Chapter
1.4 Information Security Measures
1.5 Important Terms Relating to Communication Security
Chapter 2 Fundamentals of Cryptology
2.1 Cryptology, Cryptography and Cryptanalysis
2.2 Classification of Cryptographic Algorithms
2.4 Estimating the Effort Needed for Cryptographic Analysis
2.5 Characteristics and Classification of Encryption Algorithms
Chapter 3 Symmetric Cryptography
3.1 Encryption Modes of Block Ciphers
3.2 Data Encryption Standard
3.3 Advanced Encryption Standard
Chapter 4 Asymmetric Cryptography
4.1 Basic Idea of Asymmetric Cryptography
4.2 Mathematical Principles
4.4 The Problem of the Discrete Logarithm
4.5 The Diffie-Hellman Key Exchange Algorithm
4.6 The ElGamal Algorithm
4.7 Security of Conventional Asymmetric Cryptographic Schemes
4.8 Principles of Cryptography Based on Elliptic Curves
4.8.1 Elliptic Curves over R
4.8.2 Elliptic Curves over Zp
4.8.3 Elliptic Curves over GF(2n)
4.8.4 Cryptographic Protocols Based on Elliptic Curves
4.8.5 Security of cryptographic techniques over elliptic curves
4.8.6 Current Developments in EC Cryptography
4.10 Supplemental Reading
Chapter 5 Cryptographic Check Values
5.1 Requirements and Classification
5.2 Modification Detection Codes
5.2.1 Attacks on Modification Detection Codes
5.2.2 General Structure of Cryptographic Hash Functions
5.3 Message Authentication Codes
5.3.1 Schemes for the Computation of Message Authentication Codes
5.3.2 Security of CBC-based Algorithms
5.4 Message Authentication Codes Based on MDCs
5.5 Authenticated Encryption
5.5.1 The Galois/Counter Mode (GCM)
5.5.2 The SpongeWrap Method
Chapter 6 Random Number Generation
6.1 Random Numbers and Pseudo-Random Numbers
6.2 Cryptographically Secure Random Numbers
6.3 Statistical Tests for Random Numbers
6.4 Generation of Random Numbers
6.5 Generating Secure Pseudo-Random Numbers
6.6 Implementation Security
Chapter 7 Cryptographic Protocols
7.1 Properties and Notation of Cryptographic Protocols
7.2 Data Origin and Entity Authentication
7.3 Needham-Schroeder Protocol
7.5 International Standard X.509
7.5.1 X.509 Key Certificates
7.5.2 Direct Authentication Protocols Based on X.509
7.6 Security of Negotiated Session Keys
7.7 Advanced Password Authentication Methods
7.8 Formal Validation of Cryptographic Protocols
7.8.1 Classification of Formal Validation Methods
7.8.3 An Example of GNY Logic*
7.10 Supplemental Reading
Chapter 8 Secure Group Communication*
8.1 Specific Requirements for Secure Group Communication
8.2 Negotiation of Group Keys
8.2.1 Centralised Key Management
8.2.2 Decentralised Key Management
8.2.3 Distributed Key Management
Tree-Based Group Diffie-Hellman
8.3 Source Authentication
8.3.1 Block-by-block Authentication
8.3.2 Combinatorial Selection of Symmetric MACs
9.1 Definition of Terms and Concepts
9.3 Specification of Access Control Policies
9.4 Categories of Access Control Mechanisms
Chapter 10 Integration of Security Services in Communication Architectures
10.3 General Considerations for the Placement of Security Services
10.4 Integration in Lower Protocol Layers vs Applications
10.5 Integration into End Systems or Intermediate Systems
10.7 Supplemental Reading
Chapter 11 Link Layer Security Protocols
11.1 Virtual Separation of Data Traffic with IEEE 802.1Q
11.2 Securing a Local Network Infrastructure Using IEEE 802.1X
11.3 Encryption of Data Traffic with IEEE 802.1AE
11.4 Point-to-Point Protocol
11.4.1 Structure and Frame Formats
11.4.2 PPP Authentication Protocols
11.5 Point-to-Point Tunneling Protocol
11.5.1 Basic Versions of PPTP Packet Encapsulation
11.5.2 Development of PPTP and Alternative Approaches
11.6 Virtual Private Networks
11.8 Supplemental Reading
Chapter 12 IPsec Security Architecture
12.1 Short Introduction to the Internet Protocol Suite
12.2 Overview of the IPsec Architecture
12.3 Use of Transport and Tunnel Modes
12.4 IPsec Protocol Processing
12.8 Internet Key Exchange Version 1
12.8.1 Negotiation of an ISAKMP-SA
12.8.2 Negotiation of IPsec SAs
12.9 Internet Key Exchange Version 2
12.10 Other Aspects of IPsec
12.10.1 Interaction with Compression
12.10.2 Interaction with Firewalls and Intrusion Detection Systems
12.10.3 Handling of Network Address Translation
12.12 Supplemental Reading
Chapter 13 Transport Layer Security Protocols
13.1.1 Security Services and Protocol Architecture
13.1.2 The Record Protocol
13.1.3 The Handshake Protocol
13.1.4 Authentication and Negotiation of Session Keys
13.1.5 A Shortcoming in the Handshake Protocol
13.2 Transport Layer Security
13.2.1 Cryptographic Algorithms used in TLS
13.2.2 Attacks on Selectable Initialisation Vectors
13.2.3 Renegotiation Attack
13.2.4 Problems with Compression in TLS
