> Protocol. Upper Saddle River, NJ: Prentice Hall, 1998. 73. Jacobson, V., ‘Compressing TCP/IP Headers for Low-speed Serial Links’, RFC 1144, February 1990. 74. Johnson, D., Menezes A and Vanstone, S, ‘The Elliptic Curve Digital Signature Algorithm’, Berlin and Heidelberg: Springer-Verlag, pp. 36–63, July 2001. 75. Kantor, B., and P. Lapsley, ‘Network News Transfer Protocol: A Proposed Standard for the Stream-Based Transmission of News’, RFC 977, February 1986. 76. Kastenholz, E., ‘The Definitions of Managed Objects for the <strong>Security</strong> Protocols of the Point-to-Point Protocol’, RFC 1472, June 1993. 77. Kats, D., ‘A Proposed Standard for the Transmission of IP Datagrams over FDDI Networks’, RFC 1188, October 1990. 78. Kent, S., and R. Atkinson, ‘<strong>Security</strong> Architecture for the <strong>Internet</strong> Protocol’, RFC 2401, November 1998. 79. Kent, S., and R. Atkinson, ‘IP Authentication Header’, RFC 2402, November 1998. 80. Kent, S., and R. Atkinson, ‘IP Encapsulating <strong>Security</strong> Payload (ESP)’, RFC 2406, November 1998. 81. Khare, R., and S. Lawrence, ‘Upgrading to TLS Within HTTP/1.1’, RFC 2817, May 2000. 82. Klensin, J., N. Freed, M. Rose, E. Stefferud and D. Crocker, ‘SMTP Service Extension for 8-bit MIME transport’, RFC 1652, July 1994. 83. Klensin, J., N. Freed, M. Rose, E. Stefferud and D. Crocker, ‘SMTP Service Extension’, RFC 1869, November 1995. 84. Koblitz, N., ‘Elliptic Curves Cryptosystems’, Mathematics of Computing, 48, No. 177, pp. 203–209, 1987.
- Page 1 and 2:
TEAMFLY
- Page 4:
Internet Security
- Page 7 and 8:
Copyright © 2003 John Wiley & Sons
- Page 9 and 10:
vi CONTENTS 2.3 World Wide Web 47 2
- Page 11 and 12:
viii CONTENTS 5.6 The Elliptic Curv
- Page 13 and 14:
x CONTENTS 10.2.5 De-militarised Zo
- Page 16 and 17:
Preface The Internet is global in s
- Page 18 and 19:
PREFACE xv Policy Approval Authorit
- Page 20 and 21:
PREFACE xvii classified into three
- Page 22 and 23:
1 Internetworking and Layered Model
- Page 24 and 25:
INTERNETWORKING AND LAYERED MODELS
- Page 26 and 27:
INTERNETWORKING AND LAYERED MODELS
- Page 28 and 29:
INTERNETWORKING AND LAYERED MODELS
- Page 30 and 31:
Layer No. 7 6 5 4 3 2 1 OSI Layer A
- Page 32 and 33:
INTERNETWORKING AND LAYERED MODELS
- Page 34 and 35:
INTERNETWORKING AND LAYERED MODELS
- Page 36 and 37:
2 TCP/IP Suite and Internet Stack P
- Page 38 and 39:
TCP/IP SUITE AND INTERNET STACK PRO
- Page 40 and 41:
TCP/IP SUITE AND INTERNET STACK PRO
- Page 42 and 43:
TCP/IP SUITE AND INTERNET STACK PRO
- Page 44 and 45:
