For one-semester, undergraduate- or graduate-level courses in Cryptography, Computer Security, and Network Security
A practical survey of cryptography and network security with unmatched support for instructors and students
In this age of universal electronic connectivity, viruses and hackers, electronic eavesdropping, and electronic fraud, security is paramount. This text provides a practical survey of both the principles and practice of cryptography and network security. First, the basic issues to be addressed by a network security capability are explored through a tutorial and survey of cryptography and network security technology. Then, the practice of network security is explored via practical applications that have been implemented and are in use today. An unparalleled support package for instructors and students ensures a successful teaching and learning experience.
Teaching and Learning Experience
To provide a better teaching and learning experience, for both instructors and students, this program will:
- Support Instructors and Students: An unparalleled support package for instructors and students ensures a successful teaching and learning experience.
- Apply Theory and/or the Most Updated Research: A practical survey of both the principles and practice of cryptography and network security.
- Engage Students with Hands-on Projects: Relevant projects demonstrate the importance of the subject, offer a real-world perspective, and keep students interested.
APPLY THEORY AND/OR RESEARCH
- Use of Sage to illustrate cryptographic algorithms. The Sage computer algebra system is used to provide numerous examples of cryptographic algorithms and is also used as the basis for numerous hands-on assignments. This is an unmatched means for students to learn this subject.
- Comprehensive up-to-date survey of cryptographic algorithms. The student gains an understanding of all of important cryptographic algorithms and is able to assess their relative strengths and weaknesses.
- Complete coverage of authentication and digital signatures. Enables the student to compare and evaluate competing approaches, and thus understand each better.
- Unified, comprehensive treatment of mutual trust topics. Key management and user authentication are fundamental to the successful use of cryptographic services. This treatment gives the student a systematic and comprehensive understanding of the issues involved.
- Excellent collection of homework problems. Approximately 300 problems reinforce material in the text and also introduce new concepts and techniques. Problems are included at the end of each chapter.
- Solid yet easy-to-follow mathematical background. It is impossible to assess the relative strengths of various approaches without some understanding of number theory and probability. The book requires no prior math background and gives the student a clear understanding of the math required. Coverage of number theory and finite fields, including numerous worked-out examples, make this abstract subject clear.
- Comprehensive, up-to-date coverage of IP Security. IPSec is one of the most complex and one of the most important of the new network security standards. This book gives a clear and detailed technical treatment.
- Comprehensive, up-to-date coverage of wireless network Security. The student gains an understanding of the importance of this topic.
- Coverage of both PGP and S/MIME for electronic mail security. These are the two most important approaches to email security. The book gives the student an understanding of both schemes at a detailed technical level.
- Comprehensive and unified discussion of intruders and viruses. The threats of intruders (hackers) and viruses are distinct, but there are also similarities. By treating the two in the same chapter and in a unified way, the student gains greater understanding of both topics.
SUPPORT INSTRUCTORS AND STUDENTS
Unequalled support for instructors and students
- The book includes 300 homework problems with a range of difficulty plus numerous review questions; the Instructor's Solutions Manual contains solutions to all problems and questions.
- A Computerized Test Generator
- The book makes liberal use of figures and tables to clarify concepts.
- List of key words, recommended reading list, and recommended Web sites at the end of each chapter.
- List of acronyms on back endpaper
- Up-to-date bibliography
Instructor Resources. The following protected instructor material is available on the Publisher’s Web site at www.pearsonhighered.com/stallings. For username and password information, please contact your Pearson Representative.
- TestBank: A chapter-by-chapter set of question that can be used by the instructor for quizzes or made available to the student for self-study.
- PowerPoint Lecture Slides: A set of slides covering all chapters, suitable for use in lecturing.
- Instructor Solutions Manual: Solutions to end-of-chapter Review Questions and Problems.
- Instructor Projects Manual: Suggested project assignments
- Figures and Tables
- Sample Java Programs
- Sample Lab Exercises
- Additional Sample Lecture Slides
- Textbook Errata
- Link to online premium content
- Online Chapters
- Online Appendices
- Key Papers
- Supporting Documents
- Sage Code Examples
- VideoNotes Tutorials
Author-maintained Instructor Companion Web site http://williamstallings.com/Cryptography/ content includes:
- Useful links
- Links to Web sites for courses taught using this book
- Sign-up information for a mailing list for instructors that allows instructors using the book to exchange information, suggestions, and questions with each other and the author.
