WIXLIB

CRYPTOGRAPHY ANDNETWORK SECURITYPRINCIPLES AND PRACTICESEVENTH EDITIONGLOBAL EDITIONWilliam StallingsBoston Columbus Indianapolis New York San Francisco HobokenAmsterdam Cape Town Dubai London Madrid Milan Munich Paris Montréal TorontoDelhi Mexico City São Paulo Sydney Hong Kong Seoul Singapore Taipei TokyoHiva-Network.Com

For Tricia: never dull, never boring,the smartest and bravest personI knowVice President and Editorial Director, ECS:Marcia J. HortonExecutive Editor: Tracy Johnson (Dunkelberger)Editorial Assistant: Kristy AlauraAcquisitions Editor, Global Editions: Abhijit BaroiProgram Manager: Carole SnyderProject Manager: Robert EngelhardtProject Editor, Global Editions: K.K. NeelakantanMedia Team Lead: Steve WrightR&P Manager: Rachel YoudelmanR&P Senior Project Manager: William OpaluchSenior Operations Specialist: Maura Zaldivar-GarciaInventory Manager: Meredith MarescaInventory Manager: Meredith MarescaSenior Manufacturing Controller, Global Editions:Trudy KimberMedia Production Manager, Global Editions:Vikram KumarProduct Marketing Manager: Bram Van KempenMarketing Assistant: Jon BryantCover Designer: Lumina DatamaticsCover Art: goghy73 / ShutterstockFull-Service Project Management:Chandrakala Prakash, SPi GlobalComposition: SPi GlobalCredits and acknowledgments borrowed from other sources and reproduced, with permission, in this textbookappear on page 753.Pearson Education LimitedEdinburgh GateHarlowEssex CM20 2JEEnglandand Associated Companies throughout the worldVisit us on the World Wide Web at:www.pearsonglobaleditions.com Pearson Education Limited 2017The right of William Stallings to be identified as the author of this work has been asserted by him in accordancewith the Copyright, Designs and Patents Act 1988.Authorized adaptation from the United States edition, entitled Cryptography and Network Security: Principles andPractice, 7th Edition, ISBN 978-0-13-444428-4, by William Stallings published by Pearson Education 2017.All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted inany form or by any means, electronic, mechanical, photocopying, recording or otherwise, without either the priorwritten permission of the publisher or a license permitting restricted copying in the United Kingdom issued by theCopyright Licensing Agency Ltd, Saffron House, 6–10 Kirby Street, London EC1N 8TS.All trademarks used herein are the property of their respective owners. The use of any trademark in this text doesnot vest in the author or publisher any trademark ownership rights in such trademarks, nor does the use of suchtrademarks imply any affiliation with or endorsement of this book by such owners.British Library Cataloguing-in-Publication DataA catalogue record for this book is available from the British Library10 9 8 7 6 5 4 3 2 1ISBN 10:1-292-15858-1ISBN 13: 978-1-292-15858-7Typeset by SPi GlobalPrinted and bound in Malaysia.

CONTENTSNotation 10Preface 12About the Author 18PART ONE: BACKGROUND 19Chapter 1 Computer and Network Security Concepts 191.1Computer Security Concepts 211.2The OSI Security Architecture 261.3Security Attacks 271.4Security Services 291.5Security Mechanisms 321.6Fundamental Security Design Principles 341.7Attack Surfaces and Attack Trees 371.8A Model for Network Security 411.9Standards 431.10Key Terms, Review Questions, and Problems 44Chapter 2 Introduction to Number Theory 462.1Divisibility and the Division Algorithm 472.2The Euclidean Algorithm 492.3Modular Arithmetic 532.4Prime Numbers 612.5Fermat’s and Euler’s Theorems 642.6Testing for Primality 682.7The Chinese Remainder Theorem 712.8Discrete Logarithms 732.9Key Terms, Review Questions, and Problems 78Appendix 2A The Meaning of Mod 82PART TWO: SYMMETRIC CIPHERS 85Chapter 3 Classical Encryption Techniques 853.1Symmetric Cipher Model 863.2Substitution Techniques 923.3Transposition Techniques 1073.4Rotor Machines 1083.5Steganography 1103.6Key Terms, Review Questions, and Problems 112Chapter 4 Block Ciphers and the Data Encryption Standard 1184.1Traditional Block Cipher Structure 1194.2The Data Encryption Standard 1294.3A DES Example 1314.4The Strength of DES 1343

