第1章 导言(Introduction) .........................................................................................1
1.1 安全目标(SECURITY GOALS) .............................................................................................2
1.1.1 机密性(Confidentiality)...............................................................................................2
1.1.2 完整性(Integrity) .........................................................................................................3
1.1.3 可用性(Availability) ....................................................................................................3
1.2 攻击(ATTACKS) .....................................................................................................................3
1.2.1 威胁机密性的攻击(Attacks Threatening Confidentiality) .........................................3
1.2.2 威胁完整性的攻击(Attacks Threatening Integrity)....................................................4
1.2.3 威胁可用性的攻击(Attacks Threatening Availability) ...............................................5
1.2.4 被动攻击与主动攻击(Passive Versus Active Attacks) ...............................................5
1.3 服务和机制(SERVICES AND MECHANISM) .....................................................................6
1.3.1 安全服务(Security Services) .......................................................................................6
1.3.2 安全机制(Security Mechanisms) ................................................................................7
1.3.3 服务和机制之间的关系(Relation between Services and Mechanisms) ....................8
1.4 技术(TECHNIQUES) ..............................................................................................................9
1.4.1 密码术(Cryptography).................................................................................................9
1.4.2 密写术(Steganography) .............................................................................................10
1.5 本书的其余部分(THE REST OF THE BOOK) ...................................................................12
1.6 推荐阅读(RECOMMENDED READING) ...........................................................................12
1.7 关键术语(KEY TERMS) .......................................................................................................13
1.8 概要(SUMMARY).................................................................................................................13
1.9 习题集(PRACTICE SET)......................................................................................................14
目录(Contents目录(Contents)
第I部分 对称密钥加密(Symmetric-Key Encipherment)
第2章 密码数学I:模算法、同余和矩阵(Mathematics of Cryptography I:
Modular Arithmetic, Congruence, and Matrices) .......................................19
2.1 整数算法(INTEGER ARITHMETIC) ..................................................................................20
2.1.1 整数集(Set of Integers) .............................................................................................20
2.1.2 二进制运算(Binary Operations) ...............................................................................20
2.1.3 整数除法(Integer Division) .......................................................................................21
2.1.4 整除性(Divisibility)...................................................................................................22
2.1.5 线性丢番图方程(Linear Diophantine Equations) .....................................................28
2.2 模运算(MODULAR ARITHMETIC) ...................................................................................29
2.2.1 模算符(Modulo Operator) .........................................................................................29
2.2.2 余集:Zn(Set of Residues: Zn)...................................................................................30
2.2.3 同余(Congruence) .....................................................................................................30
2.2.4 在集合Zn当中的运算(Operations in Zn) ...................................................................32
2.2.5 逆(Inverses) ...............................................................................................................35
2.2.6 加法表和乘法表(Addition and Multiplication Tables) .............................................39
2.2.7 加法集和乘法集的不同(Different Sets for Addition and Multiplication) ...............39
2.2.8 另外两个集合(Two More Sets) ................................................................................40
2.3 矩阵(MATRICES) .................................................................................................................40
2.3.1 定义(Definitions) .......................................................................................................40
2.3.2 运算和关系(Operations and Relations) ....................................................................41
2.3.3 行列式(Determinant) .................................................................................................43
2.3.4 逆(Inverses) ...............................................................................................................44
2.3.5 剩余阵(Residue Matrices) .........................................................................................44
2.4 线性同余(LINEAR CONGRUENCE) ..................................................................................45
2.4.1 单变量线性方程(Single-Variable Linear Equations) ...............................................45
2.4.2 线性方程组(Set of Linear Equations) .......................................................................46
2.5 推荐阅读(RECOMMENDED READING) ...........................................................................47
2.6 关键术语(KEY TERMS) .......................................................................................................47
2.7 概要(SUMMARY).................................................................................................................48
2.8 习题集(PRACTICE SET)......................................................................................................49
第3章 传统对称密钥密码(Traditional Symmetric-Key Ciphers) .............................55
3.1 导言(INTRODUCTION) .......................................................................................................56