Student Resources. Access to the Companion Website and access to the online premium content is located at www.pearsonhighered.com/stallings. Students must use the access card located in the front of the book to register and access the online material. If there is no access card in the front of the textbook, students can purchase access by going to www.pearsonhighered.com/stallings and selecting “purchase access to premium content.” Instructors must register on the site to access the material.
- Online premium content www.pearsonhighered.com/stallings includes:
- Online Chapters
- Online Appendices
- Key Papers
- Supporting Documents
- Sage Code Examples
- VideoNotes tutorials
- Author-maintained Student Companion Web site http://williamstallings.com/Cryptography/content includes:
o Security and Cryptography Forums
o Cryptography Demos
o Textbook Errata
o Chapter-by-Chapter Links
ENGAGE STUDENTS WITH HANDS-ON PROJECTS
Unequalled support for projects. For many instructors, an important component of a course is a project or set of projects by which the student gets hands-on experience to reinforce concepts from the text. The book provides unparalleled support for including a projects component with the course. The Instructor's Manual includes guidance on how to assign and structure the projects and includes a set of suggested projects that covers a broad range of topics from the text. The following types of projects are supported in the Instructor's Manual:
- Hacking Assignments: A series of hacking problems for the student to experiment with.
- Block Cipher Projects: These give the student greater understanding of AES, DES, and modes of operation.
- Programming Projects: The Instructor's Manual includes a series of small programming projects that cover a broad range of topics, and that can be implemented in any suitable language on any platform.
- Research Projects: A series of research assignments that instruct the student to research a particular topic on the Internet and write a report.
- Practical Security Assessments: A set of exercises to examine current infrastructure and practices of an existing organization.
- Reading/Report Assignments: A list of papers in the literature that can be assigned for the student to read and then write a short report.
- Writing Assignments: Designed to engage the student in a deep understanding of the topic and to reinforce their knowledge of hard facts and problem solving techniques.
New to This Edition
- Network access control: A new chapter includes coverage of network access control, including a general overview plus discussions of the Extensible Authentication Protocol and IEEE 802.1X¿
- Cloud security: A new section covers the security issues relating to the exciting new area of cloud computing.
- SHA-3: An online chapter covers the new cryptographic hash standard, SHA-3, which was adopted in 2012.
- Key wrapping: The use of key wrapping to protect symmetric keys has been adopted in a number of applications. A new section covers this topic.
- Elliptic Curve Digital Signature Algorithm (ECDSA): Because ECDSA is more efficient then other digital signature schemes, it is increasingly being adopted for digital signature applications. A new section covers ECDSA.
- RSA Probabilistic Signature Scheme (RSA-PSS): RSA-based digital signature schemes are perhaps the most widely use. A new section covers the recently standardized RSA-PSS, which is in the process of replacing older RSA-based schemes.
- True Random Number Generator: True random number generators have traditionally had a limited role because of their low bit rate, but a new generation of hardware true random number generators is now available that is comparable in performance to software pseudorandom number generators. A new section covers this topic and discusses the Intel Digital Random Number Generator (DRNG).
- Malicious software: This chapter provides a different focus than that of the fifth edition. Increasingly we see backdoor/rootkit type malware installed by social engineering attacks, rather than more classic virus/worm direct infection. And phishing is even more prominent than ever. These trends are reflected in the coverage.
- Sample syllabus: The text contains more material than can be conveniently covered in one semester. Accordingly, instructors are provided with several sample syllabi that guide the use of the text within limited time (e.g., 16 weeks or 12 weeks). These samples are based on real-world experience by professors with the first edition.
- VideoNotes on Sage examples: The new edition is accompanied by a number of VideoNotes lectures that amplify and clarify the cryptographic example presented in Appendix B, which introduces Sage.
- Learning objectives: Each chapter now begins with a list of learning objectives.
