Издательство InTech, 2012. - 256 p.
During the last three decades, public academic research in cryptography has exploded. While classical cryptography has been long used by ordinary people, computer cryptography was the exclusive domain of the world’s militaries since the World War II. Today, state-of the-art computer cryptography is practiced outside the secured walls of the military agencies. The laypersons can now employ security practices that can protect against the most powerful adversaries. Since we live in an era of connected world with convergence of computer and networks, the need of information security and assurance is more than it had ever has been before. With the advent of rapidly advancing and amazing technologies that enable instantaneous flow of information the purview of cryptography information security has also changed dramatically.
The computer security as it was understood in the 1960s and even later was how to create in a computer system a group of access controls that would implement or emulate processes of the prior paper world, plus the associated issues of protecting such software against unauthorized changes, subversion and illicit use, and of embedding the entire system in a secure physical environment with appropriate management and operational doctrines and procedures. The poorly understood aspect of security, the risk that it might malfunction- or be penetrated- and subvert the proper behaviour of software. For the aspects of communications, personnel, and physical security, there were a plethora of rules, regulations, operating procedures and experience to cover them. It was largely a matter of merging all of it with the hardware/software aspects to yield an overall secure system and operating environment.
However, the world has changed. We now live in an era of rapidly advancing and amazing communication and computing technologies that enable instantaneous flow of information – anytime, anywhere. Networking of computers is now a rule and not the exception. Many commercial transactions are now web-based and many commercial communities – the financial one in particular – have moved into a web posture. The net effect of all these transformation has been to expose the computer-based information system – its hardware, its software processes, its databases, its communication- to an environment over which no one – not the end user, not the network administrator or system owner, not even the government – has full control.
What must, therefore, be done is to provide appropriate technical, procedural, operational and environmental safeguards against threats as they might appear or be imagined, embedded in an acceptable legal framework. With this rapid transformation of computing and communication world, information-system security has moved from a largely self-contained bounded environment interacting with a generally known and disciplined user community to one of worldwide scope with a body of users that may not be known and are not necessarily trusted. Importantly, security control now must deal with circumstances over which there is a largely no control or expectation of avoiding their impact. Computer security, as it has evolve, shares a similarity with liability assurance; they each face a threat environment that is known in a very general way and can face attacks over a broad spectrum of sources; however, the exact details or even time or certainty of an attack is unknown until an incident actually occurs.
In this scenario of uncertainty and threats, cryptography will play a crucial role in developing new security solutions. New cryptographic algorithms, protocols and tools must follow up in order to adapt to the new communication and computing technologies. In addition to classical cryptographic algorithms, new approaches like chaos-based cryptography, DNA-based cryptography and quantum cryptography will be play important roles.
The purpose of this book is to present some of the critical security challenges in today’s computing world and to discuss mechanisms for defending against those attacks by using classical and modern approaches of cryptography and other security solutions. With this objective, the book provides a collection of research work in the field of cryptography and its applications in network security by some experts in these areas.
The book contains 11 chapters which are divided into two parts. The chapters in Part 1 of the book mostly deal with theoretical and fundamental aspects of cryptography. The chapters in Part 2, on the other hand, discuss various applications of cryptographic protocols and techniques in designing computing and network security solutions.
The Part 1 of the book contains six chapters. In Chapter 1: Provably secure cryptographic constructions, Nikolenko presents a survey of some of the existing methods for proving security in cryptosystems and also discusses feebly secure cryptographic primitives. In Chapter 2: Malicious cryptology and mathematics, Filiol discusses existing research work on malicious cryptology, malware-based operational cryptanalysis and other key issues in the emerging field of malicious cryptographic algorithm designs. In Chapter 3: Cryptographic criteria on vector boolean functions, Álvarez-Cubero and Zufiria present cryptographic criteria like nonlinearity, linearity distance, balancedness, algebraic degree, correlation immunity, resiliency and propagation criterion for construction of Vector Boolean functions such as composition, addition or coordinate function etc. In Chapter 4: Construction of orthogonal arrays of index unity Using logarithm tables for Galois fields, Torres-Jimenez et al. present a discussion on orthogonal arrays and their importance in development of algorithms in cryptography and propose an efficient implementation of Bush’s construction of orthogonal arrays of index unity based on the use of logarithm tables for Galois Fields. In Chapter 5: Elliptic curve cryptography and the point counting algorithms, Kamarulhaili and Jie present mathematical discussion on elliptic curves, group operations of points on an elliptic curve, the addition algorithm, doubling operations over real numbers as well as over a finite field. In Chapter 6: Division and inversion over finite fields, Abdallah presents algorithms for division and inversion operations over finite fields based on Fermat’s little theorem and Euclidean dividers.
The Part 2 contains five chapters. In Chapter 7: Secure and privacy-preserving data aggregation protocols for wireless sensor networks, Sen discusses the requirement of secure and privacy preserving data aggregation in wireless sensor networks and presents a couple of algorithms to achieve these requirements. In Chapter 8: Scan-based sidechannel attack on the RSA cryptosystem, Nara et al. present a scan-based attack wherein, by checking a bit sequence or scan signature it is possible to retrieve the secret key in an n RSA cryptosystem. In Chapter 9: PGP protocols with applications, Al-Bayatti et al. discuss methods to combine graphical curve security methods with classical cryptographic algorithm to enhance the level of security in a system. In Chapter 10: Comparative analysis between master key and interpretative key management (IKM) frameworks, Chaeikar et al. have presented a comparative analysis of the efficiency and effectiveness of master key and interpretative key management frameworks. In Chapter 11: Potential applications of IPSec in next-generation networks, Vintilă discusses how IPSec could be utilized to implement security in next generation broadband wireless networks.
The book can be very useful for researchers, engineers, graduate and doctoral students working in cryptography and security related areas. It can also be very useful for faculty members of graduate schools and universities. However, it is not a basic tutorial on cryptography and network security. Hence, it does not have any detailed introductory information on these topics. The readers need to have at least some basic knowledge on theoretical cryptography and fundamentals on network security. The book should also not be taken as a detailed research report. While some chapters simply present some specific problems and their solutions that might be helpful for graduate students, some talk about fundamental information that might be useful for general readers. Some of the chapters present in-depth cryptography and security related theories and latest updates in a particular research area that might be useful to advanced readers and researchers in identifying their research directions and formulating problems to solve.
Theoretical and Fundamental Aspects of Cryptography Provably Secure Cryptographic Constructions
Malicious Cryptology and Mathematics
Cryptographic Criteria on Vector Boolean Functions
Construction of Orthogonal Arrays of Index Unity Using Logarithm Tables for Galois Fields
Elliptic Curve Cryptography and Point Counting Algorithms
Division and Inversion Over Finite Fields
Applications of Cryptographic Algorithms and Protocols Secure and Privacy-Preserving Data Aggregation Protocols for Wireless Sensor Networks
Scan-Based Side-Channel Attack on the RSA Cryptosystem
PGP Protocol and Its Applications
Comparative Analysis of Master-Key and Interpretative Key Management (IKM) Frameworks
Potential Applications of IPsec in Next Generation Networks