3.1.1 Kerckhoff原理(Kerckhoff's Principle) ......................................................................57
密码学与网络安全VI (中文导读英文版)
3.1.2 密码分析(Cryptanalysis) ...........................................................................................57
3.1.3 传统密码的分类(Categories of Traditional Ciphers) ...............................................60
3.2 代换密码(SUBSTITUTION CIPHERS) ...............................................................................61
3.2.1 单码代换密码(Monoalphabetic Ciphers) .................................................................61
3.2.2 多码代换密码(Polyalphabetic Ciphers) ....................................................................69
3.3 换位密码(TRANSPOSITION CIPHERS) ............................................................................80
3.3.1 无密钥换位密码(Keyless Transposition Ciphers) ....................................................81
3.3.2 有密钥的换位密码(Keyed Transposition Ciphers) ..................................................82
3.3.3 把两种方法组合起来(Combining Two Approaches) ...............................................83
3.4 流密码和分组密码(STREAM AND BLOCK CIPHERS) ....................................................87
3.4.1 流密码(Stream Ciphers) ............................................................................................87
3.4.2 分组密码(Block Ciphers) ..........................................................................................89
3.4.3 组合(Combination) ....................................................................................................89
3.5 推荐阅读(RECOMMENDED READING) ...........................................................................90
3.6 关键术语(KEY TERMS) .......................................................................................................90
3.7 概要(SUMMARY).................................................................................................................91
3.8 习题集(PRACTICE SET)......................................................................................................92
第4章 密码数学II:代数结构(Mathematics of Cryptography II:
Algebraic Structures) .................................................................................97
4.1 代数结构(ALGEBRAIC STRUCTURES)............................................................................98
4.1.1 群(Groups) .................................................................................................................98
4.1.2 环(Ring) ...................................................................................................................104
4.1.3 域(Field)...................................................................................................................105
4.1.4 小结(Summary) .......................................................................................................107
4.2 GF(2n)域(GF(2n) FIELDS)...................................................................................................107
4.2.1 多项式(Polynomials) ...............................................................................................108
4.2.2 运用一个生成器(Using a Generator) .....................................................................114
4.2.3 小结(Summary) .......................................................................................................117
4.3 推荐阅读(RECOMMENDED READING) .........................................................................117
4.4 关键术语(KEY TERMS) .....................................................................................................118
4.5 概要(SUMMARY)...............................................................................................................118
4.6 习题集(PRACTICE SET)....................................................................................................119
目录(Contents) VII
第5章 现代对称密钥密码(Introduction to Modern Symmetric-Key Ciphers) ....... 123
5.1 现代分组密码(MODERN BLOCK CIPHERS) ..................................................................124
5.1.1 代换与换位(Substitution or Transposition) ............................................................125
5.1.2 作为置换群的分组密码(Block Ciphers as Permutation Groups) ..........................125
5.1.3 现代分组密码的成分(Components of a Modern Block Cipher) ...........................128
5.1.4 换字盒(S-Boxes) .....................................................................................................132
5.1.5 乘积密码(Product Ciphers) .....................................................................................136
5.1.6 两类乘积密码(Two Classes of Product Ciphers) ...................................................139
5.1.7 关于分组密码的攻击(Attacks on Block Ciphers)..................................................143
5.2 现代流密码(MODERN STREAM CIPHERS) ...................................................................148
5.2.1 同步流密码(Synchronous Stream Ciphers) ............................................................149
5.2.2 异步流密码(Nonsynchronous Stream Ciphers) ......................................................154
5.3 推荐阅读(RECOMMENDED READING) .........................................................................154
5.4 关键术语(KEY TERMS) .....................................................................................................154
5.5 概要(SUMMARY)...............................................................................................................155
5.6 习题集(PRACTICE SET)....................................................................................................156
第6章 数据加密标准(Data Encryption Standard (DES)) ..................................... 159
6.1 导言(INTRODUCTION) .....................................................................................................159
6.1.1 数据加密标准(DES)简史(History).........................................................................159
6.1.2 概观(Overview) .......................................................................................................160
6.2 DES的结构(DES STRUCTURE)........................................................................................160
