{{ bookSummary.author }} 지음 {{ bookSummary.publishingCompany }} | {{ bookSummary.date }}
{{ bookSummary.bookType }}
한빛아카데미
원서
판매중
책소개
Provides systematic guidance on meeting the information security challenges of the 21st century, featuring newly revised material throughout
Information Security: Principles and Practice is the must-have book for students, instructors, and early-stage professionals alike. Author Mark Stamp provides clear, accessible, and accurate information on the four critical components of information security: cryptography, access control, security protocols, and software. Readers are provided with a wealth of real-world examples that clarify complex topics, highlight important security issues, and demonstrate effective methods and strategies for protecting the confidentiality and integrity of data.
Fully revised and updated, the third edition of Information Security features a brand-new chapter on network security basics and expanded coverage of cross-site scripting (XSS) attacks, Stuxnet and other malware, the SSH protocol, secure software development, and security protocols. Fresh examples illustrate the Rivest-Shamir-Adleman (RSA) cryptosystem, Elliptic-curve cryptography (ECC), and hash functions based on bitcoin and blockchains. Updated problem sets, figures, tables, and graphs help readers develop a working knowledge of classic cryptosystems, symmetric and public key cryptography, cryptanalysis, simple authentication protocols, intrusion and malware detection systems, and more. Presenting a highly practical approach to information security, this popular textbook:
Provides up-to-date coverage of the rapidly evolving field of information securityExplains session keys, perfect forward secrecy, timestamps, SSH, SSL, IPSec, Kerberos, WEP, GSM, and other authentication protocolsAddresses access control techniques including authentication and authorization, ACLs and capabilities, and multilevel security and compartmentsDiscusses software tools used for malware detection, digital rights management, and operating systems securityIncludes an instructor’s solution manual, PowerPoint slides, lecture videos, and additional teaching resourcesInformation Security: Principles and Practice, Third Edition is the perfect textbook for advanced undergraduate and graduate students in all Computer Science programs, and remains essential reading for professionals working in industrial or government security.
To request supplementary materials, please contact mark.stamp@sjsu.edu and visit the author-maintained website for more: https://www.cs.sjsu.edu/~stamp/infosec/.
New feature
Information Security: Principles and Practice is the must-have book for students, instructors, and early-stage professionals alike. Author Mark Stamp provides clear, accessible, and accurate information on the four critical components of information security: cryptography, access control, network security, and software. Readers are provided with a wealth of real-world examples that clarify complex topics, highlight important security issues, and demonstrate effective methods and strategies for protecting the confidentiality and integrity of data.
Fully revised and updated, the third edition of Information Security features a brand-new chapter on network security basics and expanded coverage of cross-site scripting (XSS) attacks, Stuxnet and other malware, the SSH protocol, secure software development, and security protocols. Fresh examples illustrate the Rivest-Shamir-Adleman (RSA) cryptosystem, elliptic-curve cryptography (ECC), SHA-3, and hash function applications including bitcoin and blockchains. Updated problem sets, figures, tables, and graphs help readers develop a working knowledge of classic cryptosystems, modern symmetric and public key cryptography, cryptanalysis, simple authentication protocols, intrusion and malware detection systems, quantum computing, and more. Presenting a highly practical approach to information security, this popular textbook:
Provides up-to-date coverage of the rapidly evolving field of information securityExplains session keys, perfect forward secrecy, timestamps, SSH, SSL, IPSec, Kerberos, WEP, GSM, and other authentication protocolsAddresses access control techniques including authentication and authorization, ACLs and capabilities, and multilevel security and compartmentsDiscusses software security issues, ranging from malware detection to secure software developmentIncludes an instructor’s solution manual, PowerPoint slides, lecture videos, and additional teaching resourcesInformation Security: Principles and Practice, Third Edition is the perfect textbook for advanced undergraduate and graduate students in all Computer Science programs, and remains essential reading for professionals working in industrial or government security.
저자소개
마크 스탬프
Texas Tech University에서 수학 석사 및 박사학위를 취득하였다. 현재 실리콘밸리에 있는 산호세 주립대 전산학과 교수로 정보보안을 강의하고 있다. 정보보안 관련 기업과 학계에서 풍부한 실무 경험을 쌓았으며, 미 국가보안국(NSA)에서 암호분석가로 7년간 근무하였다.