TCP/IP SUITE AND INTERNET STACK PRO
- Page 46 and 47:
Class A Class B Class C Class D Cla
- Page 48 and 49:
TCP/IP SUITE AND INTERNET STACK PRO
- Page 50 and 51:
H Host H TCP/IP SUITE AND INTERNET
- Page 52 and 53:
TCP/IP SUITE AND INTERNET STACK PRO
- Page 54 and 55:
TCP/IP SUITE AND INTERNET STACK PRO
- Page 56 and 57:
TCP/IP SUITE AND INTERNET STACK PRO
- Page 58 and 59:
TCP/IP SUITE AND INTERNET STACK PRO
- Page 60 and 61:
TCP/IP SUITE AND INTERNET STACK PRO
- Page 62 and 63:
TCP/IP SUITE AND INTERNET STACK PRO
- Page 64 and 65:
Bits IP header TCP/IP SUITE AND INT
- Page 66 and 67:
TCP/IP SUITE AND INTERNET STACK PRO
- Page 68 and 69:
TCP/IP SUITE AND INTERNET STACK PRO
- Page 70 and 71:
TCP/IP SUITE AND INTERNET STACK PRO
- Page 72 and 73:
TCP/IP SUITE AND INTERNET STACK PRO
- Page 74 and 75:
TCP/IP SUITE AND INTERNET STACK PRO
- Page 76 and 77:
TCP/IP SUITE AND INTERNET STACK PRO
- Page 78 and 79:
3 Symmetric Block Ciphers This chap
- Page 80 and 81:
S-boxes L i−1 S 1 L i SYMMETRIC B
- Page 82 and 83:
K 1 48 bits K 2 48 bits K 16 48 bit
- Page 84 and 85:
Table 3.4 Initial permutation (IP)
- Page 86 and 87:
SYMMETRIC BLOCK CIPHERS 65 Table 3.
- Page 88 and 89:
SYMMETRIC BLOCK CIPHERS 67 This 48-
- Page 90 and 91:
SYMMETRIC BLOCK CIPHERS 69 The 48-b
- Page 92 and 93:
SYMMETRIC BLOCK CIPHERS 71 Thus, th
- Page 94 and 95:
SYMMETRIC BLOCK CIPHERS 73 Round K1
- Page 96 and 97:
SYMMETRIC BLOCK CIPHERS 75 Example
- Page 98 and 99:
64-bit plaintext X 1 X 2 X 3 X 4 Ro
- Page 100 and 101:
SYMMETRIC BLOCK CIPHERS 79 Table 3.
- Page 102 and 103:
SYMMETRIC BLOCK CIPHERS 81 The outp
- Page 104 and 105:
SYMMETRIC BLOCK CIPHERS 83 the corr
- Page 106 and 107:
SYMMETRIC BLOCK CIPHERS 85 Table 3.
- Page 108 and 109:
SYMMETRIC BLOCK CIPHERS 87 of S and
- Page 110 and 111:
Step 3 i = j = 0; A = B = 0; SYMMET
- Page 112 and 113:
3.3.3 Encryption SYMMETRIC BLOCK CI
- Page 114 and 115:
A SYMMETRIC BLOCK CIPHERS 93 A B
- Page 116 and 117:
3.4 RC6 Algorithm SYMMETRIC BLOCK C
- Page 118 and 119:
Mixing in the secret key S A = B =
- Page 120 and 121:
Magic constants: Pw = b7e15163 Qw =
- Page 122 and 123:
A = ((A − S[2i]) >>> u) ⊕ t } D
- Page 124 and 125:
Converting the secret key from byte
- Page 126 and 127:
The final decrypted plaintext is: b
- Page 128 and 129:
Thus, the final decrypted plaintext
- Page 130 and 131:
Multiplication SYMMETRIC BLOCK CIPH
- Page 132 and 133:
where c0 = a0b0 c1 = a1b0 ⊕ a0b1
- Page 134 and 135:
Rcon[2] = [x 1 , {00}, {00}, {00}]
- Page 136 and 137:
Table 3.16 AES key expansion i Temp
- Page 138 and 139:
SYMMETRIC BLOCK CIPHERS 117 ShiftRo