6.2.1 初始置换和最终置换(Initial and Final Permutations) ...........................................160
6.2.2 轮(Rounds)...............................................................................................................163
6.2.3 密码和反向密码(Cipher and Reverse Cipher) .......................................................167
6.2.4 示例(Examples) .......................................................................................................173
6.3 DES分析(DES ANALYSIS) ................................................................................................175
6.3.1 性质(Properties).......................................................................................................175
6.3.2 设计标准(Design Criteria) ......................................................................................176
6.3.3 DES的缺陷(DES Weaknesses) ...............................................................................177
6.4 多重 DES(MULTIPLE DES) ..............................................................................................181
6.4.1 双重DES(Double DES) ...........................................................................................182
6.4.2 三重DES(Triple DES) .............................................................................................184
6.5 DES的安全性(SECURITY OF DES) .................................................................................185
6.5.1 蛮力攻击(Brute-Force Attack) ................................................................................185
密码学与网络安全VIII (中文导读英文版)
6.5.2 差分密码分析(Differential Cryptanalysis) .............................................................185
6.5.3 线性密码分析(Linear Cryptanalysis) .....................................................................186
6.6 推荐阅读(RECOMMENDED READING) .........................................................................186
6.7 关键术语(KEY TERMS) .....................................................................................................186
6.8 概要(SUMMARY)...............................................................................................................187
6.9 习题集(PRACTICE SET)....................................................................................................188
第7章 高级加密标准(Advanced Encryption Standard (AES)) ............................. 191
7.1 导言(INTRODUCTION) .....................................................................................................191
7.1.1 高级加密标准(AES)简史(History).........................................................................191
7.1.2 标准(Criteria)...........................................................................................................192
7.1.3 轮(Rounds)...............................................................................................................192
7.1.4 数据单位(Data Units)..............................................................................................193
7.1.5 每一个轮的结构(Structure of Each Round) ...........................................................195
7.2 转换(TRANSFORMATIONS) ............................................................................................196
7.2.1 代换(Substitution) ...................................................................................................196
7.2.2 置换(Permutation) ...................................................................................................202
7.2.3 混合(Mixing) ...........................................................................................................203
7.2.4 密钥加(Key Adding) ...............................................................................................206
7.3 密钥扩展(KEY EXPANSION) ............................................................................................207
7.3.1 在AES-128中的密钥扩展(Key Expansion in AES-128)........................................208
7.3.2 AES-192和AES-256中的密钥扩展
(Key Expansion in AES-192 and AES-256) ............................................................212
7.3.3 密钥扩展分析(Key-Expansion Analysis) ...............................................................212
7.4 密码(CIPHERS)...................................................................................................................213
7.4.1 源设计(Original Design) .........................................................................................213
7.4.2 选择性设计(Alternative Design) ............................................................................214
7.5 示例(EXAMPLES) ..............................................................................................................216
7.6 AES的分析(ANALYSIS OF AES) ......................................................................................219
7.6.1 安全性(Security) .....................................................................................................219
7.6.2 可执行性(Implementation) .....................................................................................219
7.6.3 复杂性和费用(Simplicity and Cost) .......................................................................220
7.7 推荐阅读(RECOMMENDED READING) .........................................................................220
7.8 关键术语(KEY TERMS) .....................................................................................................220
7.9 概要(SUMMARY)...............................................................................................................221
目录(Contents) IX
7.10 习题集(PRACTICE SET)..................................................................................................222
第8章 应用现代对称密钥密码的加密(Encipherment Using Modern
Symmetric-Key Ciphers) ........................................................................... 225
8.1 现代分组密码的应用(USE OF MODERN BLOCK CIPHERS) .......................................225
8.1.1 电子密码本模式(Electronic Codebook (ECB) Mode) ...........................................226
8.1.2 密码分组链接(CBC)模式(Cipher Block Chaining (CBC) Mode) .........................228
8.1.3 密码反馈(CFB)模式(Cipher Feedback (CFB) Mode) ............................................231
8.1.4 输出反馈(OFB)模式(Output Feedback (OFB) Mode) ...........................................234