4CONTENTS4.5Block Cipher Design Principles 1354.6Key Terms, Review Questions, and Problems 137Chapter 5 Finite Fields 1415.1Groups 1435.2Rings 1455.3Fields 1465.4Finite Fields of the Form GF(p) 1475.5Polynomial Arithmetic 1515.6Finite Fields of the Form GF(2n) 1575.7Key Terms, Review Questions, and Problems 169Chapter 6 Advanced Encryption Standard 1716.1Finite Field Arithmetic 1726.2AES Structure 1746.3AES Transformation Functions 1796.4AES Key Expansion 1906.5An AES Example 1936.6AES Implementation 1976.7Key Terms, Review Questions, and Problems 202Appendix 6A Polynomials with Coefficients in GF(28) 203Chapter 7 Block Cipher Operation 2077.1Multiple Encryption and Triple DES 2087.2Electronic Codebook 2137.3Cipher Block Chaining Mode 2167.4Cipher Feedback Mode 2187.5Output Feedback Mode 2207.6Counter Mode 2227.7XTS-AES Mode for Block-Oriented Storage Devices 2247.8Format-Preserving Encryption 2317.9Key Terms, Review Questions, and Problems 245Chapter 8 Random Bit Generation and Stream Ciphers 2508.1Principles of Pseudorandom Number Generation 2528.2Pseudorandom Number Generators 2588.3Pseudorandom Number Generation Using a Block Cipher 2618.4Stream Ciphers 2678.5RC4 2698.6True Random Number Generators 2718.7Key Terms, Review Questions, and Problems 280PART THREE: ASYMMETRIC CIPHERS 283Chapter 9 Public-Key Cryptography and RSA 2839.1Principles of Public-Key Cryptosystems 2859.2The RSA Algorithm 2949.3Key Terms, Review Questions, and Problems 308

CONTENTSChapter 10 Other Public-Key Cryptosystems 31310.1Diffie-Hellman Key Exchange 31410.2Elgamal Cryptographic System 31810.3Elliptic Curve Arithmetic 32110.4Elliptic Curve Cryptography 33010.5Pseudorandom Number Generation Based on an Asymmetric Cipher 33410.6Key Terms, Review Questions, and Problems 336PART FOUR: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS 339Chapter 11 Cryptographic Hash Functions 33911.1Applications of Cryptographic Hash Functions 34111.2Two Simple Hash Functions 34611.3Requirements and Security 34811.4Hash Functions Based on Cipher Block Chaining 35411.5Secure Hash Algorithm (SHA) 35511.6SHA-3 36511.7Key Terms, Review Questions, and Problems 377Chapter 12 Message Authentication Codes 38112.1Message Authentication Requirements 38212.2Message Authentication Functions 38312.3Requirements for Message Authentication Codes 39112.4Security of MACs 39312.5MACs Based on Hash Functions: HMAC 39412.6MACs Based on Block Ciphers: DAA and CMAC 39912.7Authenticated Encryption: CCM and GCM 40212.8Key Wrapping 40812.9Pseudorandom Number Generation Using Hash Functions and MACs 41312.10Key Terms, Review Questions, and Problems 416Chapter 13 Digital Signatures 41913.1Digital Signatures 42113.2Elgamal Digital Signature Scheme 42413.3Schnorr Digital Signature Scheme 42513.4NIST Digital Signature Algorithm 42613.5Elliptic Curve Digital Signature Algorithm 43013.6RSA-PSS Digital Signature Algorithm 43313.7Key Terms, Review Questions, and Problems 438PART FIVE: MUTUAL TRUST 441Chapter 14 Key Management and Distribution 44114.1Symmetric Key Distribution Using Symmetric Encryption 44214.2Symmetric Key Distribution Using Asymmetric Encryption 451Distribution of Public Keys 45414.314.4X.509 Certificates 4595