목차
Preface xvAbout The Author xixAcknowledgments xxi1 Introductions 11.1 The Cast of Characters 11.2 Alice's Online Bank 21.2.1 Confidentiality, Integrity, and Availability 21.2.2 Beyond CIA 21.3 About This Book 41.3.1 Cryptography 41.3.2 Access Control 51.3.3 Network Security 61.3.4 Software 61.4 The People Problem 71.5 Principles and Practice 71.6 Problems 8I Crypto 132 Classic Cryptography 152.1 Introduction 152.2 How to Speak Crypto 152.3 Classic Crypto 172.3.1 Simple Substitution Cipher 182.3.2 Cryptanalysis of a Simple Substitution 202.3.3 Definition of Secure 212.3.4 Double Transposition Cipher 222.3.5 One-Time Pad 232.3.6 Codebook Cipher 27viii CONTENTS2.4 Classic Crypto in History 282.4.1 Ciphers of the Election of 1876 282.4.2 Zimmermann Telegram 302.4.3 Project VENONA 322.5 Modern Crypto History 332.6 A Taxonomy of Cryptography 362.7 A Taxonomy of Cryptanalysis 372.8 Summary 392.9 Problems 393 Symmetric Ciphers 453.1 Introduction 453.2 Stream Ciphers 463.2.1 A5/1 473.2.2 RC4 493.3 Block Ciphers 513.3.1 Feistel Cipher 513.3.2 DES 523.3.3 Triple DES 573.3.4 AES 593.3.5 TEA 623.3.6 Block Cipher Modes 643.4 Integrity 683.5 Quantum Computers and Symmetric Crypto 703.6 Summary 723.7 Problems 724 Public Key Crypto 794.1 Introduction 794.2 Knapsack 824.3 RSA 854.3.1 Textbook RSA Example 874.3.2 Repeated Squaring 884.3.3 Speeding Up RSA 904.4 Diffie-Hellman 914.5 Elliptic Curve Cryptography 934.5.1 Elliptic Curve Math 934.5.2 ECC Diffie-Hellman 954.5.3 Realistic Elliptic Curve Example 964.6 Public Key Notation 974.7 Uses for Public Key Crypto 984.7.1 Confidentiality in the Real World 984.7.2 Signatures and Non-repudiation 99CONTENTS ix4.7.3 Confidentiality and Non-repudiation 994.8 Certificates and PKI 1024.9 Quantum Computers and Public Key 1044.10 Summary 1064.11 Problems 1065 Crypto Hash Functions++ 1155.1 Introduction 1155.2 What is a Cryptographic Hash Function? 1165.3 The Birthday Problem 1175.4 A Birthday Attack 1195.5 Non-Cryptographic Hashes 1205.6 SHA-3 1215.7 HMAC 1245.8 Cryptographic Hash Applications 1265.8.1 Online Bids 1265.8.2 Blockchain 1275.9 Miscellaneous Crypto-Related Topics 1365.9.1 Secret Sharing 1365.9.2 Random Numbers 1405.9.3 Information Hiding 1435.10 Summary 1475.11 Problems 147II Access Control 1596 Authentication 1616.1 Introduction 1616.2 Authentication Methods 1626.3 Passwords 1636.3.1 Keys Versus Passwords 1646.3.2 Choosing Passwords 1646.3.3 Attacking Systems via Passwords 1666.3.4 Password Verification 1676.3.5 Math of Password Cracking 1686.3.6 Other Password Issues 1736.4 Biometrics 1746.4.1 Types of Errors 1766.4.2 Biometric Examples 1766.4.3 Biometric Error Rates 1816.4.4 Biometric Conclusions 1826.5 Something You Have 182x CONTENTS6.6 Two-Factor Authentication 1836.7 Single Sign-On and Web Cookies 1836.8 Summary 1846.9 Problems 1857 Authorization 1957.1 Introduction 1957.2 A Brief History of Authorization 1967.2.1 The Orange Book 1967.2.2 The Common Criteria 1997.3 Access Control Matrix 2007.3.1 ACLs and Capabilities 2017.3.2 Confused Deputy 2027.4 Multilevel Security Models 2047.4.1 Bell-LaPadula 2067.4.2 Biba's Model 2077.4.3 Compartments 2087.5 Covert Channels 2107.6 Inference Control 2127.7 CAPTCHA 2147.8 Summary 2167.9 Problems 216III Topics in Network