Table of Contents
Chapter 0 Guide for Readers and Instructors 1
0.1 Outline of This Book 2
0.2 A Roadmap for Readers and Instructors 3
0.3 Internet and Web Resources 4
0.4 Standards 5
Chapter 1 Overview 7
1.1 Computer Security Concepts 9
1.2 The OSI Security Architecture 14
1.3 Security Attacks 15
1.4 Security Services 17
1.5 Security Mechanisms 20
1.6 A Model for Network Security 22
1.7 Recommended Reading 24
1.8 Key Terms, Review Questions, and Problems 25
Part One Symmetric Ciphers 27
Chapter 2 Classical Encryption Techniques 27
2.1 Symmetric Cipher Model 28
2.2 Substitution Techniques 34
2.3 Transposition Techniques 49
2.4 Rotor Machines 50
2.5 Steganography 52
2.6 Recommended Reading 54
2.7 Key Terms, Review Questions, and Problems 55
Chapter 3 Block Ciphers and the Data Encryption Standard 61
3.1 Traditional Block Cipher Structure 63
3.2 The Data Encryption Standard 72
3.3 A DES Example 74
3.4 The Strength of DES 77
3.5 Block Cipher Design Principles 78
3.6 Recommended Reading 80
3.7 Key Terms, Review Questions, and Problems 81
Chapter 4 Basic Concepts in Number Theory and Finite Fields 85
4.1 Divisibility and the Division Algorithm 87
4.2 The Euclidean Algorithm 88
4.3 Modular Arithmetic 91
4.4 Groups, Rings, and Fields 99
4.5 Finite Fields of the Form GF( p) 102
4.6 Polynomial Arithmetic 106
4.7 Finite Fields of the Form GF(2n) 112
4.8 Recommended Reading 124
4.9 Key Terms, Review Questions, and Problems 124
Appendix 4A The Meaning of mod 127
Chapter 5 Advanced Encryption Standard 129
5.1 Finite Field Arithmetic 130
5.2 AES Structure 132
5.3 AES Transformation Functions 137
5.4 AES Key Expansion 148
5.5 An AES Example 151
5.6 AES Implementation 155
5.7 Recommended Reading 159
5.8 Key Terms, Review Questions, and Problems 160
Appendix 5A Polynomials with Coefficients in GF(28) 162
Appendix 5B Simplified AES 164
Chapter 6 Block Cipher Operation 174
6.1 Multiple Encryption and Triple DES 175
6.2 Electronic Code book 180
6.3 Cipher Block Chaining Mode 183
6.4 Cipher Feedback Mode 185
6.5 Output Feedback Mode 187
6.6 Counter Mode 189
6.7 XTS-AES Mode for Block-Oriented Storage Devices 191
6.8 Recommended Reading 198
6.9 Key Terms, Review Questions, and Problems 198
Chapter 7 Pseudorandom Number Generation and Stream Ciphers 202
7.1 Principles of Pseudorandom Number Generation 203
7.2 Pseudorandom Number Generators 210
7.3 Pseudorandom Number Generation Using a Block Cipher 213
7.4 Stream Ciphers 219
7.5 RC4 221
7.6 True Random Number Generators 223
7.7 Recommended Reading 227
7.8 Key Terms, Review Questions, and Problems 228
Part Two Asymmetric Ciphers 231
Chapter 8 More Number Theory 231
8.1 Prime Numbers 232
8.2 Fermat’s and Euler’s Theorems 236
8.3 Testing for Primality 239
8.4 The Chinese Remainder Theorem 242
8.5 Discrete Logarithms 244
8.6 Recommended Reading 249
8.7 Key Terms, Review Questions, and Problems 250
Chapter 9 Public-Key Cryptography and RSA 253
9.1 Principles of Public-Key Cryptosystems 256
9.2 The RSA Algorithm 264
9.3 Recommended Reading 278
9.4 Key Terms, Review Questions, and Problems 279
Appendix 9A The Complexity of Algorithms 283
Chapter 10 Other Public-Key Cryptosystems 286
10.1 Diffie-Hellman Key Exchange 287
10.2 Elgamal Cryptographic System 292
10.3 Elliptic Curve Arithmetic 295
10.4 Elliptic Curve Cryptography 303
10.5 Pseudorandom Number Generation Based on an Asymmetric Cipher 306
10.6 Recommended Reading 309
10.7 Key Terms, Review Questions, and Problems 309
Part Three Cryptographic Data Integrity Algorithms 313
Chapter 11 Cryptographic Hash Functions 313
11.1 Applications of Cryptographic Hash Functions 315
11.2 Two Simple Hash Functions 320
11.3 Requirements and Security 322
11.4 Hash Functions Based on Cipher Block Chaining 328
11.5 Secure Hash Algorithm (SHA) 329
11.6 SHA-3 339
11.7 Recommended Reading 351
11.8 Key Terms, Review Questions, and Problems 351
Chapter 12 Message Authentication Codes 355
12.1 Message Authentication Requirements 357
12.2 Message Authentication Functions 357
12.3 Requirements for Message Authentication Codes 365
12.4 Security of MACs 367
12.5 MACs Based on Hash Functions: HMAC 368
