Index
Note: Page numbers followed by “f”, “t” and “b” refers to figures, tables and boxes, respectively.
A
Abstract Syntax Notation (aka ASN.1),
91–92
Access control subsystem,
126
Challenge-Handshake Authentication Protocol (CHAP),
276–277
discretionary access control (DAC),
269
logical access controls tools,
273
mandatory access control (MAC),
270–271
role-based access control (RBAC),
271–272
wireless security access controls,
277–278
Address Resolution Protocol (ARP),
257–258
Advanced data encryption,
325
Discrete Logarithm Problem (DLP),
336
Lattice-based Cryptography,
336
NTRU Parameters and Keys,
339
Truncated Polynomial Rings,
338
Advanced Encryption Standard (AES),
41,
304–305
Advanced Encryption System,
316
Aggregation switches (AggS),
5–7
Algebraic structure, data encryption,
42–48
ASN.1 Object Identifier (OID),
95
penetration testing and vulnerability assessments,
281–287
port scanning and password cracking,
283–285
quantitative risk measurements,
287–290
baseline, establishing,
288
policy settings, reviewing,
289–290
Asymmetric encryption,
56
Attacks and countermeasures,
259–264
Audit trail creation,
288
Authority key identifier,
93
B
Basic Interoperable Scrambling System (BISS),
315
data storage subsystem,
160
current ISO/IEC standards for,
154t
main operations of
comparison of selected biometric technologies,
172–174
storage of templates,
174
and revocation modeling,
104
Bring your own device (BYOD),
235–236
Business impact assessment,
139–146
business-critical activities,
139–140
configuration and acquisition,
142–143
disaster recovery site, establishing,
142
in-house
versus third party,
143–145
IT support from technical staff,
140
Business process execution language (BPEL),
20–21
Business-critical activities,
139–140
Byzantine faults,
C
California Office of Information Security and Privacy Protection (OISPP),
194
Cardholder unique identifier (CHUID),
126
Certificate
Certificate authorities (CA),
80
Certificate Practice Statement (CPS),
95
Certificate Revocation List (CRL),
85,
104
format of revocation record in,
86t
Challenge-Handshake Authentication Protocol (CHAP),
276–277
Chemical, radiological, and biological hazards,
115–116
Chosen-ciphertext attack,
62b
Cipher block chaining (CBC),
56
Cipher feedback (CFB),
55
Classical cryptography,
32–38
Cloud computing,
architecture,
network, failure behavior of,
5–7
servers, failure behavior of,
4–5
against byzantine failures in,
14–17
Byzantine faults,
against crash failures in,
12–14
Crash faults,
different levels of,
10–11
as service in cloud computing,
17–24
fault tolerance and resilience in,
Common vulnerabilities and exposures (CVE),
286–287,
287
Communication security goals,
247–259
distributed denial of service,
256–257
network design and components,
247–248
Computer Emergency Response Team (CERT),
319–320
Confidentiality
integrity, and availability (CIA) model,
299–304
Convergence example,
128f
Corporate or facilities security,
109
Crash faults,
Creech Air Force Base
Crossover error rate (CER),
164
Cryptanalysis of RSA
discrete logarithm problem,
61–63
Cryptographic algorithms, PKI
public key encryption,
75–77
Cryptographic hash function,
67–68
Cryptographic protocols
congruence relation defined,
36–37
fundamental theorem of arithmetic,
35
substitution cipher,
37–38
confidentiality, integrity, and availability (CIA) model,
299–304
encryption, assuring privacy with,
295–305
mathematical prelude to,
30–32
physical
versus logical security,
297–299
liability under international law,
223–225
Cyclic group, defined,
43
D
algebraic structure,
42–48
mathematical prelude to,
30–32
modern symmetric ciphers,
38–41
Data storage subsystem,
160
Defense Information Systems Network (DISN) Satellite Transmission Services Global (DSTS-G),
316–317
Delegated Path Discovery (DPD),
88
Delegated Path Validation (DPV),
88
Denial-of-service (DoS) attack,
255–256
Department of Homeland Security (DHS)
Determined Encoding Rules (DER),
91–92
Differentiating security threats,
233–235
considering a holistic view,
234
controlling notifications and alerts,
234
corroborating remediation events,
235
integrating thresholds and procedures,
235
Diffie-Hellman algorithm
for message authentication,
68
Disaster recovery (DR),
135
business impact assessment (BIA),
139–146
business-critical activities,
139–140
configuration and acquisition,
142–143
designing recovery solutions,
140–142
disaster recovery site, establishing,
142
in-house
versus third party,
143–145
IT support from technical staff,
140
measuring risk and avoiding disaster,
135–138
enterprise, assessing risk in,
136–137
threat, matching response to,
138
Discrete exponentiation,
62,
335
Discrete Logarithm Problem,
336
Discretionary access control (DAC) model,