8.1.5 计数器(CTR)模式(Counter (CTR) Mode) ..............................................................236
8.2 流密码的应用(USE OF STREAM CIPHERS) ...................................................................238
8.1.1 RC4 ..........................................................................................................................238
8.2.2 A5/1 ..........................................................................................................................242
8.3 其他问题(OTHER ISSUES) ...............................................................................................244
8.3.1 密钥管理(Key Management) ..................................................................................244
8.3.2 密钥生成(Key Generation) .....................................................................................244
8.4 推荐阅读(RECOMMENDED READING) .........................................................................245
8.5 关键术语(KEY TERMS) .....................................................................................................245
8.6 概要(SUMMARY)...............................................................................................................246
8.7 习题集(PRACTICE SET)....................................................................................................246
第Ⅱ部分 非对称密钥加密(Asymmetric-Key Encipherment)
第9章 密码数学III:素数及其相关的同余方程(Mathematics of Cryptography III:
Primes and Related Congruence Equations) ........................................... 251
9.1 素数(PRIMES).....................................................................................................................251
9.1.1 定义(Definition) ......................................................................................................251
9.1.2 素数的基数(Cardinality of Primes) ........................................................................252
9.1.3 素性检验(Checking for Primeness) ........................................................................253
9.1.4 Euler Phi-函数(Euler’s Phi-Function) .....................................................................254
9.1.5 Fermat(费尔马)小定理(Fermat’s Little Theorem)..................................................256
9.1.6 Euler定理(Euler’s Theorem) ...................................................................................257
9.1.7 生成素数(Generating Primes) .................................................................................258
9.2 素性测试(PRIMALITY TESTING) ....................................................................................260
9.2.1 确定性算法(Deterministic Algorithms) ..................................................................260
9.2.2 概率算法(Probabilistic Algorithms)........................................................................261
密码学与网络安全X (中文导读英文版)
9.2.3 推荐的素性检验(Recommended Primality Test) ...................................................266
9.3 因数分解(FACTORIZATION) ............................................................................................267
9.3.1 算术基本定理(Fundamental Theorem of Arithmetic) ............................................267
9.3.2 因数分解方法(Factorization Methods) ...................................................................268
9.3.3 Fermat方法(Fermat Method) ...................................................................................269
9.3.4 Pollard p – 1方法(Pollard p – 1 Method) .................................................................270
9.3.5 Pollard rho方法(Pollard rho Method)......................................................................271
9.3.6 更有效的方法(More Efficient Methods) ................................................................272
9.4 中国剩余定理(CHINESE REMAINDER THEOREM) .....................................................274
9.5 二次同余(QUADRATIC CONGRUENCE)........................................................................276
9.5.1 二次同余模一个素数(Quadratic Congruence Modulo a Prime) ............................276
9.5.2 二次同余模一个复合数(Quadratic Congruence Modulo a Composite) ................277
9.6 指数与对数(EXPONENTIATION AND LOGARITHM) ..................................................278
9.6.1 指数(Exponentiation) ..............................................................................................279
9.6.2 对数(Logarithm) ......................................................................................................281
9.7 推荐阅读(RECOMMENDED READING) .........................................................................286
9.8 关键术语(KEY TERMS) .....................................................................................................286
9.9 概要(SUMMARY)...............................................................................................................287
9.10 习题集(PRACTICE SET)..................................................................................................288
第10章 非对称密钥密码学(Asymmetric-Key Cryptography) ............................... 293
10.1 导言(INTRODUCTION) ...................................................................................................293
10.1.1 密钥(Keys)...........................................................................................................294
10.1.2 一般概念(General Idea) ......................................................................................294
10.1.3 双方的需要(Need for Both) ................................................................................296
10.1.4 单向暗门函数(Trapdoor One-Way Function) .....................................................296
10.1.5 背包密码系统(Knapsack Cryptosystem) ............................................................298
10.2 RSA密码系统(RSA CRYPTOSYSTEM) .........................................................................301
10.2.1 简介(Introduction) ...............................................................................................301
10.2.2 过程(Procedure)...................................................................................................301
10.2.3 一些普通的例子(Some Trivial Examples) .........................................................304