13.2.5 Timing Attacks on the CBC Mode in TLS
13.3 Datagram Transport Layer Security
13.4.1 SSH Transport Protocol
13.4.2 Parameter Negotiation and Server Authentication
13.4.3 Client Authentication
13.4.4 Connection Control Within A Session
13.6 Supplemental Reading
Part III Secure Wireless and Mobile Communications
Chapter 14 Security Aspects of Mobile Communication
14.1 Threats in Mobile Communication Networks
14.2 Protecting Location Confidentiality
14.2.1 Broadcast Communication
14.2.2 Temporary Pseudonyms
14.2.3 Communication Mixes
14.4 Supplemental Reading
Chapter 15 Security in Wireless Local Area Networks
15.1 The IEEE 802.11 Standard for WLANs
15.2 Entity Authentication
15.2.1 Shared Key Authentication
15.2.2 Simultaneous Authentication of Equals
15.3 Wired Equivalent Privacy
15.3.1 Operation and Linearity of CRC
15.3.2 Operation of the WEP Protocol
15.3.3 Flaws in the WEP Protocol
15.4 Robust Secure Networks
15.4.1 Temporal Key Integrity Protocol
15.4.2 CTR with CBC-MAC Protocol
15.5 Security in Public WLANs
15.7 Supplemental Reading
Chapter 16 Security in Mobile Wide-Area Networks
16.1 Global System for Mobile Communication
16.2 Universal Mobile Telecommunications System
16.5 Supplemental Reading
Part IV Protecting Communications Infrastructures
Chapter 17 Protecting Communications and Infrastructure in Open Networks
17.1 Systematic Threat Analysis
17.2 Security of End Systems
17.2.2 Format String Attacks
17.2.3 Exploiting Race Conditions and Confidence in the Operating System Environment
17.2.4 SQL Injections and Cross-site Scripting
17.4 Supplemental Reading
Chapter 18 Availability of Data Transport
18.1 Denial-of-Service Attacks
18.1.1 Denial-of-Service Attacks with Permanent Effects
Permanent Destruction and Reservation of Resources
Illegitimate Resource Reservation
18.1.2 Resource Exhaustion
Memory Exhaustion Attacks
Exhaustion of Computing Resources
18.2 Distributed Denial-of-Service Attacks
18.3.1 Cookies and Stateless Protocol Design
18.3.3 Filtering, Partitioning and Redundancy
Logging of Packets in Gateway Systems
Reconstruction of Network Paths by the Receiver
Conclusion Regarding IP Traceback
18.5 Supplemental Reading
Chapter 19 Routing Security
19.1 Cryptographic Protection of BGP
19.1.1 Authentication of Data Transmission
19.1.2 The Secure Border Gateway Protocol
19.1.3 The Secure Origin Border Gateway Protocol
19.1.4 Interdomain Route Validation
19.1.5 BGPSEC and the Resource Public Key Infrastructure
19.2 Identification of Routing Anomalies*
19.2.1 Geographic Filtering
19.2.2 Temporary Withholding of Unknown Routes
19.2.3 Automated Revocation of Illegitimate Routes
19.4 Supplemental Reading
Chapter 20 Secure Name Resolution
20.1 The DNS Operating Principle
20.2 Security Objectives and Threats
20.3 Secure Use of Traditional DNS
20.4 Cryptographic Protection of DNS
Resource Records of DNSSEC
The DNSCurve Operating Principle
Security and Functionality Implications
20.4.4 Distributed Name Resolution*
Peer Name Resolution Protocol
20.6 Supplemental Reading
Chapter 21 Internet Firewalls
21.1 Tasks and Basic Principles of Firewalls
21.2 Firewall-Relevant Internet Services and Protocols
21.3 Terminology and Building Blocks
21.4 Firewall Architectures
21.6 Bastion Hosts and Proxy Servers
21.7 Other Aspects of Modern Firewall Systems
21.9 Supplemental Reading
Chapter 22 Automated Attack Detection and Response
22.1 Operating Principle and Objectives of Intrusion Detection Systems
22.2 Design and operation of network-based IDSs
22.2.1 Signature-based Identification
22.2.2 Detection of Deviations from Defined Behaviour Models
22.2.3 Self-learning Systems for Anomaly Detection
22.3 Response to Attacks and Automatic prevention
22.4 Techniques for Evading NIDSs
22.6 Supplemental Reading
Chapter 23 Management of Complex Communication Infrastructures*
23.1 Automatic Certificate Management
23.1.1 Mirroring of Certificate Revocation Lists
23.1.2 Online Certificate Status Protocol
23.1.3 Server-based Certificate Validation Protocol
23.1.4 Simple Certificate Enrollment Protocol
23.1.5 Certificate Management over CMS
23.1.6 Enrollment over Secure Transport
23.1.7 Certificate Management Protocol
23.2 Automatic VPN Configuration
23.2.1 Centralised Distribution of VPN Policies
23.2.2 Group Encrypted Transport VPN
23.2.4 Dynamic Multipoint VPN and FlexVPN
23.2.5 Tunnel Endpoint Discovery
23.2.6 Proactive Multicast-Based IPSEC Discovery Protocol
23.2.7 Secure Overlay for IPsec Discovery
23.4 Supplemental Reading
Security in Fixed and Wireless Networks
Disclaimer: Any content in publications that violate the sovereignty, the constitution or regulations of the PRC is not accepted or approved by CNPIEC.
