Cryptography and Network Security: Principles and Practice, 8th edition
by William Stallings
LU
XE
LI
BR
AR
Y
, TABLE OF CONTENT
1. Computer and Network Security Concepts
2. Introduction to Number Theory
3. Classical Encryption Techniques
4. Block Ciphers and the Data Encryption Standard
5. Finite Fields
6. Advanced Encryption Standard
7. Block Cipher Operation
LU
8. Random Bit Generation and Stream Ciphers
9. Public-Key Cryptography and RSA
10. Other Public-Key Cryptosystems
XE
11. Cryptographic Hash Functions
12. Message Authentication Codes
13. Digital Signatures
14. Lightweight Cryptography and Post-Quantum Cryptography
LI
15. Key Management and Distribution
16. User Authentication Protocols
17. Transport-Level Security
BR
18. Wireless Network Security
19. Electronic Mail Security
20. IP Security
AR
21. Network Endpoint Security
22. Cloud Security
23. Internet of Things (IoT) Security
Y
, jkhgfds
CHAPTER 1 INTRODUCTION
ANSWERS TO QUESTIONS
1.1 The OSI Security Architecture is a framework that provides a systematic
way of defining the requirements for security and characterizing the
LU
approaches to satisfying those requirements. The document defines
security attacks, mechanisms, and services, and the relationships
among these categories.
1.2 Passive attacks: release of message contents and traffic analysis.
Active attacks: masquerade, replay, modification of messages, and
XE
denial of service.
1.3 Authentication: The assurance that the communicating entity is the
one that it claims to be.
Access control: The prevention of unauthorized use of a resource (i.e.,
LI
this service controls who can have access to a resource, under what
conditions access can occur, and what those accessing the resource are
allowed to do).
Data confidentiality: The protection of data from unauthorized
BR
disclosure.
Data integrity: The assurance that data received are exactly as sent by
an authorized entity (i.e., contain no modification, insertion, deletion, or
replay).
Nonrepudiation: Provides protection against denial by one of the
entities involved in a communication of having participated in all or part
AR
of the communication.
Availability service: The property of a system or a system resource
being accessible and usable upon demand by an authorized system
entity, according to performance specifications for the system (i.e., a
system is available if it provides services according to the system design
whenever users request them).
Y
1.4 Cryptographic algorithms: Transform data between plaintext and
ciphertext.
Data integrity: Mechanisms used to assure the integrity of a data unit
or stream of data units.
Digital signature: Data appended to, or a cryptographic
transformation of, a data unit that allows a recipient of the data unit to
prove the source and integrity of the data unit and protect against
forgery.
lkjhgfds
, jkhgfds
Authentication exchange: A mechanism intended to ensure the
identity of an entity by means of information exchange.
Traffic padding: The insertion of bits into gaps in a data stream to
frustrate traffic analysis attempts.
Routing control: Enables selection of particular physically or logically
secure routes for certain data and allows routing changes, especially
when a breach of security is suspected.
Notarization: The use of a trusted third party to assure certain
properties of a data exchange.
Access control: A variety of mechanisms that enforce access rights to
LU
resources.
1.5 Keyless: Do not use any keys during cryptographic transformations.
Single-key: The result of a transformation are a function of the input
data and a single key, known as a secret key.
Two-key: At various stages of the calculate two different but related
XE
keys are used, referred to as private key and public key.
1.6 Communications security: Deals with the protection of
communications through the network, including measures to protect
against both passive and active attacks.
Device security: Deals with the protection of network devices, such as
LI
routers and switches, and end systems connected to the network, such
as client systems and servers.
1.7 Trust: The willingness of a party to be vulnerable to the actions of
BR
another party based on the expectation that the other will perform a
particular action important to the trustor, irrespective of the ability to
monitor or control that other party.
Trustworthiness: A characteristic of an entity that reflects the degree
to which that entity is deserving of trust.
AR
ANSWERS TO PROBLEMS
1.1 The system must keep personal identification numbers confidential, both
in the host system and during transmission for a transaction. It must
protect the integrity of account records and of individual transactions.
Y
Availability of the host system is important to the economic well being
of the bank, but not to its fiduciary responsibility. The availability of
individual teller machines is of less concern.
1.2 The system does not have high requirements for integrity on individual
transactions, as lasting damage will not be incurred by occasionally
losing a call or billing record. The integrity of control programs and
configuration records, however, is critical. Without these, the switching
lkjhgfds