10.2.4 针对RSA的攻击(Attacks on RSA) .....................................................................305
10.2.5 建议(Recommendations) .....................................................................................310
10.2.6 最优非对称加密填充
(Optimal Asymmetric Encryption Padding (OAEP)) ..........................................311
目录(Contents) XI
10.2.7 应用(Applications) ..............................................................................................314
10.3 RABIN密码系统(RABIN CRYPTOSYSTEM) ................................................................314
10.3.1 过程(Procedure)...................................................................................................315
10.3.2 Rabin系统的安全性(Security of the Rabin System) ..........................................317
10.4 ELGAMAL密码系统(ELGAMAL CRYPTOSYSTEM) ..................................................317
10.4.1 ElGamal密码系统(ElGamal Cryptosystem) .......................................................317
10.4.2 过程(Procedure)...................................................................................................317
10.4.3 证明(Proof) ..........................................................................................................319
10.4.4 分析(Analysis) .....................................................................................................319
10.4.5 ElGamal的安全性(Security of ElGamal) ............................................................320
10.4.6 应用(Application) ................................................................................................321
10.5 椭圆曲线密码系统(ELLIPTIC CURVE CRYPTOSYSTEMS) .......................................321
10.5.1 基于实数的椭圆曲线(Elliptic Curves over Real Numbers)...............................321
10.5.2 基于GF( p )的椭圆曲线(Elliptic Curves over GF( p )) ........................................324
10.5.3 基于GF(2n )的椭圆曲线(Elliptic Curves over GF(2n )) ........................................326
10.5.4 模拟ElGamal的椭圆曲线加密系统
(Elliptic Curve Cryptography Simulating ElGamal) ...........................................328
10.6 推荐阅读(RECOMMENDED READING) .......................................................................330
10.7 关键术语(KEY TERMS) ...................................................................................................331
10.8 概要(SUMMARY).............................................................................................................331
10.9 习题集(PRACTICE SET)..................................................................................................333
第Ⅲ部分 完整性、验证和密钥管理
(Integrity, Authentication, and Key Management)
第11章 信息的完整性和信息验证
(Message Integrity and Message Authentication)................................... 339
11.1 信息完整性(MESSAGE INTEGRITY) ............................................................................339
11.1.1 文档与指纹(Document and Fingerprint) ............................................................340
11.1.2 信息与信息摘要(Message and Message Digest) ................................................340
11.1.3 区别(Difference) ..................................................................................................340
11.1.4 检验完整性(Checking Integrity) .........................................................................340
11.1.5 加密hash函数标准(Cryptographic Hash Function Criteria) ...............................340
11.2 随机预言模型(RANDOM ORACLE MODEL) ...............................................................343
11.2.1 鸽洞原理(Pigeonhole Principle) .........................................................................345
密码学与网络安全XII (中文导读英文版)
11.2.2 生日问题(Birthday Problems) .............................................................................345
11.2.3 针对随机预言模型的攻击(Attacks on Random Oracle Model) ........................347
11.2.4 针对结构的攻击(Attacks on the Structure) ........................................................351
11.3 信息验证(MESSAGE AUTHENTICATION) ................................................................352
11.3.1 修改检测码(Modification Detection Code) ........................................................352
11.3.2 信息验证代码(Message Authentication Code (MAC)) ......................................353
11.4 推荐阅读(RECOMMENDED READING) ....................................................................357
11.5 关键术语(KEY TERMS) ................................................................................................357
11.6 概要(SUMMARY) ..........................................................................................................358
11.7 习题集(PRACTICE SET) ...............................................................................................359
第12章 加密hash函数(Cryptographic Hash Functions) ...................................... 363
12.1 导言(INTRODUCTION) ...................................................................................................363
12.1.1 迭代hash函数(Iterated Hash Function) ...............................................................363
12.1.2 两组压缩函数(Two Groups of Compression Functions) ....................................364
12.2 SHA-512 ............................................................................................................................367
12.2.1 简介(Introduction) ...............................................................................................367
12.2.2 压缩函数(Compression Function) ......................................................................372
12.2.3 分析(Analysis) .....................................................................................................375
12.3 WHIRLPOOL ....................................................................................................................376
12.3.1 Whirlpool密码(Whirlpool Cipher) ......................................................................377
12.3.2 小结(Summary) ...................................................................................................384
12.3.3 分析(Analysis) .....................................................................................................384
12.4 推荐阅读(RECOMMENDED READING) .......................................................................384