6CONTENTS14.5Public-Key Infrastructure 46714.6Key Terms, Review Questions, and Problems 469Chapter 15 User Authentication 47315.1Remote User-Authentication Principles 47415.2Remote User-Authentication Using Symmetric Encryption 47815.3Kerberos 48215.4Remote User-Authentication Using Asymmetric Encryption 50015.5Federated Identity Management 50215.6Personal Identity Verification 50815.7Key Terms, Review Questions, and Problems 515PART SIX: NETWORK AND INTERNET SECURITY 519Chapter 16 Network Access Control and Cloud Security 51916.1Network Access Control 52016.2Extensible Authentication Protocol 52316.3IEEE 802.1X Port-Based Network Access Control 52716.4Cloud Computing 52916.5Cloud Security Risks and Countermeasures 53516.6Data Protection in the Cloud 53716.7Cloud Security as a Service 54116.8Addressing Cloud Computing Security Concerns 54416.9Key Terms, Review Questions, and Problems 545Chapter 17 Transport-Level Security 54617.1Web Security Considerations 54717.2Transport Layer Security 54917.3HTTPS 56617.4Secure Shell (SSH) 56717.5Key Terms, Review Questions, and Problems 579Chapter 18 Wireless Network Security 58118.1Wireless Security 58218.2Mobile Device Security 58518.3IEEE 802.11 Wireless LAN Overview 58918.4IEEE 802.11i Wireless LAN Security 59518.5Key Terms, Review Questions, and Problems 610Chapter 19 Electronic Mail Security 61219.1Internet Mail Architecture 61319.2Email Formats 61719.3Email Threats and Comprehensive Email Security 62519.4S/MIME 62719.5Pretty Good Privacy 63819.6DNSSEC 63919.7DNS-Based Authentication of Named Entities 64319.8Sender Policy Framework 64519.9DomainKeys Identified Mail 648

CONTENTS19.1019.11Chapter 2020.120.220.320.420.520.620.7Domain-Based Message Authentication, Reporting, and Conformance 654Key Terms, Review Questions, and Problems 659IP Security 661IP Security Overview 662IP Security Policy 668Encapsulating Security Payload 673Combining Security Associations 681Internet Key Exchange 684Cryptographic Suites 692Key Terms, Review Questions, and Problems 694APPENDICES 696Appendix A Projects for Teaching Cryptography and Network Security 696A.1Sage Computer Algebra Projects 697A.2Hacking Project 698A.3Block Cipher Projects 699A.4Laboratory Exercises 699A.5Research Projects 699A.6Programming Projects 700A.7Practical Security Assessments 700A.8Firewall Projects 701A.9Case Studies 701A.10Writing Assignments 701A.11Reading/Report Assignments 702A.12Discussion Topics 702Appendix B Sage Examples edits 753Index 754Linear Algebra and Matrix Functionality 704Chapter 2: Number Theory 705Chapter 3: Classical Encryption 710Chapter 4: Block Ciphers and the Data Encryption Standard 713Chapter 5: Basic Concepts in Number Theory and Finite Fields 717Chapter 6: Advanced Encryption Standard 724Chapter 8: Pseudorandom Number Generation and Stream Ciphers 729Chapter 9: Public-Key Cryptography and RSA 731Chapter 10: Other Public-Key Cryptosystems 734Chapter 11: Cryptographic Hash Functions 739Chapter 13: Digital Signatures 7417447

8CONTENTSONLINE CHAPTERS AND APPENDICES1PART SEVEN: SYSTEM SECURITYChapter 21 Malicious Software21.1Types of Malicious Software (Malware)21.2Advanced Persistent Threat21.3Propagation—Infected Content—Viruses21.4Propagation—Vulnerability Exploit—Worms21.5Propagation—Social Engineering—Spam E-mail, Trojans21.6Payload—System Corruption21.7Payload—Attack Agent—Zombie, Bots21.8Payload—Information Theft—Keyloggers, Phishing, Spyware21.9Payload—Stealthing—Backdoors, Rootkits21.10Countermeasures21.11Distributed Denial of Service Attacks21.12References21.13Key Terms, Review Questions, and ProblemsChapter 22 Intruders22.1Intruders22.2Intrusion Detection22.3Password Management22.4References22.5Key Terms, Review Questions, and ProblemsChapter 23 Firewalls23.1The Need for Firewalls23.2Firewall Characteristics and Access Policy23.3Types of Firewalls23.4Firewall Basing23.5Firewall Location and Configurations23.6References23.7Key Terms, Review Questions, and ProblemsPART EIGHT: LEGAL AND ETHICAL ISSUESChapter 24 Legal and Ethical Aspects24.1Cybercrime and Computer Crime24.2Intellectual Property24.3Privacy24.4Ethical Issues24.5Recommended Reading24.6References24.7Key Terms, Review Questions, and Problems24.AInformation Privacy1Online chapters, appendices, and other documents are at the Companion Website, available via theaccess card at the front of this book.