Ross Anderson - Security Engineering
Здесь есть возможность читать онлайн «Ross Anderson - Security Engineering» — ознакомительный отрывок электронной книги совершенно бесплатно, а после прочтения отрывка купить полную версию. В некоторых случаях можно слушать аудио, скачать через торрент в формате fb2 и присутствует краткое содержание. Жанр: unrecognised, на английском языке. Описание произведения, (предисловие) а так же отзывы посетителей доступны на портале библиотеки ЛибКат.
- Название:Security Engineering
- Автор:
- Жанр:
- Год:неизвестен
- ISBN:нет данных
- Рейтинг книги:3 / 5. Голосов: 1
-
Избранное:Добавить в избранное
- Отзывы:
-
Ваша оценка:
Security Engineering: краткое содержание, описание и аннотация
Предлагаем к чтению аннотацию, описание, краткое содержание или предисловие (зависит от того, что написал сам автор книги «Security Engineering»). Если вы не нашли необходимую информацию о книге — напишите в комментариях, мы постараемся отыскать её.
secure? Understand how to engineer dependable systems with this newly updated classic
In
Cambridge University professor Ross Anderson updates his classic textbook and teaches readers how to design, implement, and test systems to withstand both error and attack.
This book became a best-seller in 2001 and helped establish the discipline of security engineering. By the second edition in 2008, underground dark markets had let the bad guys specialize and scale up; attacks were increasingly on users rather than on technology. The book repeated its success by showing how security engineers can focus on usability.
Now the third edition brings it up to date for 2020. As people now go online from phones more than laptops, most servers are in the cloud, online advertising drives the Internet and social networks have taken over much human interaction, many patterns of crime and abuse are the same, but the methods have evolved. Ross Anderson explores what security engineering means in 2020, including:
How the basic elements of cryptography, protocols, and access control translate to the new world of phones, cloud services, social media and the Internet of Things Who the attackers are – from nation states and business competitors through criminal gangs to stalkers and playground bullies What they do – from phishing and carding through SIM swapping and software exploits to DDoS and fake news Security psychology, from privacy through ease-of-use to deception The economics of security and dependability – why companies build vulnerable systems and governments look the other way How dozens of industries went online – well or badly <l
Security Engineering — читать онлайн ознакомительный отрывок
Ниже представлен текст книги, разбитый по страницам. Система сохранения места последней прочитанной страницы, позволяет с удобством читать онлайн бесплатно книгу «Security Engineering», без необходимости каждый раз заново искать на чём Вы остановились. Поставьте закладку, и сможете в любой момент перейти на страницу, на которой закончили чтение.
Интервал:
Закладка:
 |
= 5 | (mod 7) | |
 = |
25 |  4 |
(mod 7) |
  |
4 x 5 |  6 |
(mod 7) |
  |
6 x 5 |  2 |
(mod 7) |
  |
2 x 5 |  3 |
(mod 7) |
  |
3 x 5 |  1 |
(mod 7) |
Figure 5.17 : Example of discrete logarithm calculations
5.7.2.1 One-way commutative encryption
Imagine we're back in ancient Rome, that Anthony wants to send a secret to Brutus, and the only communications channel available is an untrustworthy courier (say, a slave belonging to Caesar). Anthony can take the message, put it in a box, padlock it, and get the courier to take it to Brutus. Brutus could then put his own padlock on it too, and have it taken back to Anthony. He in turn would remove his padlock, and have it taken back to Brutus, who would now at last open it.
Exactly the same can be done using a suitable encryption function that commutes, that is, has the property that 
. Alice can take the message 
and encrypt it with her key 
to get 
which she sends to Bob. Bob encrypts it again with his key 
getting 
. But the commutativity property means that this is just 
, so Alice can decrypt it using her key 
getting 
. She sends this to Bob and he can decrypt it with 
, finally recovering the message 
.
How can a suitable commutative encryption be implemented? The one-time pad does indeed commute, but is not suitable here. Suppose Alice chooses a random key 
and sends Bob 
while Bob returns 
and Alice finally sends him 
, then an attacker can simply exclusive-or these three messages together; as 
= 0 for all 
, the two values of 
and 
both cancel out, leaving the plaintext 
.
The discrete logarithm problem comes to the rescue. If the discrete log problem based on a primitive root modulo 
is hard, then we can use discrete exponentiation as our encryption function. For example, Alice encodes her message as the primitive root 
, chooses a random number 
, calculates 
modulo 
and sends it, together with 
, to Bob. Bob likewise chooses a random number 
and forms 
modulo p, which he passes back to Alice. Alice can now remove her exponentiation: using Fermat's theorem, she calculates 
and sends it to Bob. Bob can now remove his exponentiation, too, and so finally gets hold of 
. The security of this scheme depends on the difficulty of the discrete logarithm problem. In practice, it can be tricky to encode a message as a primitive root; but there's a simpler way to achieve the same effect.
Интервал:
Закладка:
Похожие книги на «Security Engineering»
Представляем Вашему вниманию похожие книги на «Security Engineering» списком для выбора. Мы отобрали схожую по названию и смыслу литературу в надежде предоставить читателям больше вариантов отыскать новые, интересные, ещё непрочитанные произведения.
Обсуждение, отзывы о книге «Security Engineering» и просто собственные мнения читателей. Оставьте ваши комментарии, напишите, что Вы думаете о произведении, его смысле или главных героях. Укажите что конкретно понравилось, а что нет, и почему Вы так считаете.