1995-10-24 - Re: textbooks

Header Data

From: patrick@Verity.COM (Patrick Horgan)
To: sandoval@cic.teleco.ulpgc.es
Message Hash: 1f7489bb9a37456dbe7e071ea15df700299c8f64e8b9ebbe9442e0d481bc9257
Message ID: <9510242121.AA07455@cantina.verity.com>
Reply To: N/A
UTC Datetime: 1995-10-24 21:25:37 UTC
Raw Date: Tue, 24 Oct 95 14:25:37 PDT

Raw message

From: patrick@Verity.COM (Patrick Horgan)
Date: Tue, 24 Oct 95 14:25:37 PDT
To: sandoval@cic.teleco.ulpgc.es
Subject: Re: textbooks
Message-ID: <9510242121.AA07455@cantina.verity.com>
MIME-Version: 1.0
Content-Type: text/plain



I'm Cc:ing this to cypherpunks since I've gotten a lot of requests for this
information.

> From: sandoval@cic.teleco.ulpgc.es (Juan Domingo Sandoval Gonzalez)
> 
> Dear Patrick,
> Thanks for yor info about "Network Security Private Communication
> in a PUBLIC World" by Kaufman, Perlman and Speciner.
> To buy it I need to know Who published it.
> Do you know the Editor house?
> 

"Network Security - PRIVATE Communication in a PUBLIC World", 1995, Prentice
Hall PTR, ISBN 0-13-061466-1, by Charlie Kaufman, Radia Perlman, and Mike
Speciner.

This book is amazing.  It explains hard concepts in ways that make them
seem obvious.  I can't state this too emphatically.  The style of the
book is conversational, approachable and a fun read, while at the same
time maintaining technical exactness to the point that you can implement
algorithms from the discussions in this book, (and understand how they
work.)

17.6.2 Coping with Export Controls is very interesting, detailing the weird
hoops that Lotus jumped through to retain as much security as possible while
still meeting export requirements.  The authors make the point that what
happens to you when you go through this process is almost random depending
on the times as well as the individual person you deal with.

The ANS.1 section is blunt about the space problems, and indeed much of the
book is refreshingly blunt about the stupidities involved in a lot of this
stuff.

The quick proof of why the initial and final permutations add nothing to 
the security of DES is presented in an informal and quite obvious sidebar.
The comment is made that by the same argument the permutation of the key
in the generating of per-round keys also adds nothing to security.

It also includes homework and would be a wonderful textbook.

Here's an abbreviated version of the TOC.  Note that the real index is much
richer than this.  I've given the complete version of section 3.3 to
illustrate.  All typos are mine.  I think we can no longer refer to Bruce's
book as the Bible, but must refer to the two books as the Scriptures;)

Could someone refer me to some good crypto oriented math books?  Preferably
something as readable as this:)

Chapter 1 Introduction

1.1  Roadmap to the book
1.2  What type of book is this
1.3  Terminology
1.4  Notation
1.5  Primer on Networking
1.6  Tempest
1.7  Firewalls/Security Gateways
1.8  Key Escrow for Law Enforcement
1.9  Key Escrow for Careless Users
1.10 Viruses, Worms, Trojan Horses
1.11 The Military Model of Security
1.12 Legal Issues

Chapter 2 Introduction to Cryptography

2.1  What is Cryptography
2.2  Breaking an Encryption Scheme
2.3  Types of Cryptographic Functions
2.4  Secret Key Cryptography
2.5  Public Key Cryptography
2.6  Hash Alogorithms
2.7  Homework

Chapter 3 Secret Key Cryptography

3.1  Introduction
3.2  Generic Block Encryption
3.3  Data Encryption Standard (DES)
     3.3.1  DES Overview
     3.3.2  The Permutations of the Data
     3.3.3  Generating the Per-Round Keys
     3.3.4  A DES Round
     3.3.5  The Mangler Function
     3.3.6  Weak and Semi-Weak Keys
     3.3.7  What's So Special About DES?
3.4  International Data Encryption Algorithm (IDEA)
3.5  Using Secret Key Cryptography in Protocols
3.6  Encrypting a Large Message
3.7  Generating MICs
3.8  Multiple Encryption DES
3.9  Homework

Chapter 4 Hashes and Message Digests

4.1  Introduction
4.2  Nifty Things to Do with a Hash
4.3  MD2
4.4  MD4
4.5  MD5
4.6  SHS
4.7  Homework

Chapter 5 Public Key Algorithms
5.1  Introduction
5.2  Modular Arithmatic
5.3  RSA
5.4  Diffie-Hellman
5.5  Digital Signature Standard (DSS)
5.6  Zero Knowledge Proof Systems
5.7  Homework Problems

Chapter 6  Number Theory

6.1  Introduction
6.2  Modular Arithmatic
6.3  Primes
6.4 Euclid's Algorithm
6.5  Chinese Remainder Theorem
6.6  Zn*
6.7  Euler's Totient Function
6.8  Euler's Theorem
6.9  Homework Problems