269
DoD Information Assurance Certification and Accreditation Process (DIACAP),
316–317
Domain Name Service (DNS),
252
E
E-Government Act of 2002 (PL 107–347),
188–189
Electricity Sector Information Sharing and Analysis Center (ESISAC),
194,
201
Electromagnetic interference (EMI) as threat,
117
Electronic Code Book (ECB),
55
Electronic Communications and Transactions (ECT) Act,
229
Electronic Document Interchange (EDI),
94
Elliptic curve
Diffie-Hellman algorithm,
63–64
Email
Enhanced Border Security and Visa Entry Reform Act of 2002 (PL 107-173),
183
Enterprise Risk Management (ERM),
136
Environmental conditions and data capture subsystem,
155,
155–156
Environmental threats to physical security prevention and mitigation measures
inappropriate temperature and humidity,
114
other environmental threats,
119
Environmental threats to service of information systems and data
chemical, radiological, and biological hazards,
115–116
inappropriate temperature and humidity,
114
Equal error rate (EER),
164
Examination, defined,
290
Extended Key Usage, in SCVP,
88
F
Failure to enroll rate (FER),
166
Fault logging and analysis,
288
against byzantine failures in,
14–17
byzantine faults,
against crash failures in,
12–14
crash faults,
different levels of,
10–11
as service in cloud computing,
17–24
Fault Tolerance Manager (FTM),
20–21
File transfer spoofing,
254
Finite groups, defined,
42
Firewalls
differentiating security threats,
233–235
considering a holistic view,
234
controlling notifications and alerts,
234
corroborating remediation events,
235
integrating thresholds and procedures,
235
hardware and peripheral security,
235–238
patch management and policies,
238–241
Fujita Tornado Intensity Scale,
112t
Fundamental theorem of arithmetic,
35
G
with generator element,
46
General packet radio service (GPRS),
312–313
Gnu Privacy Guard (GPG),
98–99
Governor’s Office of Homeland Security (OHS),
193–194
Graphic processing units (GPUs),
284–285
H
Hacks, interference, and jamming,
310–320
Hardening
Hardware
Hierarchical Identity-Based Encryption (HIBE),
103
High-density infrastructure,
140
E-Government Act of 2002 (PL 107–347),
188–189
Enhanced Border Security and Visa Entry Reform Act of 2002 (PL 107-173),
183
Homeland Security Act of 2002 (PL 107-296),
185–187
California Office of Information Security and Privacy Protection (OISPP),
194
Department of Homeland Security subcomponents,
192
Governor’s Office of Homeland Security (OHS),
193–194
private sector organizations for information sharing,
194–199
state and federal organizations,
193
Human-caused physical threats to physical security prevention and mitigation measures,
120
Human-caused threats to service of information systems and data
unauthorized physical access,
117
I
Identity-Based Encryption (IBE),
102
Imagination and accurate ranking,
299b
Incident containment,
288
Infinite groups, defined,
42
Information
Information system hardware,
110
Information technology (IT),
135
Infrastructure, securing,
247
attacks and countermeasures,
259–264
communication security goals,
247–259
distributed denial of service,
256–257
network design and components,
247–248
Infrastructure security,
109
Infrastructure-as-a-service (IaaS) layer,
Interference-oriented threats,
314–315
International Telecommunications Union Telecommunications Standardization Sector (ITU-T),
79–80
J
Jet Propulsion Laboratory (JPL),
310–311
JTC 1/SC 37 technical committee,
153
K
L
Lattice-based Cryptography,
336
Law enforcement agencies and biometrics,
152–153
Liability under international law, for cyber warfare,
223–225
developing countries response,
228–229
remedies under international law,
225–228
international criminal court (ICC),
226–227
Lightweight Directory Access Protocol (LDAP),
103–104
Logical access controls tools,
273
M
MAC, See Message authentication code; Mandatory access control
Mathematical prelude, cryptography,
30–32
Message
Hash function in signing message,
68
Message authentication code,
68
Mobile Device Manager,
278
Modern block ciphers
Modern encryption algorithms,
42
Modern symmetric ciphers,
38–41
Modular polynomial arithmetic,
45–46
N
National Commission on Terrorist Attacks Upon the United States (The 9/11 Commission),
195b
National Council of Information Sharing and Analysis Centers (ISAC),
317–318
National Electric Reliability Council,
194,
201
National Institute of Standards and Technology (NIST),
68
National Reconnaissance Office (NRO),
309
National Security Agency (NSA),
309
Network design and components,
247–248
Number theory, asymmetric-key encryption
cardinality of primes,
56–57
Fermat’s little theorem,
57–58
O
Office of Management and Budget (OMB) guidance,
304–305