12.5 关键术语(KEY TERMS) ...................................................................................................385
12.6 概要(SUMMARY).............................................................................................................385
12.7 习题集(PRACTICE SET)..................................................................................................386
第13章 数字签名(Digital Signature) .................................................................... 389
13.1 对比(COMPARISON) .......................................................................................................390
13.1.1 包含性(Inclusion) ................................................................................................390
13.1.2 验证方法(Verification Method) ..........................................................................390
13.1.3 关系(Relationship)...............................................................................................390
13.1.4 二重性(Duplicity) ................................................................................................390
13.2 过程(PROCESS) ................................................................................................................390
13.2.1 密钥需求(Need for Keys) ...................................................................................391
目录(Contents) XIII
13.2.2 摘要签名(Signing the Digest) .............................................................................392
13.3 服务(SERVICES) ..............................................................................................................393
13.3.1 信息身份验证(Message Authentication) ............................................................393
13.3.2 信息完整性(Message Integrity) ..........................................................................393
13.3.3 不可否认性(Nonrepudiation) ..............................................................................393
13.3.4 机密性(Confidentiality).......................................................................................394
13.4 针对数字签名的攻击(ATTACKS ON DIGITAL SIGNATURE).....................................395
13.4.1 攻击类型(Attack Types) ......................................................................................395
13.4.2 伪造类型(Forgery Types) ....................................................................................395
13.5 数字签名方案(DIGITAL SIGNATURE SCHEMES).......................................................396
13.5.1 RSA数字签名方案(RSA Digital Signature Scheme) .........................................396
13.5.2 ElGamal数字签名方案(ElGamal Digital Signature Scheme) ............................400
13.5.3 Schnorr数字签名方案(Schnorr Digital Signature Scheme) ...............................403
13.5.4 数字签名标准(Digital Signature Standard (DSS)) .............................................405
13.5.5 椭圆曲线数字签名方案(Elliptic Curve Digital Signature Scheme) ..................407
13.6 变化与应用(VARIATIONS AND APPLICATIONS) .......................................................409
13.6.1 变化(Variations)...................................................................................................409
13.6.2 应用(Applications) ..............................................................................................411
13.7 推荐阅读(RECOMMENDED READING) .......................................................................411
13.8 关键术语(KEY TERMS) ...................................................................................................412
13.9 概要(SUMMARY).............................................................................................................412
13.10 习题集(PRACTICE SET)................................................................................................413
第14章 实体验证(Entity Authentication) .............................................................. 415
14.1 导言(INTRODUCTION) ...................................................................................................415
14.1.1 数据源验证与实体验证(Data-Origin Versus Entity Authentication) ................415
14.1.2 验证的类型(Verification Categories) ..................................................................416
14.1.3 实体验证和密钥管理(Entity Authentication and Key Management) ................416
14.2 口令(PASSWORDS) .........................................................................................................416
14.2.1 固定口令(Fixed Password) .................................................................................416
14.2.2 一次性密码(One-Time Password) ......................................................................419
14.3 挑战—应答(CHALLENGE-RESPONSE) ........................................................................421
14.3.1 对称密钥密码的运用(Using a Symmetric-Key Cipher) ....................................421
14.3.2 带密钥hash函数的应用(Using Keyed-Hash Functions) ....................................423
14.3.3 非对称密钥密码的应用(Using an Asymmetric-Key Cipher) ............................424
密码学与网络安全XIV (中文导读英文版)
14.3.4 数字签名的应用(Using Digital Signature) .........................................................425
14.4 零知识(ZERO-KNOWLEDGE) ........................................................................................426
14.4.1 Fiat-Shamir协议(Fiat-Shamir Protocol) ..............................................................427
14.4.2 Feige-Fiat-Shamir协议(Feige-Fiat-Shamir Protocol)..........................................429
14.4.3 Guillou-Quisquater协议(Guillou-Quisquater Protocol) ......................................429
14.5 生物测试(BIOMETRICS) .................................................................................................430
14.5.1 设备(Components)...............................................................................................431
14.5.2 注册(Enrollment) .................................................................................................431
14.5.3 验证(Authentication) ...........................................................................................431
14.5.4 技术(Techniques) .................................................................................................432
