Ross Anderson - Security Engineering
Здесь есть возможность читать онлайн «Ross Anderson - Security Engineering» — ознакомительный отрывок электронной книги совершенно бесплатно, а после прочтения отрывка купить полную версию. В некоторых случаях можно слушать аудио, скачать через торрент в формате fb2 и присутствует краткое содержание. Жанр: unrecognised, на английском языке. Описание произведения, (предисловие) а так же отзывы посетителей доступны на портале библиотеки ЛибКат.
- Название:Security Engineering
- Автор:
- Жанр:
- Год:неизвестен
- ISBN:нет данных
- Рейтинг книги:3 / 5. Голосов: 1
-
Избранное:Добавить в избранное
- Отзывы:
-
Ваша оценка:
Security Engineering: краткое содержание, описание и аннотация
Предлагаем к чтению аннотацию, описание, краткое содержание или предисловие (зависит от того, что написал сам автор книги «Security Engineering»). Если вы не нашли необходимую информацию о книге — напишите в комментариях, мы постараемся отыскать её.
secure? Understand how to engineer dependable systems with this newly updated classic
In
Cambridge University professor Ross Anderson updates his classic textbook and teaches readers how to design, implement, and test systems to withstand both error and attack.
This book became a best-seller in 2001 and helped establish the discipline of security engineering. By the second edition in 2008, underground dark markets had let the bad guys specialize and scale up; attacks were increasingly on users rather than on technology. The book repeated its success by showing how security engineers can focus on usability.
Now the third edition brings it up to date for 2020. As people now go online from phones more than laptops, most servers are in the cloud, online advertising drives the Internet and social networks have taken over much human interaction, many patterns of crime and abuse are the same, but the methods have evolved. Ross Anderson explores what security engineering means in 2020, including:
How the basic elements of cryptography, protocols, and access control translate to the new world of phones, cloud services, social media and the Internet of Things Who the attackers are – from nation states and business competitors through criminal gangs to stalkers and playground bullies What they do – from phishing and carding through SIM swapping and software exploits to DDoS and fake news Security psychology, from privacy through ease-of-use to deception The economics of security and dependability – why companies build vulnerable systems and governments look the other way How dozens of industries went online – well or badly <l
Security Engineering — читать онлайн ознакомительный отрывок
Ниже представлен текст книги, разбитый по страницам. Система сохранения места последней прочитанной страницы, позволяет с удобством читать онлайн бесплатно книгу «Security Engineering», без необходимости каждый раз заново искать на чём Вы остановились. Поставьте закладку, и сможете в любой момент перейти на страницу, на которой закончили чтение.
Интервал:
Закладка:
5.7.2.2 Diffie-Hellman key establishment
The first public-key encryption scheme to be published, by Whitfield Diffie and Martin Hellman in 1976, has a fixed primitive root 
and uses 
modulo 
as the key to a shared-key encryption system. The values 
and 
can be the private keys of the two parties.
Let's walk through this. The prime 
and generator 
are common to all users. Alice chooses a secret random number 
, calculates 
and publishes it opposite her name in the company phone book. Bob does the same, choosing a random number 
and publishing 
. In order to communicate with Bob, Alice fetches 
from the phone book, forms 
which is just 
, and uses this to encrypt the message to Bob. On receiving it, Bob looks up Alice's public key 
and forms 
which is also equal to 
, so he can decrypt her message.
Alternatively, Alice and Bob can use transient keys, and get a mechanism for providing forward security. As before, let the prime 
and generator 
be common to all users. Alice chooses a random number 
, calculates 
and sends it to Bob; Bob does the same, choosing a random number 
and sending 
to Alice; they then both form 
, which they use as a session key (see Figure 5.18).
Alice and Bob can now use the session key 
to encrypt a conversation. If they used transient keys, rather than long-lived ones, they have managed to create a shared secret ‘out of nothing’. Even if an opponent had inspected both their machines before this protocol was started, and knew all their stored private keys, then provided some basic conditions were met (e.g., that their random number generators were not predictable and no malware was left behind) the opponent could still not eavesdrop on their traffic. This is the strong version of the forward security property to which I referred in section 5.6.2. The opponent can't work forward from knowledge of previous keys, however it was obtained. Provided that Alice and Bob both destroy the shared secret after use, they will also have backward security: an opponent who gets access to their equipment later cannot work backward to break their old traffic. In what follows, we may write the Diffie-Hellman key derived from 
and 
as 
when we don't have to be explicit about which group we're working in, and don't need to write out explicitly which is the private key 
and which is the public key 
.
 |
 |
 |
 |
 |
 |
Figure 5.18 : The Diffie-Hellman key exchange protocol
Slightly more work is needed to provide a full solution. Some care is needed when choosing the parameters 
and 
; we can infer from the Snowden disclosures, for example, that the NSA can solve the discrete logarithm problem for commonly-used 1024-bit prime numbers 6. And there are several other details which depend on whether we want properties such as forward security.
Интервал:
Закладка:
Похожие книги на «Security Engineering»
Представляем Вашему вниманию похожие книги на «Security Engineering» списком для выбора. Мы отобрали схожую по названию и смыслу литературу в надежде предоставить читателям больше вариантов отыскать новые, интересные, ещё непрочитанные произведения.
Обсуждение, отзывы о книге «Security Engineering» и просто собственные мнения читателей. Оставьте ваши комментарии, напишите, что Вы думаете о произведении, его смысле или главных героях. Укажите что конкретно понравилось, а что нет, и почему Вы так считаете.