12.6 MACs Based on Block Ciphers: DAA and CMAC 373
12.7 Authenticated Encryption: CCM and GCM 376
12.8 Key Wrapping 382
12.9 Pseudorandom Number Generation using Hash Functions and MACs 387
12.10 Recommended Reading 390
12.11 Key Terms, Review Questions, and Problems 390
Chapter 13 Digital Signatures 393
13.1 Digital Signatures 395
13.2 Elgamal Digital Signature Scheme 398
13.3 Schnorr Digital Signature Scheme 400
13.4 NIST Digital Signature Algorithm 401
13.5 Elliptic Curve Digital Signature Algorithm 404
13.6 RSA-PSS Digital Signature Algorithm 407
13.7 Recommended Reading 412
13.8 Key Terms, Review Questions, and Problems 412
Part Four Mutual Trust 417
Chapter 14 Key Management and Distribution 417
14.1 Symmetric Key Distribution Using Symmetric Encryption 418
14.2 Symmetric Key Distribution Using Asymmetric Encryption 427
14.3 Distribution of Public Keys 430
14.4 X.509 Certificates 435
14.5 Public-Key Infrastructure 443
14.6 Recommended Reading 445
14.7 Key Terms, Review Questions, and Problems 446
Chapter 15 User Authentication 450
15.1 Remote User-Authentication Principles 451
15.2 Remote User-Authentication Using Symmetric Encryption 454
15.3 Kerberos 458
15.4 Remote User Authentication Using Asymmetric Encryption 476
15.5 Federated Identity Management 478
15.6 Personal Identity Verification 484
15.7 Recommended Reading 491
15.8 Key Terms, Review Questions, and Problems 491
Part Five Network And Internet Security 495
Chapter 16 Network Access Control and Cloud Security 495
16.1 Network Access Control 496
16.2 Extensible Authentication Protocol 499
16.3 IEEE 802.1X Port-Based Network Access Control 503
16.4 Cloud Computing 505
16.5 Cloud Security Risks and Countermeasures 512
16.6 Data Protection in the Cloud 514
16.7 Cloud Security as a Service 517
16.8 Recommended Reading 520
16.9 Key Terms, Review Questions, and Problems 521
Chapter 17 Transport-Level Security 522
17.1 Web Security Considerations 523
17.2 Secure Sockets Layer 525
17.3 Transport Layer Security 539
17.4 HTTPS 543
17.5 Secure Shell (SSH) 544
17.6 Recommended Reading 555
17.7 Key Terms, Review Questions, and Problems 556
Chapter 18 Wireless Network Security 558
18.1 Wireless Security 559
18.2 Mobile Device Security 562
18.3 IEEE 802.11 Wireless LAN Overview 566
18.4 IEEE 802.11i Wireless LAN Security 572
18.5 Recommended Reading 586
18.6 Key Terms, Review Questions, and Problems 587
Chapter 19 Electronic Mail Security 590
19.1 Pretty Good Privacy 591
19.2 S/MIME 599
19.3 DomainKeys Identified Mail 615
19.4 Recommended Reading 622
19.5 Key Terms, Review Questions, and Problems 622
Appendix 19A Radix-64 Conversion 623
Chapter 20 IP Security 626
20.1 IP Security Overview 628
20.2 IP Security Policy 632
20.3 Encapsulating Security Payload 638
20.4 Combining Security Associations 645
20.5 Internet Key Exchange 649
20.6 Cryptographic Suites 657
20.7 Recommended Reading 659
20.8 Key Terms, Review Questions, and Problems 659
Appendix A Projects for Teaching Cryptography and Network Security 661
A.1 Sage Computer Algebra Projects 662
A.2 Hacking Project 663
A.3 Block Cipher Projects 664
A.4 Laboratory Exercises 664
A.5 Research Projects 664
A.6 Programming Projects 665
A.7 Practical Security Assessments 665
A.8 Firewall Projects 666
A.9 Case Studies 666
A.10 Writing Assignments 666
A.11 Reading/Report Assignments 667
A.12 Discussion Topics 667
Appendix B Sage Examples 668
B.1 Linear Algebra and Matrix Functionality 669
B.2 Chapter 2: Classical Encryption 670
B.3 Chapter 3: Block Ciphers and the Data Encryption Standard 673
B.4 Chapter 4: Basic Concepts in Number Theory and Finite Fields 677
B.5 Chapter 5: Advanced Encryption Standard 684
B.6 Chapter 6: Pseudorandom Number Generation and Stream Ciphers 689
B.7 Chapter 8: Number Theory 691
B.8 Chapter 9: Public-Key Cryptography and RSA 696
B.9 Chapter 10: Other Public-Key Cryptosystems 699
B.10 Chapter 11: Cryptographic Hash Functions 704
B.11 Chapter 13: Digital Signatures 706
Online Chapters and Appendices1
Part Six System Security
Chapter 21 Malicious Software
21.1 Types of Malicious Software
21.2 Propagation — Infected Content - Viruses
