密码学与网络安全——大学计算机教育国外著名教材系列

    本书清晰易懂地介绍了密码学和网络安全的基本概念和实际问题，探讨了加密、解密、对称和不对称密钥，详细分析和解释了各种主要密码算法，包括数据加密标准（DES），国际数据加密算法（IDEA），RC5，Blowfish，选进加密标准（AES），RSA，数字签名算法（DSA）等，并讨论了主要用于机构的防火墙和虚拟专用网络（VPN）技术，数字签名，公钥基础设施（PKI）和XML安全性，安全套接协议层（SSL），安全超文本传输协议（SHTTP），安全电子交易（SET），3D安全，PGP，PEM，S/MIME等。在无线安全方面研究了WAP、GSM、3G、身份认证、单点登录（SSO）等技术。本书还介绍了拒绝服务（DoS）攻击，联机银行交易等一些案例研究。
本书每章后面给出了多项选择题、复习题、编程练习题等。本书不仅对于普及IT专业人员的网络安全知识、提高普通用户的安全意识会大有裨益，也是本科生和研究生的一本不错的参考书。

1 Introduction to the Concepts of Security
1.1 Introduction 1
1.2 TheNeed forSecurity 2
1,3 Security Approaches 3
1.4 PrinciplesofSecurity 4
1.5 Types of Attacks 8
Outline of the Book 23
Multiple-choice Questions 25
Review Questions 26
Design/Programming Exercises 27
2 CryptographicTechniques
2.1 Introduction 28
2.2 Plain Text and CipherText 29
2.3 SubstitutionTechniques 31
2.4 Transposition Techniques 36
2.5 Encryption and Decryption 40
2.6 Symmetric and Asymmetric Key Cryptography 43
2.7 Steganography 53
2.8 Key Range and Key Size 54
2.9 PossibleTypesofAttacks 57
Chapter Summary 58
Key Terms and Concepts 59
Multiple-choice Questions 59
Review Questions 60
Design/Programming Exercises 61
Contents
3 Computer-based SYmmetric Key Cryptographic Algorithms
3.1 Introduction 63
3.2 Algorithm Types and Modes 63
3.3 An Overview of Symmetric Key Cryptography 73
3.4 Data Encryption Standard(DES) 75
3.5 International Data EncryptionAIgorithm (IDEA) 90
3.6 RC5 98
3.7 Blowfish 105
3.8 Advanced Encryption Standard(AES) 107
3.9 Differentialand LinearCryptanalysis 109
Chapter Summary 110
Key Terms and Concepts 110
Multiple-choice Questions 110
Review Questions 111
Design/Programming Exercises 111
4 Computer-based Asymmetric Key Cryptographic Algorithms
4.1 Introduction 112
4.2 Brief History of Asymmetric Key Cryptography 112
4.3 An Overview of Asymmetric Key Cryptography 113
4.4 The RSAAIgorithm 115
4.5 SymmetricandAsymmetric KeyCryptographyTogether 119
4.6 Digital Signatures 125
4.7 Knapsack Algorithm 154
4.8 SomeotherAIgorithms 154
Chapter Summary 157
Key Terms and Concepts 158
Multiple-choice Questions 158
Review Questions 159
Design/Programming Exercises 159
5 Public Key Infrastructure (PKI)
5.1 Introduction 161
5.2 Digital Certificates 162
5.3 Private Key Management 194
5.4 The PKIX Model 196
5.5 Public Key Cryptography Standards (PKCS) 198
5.6 XML, PKI and Security 204
Chapter Summary 208
Key Terms and Concepts 208
Multiple-choice Questions 209
Review Questions 210
Design/Programming Exercises 210
6 Internet Security Protocols
6.1 Basic Concepts 211
6.2 Secure Socket Layer(SSL) 218
6.3 Secure HyperTextTransferProtocol(SHTTP) 229
6.4 Time Stamping Protocol (TSP) 230
6.5 Secure Electronic Transaction (SET) 231
6.6 SSLVersusSET 244
6.7 3-DSecure Protocol 244
6.8 Electronic Money 245
6.9 EmailSecurity 250
6.10 WirelessApplication Protocol(WAP) Security 263
6.11 Securityin GSM 266
Chapter Summary 268
Key Terms and Concepts 269
Multiple-choice Questions 269
Review Questions 270
Design/Programming Exercises 270
7 User Authentication Mechanisms
7.1 Introduction 271
7.2 Authentication Basics 271
7.3 Passwords 272
7.4 AuthenticationTokens 286
7.5 Certificate-based Authentication 297
7.6 BiometricAuthentication 303
7.7 Kerberos 304
7.8 Single SignOn (SSO)Approaches 309
ChapterSummary 310
Key Terms and Concepts 311
Multiple-choice Questions 311
Review Questions 312
Design/Programming Exercises 312
8 Practical Implementations of Cryptography/Security
8.1 Cryptographic Solutions Using Java 314
8.2 Cryptographic Solutions Using Microsoft 322
8.3 CryptographicToolkits 324
8.4 Security and Operating Systems 325
Chapter Summary 330
Key Terms and Concepts 330
Multiple-choice Questions 330
Review Questions 331
Design/Programming Exercises 331
Contents
9 Network Security
9.1 Brief Introduction to TCP/IP 332
9.2 Firewalls 338
9.3 IP Security 349
9.4 Virtual Private Networks (VPN) 365
Chapter Summary 368
Key Terms and Concepts 368
Multiple-choice Questions 369
Review Questions 369
10 Case Studies on Cryptography and Security
10.1 Introduction 371
10.2 Cryptographic Solutions--A Case Study 371
10.3 Single SignOn (SSO) 379
10.4 Securelnter-branch Payment Transactions 382
10.5 Denial of Service (DOS)Attacks 385
10.6 IPSpoofingAttacks 388
10.7 Cross Site Scripting Vulnerability (CSSV) 389
10.8 ContractSigning 391
10.9 Secret Splitting 392
10.10 Virtual Elections 394
10.11 Secure Multiparty Calculation 395
Appendix A-Mathematical Background
Appendix B-Number Systems
Appendix C-lnformation Theory
Appendix D-Real-life Tools
Appendix E-Web Resources
Appendix F-A Brief Introduction to ASN, BER, DER
Appendix G-Modern Security Trends
Answers to Multiple-choice Questions
Glossary
References
Index

Background "Three people can keep a secret only if two of them are dead!" -Benjamin Franklin Quotes such as these are quite common. Keeping secrets is not easy. In fact, human tendency is such that when told that something is a secret and asked to keep it secret, people are actually quite eager to share that secret with everyone else! It is often said that to make something public, it should be called a secret, and told it in a very hush-hush manner to as many people as possible. The word of mouth will automatically spread it! In t..

网络时代，信息安全变得越来越重要。1995年，俄罗斯黑客列文用笔记本电脑从纽约花旗银行非法转移至少371万美元。美国微软公司1998年购得全球最大的免费个人邮件网站Hotmail后的一天，许多用户发现他们的密码被人篡改，原来这是一个荷兰黑客捣的鬼。2002年，全世界银行由于黑客攻击造成了高达60亿美元的损失。普通用户也不能高枕无忧，2004年5月发作的"震荡波"蠕虫病毒至少使全球1800万台计算机受到感染，直接损失高达几百万美元。前几年一般电脑用户比较陌生的防火墙、加密、数字签名等概念，逐渐成为了普通电脑用户的词汇。网络安全已经变成了计算机用户的一个不可缺少的部分。因此，讲述网络安全的书..