Computer security and the internet : tools and jewels

Computer security and the internet : tools and jewels / Paul C. van Oorschot.

This book provides a concise yet comprehensive overview of computer and Internet security, suitable for a one-term introductory course for junior/senior undergrad or first-year graduate students. It is also suitable for self-study by anyone seeking a solid footing in security - including software de...

Full description

Saved in:
Bibliographic Details
Main Author: Van Oorschot, Paul C.
Format: eBook
Language:English
Published: Cham : Springer, 2020.
Series:Information security and cryptography.
Subjects:
Computer security.
Internet > Security measures.
Computer security
Internet > Security measures
Seguretat informàtica.
Ordinadors > Disseny i funcionament.
Online Access:Click for online access
Table of Contents:
  • Intro
  • Contents in Brief
  • Table of Contents
  • Foreword
  • Preface
  • Why this book, approach and target audience
  • Selection of topics
  • Framework and systematization
  • Length, prioritization and optional sections
  • Order of chapters, and relationships between them
  • Cryptography vs. security course
  • Helpful background
  • Trendy topics vs. foundational concepts
  • Acknowledgements
  • Typesetting Conventions
  • Chapter 1: Basic Concepts and Principles
  • 1.1 Fundamental goals of computer security
  • 1.2 Computer security policies and attacks
  • 1.3 Risk, risk assessment, and modeling expected losses
  • 1.4 Adversary modeling and security analysis
  • 1.5 Threat modeling: diagrams, trees, lists and STRIDE
  • 1.5.1 Diagram-driven threat modeling
  • 1.5.2 Attack trees for threat modeling
  • 1.5.3 Other threat modeling approaches: checklists and STRIDE
  • 1.6 Model-reality gaps and real-world outcomes
  • 1.6.1 Threat modeling and model-reality gaps
  • 1.6.2 Tying security policy back to real outcomes and security analysis
  • 1.7! esign principles for computer security
  • 1.8! hy computer security is hard
  • 1.9! nd notes and further reading
  • References
  • Chapter 2: Cryptographic Building Blocks
  • 2.1 Encryption and decryption (generic concepts)
  • 2.2 Symmetric-key encryption and decryption
  • 2.3 Public-key encryption and decryption
  • 2.4 Digital signatures and verification using public keys
  • 2.5 Cryptographic hash functions
  • 2.6 Message authentication (data origin authentication)
  • 2.7! uthenticated encryption and further modes of operation
  • 2.8! ertificates, elliptic curves, and equivalent keylengths
  • 2.9! nd notes and further reading
  • References
  • Chapter 3: User Authentication-Passwords, Biometrics and Alternatives
  • 3.1 Password authentication
  • 3.2 Password-guessing strategies and defenses
  • 3.3 Account recovery and secret questions
  • 3.4 One-time password generators and hardware tokens
  • 3.5 Biometric authentication
  • 3.6! assword managers and graphical passwords
  • 3.7! APTCHAs (humans-in-the-loop) vs. automated attacks
  • 3.8! ntropy, passwords, and partial-guessing metrics
  • 3.9! nd notes and further reading
  • References
  • Chapter 4: Authentication Protocols and Key Establishment
  • 4.1 Entity authentication and key establishment (context)
  • 4.2 Authentication protocols: concepts and mistakes
  • 4.3 Establishing shared keys by public agreement (DH)
  • 4.4 Key authentication properties and goals
  • 4.5 Password-authenticated key exchange: EKE and SPEKE
  • 4.6! eak secrets and forward search in authentication
  • 4.7! ingle sign-on (SSO) and federated identity systems
  • 4.8! yclic groups and subgroup attacks on Diffie-Hellman
  • 4.9! nd notes and further reading
  • References
  • Chapter 5: Operating System Security and Access Control

Similar Items