Security 2218 Network Security Basics 2238.1 Introduction 2238.2 Networking Basics 2238.2.1 The Protocol Stack 2258.2.2 Application Layer 2268.2.3 Transport Layer 2288.2.4 Network Layer 2318.2.5 Link Layer 2338.3 Cross-Site Scripting Attacks 2358.4 Firewalls 2368.4.1 Packet Filter 2388.4.2 Stateful Packet Filter 2408.4.3 Application Proxy 2408.4.4 Defense in Depth 2428.5 Intrusion Detection Systems 2438.5.1 Signature-Based IDS 2458.5.2 Anomaly-Based IDS 246CONTENTS xi8.6 Summary 2508.7 Problems 2509 Simple Authentication Protocols 2579.1 Introduction 2579.2 Simple Security Protocols 2599.3 Authentication Protocols 2619.3.1 Authentication Using Symmetric Keys 2649.3.2 Authentication Using Public Keys 2679.3.3 Session Keys 2689.3.4 Perfect Forward Secrecy 2709.3.5 Mutual Authentication, Session Key, and PFS 2739.3.6 Timestamps 2739.4 ``Authentication"" and TCP 2759.5 Zero Knowledge Proofs 2789.6 Tips for Analyzing Protocols 2829.7 Summary 2849.8 Problems 28410 Real-World Security Protocols 29310.1 Introduction 29310.2 SSH 29410.2.1 SSH and the Man-in-the-Middle 29510.3 SSL 29610.3.1 SSL and the Man-in-the-Middle 29910.3.2 SSL Connections 30010.3.3 SSL Versus IPsec 30010.4 IPsec 30110.4.1 IKE Phase 1 30210.4.2 IKE Phase 2 30910.4.3 IPsec and IP Datagrams 31010.4.4 Transport and Tunnel Modes 31110.4.5 ESP and AH 31310.5 Kerberos 31410.5.1 Kerberized Login 31610.5.2 Kerberos Ticket 31610.5.3 Security of Kerberos 31810.6 WEP 31910.6.1 WEP Authentication 31910.6.2 WEP Encryption 32010.6.3 WEP Non-Integrity 32010.6.4 Other WEP Issues 32110.6.5 WEP: The Bottom Line 322xii CONTENTS10.7 GSM 32210.7.1 GSM Architecture 32310.7.2 GSM Security Architecture 32410.7.3 GSM Authentication Protocol 32610.7.4 GSM Security Flaws 32710.7.5 GSM Conclusions 32910.7.6 3GPP 33010.8 Summary 33010.9 Problems 331IV Software 33911 Software Flaws and Malware 34111.1 Introduction 34111.2 Software Flaws 34111.2.1 Buffer Overflow 34511.2.2 Incomplete Mediation 35611.2.3 Race Conditions 35611.3 Malware 35811.3.1 Malware Examples 35911.3.2 Malware Detection 36511.3.3 The Future of Malware 36711.3.4 The Future of Malware Detection 36911.4 Miscellaneous Software-Based Attacks 36911.4.1 Salami Attacks 36911.4.2 Linearization Attacks 37011.4.3 Time Bombs 37111.4.4 Trusting Software 37211.5 Summary 37311.6 Problems 37312 Insecurity in Software 38112.1 Introduction 38112.2 Software Reverse Engineering 38212.2.1 Reversing Java Bytecode 38412.2.2 SRE Example 38512.2.3 Anti-Disassembly Techniques 39012.2.4 Anti-Debugging Techniques 39112.2.5 Software Tamper Resistance 39212.3 Software Development 39312.3.1 Flaws and Testing 39512.3.2 Secure Software Development? 396CONTENTS xiii12.4 Summary 39612.5 Problems 397Appendix 403A-1 Modular Arithmetic 403A-2 Permutations 405A-3 Probability 406A-4 DES Permutations 406Index 418
Preface xv
About The Author xix
Acknowledgments xxi
1 Introductions 1
1.1 The Cast of Characters 1
1.2 Alice's Online Bank 2
1.2.1 Confidentiality, Integrity, and Availability 2
1.2.2 Beyond CIA 2
1.3 About This Book 4
1.3.1 Cryptography 4
1.3.2 Access Control 5
1.3.3 Network Security 6
1.3.4 Software 6
1.4 The People Problem 7
1.5 Principles and Practice 7
1.6 Problems 8
I Crypto 13
2 Classic Cryptography 15
2.1 Introduction 15
