Feineigle.com - Cryptography and Network Security Principles and Practice

Home · Book Reports · 2018 · Cryptography and Network Security Principles and Practice

Published: March 2, 2018
Tags:  Encryption · Math · Programming



The book in...
One sentence:
A detailed entry point into the world of cryptography and network security that includes such topics as mathematics, cypher algorithms, hashing, public/private key pairs and other associated content.

Five sentences:
After a brief introduction to historical cryptography, a quick and dirty crash course of the mathematics required to understand most of the book is presented. Various cypher types, or modes, are discussed, including block, stream, chain, feedback, and counter in addition to symmetric/asymmetric cyphers, public/private key encryption and exchange, particular attention is paid to the Diffie-Hellman method of exchange. Some of the cryptographic algorithms covered include DES, AES, and RSA; these are presented alongside various hashing algorithms and it is explained how the use of certain combinations of these tools can provide, integrity, confidentiality, authentication, or any combination of these to data. The cryptographic section concludes with a pair of chapters on trust/key management, and user authentication to close a decidedly well rounded and complete examination of the aforementioned topics. The network security portion of the book covers everything from transport layer security like HTTPS and SSH, wireless security, email security, and includes a final chapter on IP security.

designates my notes. / designates important.


Thoughts

The first half of the book, the cryptography was interesting and why I read the book. The latter half, network protocols and such was old-hat for me. That said, I would strongly recommend this book to anyone interested in either cryptography or network security.

Ample, but not detailed, mathematical foundations are provided, allowing anyone without the prerequisite math skills to understand the entire book, provided you are willing to roll up your mental sleeves. The elliptical parts are quite difficult, but the rest is infinitely approachable by a novice.

It also covers the various forms ciphers can take, block, stream, etc. Random and pseudo random number generators are discussed. Public and private key systems are elaborated.

There are TONS of illustrations to help you visualize the algorithms and communication routines. There are also many examples, starting from the most basic shift ciphers all the way to DES, AES, and RSA. Hashing is also covered in great detail with the aforementioned illustrations and examples.

Enough detail is given that you can easily implement the algorithms in a programming language of your choosing. I built a number of python based toy examples for things like the euclidean algorithm, the Miller-Rabin prime test, and an RSA implementation among other things. I would strongly suggest anyone interested in learning cryptography to implement as many of the algorithms as you can, from scratch. The amount you learn doing this far exceeds what you would get simply trying to absorb the book.

It really is a well rounded book.

Code

Here are links to the python programs I wrote, but be warned these are not debugged and more of proof of concepts to facilitate understanding. Do not use them for anything more than learning.

Books


Table of Contents


· 01: Computer and Network Security Concepts

page 010:
page 21:
page 23:
page 27:
page 030:
page 033:
page 039:
page 041:
page 45:

· 02: Introduction to Number Theory

page 48:
if a|1, then a = +-1
if a|b and b|a, then a = +-b
any b != 0 divides 0
if a|b and b|c, then a|c

If b|g and b|h, then b|(mg + nh) for arbitrary integers m and n.
To see this last point, note that
  If b|g, then g is of the form g = b * g1 for some integer g1.
  If b|h, then h is of the form h = b * h1 for some integer h1 .
So
  mg + nh = mbg1 + nbh1 = b * (mg1 + nh1)
and therefore b divides mg + nh.
np.floor(-11/7)
np.remainder(-11, 7)
page 49:
page 50:
import numpy as np

def gcd(a, b):
  #q = np.floor(a/b)
  r = np.remainder(a, b)
  #print q, r
  if r > 0:
    return gcd(b, r)
  else:
    return b

def gcd_2(a, b):
  if b == 0:
    return a
  else:
    return gcd(b, np.remainder(a, b))

if __name__ == "__main__":
  print gcd(1160718174, 316258250)   #1078
  print gcd_2(1160718174, 316258250) #1078
page 050:
page 53:
>>> np.mod == np.remainder
True
page 054:
page 55:

Define the set Z_n as the set of nonnegative integers less than n: Z n = {0, 1, …, (n - 1)}

page 056:
page 057:
page 58:
def mgcd(a, b):
  if b == 0:
    return a
  else:
    return mgcd(b, np.mod(a, b))

if __name__ == "__main__":
  print mgcd(1160718174, 316258250) #1078
page 059:
page 061:
page 064:
page 065:
page 067:
page 068:
page 069:
page 071:
page 076:

· 03: Classical Encryption Techniques

page 87:
page 088:
page 89:
page 91:
page 095:
page 97:
page 99:
page 104:
page 105:
page 111:
page 113:
page 117:

· 04: Block Ciphers and the Data Encryption Standard

page 120:
page 124:
page 125:
page 126:
page 127:
page 128:
page 130:
page 132:

· 05: Finite Fields

page 143:
(A1) Closure: If a and b belong to G, then a # b is also in G.

(A2) Associative: a # (b # c) = (a # b) # c for all a, b, c in G.

(A3) Identity element: There is an element e in G such that a # e = e # a = a
for all a in G.