Chapter 7 Authentication Problems

7.1  Password-Based Authentication
7.2  Address-Based Authentication
7.3  Cryptographic Authentication Protocols
7.4  Who is Being Authenticated
7.5  Passwords as Cryptographic Keys
7.6  Eavesdropping and Server Database Reading
7.7  Trusted Intermediaries
7.8  Session Key Establishment
7.9  Authorization
7.10 Delegation
7.11 Homework

Chapter 8 Authentication of People

8.1 Passwords
8.2  On-Line Password Guessing
8.3  Off-Line Password Guessing
8.4  How Big Should a Secret Be?
8.5  Eavesdropping
8.6  Passwords and Careless Users
8.7  Initial Password Distribution
8.8  Authentication Tokens
8.9  Physical Access
8.10 Biometrics
8.11 Homework

Chapter 9 Security Handshake Pitfalls

9.1  Login Only
9.2  Mutual Authentication
9.3  Integrity/Encryption for Data
9.4  Mediated Authentication (with KDC)
9.5  Bellovin-Merritt
9.6  Network Login and Password Guessing
9.7  Nonce Types
9.8  Picking Random Numbers
9.9  X.509 Problem
9.10 Performance Considerations
9.11 Authentication Protocol Checklist
9.12 Homework

Chapter 10 Kerberos V4

10.1 Introduction
10.2 Tickets and Ticket-Granting Tickets
10.3  Configuration
10.4  Logging Into the Network
10.5  Replicated KDCs
10.6  Realms
10.7  Interrealm Authentication
10.8  Key Version Numbers
10.9  Encryption for Privacy and Integrity
10.10 Encryption for Integrity Only
10.11 Network Layer Addresses in Tickets
10.12 Message Formats
10.13 Homework

Chapter 11 Kerberos V5

11.1  ASN.1
11.2  Names
11.3  Delegation of Rights
11.4  Ticket Lifetimes
11.5  Key Versions
11.6  Making Master Keys in Different Realms Different
11.7  Optimizations
11.8  Cryptographic Algorithms
11.9  Hierarchy of Realms
11.10 Evading Password-Guessing Attacks
11.11 Key Inside Authenticator
11.12 Double TGT Authentication
11.13 KDC Database
11.14 Kerberos V5 Messages
11.15 Homework

Chapter 12 Electronic Mail Security

12.1  Distribution Lists
12.2  Store and Forward
12.3  Security Services for Electronic Mail
12.4  Establishing Keys
12.5  Privacy
12.6  Authentication of the Source
12.7  Message Integrity
12.8  Non-Repudiation
12.9  Proof of Submission
12.10 Proof of Delivery
12.11 Message Flow Confidentiality
12.12 Anonymity
12.13 Containment
12.14 Annoying Text Format Issues
12.15 Names and Addresses
12.16 Old Messages
12.17 Homework

Chapter 13 Privacy Enhanced Mail (PEM)

13.1  Introduction
13.2  Establishing Keys
13.3  Some PEM History
13.4  Certificate Hierarchy
13.5  Certificate Revocation Lists (CRLs)
13.6  X.509 Certificates and CRLs
13.7  Reformatting Data to Get Through Mailers
13.8  General Structure of a PEM Message
13.9  Encryption
13.10 Source Authentication and Integrity Protection
13.11 Multiple Recipients
13.12 Bracketing PEM Messages
13.13 Remote Distribution List Exploders
13.14 Forwarding and Enclosures
13.15 Canonicalization
13.16 Unprotected Information
13.17 Message Formats
13.18 DES-CBC as MIC Doesn't Work
13.19 Homework

Chapter 14 PGP (Pretty Good Privacy)

14.1  Introduction
14.2  Overview
14.3  Key Distribution
14.4  Efficient Encoding
14.5  Certificate and Key Revocation
14.6  Signature Types
14.7  Your Private Key
14.8  Key Rings
14.9  Anomalies
14.10 Object Formats

Chapter 15 X.400

15.1  Overview of X.400
15.2  Security Functions Possible with X.400
15.3  Structure of an X.400 Message

Chapter 16 A Comparison of PEM, PGP, and X.400

16.1  Introduction
16.2  Certificate Hierarchy
16.3  Certificate Distribution
16.4  Encryption
16.5  Encoding of Transmitted Messages
16.6  Cryptographic Algorithms Supported
16.7  Recipients with Multiple Keys
16.8  Mail-Intermediary-Provided Functions

Chapter 17 More Security Systems

17.1  NetWare V3
17.2  NetWare V4
17.3  KryptoKnight
17.4  SNMP
17.5  DASS/SPX
17.6  Lotus Notes Security
17.7  DCE Security
17.8  Microsoft Security
17.9  Network Denial of Service
17.10 Clipper
17.11 Homework

Bibliography
Glossary
Index
   _______________________________________________________________________
  /  These opinions are mine, and not Verity's (except by coincidence;).  \
 |                                                       (\                |
 |  Patrick J. Horgan         Verity Inc.                 \\    Have       |
 |  patrick@verity.com        1550 Plymouth Street         \\  _ Sword     | 
 |  Phone : (415)960-7600     Mountain View                 \\/    Will    | 
 |  FAX   : (415)960-7750     California 94303             _/\\     Travel | 
  \___________________________________________________________\)__________/





Thread