Research over the last two decades has considerably expanded knowledge of Internet cryptography, revealing the important interplay between standardization, implementation, and research.
This practical textbook/guide is intended for academic courses in IT security and as a reference guide for Internet security. It describes important Internet standards in a language close to real-world cryptographic research and covers the essential cryptographic standards used on the Internet, from WLAN encryption to TLS and e-mail security. From academic and non-academic research, the book collects information about attacks on implementations of these standards (because these attacks are the main source of new insights into real-world cryptography). By summarizing all this in one place, this useful volume can highlight cross-influences in standards, as well as similarities in cryptographic constructions.
Topics and features:
· Covers the essential standards in Internet cryptography
· Integrates work exercises and problems in each chapter
· Focuses especially on IPsec, secure e-mail and TLS
· Summarizes real-world cryptography in three introductory chapters
· Includes necessary background from computer networks
· Keeps mathematical formalism to a minimum, and treats cryptographic primitives mainly as blackboxes
· Provides additional background on web security in two concluding chapters
Offering a uniquely real-world approach to Internet cryptography, this textbook/reference will be highly suitable to students in advanced courses on cryptography/cryptology, as well as eminently useful to professionals looking to expand their background and expertise.
Professor Dr. Jörg Schwenk holds the Chair for Network and Data Security at the Ruhr University in Bochum, Germany. He (co-)authored about 150 papers on the book’s topics, including for conferences like ACM CCS, Usenix Security, IEEE S&P, and NDSS.
Author(s): Jörg Schwenk
Series: Information Security and Cryptography
Edition: 1
Publisher: Springer
Year: 2022
Language: English
Commentary: Publisher PDF
Pages: 549
City: Cham
Tags: Cryptography; Cryptographic Building Blocks; TLS Security; Cyber Security; Data Information Security; Point-to-Point Security; IP Security; Securing HTTP; Secure Shell; DNS Security; File Encryption (PGP); Email Security (S/MIME); S/MIME Attacks; OpenPGP Attacks
Preface
Contents
Chapter 1 The Internet
1.1 TCP/IP Communication Model
1.1.1 Link Layer
1.1.2 Internet layer
1.1.3 Transport Layer
1.1.4 Application Layer
1.2 Threats on the Internet
1.2.1 Passive Attacks
1.2.2 Active Attacks
1.3 Cryptography on the Internet
Related Work
Problems
References
Chapter 2 Cryptography: Confidentiality
2.1 Notation
2.2 Symmetric Encryption
2.2.1 Block Ciphers
2.2.2 Block Cipher Modes of Operation
2.2.3 Stream Ciphers
2.2.4 Pseudo-random Sequences
2.3 Asymmetric Encryption
2.4 RSA Encryption
2.4.1 Textbook RSA
2.4.2 PKCS#1
2.4.3 OAEP
2.5 Diffie-Hellman Key Exchange
2.5.1 Diffie-Hellman Key Exchange (DHKE)
2.5.2 Mathematics: Groups
2.5.3 Complexity Assumptions
2.6 ElGamal encryption
2.6.1 ElGamal encryption
2.6.2 Key Encapsulation Mechanism (KEM)
2.7 Hybrid Encryption of Messages
2.8 Security Goal: Confidentiality
Related Work
Problems
References
Chapter 3 Cryptography: Integrity and Authenticity
3.1 Hash Functions
3.1.1 Standardized Hash Functions
3.1.2 Security of Hash Functions
3.2 Message Authentication Codes and Pseudo-random Functions
3.3 Authenticated Encryption
3.4 Digital Signatures
3.5 RSA Signature
3.5.1 Textbook RSA
3.5.2 RSA-PKCS#1
3.6 Discrete Log Based Signature Schemes
3.6.1 ElGamal signature
3.6.2 DSS and DSA
3.7 Security Goal: Integrity and Authenticity
3.8 Security Goal: Confidentiality and Integrity
Related Work
Problems
References
Chapter 4 Cryptographic Protocols
4.1 Passwords
4.1.1 Username/Password Protocol
4.1.2 Dictionary Attacks
4.1.3 Rainbow Tables
4.2 Authentication Protocols
4.2.1 One-Time-Password-Protocol (OTP)
4.2.2 Challenge-and-Response Protocol
4.2.3 Certificate/Verify Protocol
4.2.4 Mutual Authentication
4.3 Key Agreement
4.3.1 Public Key based Key Agreement
4.3.2 Symmetric Key Agreement
4.4 Authenticated Key Agreement
4.5 Attacks and security models
4.5.1 Protocol Security Models
4.5.2 Generic Attacks on Protocols
4.6 Certificates
4.6.1 X.509 Certificates
4.6.2 Public Key Infrastructure (PKI)
4.6.3 Validity of Certificates
4.6.4 Attacks on Certificates
Related Work
Problems
References
Chapter 5 Point-to-Point Security
5.1 Point-to-Point Protocol
5.1.1 PPP Authentication
5.1.2 PPP Extensions
5.2 Authentication, Authorization and Accounting (AAA)
5.3 Point-to-Point Tunneling Protocol (PPTP)
5.4 The PPTP attack by Schneier and Mudge
5.4.1 Attack on Hashed PAP
5.4.2 Attack on MS-CHAP
5.5 PPTPv2
5.6 EAP Protocols
Related Work
Problems
References
Chapter 6 Wireless LAN (WLAN)
6.1 Local Area Network (LAN)
6.1.1 Ethernet and other LAN Technologies
6.1.2 LAN specific Attacks
6.1.3 Non-Cryptographic Security Mechanisms
6.2 Wireless LAN
6.3 Wired Equivalent Privacy (WEP)
6.3.1 WEP Frame Encryption
6.3.2 RC4
6.3.3 Security Problems of WEP
6.3.4 The Attack of Fluhrer, Mantin, and Shamir
6.4 Wi-Fi Protected Access (WPA)
6.5 IEEE 802.1X
6.6 Enterprise WPA/IEEE 802.11i with EAP
6.7 Key Reinstallation Attack (KRACK) against WPA2
6.8 WPA3
Related Work
Problems
References
Chapter 7 Cellular Networks
7.1 Short History
7.2 Architecture of Cellular Networks
7.3 GSM
7.4 UMTS and LTE
7.5 Integration with the Internet: EAP
Related Work
Problems
References
Chapter 8 IP Security (IPsec)
8.1 Internet Protocol (IP)
8.1.1 IP packets
8.1.2 IP Address
8.1.3 Routing
8.1.4 Round-Trip Time (RTT)
8.1.5 Private IP Addresses and Network Address Translation (NAT)
8.1.6 Virtual Private Network (VPN)
8.2 Early Approach: Simple Key Management for Internet Protocols (SKIP)
8.3 IPsec: Overview
8.3.1 SPI and SA
8.3.2 Software Modules
8.3.3 Sending an encrypted IP packet
8.4 IPsec Data Formats
8.4.1 Transport and Tunnel Mode
8.4.2 Authentication Header (AH)
8.4.3 Encapsulating Security Payload (ESP)
8.4.4 ESP and AH in IPv6
8.5 IPsec Key Management: Development
8.5.1 Station-to-Station Protocol
8.5.2 Photuris
8.5.3 SKEME
8.5.4 OAKLEY
8.6 Internet Key Exchange Version 1 (IKEv1)
8.6.1 Phases in IKEv1
8.6.2 Data Structure: ISAKMP
8.6.3 Phase 1 Main Mode
8.6.4 Phase 1 Aggressive Mode
8.6.5 Phase 2
8.7 IKEv2
8.7.1 Phases in IKEv2
8.7.2 Phase 1
8.7.3 Negotiation of further IPsec SAs/Child SAs
8.8 NAT Traversal
8.9 Attacks on IPsec
8.9.1 Attacks on Encryption-Only Modes in ESP
8.9.2 Dictionary attacks on PSK modes
8.9.3 Bleichenbacher attack on IKEv1 and IKEv2
8.10 Alternatives to IPsec
8.10.1 OpenVPN
8.10.2 New developments
Related Work
Problems
References
Chapter 9 Security of HTTP
9.1 TCP and UDP
9.1.1 User Datagram Protocol (UDP)
9.1.2 Transmission Control Protocol (TCP)
9.1.3 UDP and TCP Proxies
9.2 Hypertext Transfer Protocol (HTTP)
9.3 HTTP Security Mechanisms
9.3.1 Basic Authentication for HTTP
9.3.2 Digest Access Authentication for HTTP
9.3.3 HTML forms with password input
9.4 HTTP/2
Related Work
Problems
References
Chapter 10 Transport Layer Security
10.1 TLS-Ecosystem
10.1.1 Versions
10.1.2 Architecture
10.1.3 Activation of TLS
10.1.4 Other Handshake Components
10.2 TLS Record Protocol
10.2.1 TLS Record Layer
10.3 TLS Handshake Protocol: Overview
10.4 TLS Ciphersuites
10.5 TLS Handshake: Detailed Walkthrough
10.5.1 Negotiation: ClientHello and ServerHello
10.5.2 Key Exchange: Certificate and ClientKeyExchange
10.5.3 Key Generation
10.5.4 Synchronization: ChangeCipherSpec and Finished
10.5.5 Optional authentication of the client: CertificateRequest, Certificate and CertificateVerify
10.5.6 TLS-DHE Handshake in Detail
10.5.7 TLS-RSA Handshake in Detail
10.6 Alert and ChangeCipherSec
10.7 TLS Session Resumption
10.8 TLS Renegotiation
10.9 TLS Extensions
10.10 HTTP Headers Affecting TLS
10.11 Datagram TLS (DTLS)
10.11.1 Problems with TLS over UDP
10.11.2 Adjustments made in DTLS
Related Work
Problems
References
Chapter 11 A Short History of TLS
11.1 First Attempts: SSL 2.0 and PCT
11.1.1 SSL 2.0: Records
11.1.2 SSL 2.0: Handshake
11.1.3 SSL 2.0: Key Derivation
11.1.4 SSL 2.0: Problems
11.1.5 Private Communication Technology
11.2 SSL 3.0
11.2.1 Record Layer
11.2.2 Handshake
11.2.3 Key Derivation
11.2.4 FORTEZZA: Skipjack and KEA
11.3 TLS 1.0
11.3.1 Use of HMAC
11.3.2 Record Layer
11.3.3 The PRF function of TLS 1.0 and 1.1
11.4 TLS 1.1
11.5 TLS 1.3
11.5.1 TLS-1.3 Ecosystem
11.5.2 Record Layer
11.5.3 Regular Handshake: Description
11.5.4 TLS 1.3: Key Derivation
11.5.5 PSK Handshake and 0-RTT Mode
11.6 Important implementations
11.7 Conclusion
Related Work
Problems
References
Chapter 12 Attacks on SSL and TLS
12.1 Overview
12.2 Attacker Models
12.2.1 Web Attacker Model
12.2.2 Man-in-the-Middle Attack
12.3 Record Layer: First Attacks
12.3.1 Dictionary of Ciphertext Lengths
12.3.2 BEAST
12.4 Record Layer: Padding-Oracle Attacks
12.4.1 Padding Oracle Attack by Serge Vaudenay
12.4.2 Padding Oracles in TLS
12.4.3 A First Attack on TLS
12.4.4 Padding-Oracle attack on DTLS
12.4.5 Lucky 13
12.4.6 POODLE
12.5 Record Layer: Compression-based Attacks
12.5.1 Data Compression in HTTPS
12.5.2 CRIME
12.5.3 BREACH
12.5.4 TIME and HEIST
12.6 Attacks on the TLS Handshake
12.6.1 Attacks on SSL 2.0
12.6.2 Version Rollback Attack on SSL 3.0
12.6.3 Bleichenbacher Attack
12.6.4 Variants of the Bleichenbacher attack
12.6.5 Signature Forgery with Bleichenbacher
12.6.6 ROBOT
12.6.7 Synchronization Attack on TLS-RSA
12.6.8 Triple Handshake Attack
12.6.9 Raccoon
12.7 Private Key Attacks
12.7.1 Timing-based Attacks
12.7.2 Heartbleed
12.7.3 Small Subgroup Attacks
12.8 Cross-Protocol Attacks
12.8.1 Cross-Cipher Suite Attacks for TLS
12.8.2 TLS and QUIC
12.8.3 TLS 1.2 and TLS 1.3
12.8.4 TLS and IPsec
12.8.5 DROWN
12.8.6 ALPACA
12.9 Attacks on the Graphical User Interface
12.9.1 The PKI for TLS
12.9.2 Phishing, Pharming and Visual Spoofing
12.9.3 Warnings
12.9.4 SSLStrip
Related Work
Problems
References
Chapter 13 Secure Shell (SSH)
13.1 Introduction
13.1.1 What is a “Shell”?
13.1.2 SSH Key Management
13.1.3 Short history of SSH
13.2 SSH-1
13.3 SSH 2.0
13.3.1 Handshake
13.3.2 Binary Packet Protocol
13.4 Attacks on SSH
13.4.1 Attack by Albrecht, Paterson, and Watson
Related Work
Problems
References
Chapter 14 Kerberos
14.1 Symmetric Crypto: Key Management
14.2 The Needham-Schroeder Protocol
14.3 Kerberos Protocol
14.4 Security of Kerberos v5
14.5 Kerberos v5 and Microsoft’s Active Directory
Related Work
Problems
References
Chapter 15 DNS Security
15.1 Domain Name System (DNS)
15.1.1 Short History of DNS
15.1.2 Domain Names and DNS Hierarchy
15.1.3 Resource Records
15.1.4 Resolution of Domain Names
15.1.5 DNS Query and DNS Response
15.2 Attacks on the DNS
15.2.1 DNS Spoofing
15.2.2 DNS Cache Poisoning
15.2.3 Name Chaining and In-Bailiwick-RRs
15.2.4 Kaminski attack
15.3 DNSSEC
15.3.1 New RR Data Types
15.3.2 Secure Name Resolution with DNSSEC
15.4 Securing DNS
15.4.1 DNSSEC Deployment
15.4.2 Alternatives for DNS
Related Work
Problems
References
Chapter 16 File Encryption: PGP
16.1 PGP - The Legend
16.1.1 The Beginnings
16.1.2 The Prosecution
16.1.3 PGP 2.62 and PGP International
16.1.4 IETF standard
16.2 The PGP Ecosystem
16.2.1 Key Management in PGP
16.2.2 Encryption
16.2.3 Digital Signatures
16.3 Open PGP
16.3.1 OpenPGP packets
16.3.2 Encryption and Signature of a Test Message
16.3.3 OpenPGP Packets
16.3.4 Radix 64 Conversion
16.4 Attacks on PGP
16.4.1 Additional Decryption Keys
16.4.2 Manipulation of the private key
16.5 PGP: Implementations
16.5.1 Crypto Libraries with OpenPGP Support
16.5.2 OpenPGP GUIs for Different Operating Systems
16.5.3 Package Managers with OpenPGP Signatures
16.5.4 Software Downloads
Related Work
Problems
References
Chapter 17 Email Security: S/MIME
17.1 E-Mail according to RFC 822
17.2 Privacy Enhanced Mail (PEM)
17.3 Multipurpose Internet Mail Extensions (MIME)
17.4 ASN.1, PKCS#7 and CMS
17.4.1 Platform independence: ASN.1
17.4.2 Public Key Cryptography Standards (PKCS)
17.4.3 PKCS#7 and Cryptographic Message Syntax (CMS)
17.5 S/MIME
17.6 S/MIME: Encryption
17.7 S/MIME: Signature
17.7.1 Key Management
17.8 PGP/MIME
Related Work
Problems
References
Chapter 18 Attacks on S/MIME and OpenPGP
18.1 EFAIL 1: Encryption
18.1.1 Attacker Model
18.1.2 Backchannels
18.1.3 Crypto Gadgets
18.1.4 Direct Exfiltration
18.2 EFAIL 2: Digital Signatures
18.2.1 Attacker Model
18.2.2 GUI Spoofing
18.2.3 FROM Spoofing
18.2.4 MIME Wrapping
18.2.5 CMS Wrapping
18.3 EFAIL 3: Reply Attacks
Related Work
Problems
References
Chapter 19 Email: Protocols and SPAM
19.1 POP3 and IMAP
19.1.1 POP3
19.1.2 IMAP
19.2 SMTP-over-TLS
19.3 SPAM and SPAM filters
19.4 E-Mail Sender
19.5 Domain Key Identified Mail (DKIM)
19.6 Sender Policy Framework (SPF)
19.7 DMARC
Related Work
Problems
References
Chapter 20 Web Security and Single Sign-On Protocols
20.1 Web Applications
20.1.1 Architecture of Web Applications
20.1.2 Hypertext Markup Language (HTML)
20.1.3 Uniform Resource Locators (URLs) and Uniform Resource Identifiers (URIs)
20.1.4 JavaScript and the Document Object Model (DOM)
20.1.5 Same Origin Policy (SOP)
20.1.6 Cascading Style Sheets
20.1.7 AJAX
20.1.8 HTTP Cookies
20.1.9 HTTP Redirect and Query Strings
20.1.10 HTML Forms
20.2 Web Application Security
20.2.1 Cross-Site Scripting (XSS)
20.2.2 Cross-Site Request Forgery (CSRF)
20.2.3 SQL Injection (SQLi)
20.2.4 UI Redressing
20.3 Single Sign-On Protocols
20.3.1 Microsoft Passport
20.3.2 Security Assertion Markup Language (SAML)
20.3.3 OpenID
20.3.4 OAuth
20.3.5 OpenID Connect
Related Work
Problems
References
Chapter 21 Cryptographic Data Formats
21.1 TLV Encoding and Chracter-Based Encoding
21.2 eXtensible Markup Language (XML)
21.2.1 XML Namespaces
21.2.2 DTD and XML Schema
21.2.3 XPath
21.2.4 XSLT
21.2.5 XML Signature
21.2.6 XML Encryption
21.2.7 XML Security
21.3 JavaScript Object Notation (JSON)
21.3.1 Syntax
21.3.2 JSON Web Signature
21.3.3 JSON Web Encryption
21.3.4 Security of JSON Signing and Encryption
Related Work
Problems
References
Index