(A4) Inverse element: For each a in G, there is an element a′ in G such that a
# a′ = a′ # a = e.
page 145:
page 146:
page 147:
page 148:
page 151:
page 152:
page 153:
page 154:
1 + 1 = 1 - 1 = 0
1 + 0 = 1 - 0 = 1
0 + 1 = 0 - 1 = 1
page 156:
page 160:
page 164:
page 165:

· 06: Advanced Encryption Standard

page 178:
page 179:
page 185:
page 186:
page 187:
page 189:
page 190:
page 197:
page 198:
page 199:

· 07: Block Cipher Operation

page 214:
page 215:
page 216:
page 218:
page 219:
page 221:
page 223:
page 224:
page 225:
page 231:

· 08: Random Bit Generation and Stream Ciphers

page 254:
page 259:
m     the modulus                   m > 0
a     the multiplier                0 < a < m
c     the increment                 0 <= c < m
X_0   the starting value, or seed   0 <= X_0 < m

X_n + 1 = (aX_n) mod (2^31 - 1)
page 260:
page 262:

· 09: Principles of Public-Key Cryptosystems

page 286:
page 290:
page 291:
Z = E(PU_b, E(PR_a,X))
X = D(PU_a, D(PR_b,Z))
page 294:
page 295:
p, q, two prime numbers                  (private, chosen)
n = pq                                   (public, calculated)
e, with gcd(f(n), e) = 1; 1 6 e 6 f(n)   (public, chosen)
d K e -1 (mod f(n))                      (private, calculated)
page 296:
1. Select two prime numbers, p = 17 and q = 11.
2. Calculate n = pq = 17 * 11 = 187.
3. Calculate f(n) = (p - 1)(q - 1) = 16 * 10 = 160.
4. Select e such that e is relatively prime to f(n) = 160 and less than f(n); 
we choose e = 7.
5. Determine d such that de K 1 (mod 160) and d 6 160. The correct value is
d = 23, because 23 * 7 = 161 = (1 * 160) + 1; d can be calculated using
the extended Euclid’s algorithm (Chapter 2).
88^7 mod 187 = [(88^4 mod 187) * (88^2 mod 187) * (88^1 mod 187)] mod 187
88^1 mod 187 = 88
88^2 mod 187 = 7744 mod 187 = 77
88^4 mod 187 = 59,969,536 mod 187 = 132
88^7 mod 187 = (88 * 77 * 132) mod 187 = 894,432 mod 187 = 11
11^23 mod 187 = [(11^1 mod 187) * (11^2 mod 187) * (11^4 mod 187) 
                * (11^8 mod 187) * (11^8 mod 187)] mod 187
11^1 mod 187 = 11
11^2 mod 187 = 121
11^4 mod 187 = 14,641 mod 187 = 55
11^8 mod 187 = 214,358,881 mod 187 = 33
11^23 mod 187 = (11 * 121 * 55 * 33 * 33) mod 187 = 79,720,245 mod 187 = 88
page 297:
page 298:
page 299:
page 303:

· 10: Other Public-Key Cryptosystems

page 315:
page 316:
page 320:
page 321:
page 323:
y^2 + axy + by = x^3 + cx^2 + dx + e
page 324:
page 325:
page 332:
page 333:
  1. minimum key lengths for future system of 3072 bits and 256 bits for RSA and ECC, respectively.

· 11: Cryptographic Hash Functions

page 340:
page 343:
page 344:
page 345:
page 348:
page 349:
page 350:
page 353:
page 356:
page 357:
page 358:
page 360:
page 361:
page 362:
page 363:

· 12: Message Authentication Codes

page 383:
page 384:
page 386:
page 388:
page 389:
page 390:
page 394:
page 398:
page 414:

· 13: Digital Signatures

page 421:
page 422:
1. Mary may forge a different message and claim that it came from John. Mary
would simply have to create a message and append an authentication code using
the key that John and Mary share.
2. John can deny sending the message. Because it is possible for Mary to forge
a message, there is no way to prove that John did in fact send the message.
page 427:
page 428:
page 429:
page 432:

· 14: Key Management and Distribution

page 442:
page 448:
page 451:
1. A generates a public/private key pair {PUa, PR a} and transmits a message to
B consisting of PUa and an identifier of A, ID A.
2. B generates a secret key, K s, and transmits it to A, which is encrypted
with A’s public key.
3. A computes D(PR a, E(PUa, K s)) to recover the secret key. Because only A
can decrypt the message, only A and B will know the identity of K s.
4. A discards PUa and PR a and B discards PUa.  A and B can now securely
communicate using conventional encryption and the session key Ks. At the
completion of the exchange, both A and B discard K s.  Despite its simplicity,
this is an attractive protocol.
page 453:
page 460:

· 15: User Authentication

page 481:
1. A -> B:     ID_A || N_a
2. B -> KDC:   ID_B || N_b || E(K_b, [ID_A || N_a || T_b])
3. KDC -> A:   E(K_a, [ID_B || N_a || K_s || T_b]) || E(K_b, [ID_A || K_s || T_b]) || N_b
4. A -> B:     E(K_b, [ID_A || K_s || T_b]) || E(K_s, N_b)

|| = concatenate
KDC = Key Distribution Center
N = Nonce
K = Key
T = Timestamp
ID = Identifier
page 488:
page 489:
page 491:

· 16: Network Access Control and Cloud Security

page 532:

· 17: Transport-Level Security

page 549:
page 556:
page 568:
page 569:
page 570:
page 571:
page 576:

· 18: Wireless Network Security

page 599:

· 19: Electronic Mail Security

page 631:
page 638:
page 640:
page 643:

· 20: IP Security

page 664:
page 668:
page 669:
page 672:
page 673:
page 674:
page 678:
page 679:
page 680:
page 693: