Contents
Preface xix
What is covered in this book xix
Is security an obstacle to e-commerce development? xx
Why I wrote this book xxi
Some disclaimers xxi
How to read this book xxi
Acknowledgements xxii
Part 1
Information Security 1
1 Introduction to Security 3
1.1 Security Threats 3
1.2 Risk Management 4
1.3 Security Services 5
1.4 Security Mechanisms 6
2 Security Mechanisms 11
2.1 Data Integrity Mechanisms 11
2.1.1 Cryptographic Hash Functions 12
2.1.2 Message Authentication Code 14
2.2 Encryption Mechanisms 15
2.2.1 Symmetric Mechanisms 15
2.2.2 Public Key Mechanisms 24
2.3 Digital Signature Mechanisms 36
2.3.1 RSA Digital Signature 37
2.3.2 Digital Signature Algorithm 38
2.3.3 Elliptic Curve Analog of DSA 40
2.3.4 Public Key Management 41
2.4 Access Control Mechanisms 41
2.4.1 Identity-Based Access Control 42
2.4.2 Rule-Based Access Control 43
2.5 Authentication Exchange Mechanisms 43
2.5.1 Zero-Knowledge Protocols 44
2.5.2 Guillou-Quisquater 44
2.6 Traffic Padding Mechanisms 45
2.7 Message Freshness 46
2.8 Random Numbers 47
3 Key Management and Certificates 51
3.1 Key Exchange Protocols 51
3.1.1 Diffie-Hellman 52
3.1.2 Elliptic Curve Analog of Diffie-Hellman 53
6.2 Payer Anonymity 88
6.2.1 Pseudonyms 88
6.3 Payment Transaction Untraceability 90
6.3.1 Randomized Hashsum in iKP 90
6.3.2 Randomized Hashsum in SET 90
6.4 Confidentiality of Payment Transaction Data 91
6.4.1 Pseudorandom Function 91
6.4.2 Dual Signature 93
6.5 Nonrepudiation of Payment Transaction Messages 95
6.5.1 Digital Sig
7.1 Payment Transaction Untraceability 101
7.1.1 Blind Signature 102
7.1.2 Exchanging Coins 102
7.2 Protection Against Double Spending 103
7.2.1 Conditional Anonymity by Cut-and-Choose 103
7.2.2 Blind Signature 104
7.2.3 Exchanging Coins 104
7.2.4 Guardian 105
7.3 Protection Against of Forging of Coins 110
7.3.1 Expensive-to-Produce Coins 110
7.4 Protection Against Stealing of Coins 111
7.4.1 Customized Coins 111
8 Electronic Check Security 119
8.1 Payment Authorization Transfer 119
8.1.1 Proxies 120
9 An Electronic Payment Framework 125
9.1 Internet Open Trading Protocol (IOTP) 125
9.2 Security Issues 127
9.3 An Example With Digital Signatures 128
Part 3
Communication Security 133
10 Communication Network 135
10.1 Introduction 135
10.2 The OSI Reference Model 136
10.3 The Internet Model 138
10.4 Networking Technologies 141
10.5 Security at Different Layers 143
10.5.1 Protocol Selection Criteria 145
10.6 Malicious Programs 146
10.6.1 The Internet Worm 147
10.6.2 Macros and Executable Content 149
10.7 Communication Security Issues 149
10.7.1 Security Threats 150
10.7.2 Security Negotiation 153
10.7.3 TCP/IP Support Protocols 154
10.7.4 Vulnerabilities and Flaws 154
10.8 Firewalls 157
10.9 Virtual Private Networks (VPN) 158
11 Network Access Layer Security 161
11.1 Introduction 161
11.2 Asynchronous Transfer Mode (ATM) 162
11.2.1 ATM Security Services 164
11.2.2 Multicast Security 169
11.2.3 ATM Security Message Exchange 169
11.2.4 ATM VPN 169
11.3 Point-to-Point Protocol (PPP) 170
11.3.1 Password Authentication Protocol (PAP) 173
11.3.2 Challenge-Handshake Authentication Protocol
(CHAP) 174
11.3.3 Extensible Authentication Protocol (EAP) 176
11.3.4 Encryption Control Protocol (ECP) 179
11.4 Layer Two Tunneling Protocol (L2TP) 179
12 Internet Layer Security 185
12.1 Introduction 185
12.2 Packet Filters 186
12.2.1 Filtering Based on IP Addresses 186
12.2.2 Filtering Based on IP Addresses and Port Numbers 188
12.2.3 Problems With TCP 191
12.2.4 Network Address Translation (NAT) 195
12.3 IP Security (IPsec) 196
12.3.1 Security Association 197
12.3.2 The Internet Key Exchange (IKE) 199
12.3.3 IP Security Mechanisms 204
12.4 Domain Name Service (DNS) Security 210
12.5 Network-Based Intrusion Detection 210
12.5.1 Network Intrusion Detection Model 212
12.5.2 Intrusion Detection Methods 213
12.5.3 Attack Signatures 215
13 Transport Layer Security 221
13.1 Introduction 221
13.2 TCP Wrapper 222
13.3 Circuit Gateways 223
13.3.1 SOCKS Version 5 223
13.4 Transport Layer Security (TLS) 225
13.4.1 TLS Record Protocol 226
13.4.2 TLS Handshake Protocol 227
13.5 Simple Authentication and Security Layer (SASL) 232
13.5.1 An Example: LDAPv3 With SASL 233
13.6 Internet Security Association and Key Management
Protocol (ISAKMP) 235
13.6.1 Domain of Interpretation (DOI) 235
13.6.2 ISAKMP Negotiations 236
14 Application Layer Security 243
14.1 Introduction 243
14.2 Application Gateways and Content Filters 244
14.3 Access Control and Authorization 245
14.4 Operating System Security 246
14.5 Host-Based Intrusion Detection 249
14.5.1 Audit Records 249
14.5.2 Types of Intruders 249
14.5.3 Statistical Intrusion Detection 250
14.6 Security-Enhanced Internet Applications 251
14.7 Security Testing 251
Part 4
Web Security 255
15 The Hypertext Transfer Protocol 257
15.1 Introduction 257
15.2 Hypertext Transfer Protocol (HTTP) 258
15.2.1 HTTP Messages 260
15.2.2 Headers Leaking Sensitive Information 262
15.2.3 HTTP Cache Security Issues 263
15.2.4 HTTP Client Authentication 264
15.2.5 SSL Tunneling 267
15.3 Web Transaction Security 268
15.3.1 S-HTTP 270
16 Web Server Security 273
16.1 Common Gateway Interface 274h
16.2 Servlets 276
16.3 Anonymous Web Publishing: Rewebber 277
16.4 Database Security 277
16.5 Copyright Protection 280
Another Computer Security Books
Another eCommerce Books
Download
No comments:
Post a Comment