- Page 140 and 141:
Start of round After SubByte SYMMET
- Page 142 and 143:
SYMMETRIC BLOCK CIPHERS 121 Figure
- Page 144 and 145:
4 Hash Function, Message Digest and
- Page 146 and 147:
M = 64 bits C 0 = 28 bits D 0 = 28
- Page 148 and 149:
HASH FUNCTION, MESSAGE DIGEST AND H
- Page 150 and 151:
⊕ : Bit-by-bit XORing of 16-bit s
- Page 152 and 153:
P(Ω 1 )
- Page 154 and 155:
HASH FUNCTION, MESSAGE DIGEST AND H
- Page 156 and 157:
K r : Concatenation IP : Initial pe
- Page 158 and 159:
HASH FUNCTION, MESSAGE DIGEST AND H
- Page 160 and 161:
HASH FUNCTION, MESSAGE DIGEST AND H
- Page 162 and 163:
a b c d HASH FUNCTION, MESSAGE DIGE
- Page 164 and 165:
HASH FUNCTION, MESSAGE DIGEST AND H
- Page 166 and 167:
HASH FUNCTION, MESSAGE DIGEST AND H
- Page 168 and 169:
HASH FUNCTION, MESSAGE DIGEST AND H
- Page 170 and 171:
HASH FUNCTION, MESSAGE DIGEST AND H
- Page 172 and 173:
HASH FUNCTION, MESSAGE DIGEST AND H
- Page 174 and 175:
H2 = 98badcfe H3 = 10325476 H4 = c3
- Page 176 and 177:
HASH FUNCTION, MESSAGE DIGEST AND H
- Page 178 and 179:
opad 160 bits (SHA-1) 128 bits (MD5
- Page 180 and 181:
HASH FUNCTION, MESSAGE DIGEST AND H
- Page 182 and 183:
5 Asymmetric Public-key Cryptosyste
- Page 184 and 185:
User A Generate secret random integ
- Page 186 and 187:
ASYMMETRIC PUBLIC-KEY CRYPTOSYSTEMS
- Page 188 and 189:
Message m −1 E p q ASYMMETRIC PUB
- Page 190 and 191:
ASYMMETRIC PUBLIC-KEY CRYPTOSYSTEMS
- Page 192 and 193:
Message m −1 User A A′ private
- Page 194 and 195:
ASYMMETRIC PUBLIC-KEY CRYPTOSYSTEMS
- Page 196 and 197:
To decipher the message m, first co
- Page 198 and 199:
ASYMMETRIC PUBLIC-KEY CRYPTOSYSTEMS
- Page 200 and 201:
ASYMMETRIC PUBLIC-KEY CRYPTOSYSTEMS
- Page 202 and 203:
a q ≡ 1(modp) a ASYMMETRIC PUBLIC
- Page 204 and 205:
ASYMMETRIC PUBLIC-KEY CRYPTOSYSTEMS
- Page 206 and 207:
ASYMMETRIC PUBLIC-KEY CRYPTOSYSTEMS
- Page 208 and 209:
Receiver: (verifying) Compute: w
- Page 210 and 211:
� y2 − y1 x3 = ASYMMETRIC PUBLI
- Page 212 and 213:
The square of the integers in Z ∗
- Page 214 and 215:
ASYMMETRIC PUBLIC-KEY CRYPTOSYSTEMS
- Page 216 and 217:
and y3 = x2 1 + � x1 + y1 = α 12
- Page 218 and 219:
ASYMMETRIC PUBLIC-KEY CRYPTOSYSTEMS
- Page 220 and 221:
ASYMMETRIC PUBLIC-KEY CRYPTOSYSTEMS
- Page 222 and 223:
6 Public-key Infrastructure This ch
- Page 224 and 225:
PUBLIC-KEY INFRASTRUCTURE 203 LDAP
- Page 226 and 227:
Session key DES Plaintext m One-way
- Page 228 and 229:
PUBLIC-KEY INFRASTRUCTURE 207 Let u
- Page 230 and 231:
PUBLIC-KEY INFRASTRUCTURE 209 sent
- Page 232 and 233:
Publication of PAA’s public key G