2.2 How to Speak Crypto 15
2.3 Classic Crypto 17
2.3.1 Simple Substitution Cipher 18
2.3.2 Cryptanalysis of a Simple Substitution 20
2.3.3 Definition of Secure 21
2.3.4 Double Transposition Cipher 22
2.3.5 One-Time Pad 23
2.3.6 Codebook Cipher 27
viii CONTENTS
2.4 Classic Crypto in History 28
2.4.1 Ciphers of the Election of 1876 28
2.4.2 Zimmermann Telegram 30
2.4.3 Project VENONA 32
2.5 Modern Crypto History 33
2.6 A Taxonomy of Cryptography 36
2.7 A Taxonomy of Cryptanalysis 37
2.8 Summary 39
2.9 Problems 39
3 Symmetric Ciphers 45
3.1 Introduction 45
3.2 Stream Ciphers 46
3.2.1 A5/1 47
3.2.2 RC4 49
3.3 Block Ciphers 51
3.3.1 Feistel Cipher 51
3.3.2 DES 52
3.3.3 Triple DES 57
3.3.4 AES 59
3.3.5 TEA 62
3.3.6 Block Cipher Modes 64
3.4 Integrity 68
3.5 Quantum Computers and Symmetric Crypto 70
3.6 Summary 72
3.7 Problems 72
4 Public Key Crypto 79
4.1 Introduction 79
4.2 Knapsack 82
4.3 RSA 85
4.3.1 Textbook RSA Example 87
4.3.2 Repeated Squaring 88
4.3.3 Speeding Up RSA 90
4.4 Diffie-Hellman 91
4.5 Elliptic Curve Cryptography 93
4.5.1 Elliptic Curve Math 93
4.5.2 ECC Diffie-Hellman 95
4.5.3 Realistic Elliptic Curve Example 96
4.6 Public Key Notation 97
4.7 Uses for Public Key Crypto 98
4.7.1 Confidentiality in the Real World 98
4.7.2 Signatures and Non-repudiation 99
CONTENTS ix
4.7.3 Confidentiality and Non-repudiation 99
4.8 Certificates and PKI 102
4.9 Quantum Computers and Public Key 104
4.10 Summary 106
4.11 Problems 106
5 Crypto Hash Functions++ 115
5.1 Introduction 115
5.2 What is a Cryptographic Hash Function? 116
5.3 The Birthday Problem 117
5.4 A Birthday Attack 119
5.5 Non-Cryptographic Hashes 120
5.6 SHA-3 121
5.7 HMAC 124
5.8 Cryptographic Hash Applications 126
5.8.1 Online Bids 126
5.8.2 Blockchain 127
5.9 Miscellaneous Crypto-Related Topics 136
5.9.1 Secret Sharing 136
5.9.2 Random Numbers 140
5.9.3 Information Hiding 143
5.10 Summary 147
5.11 Problems 147
II Access Control 159
6 Authentication 161
6.1 Introduction 161
6.2 Authentication Methods 162
6.3 Passwords 163
6.3.1 Keys Versus Passwords 164
6.3.2 Choosing Passwords 164
6.3.3 Attacking Systems via Passwords 166
6.3.4 Password Verification 167
6.3.5 Math of Password Cracking 168
6.3.6 Other Password Issues 173
6.4 Biometrics 174
6.4.1 Types of Errors 176
6.4.2 Biometric Examples 176
6.4.3 Biometric Error Rates 181
6.4.4 Biometric Conclusions 182
6.5 Something You Have 182
x CONTENTS
6.6 Two-Factor Authentication 183
6.7 Single Sign-On and Web Cookies 183
6.8 Summary 184
6.9 Problems 185
7 Authorization 195
7.1 Introduction 195
7.2 A Brief History of Authorization 196
7.2.1 The Orange Book 196
7.2.2 The Common Criteria 199
7.3 Access Control Matrix 200
7.3.1 ACLs and Capabilities 201
7.3.2 Confused Deputy 202
7.4 Multilevel Security Models 204
7.4.1 Bell-LaPadula 206
7.4.2 Biba's Model 207
7.4.3 Compartments 208
7.5 Covert Channels 210
7.6 Inference Control 212
7.7 CAPTCHA 214
7.8 Summary 216
7.9 Problems 216
III Topics in Network Security 221
8 Network Security Basics 223
8.1 Introduction 223
8.2 Networking Basics 223
8.2.1 The Protocol Stack 225
8.2.2 Application Layer 226
8.2.3 Transport Layer 228
8.2.4 Network Layer 231
8.2.5 Link Layer 233
8.3 Cross-Site Scripting Attacks 235
8.4 Firewalls 236
8.4.1 Packet Filter 238