14.5.5 准确性(Accuracy) ...............................................................................................433
14.5.6 应用(Applications) ..............................................................................................434
14.6 推荐阅读(RECOMMENDED READING) .......................................................................434
14.7 关键术语(KEY TERMS) ...................................................................................................434
14.8 概要(SUMMARY).............................................................................................................435
14.9 习题集(PRACTICE SET)..................................................................................................435
第15章 密钥管理(Key Management) .................................................................. 437
15.1 对称密钥分配(SYMMETRIC-KEY DISTRIBUTION) ...................................................438
15.1.1 密钥分配中心(Key-Distribution Center, KDC) .................................................438
15.1.2 会话密钥(Session Keys) .....................................................................................439
15.2 KERBEROS .......................................................................................................................443
15.2.1 服务器(Servers) ...................................................................................................444
15.2.2 操作(Operation) ...................................................................................................445
15.2.3 不同服务器的运用(Using Different Servers) .....................................................445
15.2.4 Kerberos第五版(Kerberos Version 5) .................................................................447
15.2.5 领域(Realms) .......................................................................................................447
15.3 对称密钥协定(SYMMETRIC-KEY AGREEMENT) ......................................................447
15.3.1 Diffie-Hellman密钥协定(Diffie-Hellman Key Agreement) ...............................447
15.3.2 站对站密钥协定(Station-to-Station Key Agreement) ........................................451
15.4 公钥分配(PUBLIC-KEY DISTRIBUTION) ....................................................................453
15.4.1 公钥公布(Public Announcement) .......................................................................453
15.4.2 可信中心(Trusted Center) ...................................................................................453
15.4.3 可信中心的控制(Controlled Trusted Center) .....................................................454
15.4.4 认证机关(Certification Authority) ......................................................................454
目录(Contents) XV
15.4.5 X.509....................................................................................................................456
15.4.6 公钥基础设施(Public-Key Infrastructures, PKI) ................................................458
15.5 推荐阅读(RECOMMENDED READING) .......................................................................461
15.6 关键术语(KEY TERMS AND CONCEPTS) ....................................................................462
15.7 概要(SUMMARY).............................................................................................................462
15.8 习题集(PRACTICE SET)..................................................................................................463
第Ⅳ部分 网络安全(Network Security)
第16章 应用层的安全性:PGP和S/MIME
(Security at the Application Layer: PGP and S/MIME) ........................... 467
16.1 电子邮件(E-MAIL) ...........................................................................................................467
16.1.1 电子邮件的构造(E-mail Architecture) ...............................................................467
16.1.2 电子邮件的安全性(E-mail Security)..................................................................469
16.2 PGP ...................................................................................................................................470
16.2.1 情景(Scenarios) ...................................................................................................470
16.2.2 密钥环(Key Rings) ..............................................................................................472
16.2.3 PGP证书(PGP Certificates) .................................................................................475
16.2.4 密钥撤回(Key Revocation) .................................................................................482
16.2.5 从环中提取消息(Extracting Information from Rings) .......................................482
16.2.6 PGP包(PGP Packets) ...........................................................................................484
16.2.7 PGP信息(PGP Messages) ....................................................................................490
16.2.8 PGP的应用(Applications of PGP) ......................................................................492
16.3 S/MIME .............................................................................................................................492
16.3.1 MIME...................................................................................................................492
16.3.2 S/MIME ...............................................................................................................498
16.3.3 S/MIME的应用(Applications of S/MIME).........................................................502
16.4 推荐阅读(RECOMMENDED READING) .......................................................................502
16.5 关键术语(KEY TERMS) ...................................................................................................502
16.6 概要(SUMMARY).............................................................................................................503
16.7 习题集(EXERCISES) ........................................................................................................504
第17章 传输层的安全性:SSL和TLS
(Security at the Transport Layer: SSL and TLS) ..................................... 507
17.1 SSL结构(SSL ARCHITECTURE) ....................................................................................508
17.1.1 服务(Services) .....................................................................................................508