Online Certificate Status Protocol (OCSP),
86,
87–88
Online documentation,
288
Open Vulnerability and Assessment Language (OVAL),
285,
286
Output feedback (OFB),
55
Overvoltage, effect on IS equipment,
116–117
P
Package management systems,
239
Penetration testing and vulnerability assessments,
281–287
port scanning and password cracking,
283–285
Personal identification number (PIN),
126
Personnel and information systems,
110
Physical and logical security, integration of,
123–129
policy, a corporate example,
123
Physical
versus logical security,
297–299
issuance and management subsystem,
126
Platform-as-a-service (PaaS),
Platt, elements of IS security by,
109
Policy settings, reviewing,
289–290
Ports
Pre-Shared Key (PSK),
278
Pretty Good Privacy (PGP),
79,
98
certificate formats,
98–99
Private Sector Organizations for Information Sharing,
194–199
Proactive protection of environment,
288
Public Health Security, Bioterrorism Preparedness & Response Act of 2002 (PL 107-188),
184–185
Public Key Cryptography (PKC),
300,
303
Public key encryption,
76–77
Public Key Infrastructure (PKI),
303b
alternative key management models,
101
Callas’s self-assembling,
102
cryptographic algorithms,
75–77
standards organizations,
97–98
Public-key cryptography,
56–60
Purposeful Interference Response Team (PIRT),
319–320
Q
Quantitative risk measurements,
287–290
baseline, establishing,
288
policy settings, reviewing,
289–290
R
Real-time alert configuration,
287
Receiver operating characteristic (ROC),
163–164
Recovery point objective (RPO),
139
Recovery Time Objective (RTO),
139
Registration authority (RA),
81,
81–82
Research In Motion (RIM),
29
in AES implementation
mathematical preliminaries,
48
Rings
Risk
baseline, establishing,
288
policy settings, reviewing,
289–290
Rivest, Shamir, and Adleman (RSA)
Role-based access control (RBAC),
271–272
Discrete Logarithm Problem (DLP),
336
Lattice-based Cryptography,
336
NTRU Parameters and Keys,
339
Truncated Polynomial Rings,
338
RSA digital signature,
68–69
RSA Rivest, Shamir, and Adleman (RSA)
S
Saffir/Simpson Hurricane Scale,
113t
Satellite cyber attack search and destroy,
309
communicating with satellites,
315–316
hacks, interference, and jamming,
310–320
Satellite Internet Protocol Security (SatIPSec),
317
Secret Key Cryptography (SKC),
300
Secure hash algorithm (SHA),
68
Secure Socket Layer (SSL),
80–81
Security-enhanced Linux (SELinux),
270
Server-based Certificate Validity Protocol (SCVP),
84
Simple distributed security infrastructure (SDSI),
97–98
Simple Network Management Protocol (SNMP),
252,
253
S/MIME standards
Standards organizations, PKI
State, in AES implementation
MixColumns transformation,
52,
52–53
round keys in reverse order,
54,
55t
State and federal organizations,
193
SubByte transformation,
49t
Subject alternative name,
94
Subject key identifier,
93
Substitution cipher,
37–38
Supervisory Control and Data Acquisition (SCADA),
219–220
Supporting facilities to information systems,
110
Symmetric-key cryptography,
300
hardening and minimization,
243–244
security controls and firewalls,
241–242
differentiating security threats,
233–235
hardware and peripheral security,
235–238
patch management and policies,
238–241
T
TCP handshake process,
254
Technical threats to service of information systems and data
electromagnetic interference (EMI),
117
Technical weapons, of cyber warfare,
216–220
Temperature
thresholds for damage to computing resources,
114
Template storage in biometric system,
174
The Aviation and Transportation Security Act of 2001 (PL 107-71),
179–182
planning and implementation,
122
TLS/SSL protocols
Top-of-rack switch (ToR),
5–7
Tracking telemetry and control (TT&C) links,
314
Triple data encryption algorithm (TDEA) block cipher,
69–70
TrustAnchors parameters,
89
U
Undervoltage, effect on IS equipment,
116
Unified threat management (UTM),
241
United States Cyber Command (USCYBERCOM),
207
USA PATRIOT Act of 2001 (PL 107-56),
179
V
Validation authority (VA),
81,
82–83
ValidationPolicy parameter,
88–89
Very Small Aperture Terminals (VSATs),
310
Virtual machines,
Vulnerability assessment (VA),
281–287
Vulnerability(ies)
W
Wireless security access controls,
277–278
World Wide Web Consortium (W3C),
100
X
X.509 model
bridge certification systems,
90–91
certificate format,
91–95
certificate policy extensions,
95
certificate revocation,
86–88
certificate validation,
83–85
implementation architectures,
81–83
X.509 Revocation Protocols,
82–83
X.509 V3 extensions
authority key identifier,
93
subject alternative name,
94
subject key identifier,
93
XML Key Information Service Specification (X-KISS),
100
XML Key Management Specification (XKMS),
100
XML Key Registration Service Specification (X-KRSS),
100
Z