- Page 234 and 235:
PUBLIC-KEY INFRASTRUCTURE 213 • P
- Page 236 and 237:
Carry out identification and authen
- Page 238 and 239:
PUBLIC-KEY INFRASTRUCTURE 217 With
- Page 240 and 241:
PUBLIC-KEY INFRASTRUCTURE 219 The s
- Page 242 and 243:
6.4.4 X.500 Distinguished Naming PU
- Page 244 and 245:
PUBLIC-KEY INFRASTRUCTURE 223 certi
- Page 246 and 247:
PUBLIC-KEY INFRASTRUCTURE 225 • I
- Page 248 and 249:
Certificate fields v1 = v2 = v3 (fo
- Page 250 and 251:
PUBLIC-KEY INFRASTRUCTURE 229 CRL s
- Page 252 and 253:
Subject directory attributes extens
- Page 254 and 255:
PUBLIC-KEY INFRASTRUCTURE 233 the s
- Page 256 and 257:
PUBLIC-KEY INFRASTRUCTURE 235 • S
- Page 258 and 259:
PUBLIC-KEY INFRASTRUCTURE 237 not h
- Page 260 and 261:
6.7.1 Basic Path Validation PUBLIC-
- Page 262:
PUBLIC-KEY INFRASTRUCTURE 241 It is
- Page 265 and 266:
244 INTERNET SECURITY The set of se
- Page 267 and 268:
246 INTERNET SECURITY • Key manag
- Page 269 and 270:
248 INTERNET SECURITY 7.1.3 Hashed
- Page 271 and 272:
250 INTERNET SECURITY A B C D IV 67
- Page 273 and 274:
252 INTERNET SECURITY Next header (
- Page 275 and 276:
254 INTERNET SECURITY IPv4 IPv4 IPv
- Page 277 and 278:
256 INTERNET SECURITY within a 32-b
- Page 279 and 280:
258 INTERNET SECURITY addresses, wh
- Page 281 and 282:
260 INTERNET SECURITY If authentica
- Page 283 and 284:
262 INTERNET SECURITY 1 bit Next pa
- Page 285 and 286:
264 INTERNET SECURITY The Situation
- Page 287 and 288:
266 INTERNET SECURITY The Identific
- Page 289 and 290:
268 INTERNET SECURITY The Hash Data
- Page 291 and 292:
270 INTERNET SECURITY The Domain of
- Page 293 and 294:
272 INTERNET SECURITY to the exchan
- Page 295 and 296:
274 INTERNET SECURITY When a Key Ex
- Page 297 and 298:
276 INTERNET SECURITY When a Notifi
- Page 299 and 300:
278 INTERNET SECURITY SSL Handshake
- Page 301 and 302:
280 INTERNET SECURITY SSL record he
- Page 303 and 304:
282 INTERNET SECURITY SSLCompressed
- Page 305 and 306:
284 INTERNET SECURITY • bad-certi
- Page 307 and 308:
286 INTERNET SECURITY - Random: Thi
- Page 309 and 310:
288 INTERNET SECURITY Note that Dis
- Page 311 and 312:
290 INTERNET SECURITY The finished
- Page 313 and 314:
292 INTERNET SECURITY key_block = M
- Page 315 and 316:
294 INTERNET SECURITY opad 160 bits
- Page 317 and 318:
296 INTERNET SECURITY - A B C D IV
- Page 319 and 320:
298 INTERNET SECURITY The PRF is th
- Page 321 and 322:
300 INTERNET SECURITY HMAC SHA1(S2,
- Page 323 and 324:
302 INTERNET SECURITY 8.3.4 Certifi
- Page 326 and 327:
9 Electronic Mail Security: PGP, S/
- Page 328 and 329:
ELECTRONIC MAIL SECURITY: PGP, S/MI
- Page 330 and 331:
ELECTRONIC MAIL SECURITY: PGP, S/MI
- Page 332 and 333:
ELECTRONIC MAIL SECURITY: PGP, S/MI
- Page 334 and 335:
ELECTRONIC MAIL SECURITY: PGP, S/MI
- Page 336 and 337:
ELECTRONIC MAIL SECURITY: PGP, S/MI
- Page 338 and 339:
ELECTRONIC MAIL SECURITY: PGP, S/MI
- Page 340 and 341:
Message packet M T FN H(M) ELECTRON
- Page 342 and 343:
ELECTRONIC MAIL SECURITY: PGP, S/MI
- Page 344 and 345:
ELECTRONIC MAIL SECURITY: PGP, S/MI
- Page 346 and 347:
ELECTRONIC MAIL SECURITY: PGP, S/MI
- Page 348 and 349:
Definition of multipart/encrypted:
- Page 350 and 351:
From: myrhee@tsp.snu.ac.kr To: kiis
- Page 352 and 353:
ELECTRONIC MAIL SECURITY: PGP, S/MI
- Page 354 and 355:
SignatureAlgorithmIdentifier ELECTR
- Page 356 and 357: ELECTRONIC MAIL SECURITY: PGP, S/MI
- Page 358: ELECTRONIC MAIL SECURITY: PGP, S/MI
- Page 361 and 362: 340 INTERNET SECURITY conform to a
- Page 363 and 364: 342 INTERNET SECURITY existing on a
- Page 365 and 366: 344 INTERNET SECURITY 10.2.7 VPN So
- Page 367 and 368: 346 INTERNET SECURITY Table 10.1 Te
- Page 369 and 370: 348 INTERNET SECURITY Table 10.3 SM
- Page 371 and 372: 350 INTERNET SECURITY Outside host
- Page 373 and 374: 352 INTERNET SECURITY Internet Pack
- Page 376 and 377: 11 SET for E-commerce Transactions
- Page 378 and 379: 11.2 SET System Participants SET FO
- Page 380 and 381: SET FOR E-COMMERCE TRANSACTIONS 359
- Page 382 and 383: SET FOR E-COMMERCE TRANSACTIONS 361
- Page 384 and 385: SET FOR E-COMMERCE TRANSACTIONS 363
- Page 386 and 387: Example 11.2 Message Integrity Chec
- Page 388 and 389: User A 0x135af247c613e815 Message d
- Page 390 and 391: SET FOR E-COMMERCE TRANSACTIONS 369
- Page 392 and 393: E KSC (CAC) + E KSC (MD) D CAC MD V
- Page 394 and 395: SET FOR E-COMMERCE TRANSACTIONS 373
- Page 396 and 397: SET FOR E-COMMERCE TRANSACTIONS 375
- Page 398: H MD D CRs K pg M’s cert E K#5 (C
- Page 401 and 402: 380 INTERNET SECURITY DS Dual Signa
- Page 403 and 404: 382 INTERNET SECURITY SA Security A
- Page 405: 384 INTERNET SECURITY 17. Borman, D
- Page 409 and 410: 388 INTERNET SECURITY 106. Metzger,
- Page 411 and 412: 390 INTERNET SECURITY 163. Wijnen,
- Page 413 and 414: 392 INDEX Authentication Header 243
- Page 415 and 416: 394 INDEX delete payload 269, 275,
- Page 417 and 418: 396 INDEX HTML tag 49 ending tag 49
- Page 419 and 420: 398 INDEX Java 48, 49 Joint Photogr
- Page 421 and 422: 400 INDEX packet filter 339, 341, 3
- Page 423 and 424: 402 INDEX secure payment processing
- Page 425 and 426: 404 INDEX transform # field 264, 27