A
Advanced Encryption Standard (AES), 56–58
AES. See Advanced Encryption Standard (AES)
AH. See Authentication Header (AH)
alert protocol, 161
algebraic structure, 19
antivirussoftware, 176
application-level gateways, 180–181
arbitrated digital signature, 114–115
asymmetric-key cryptography, 76
characteristics of, 76
asymmetric-key encipherment, 11
audit records, 169
Authentication Header (AH), 151–152
avalanche effect, 51
B
bastion host, 182
behavior-blocking software, 178
birthday bound, 95
birthday paradox, 95
bit-oriented cipher, 33
boot sector virus, 173
C
Caesar cipher, 26
certificate renewable, 137–138
Certificate Revocation List (CRL), 137
change cipher spec protocol, 161
Chinese Remainder Theorem (CRT), 69–70
chosen-ciphertext attack, 77–78
Cipher Block Chaining (CBC) mode, 62
Cipher Feedback (CFB)mode, 62–63
cipher key, 45
ciphers, 10
ciphertext, 9
classical encryption techniques, 25
different categories of, 25
columnar transposition cipher, 32
common modulus attack, 78
completeness effect, 51
compression function, 96
congruence, 17
conventional encryption model, 24–25
issuesin, 25
co-prime, 65
CRT. See Chinese Remainder Theorem (CRT)
cryptography, 9
D
Data Encryption Standard (DES), 45
strength of, 49
decryption, 10
DES. See Data Encryption Standard (DES)
detection-specific audit records, 169
differential cryptanalysis, 50
Diffie-Hellman key exchange algorithm, 81–82
advantages of, 82
limitations of, 82
diffusion, 35
digital immune system, 176–177
attacks on, 113
process of, 112
properties and requirements of, 113
Digital Signature Standard (DSS), 117–119
direct digital signature, 114
directory authentication service, 138
discrete logarithmic problems, 70–71
distributed intrusion detection, 170
architecture of, 170
distributed intrusion detection systems, 170–171
DSS. See Digital Signature Standard (DSS)
E
ECC. See elliptic curve cryptosystem (ECC)
Electronic Code Book (ECB) mode, 61
ElGamal algorithm, 85
attacks on, 85
encryption and decryption process, 83–84
ElGamal encryption system, 83–84
elliptic curve cryptosystem (ECC), 86
elliptic curves, 85
Encapsulating Security Payload (ESP), 151
encryption, 10
transport and tunnel mode of, 155–157
ESP. See Encapsulating Security Payload (ESP)
Euler's totient function, 66
F
factorization attack, 77
Federal Information Processing Standard (FIPS 186), 117–119
model of, 36
file-infecting virus, 173
firewall, 178
limitations of, 178
firewall configurations, 182–83
forwardable ticket, 135
G
group, 19
H
hash function, 93
hash-based MAC (HMAC), 106–109
design objectives of, 107
HMAC. See Hash-based MAC (HMAC)
honeypots, 171
I
IDEA. See International Data
Encryption Algorithm (IDEA)
IKE. See Internet Key Exchange (IKE)
Improved PES (IPES), 53
International Data Encryption Algorithm (IDEA), 53
Internet Key Exchange (IKE), 157
Internet Security Association and Key Management Protocol (ISAKMP), 159
header format of, 159
intruders, 167
intrusion detection, 168
intrusion techniques, 167
IP address spoofing, 180
IPES. See Improved PES (IPES)
ISAKMP. See Internet Security Association and Key Management Protocol (ISAKMP)
iterated hash functions, 96
K
Kerberos
Kerberos principal, 131
Kerberos realm, 131
key, 10
key clustering, 50
key management, 14
functions of, 14
rules for maintaining, 14
keyed transposition cipher, 25, 32
keyless transposition cipher, 25, 31
L
logic bomb, 175
M
MAC. See message authentication code (MAC)
malicious software, 173
man-in-the-middle attack, 83
MD5 (message digest, version 5), 96–99
meet-in-the-middle attack, 52
message authentication, 91
attacks on, 91
types of authentication, 91
message authentication code (MAC), 92–93
Miller-Rabin algorithm, 68
modular arithmetic, 16
monoalphabetic cipher, 25
different techniques of, 25
multiplicative cipher, 27
mutual authentication protocol, 121–124
N
National Institute of Standards and Technology (NIST), 45
native audit records, 169
NESSIE. See New European Schemes for Signatures, Integrity, and Encryption (NESSIE)
New European Schemes for Signatures, Integrity, and Encryption (NESSIE), 104
NIST. See National Institute of Standards and Technology (NIST)
non-Feistel cipher, 38
O
onetime pad, 33
one-way authentication protocol, 124–125
Output Feedback (OFB) mode, 63–64
P
packet-filtering router, 179–180
passive attack, 2
password protection approaches, 168
password selection strategies, 172
PES. See Proposed Encryption Standard (PES)
PGP. See pretty good privacy (PGP)
plaintext, 9
plaintext attack, 78
polyalphabetic ciphers, 25, 28
technique of, 28
polymorphic virus, 173
possible weak keys, 50
postdatable ticket, 135
pretty good privacy (PGP), 139–142
concept of trust and legitimacy, 142–143
general format of, 145
key rings and, 142
steps followed for transmission and reception of, 142
structure of key rings of, 143–145
prime number, 65
private key, 112
product cipher, 36
Proposed Encryption Standard (PES), 53
public announcement, 78
public directory, 78
public-key authority, 79
public-key certificates, 79–80
public-key cryptography, 80–81
distribution of secret keys using, 80–81
public-key encryption technique, 125
R
Rabin-Miller test. See Miller-Rabin algorithm
renewable ticket, 135
ring, 19
RSA digital signature scheme, 115–117
S
secret key, 113
Secure Electronic Transaction (SET), 162–164
Secure Hash Algorithm (SHA), 99–103
Secure Hash Standard (SHS), 99
Secure Socket Layer (SSL), 160–161
secure/multipurpose Internet mail extension (S/MIME), 146–149
semi-weak keys, 50
SHA. See Secure Hash Algorithm (SHA)
Shannon's theory of diffusion and confusion, 35
shift cipher, 26
SHS. See Secure Hash Standard (SHS)
source routing attack, 180
spyware, 175
SSL record protocol, 160
steganography, 15
stream cipher, 32
substitution cipher, 25
symmetric-key cipher, 24
symmetric-key encipherment, 10
symmetric-key encryption technique, 124–125
T
timing attack, 78
tiny fragment attack, 180
Transport Layer Security (TLS), 162
transposition cipher, 25
Trojan horse, 175
trusted system, 183
V
Vigenere cipher, 30
Vital Information Resources Under Seize (Virus), 173–174
W
weak keys, 50
Whirlpool, 104
Whirlpool cryptographic hash function, 104–106
X
certificate renewable and, 137–138
certificate revocation and, 137–138
authentication procedure of, 138–139