密码学与网络安全XVI (中文导读英文版)
17.1.2 密钥交换算法(Key Exchange Algorithms) ........................................................509
17.1.3 加密/解密算法(Encryption/Decryption Algorithms) ..........................................511
17.1.4 散列算法(Hash Algorithms)................................................................................512
17.1.5 密码套件(Cipher Suite) .......................................................................................512
17.1.6 压缩算法(Compression Algorithms) ...................................................................513
17.1.7 加密参数的生成(Cryptographic Parameter Generation) ....................................513
17.1.8 会话和连接(Sessions and Connections) .............................................................515
17.2 4个协议(FOUR PROTOCOLS) ........................................................................................517
17.2.1 握手协议(Handshake Protocol) ..........................................................................518
17.2.2 改变密码规格协议(ChangeCipherSpec Protocol) .............................................525
17.2.3 告警协议(Alert Protocol) ....................................................................................526
17.2.4 记录协议(Record Protocol) .................................................................................526
17.3 SSL信息构成(SSL MESSAGE FORMATS) ....................................................................529
17.3.1 改变密码规格协议(ChangeCipherSpec Protocol) .............................................530
17.3.2 告警协议(Alert Protocol) ....................................................................................530
17.3.3 握手协议(Handshake Protocol) ..........................................................................530
17.3.4 应用数据(Application Data) ...............................................................................537
17.4 传输层安全(TRANSPORT LAYER SECURITY) ...........................................................538
17.4.1 版本(Version).......................................................................................................539
17.4.2 密码套件(Cipher Suite) .......................................................................................539
17.4.3 加密秘密的生成(Generation of Cryptographic Secrets) ....................................539
17.4.4 告警协议(Alert Protocol) ....................................................................................542
17.4.5 握手协议(Handshake Protocol) ..........................................................................543
17.4.6 记录协议(Record Protocol) .................................................................................543
17.5 推荐阅读(RECOMMENDED READING) .......................................................................545
17.6 关键术语(KEY TERMS) ...................................................................................................545
17.7 概要(SUMMARY).............................................................................................................546
17.8 习题集(PRACTICE SET)..................................................................................................546
第18章 网络层的安全性:IPSec(Security at the Network Layer: IPSec) ............ 549
18.1 两种模式(TWO MODES) .................................................................................................550
18.2 两个安全协议(TWO SECURITY PROTOCOLS) ...........................................................552
18.2.1 验证文件头(Authentication Header, AH) ...........................................................552
18.2.2 封装安全载荷(Encapsulating Security Payload, ESP) .......................................554
18.2.3 IPv4和IPv6(IPv4 and IPv6) .................................................................................555
目录(Contents) XVII
18.2.4 AH和ESP(AH versus ESP) .................................................................................555
18.2.5 IPSec提供的服务(Services Provided by IPSec) .................................................555
18.3 安全关联(SECURITY ASSOCIATION)...........................................................................557
18.3.1 安全关联的概念(Idea of Security Association)..................................................557
18.3.2 安全关联数据库(Security Association Database, SAD) ....................................558
18.4 安全策略(SECURITY POLICY) ......................................................................................560
18.5 互联网密钥交换(INTERNET KEY EXCHANGE, IKE) .................................................563
18.5.1 改进的Diffie-Hellman密钥交换
(Improved Diffie-Hellman Key Exchange) .........................................................563
18.5.2 IKE阶段(IKE Phases)..........................................................................................566
18.5.3 阶段和模式(Phases and Modes) .........................................................................566
18.5.4 阶段I:主模式(Phase I: Main Mode) .................................................................567
18.5.5 阶段I:野蛮模式(Phase I: Aggressive Mode)....................................................573
18.5.6 阶段II:快速模式(Phase II: Quick Mode) .........................................................575
18.5.7 SA算法(SA Algorithms) ......................................................................................577
18.6 ISAKMP............................................................................................................................578
18.6.1 一般文件头(General Header)..............................................................................578
18.6.2 有效载荷(Payloads) ............................................................................................578
18.7 推荐阅读(RECOMMENDED READING) .......................................................................588
18.8 关键术语(KEY TERMS) ...................................................................................................588
18.9 概要(SUMMARY).............................................................................................................589
18.10 习题集(PRACTICE SET)................................................................................................590