8.4.2 Stateful Packet Filter 240
8.4.3 Application Proxy 240
8.4.4 Defense in Depth 242
8.5 Intrusion Detection Systems 243
8.5.1 Signature-Based IDS 245
8.5.2 Anomaly-Based IDS 246
CONTENTS xi
8.6 Summary 250
8.7 Problems 250
9 Simple Authentication Protocols 257
9.1 Introduction 257
9.2 Simple Security Protocols 259
9.3 Authentication Protocols 261
9.3.1 Authentication Using Symmetric Keys 264
9.3.2 Authentication Using Public Keys 267
9.3.3 Session Keys 268
9.3.4 Perfect Forward Secrecy 270
9.3.5 Mutual Authentication, Session Key, and PFS 273
9.3.6 Timestamps 273
9.4 ``Authentication"" and TCP 275
9.5 Zero Knowledge Proofs 278
9.6 Tips for Analyzing Protocols 282
9.7 Summary 284
9.8 Problems 284
10 Real-World Security Protocols 293
10.1 Introduction 293
10.2 SSH 294
10.2.1 SSH and the Man-in-the-Middle 295
10.3 SSL 296
10.3.1 SSL and the Man-in-the-Middle 299
10.3.2 SSL Connections 300
10.3.3 SSL Versus IPsec 300
10.4 IPsec 301
10.4.1 IKE Phase 1 302
10.4.2 IKE Phase 2 309
10.4.3 IPsec and IP Datagrams 310
10.4.4 Transport and Tunnel Modes 311
10.4.5 ESP and AH 313
10.5 Kerberos 314
10.5.1 Kerberized Login 316
10.5.2 Kerberos Ticket 316
10.5.3 Security of Kerberos 318
10.6 WEP 319
10.6.1 WEP Authentication 319
10.6.2 WEP Encryption 320
10.6.3 WEP Non-Integrity 320
10.6.4 Other WEP Issues 321
10.6.5 WEP: The Bottom Line 322
xii CONTENTS
10.7 GSM 322
10.7.1 GSM Architecture 323
10.7.2 GSM Security Architecture 324
10.7.3 GSM Authentication Protocol 326
10.7.4 GSM Security Flaws 327
10.7.5 GSM Conclusions 329
10.7.6 3GPP 330
10.8 Summary 330
10.9 Problems 331
IV Software 339
11 Software Flaws and Malware 341
11.1 Introduction 341
11.2 Software Flaws 341
11.2.1 Buffer Overflow 345
11.2.2 Incomplete Mediation 356
11.2.3 Race Conditions 356
11.3 Malware 358
11.3.1 Malware Examples 359
11.3.2 Malware Detection 365
11.3.3 The Future of Malware 367
11.3.4 The Future of Malware Detection 369
11.4 Miscellaneous Software-Based Attacks 369
11.4.1 Salami Attacks 369
11.4.2 Linearization Attacks 370
11.4.3 Time Bombs 371
11.4.4 Trusting Software 372
11.5 Summary 373
11.6 Problems 373
12 Insecurity in Software 381
12.1 Introduction 381
12.2 Software Reverse Engineering 382
12.2.1 Reversing Java Bytecode 384
12.2.2 SRE Example 385
12.2.3 Anti-Disassembly Techniques 390
12.2.4 Anti-Debugging Techniques 391
12.2.5 Software Tamper Resistance 392
12.3 Software Development 393
12.3.1 Flaws and Testing 395
12.3.2 Secure Software Development? 396
CONTENTS xiii
12.4 Summary 396
12.5 Problems 397
Appendix 403
A-1 Modular Arithmetic 403
A-2 Permutations 405
A-3 Probability 406
A-4 DES Permutations 406
Index 418
독자리뷰
오탈자 보기
정가 : 69,000원
판매가 : 69,000원(0% off)
마일리지 : 0점 (0%)
도서구입 안내
<한빛아카데미> 도서는 한빛 홈페이지에서 더 이상 판매를 하지 않습니다. 도서 구입은 인터넷 서점을 이용하시기 바랍니다. 양해바랍니다.
리뷰쓰기
* 리뷰 작성시 유의사항
글이나 이미지/사진 저작권 등 다른 사람의 권리를 침해하거나 명예를 훼손하는 게시물은 이용약관 및 관련법률에 의해 제재를 받을 수 있습니다.
1. 특히 뉴스/언론사 기사를 전문 또는 부분적으로 '허락없이' 갖고 와서는 안됩니다 (출처를 밝히는 경우에도 안됨). 2. 저작권자의 허락을 받지 않은 콘텐츠의 무단 사용은 저작권자의 권리를 침해하는 행위로, 이에 대한 법적 책임을 지게 될 수 있습니다.
오탈자 등록
도서 인증
* 온라인 또는 오프라인 서점에서 구입한 도서를 인증하면 마일리지 500점을 드립니다.
* 도서인증은 일 3권, 월 10권, 년 50권으로 제한되며 절판도서, eBook 등 일부 도서는 인증이 제한됩니다.
* 구입하지 않고, 허위로 도서 인증을 한 것으로 판단되면 웹사이트 이용이 제한될 수 있습니다.
해당 상품을 장바구니에 담았습니다.이미 장바구니에 추가된 상품입니다.장바구니로 이동하시겠습니까?