21.3 Propagation — Vulnerability Exploit - Worms
21.4 Propagation — Social Engineering — SPAM, Trojans
21.5 Payload — System Corruption
21.6 Payload — Attack Agent — Zombie, Bots
21.7 Payload — Information Theft — Keyloggers, Phishing, Spyware
21.8 Payload — Stealthing — Backdoors, Rootkits
21.10 Distributed Denial of Service Attacks
21.11 Recommended Reading
21.12 Key Terms, Review Questions, and Problems
Chapter 22 Intruders
22.2 Intrusion Detection
22.3 Password Management
22.4 Recommended Reading
22.5 Key Terms, Review Questions, and Problems
Appendix 22A The Base-Rate Fallacy
Chapter 23 Firewalls
23.1 The Need for Firewalls
23.2 Firewall Characteristics
23.3 Types of Firewalls
23.4 Firewall Basing
23.5 Firewall Location and Configurations
23.6 Recommended Reading
23.7 Key Terms, Review Questions, and Problems
Part seven Legal And Ethical Issues
Chapter 24 Legal and Ethical Issues
24.1 Cybercrime and Computer Crime
24.2 Intellectual Property
24.4 Ethical Issues
24.5 Recommended Reading
24.6 Key Terms, Review Questions, and Problems
Appendix C Sage Exercises
Appendix D Standards and Standards-Setting Organizations
Appendix E Basic Concepts from Linear Algebra
Appendix F Measures of Security and Secrecy
Appendix G Simplified DES
Appendix H Evaluation Criteria for AES
Appendix I More on Simplified AES
Appendix J Knapsack Public-Key Algorithm
Appendix K Proof of the Digital Signature Algorithm
Appendix L TCP/IP and OSI
Appendix M Java Cryptographic APIs
Appendix N MD5 and Whirlpool Hash Functions
Appendix O Data Compression Using ZIP
Appendix P More on PGP
Appendix Q The International Reference Alphabet
Appendix R Proof of the RSA Algorithm
Appendix S Data Encryption Standard (DES)
Appendix T Kerberos Encryption Techniques
Appendix U Mathematical Basis of the Birthday Attack
Appendix V Evaluation Criteria for SHA-3
Websites and online courses
|Online purchase price||$24.99|
Other Student Resources
Bridge Page t/a A First Course
Ullman & Widom
Pearson offers affordable and accessible purchase options to meet the needs of your students. Connect with us to learn more.
K12 Educators: Contact your Savvas Learning Company Account General Manager for purchase options. Instant Access ISBNs are for individuals purchasing with credit cards or PayPal.
Savvas Learning Company is a trademark of Savvas Learning Company LLC.
About the Author(s)
Dr. William Stallings has authored 17 titles, and counting revised editions, over 40 books on computer security, computer networking, and computer architecture. His writings have appeared in numerous publications, including the Proceedings of the IEEE, ACM Computing Reviews and Cryptologia.
He has 11 times received the award for the best Computer Science textbook of the year from the Text and Academic Authors Association.
In over 30 years in the field, he has been a technical contributor, technical manager, and an executive with several high-technology firms. He has designed and implemented both TCP/IP-based and OSI-based protocol suites on a variety of computers and operating systems, ranging from microcomputers to mainframes. As a consultant, he has advised government agencies, computer and software vendors, and major users on the design, selection, and use of networking software and products.
He created and maintains the Computer Science Student Resource Site at ComputerScienceStudent.com. This site provides documents and links on a variety of subjects of general interest to computer science students (and professionals). He is a member of the editorial board of Cryptologia, a scholarly journal devoted to all aspects of cryptology.
Dr. Stallings holds a PhD from M.I.T. in Computer Science and a B.S. from Notre Dame in electrical engineering.
We're sorry! We don't recognize your username or password. Please try again.
Instructor resource file download
The work is protected by local and international copyright laws and is provided solely for the use of instructors in teaching their courses and assessing student learning.
You have successfully signed out and will be required to sign back in should you need to download more resources.