PREMIER REFERENCE SOURCE Applied Cryptography for Cyber Security and Defense Information Encryption and Cyphering I HAMID R. NEMATI & LI YANG Applied Cryptography for Cyber Security and Defense: Information Encryption and Cyphering Hamid R. Nemati University of North Carolina at Greensboro, USA Li Yang University of Tennessee, USA InformatIon scIence reference Hershey • New York Director of Editorial Content: Kristin Klinger Director of Book Publications: Julia Mosemann Acquisitions Editor: Lindsay Johnston Development Editor: Christine Bufton Publishing Assistant: Milan Vracarich Jr. Typesetter: Casey Conapitski Production Editor: Jamie Snavely Cover Design: Lisa Tosheff Published in the United States of America by Information Science Reference (an imprint of IGI Global) 701 E. Chocolate Avenue Hershey PA 17033 Tel: 717-533-8845 Fax: 717-533-8661 E-mail: [email protected] Web site: http://www.igi-global.com Copyright © 2011 by IGI Global. All rights reserved. No part of this publication may be reproduced, stored or distributed in any form or by any means, electronic or mechanical, including photocopying, without written permission from the publisher. Product or company names used in this set are for identification purposes only. Inclusion of the names of the products or com- panies does not indicate a claim of ownership by IGI Global of the trademark or registered trademark. Library of Congress Cataloging-in-Publication Data Applied cryptography for cyber security and defense : information encryption and cyphering / Hamid R. Nemati and Li Yang, editors. p. cm. Includes bibliographical references and index. Summary: "This book is written for professionals who want to improve their understanding about how to bridge the gap between cryptographic theory and real-world cryptographic applications and how to adapt cryptography solutions to emerging areas that have special requirements"--Provided by publisher. ISBN 978-1-61520-783-1 (hardcover) -- ISBN 978-1-61520-784-8 (ebook) 1. Telecommunication--Security measures. 2. Data encryption (Computer science) 3. Cryptography. I. Nemati, Hamid R., 1958- II. Yang, Li, 1974 Oct. 29- TK5102.94. A67 2010 005.8'2--dc22 British Cataloguing in Publication Data A Cataloguing in Publication record for this book is available from the British Library. All work contributed to this book is new, previously-unpublished material. The views expressed in this book are those of the authors, but not necessarily of the publisher. Dedication This book is dedicated to my wonderful son Daniel as he is about to embark on a new and exciting chapter of his life and to the love of my life, my beautiful wife Mary for being there to celebrate it with me. Hamid R. Nemati I dedicate this book to my dearest mother Xiuqing, father Wenjun, my husband Hong, and my precious daughter Helen-Tianyang who always support me in every endeavor. They are the reason I’m here at all, and made me who I am today. Li Yang List of Reviewers Moses Acquaah, The University of North Carolina at Greensboro, USA Xinliang Zheng, Frostburg State University, USA B. Dawn Medlin, Appalachian State University, USA Alessandro Acquisti, Carnegie Mellon University, USA Pierre Balthazard, Arizona State University, USA Christopher Barko, Laboratory Corporation of America, USA Dieter Bartmann, University of Regensburg, Germany Joseph Cazier, Appalachian State University, USA Elizabeth Chang, Curtin University of Technology, Australia John Eatman, The University of North Carolina at Greensboro, USA Simone Fischer-Hübner, Karlstad University, Sweden Keith Frikken, Purdue University, USA Philippe Golle, Palo Alto Research Center, USA Rüdiger Grimm, University Koblenz-Landau, Germany Harry Hochheiser, Towson University, USA Earp Julie, North Carolina State University, USA Chang Koh, University of North Texas, USA Mary Jane Lenard, Meredith College, USA Gregorio Martinez, University of Murcia, Spain Dawn Medlin, Appalachian State University, USA Mihir Parikh, University of Central Florida, USA Norman Pendegraft, The University of Idaho, USA Carol Pollard, Appalachian State University, USA Ellen Rose, Massey University, New Zealand Alain Mohsen Sadeghi, eTechSecurity Pro, USA Kathy Schwaig, Kennesaw State University, USA Victoria Skoularidou, Athens University of Economics and Business, USA William Tullar, The University of North Carolina at Greensboro, USA Sameer Verma, San Francisco State University, USA Liisa von Hellens, Griffith University, Australia Table of Contents Preface .................................................................................................................................................xv Section 1 Cryptography in Networking and Cyber Space Chapter 1 Network Security ....................................................................................................................................1 Ramakrishna Thurimella, University of Denver, USA Leemon C. Baird III, United States Air Force Academy, USA Chapter 2 Cryptography-Based Authentication for Protecting Cyber Systems ....................................................32 Xunhua Wang, James Madison University, USA Hua Lin, University of Virginia, USA Section 2 Cryptography in E-Mail and Web Services Chapter 3 E-Mail, Web Service and Cryptography ...............................................................................................52 Wasim A. Al-Hamdani, Kentucky State University, USA Chapter 4 Cryptography in E-Mail and Web Services ..........................................................................................79 Wasim A. Al-Hamdani, Kentucky State University, USA Chapter 5 Applied Cryptography in E-Mail Services and Web Services ............................................................130 Lei Chen, Sam Houston State University, USA Wen-Chen Hu, University of North Dakota, USA Ming Yang, Jacksonville State University, USA Lei Zhang, Frostburg State University, USA Section 3 Cryptography in Wireless Communication Chapter 6 Applied Cryptography in Wireless Sensor Networks .........................................................................146 Dulal C. Kar, Texas A&M University-Corpus Christi, USA Hung Ngo, Texas A&M University-Corpus Christi, USA Clifton J. Mulkey, Texas A&M University-Corpus Christi, USA Chapter 7 Applied Cryptography in Infrastructure-Free Wireless Networks ......................................................168 Lei Zhang, Frostburg State University, USA Chih-Cheng Chang, Rutgers University, USA Danfeng Yao, Rutgers University, USA Section 4 Cryptography in Electronic Commerce Chapter 8 Applied Cryptography in Electronic Commerce ................................................................................180 Sławomir Grzonkowski, National University of Ireland, Ireland Brian D. Ensor, National University of Ireland, Ireland Bill McDaniel, National University of Ireland, Ireland Chapter 9 An Electronic Contract Signing Protocol Using Fingerprint Biometrics ...........................................201 Harkeerat Bedi, University of Tennessee at Chattanooga, USA Li Yang, University of Tennessee at Chattanooga, USA Joseph M. Kizza, University of Tennessee at Chattanooga, USA Section 5 Cryptography in Emerging Areas Chapter 10 Secure and Private Service Discovery in Pervasive Computing Environments .................................229 Feng Zhu, University of Alabama in Huntsville, USA Wei Zhu, Intergraph Co, USA Chapter 11 Multimedia Information Security: Cryptography and Steganography ...............................................244 Ming Yang, Jacksonville State University, USA Monica Trifas, Jacksonville State University, USA Nikolaos Bourbakis, Wright State University, USA Lei Chen, Sam Houston State University, USA Chapter 12 Secure Electronic Voting with Cryptography .....................................................................................271 Xunhua Wang, James Madison University, USA Ralph Grove, James Madison University, USA M. Hossain Heydari, James Madison University, USA Chapter 13 Biometric Security in the E-World ......................................................................................................289 Kunal Sharma, DOEACC Centre, India A.J. Singh, H.P. University, India Compilation of References ..............................................................................................................338 About the Contributors ...................................................................................................................367 Index ...................................................................................................................................................373 Detailed Table of Contents Preface .................................................................................................................................................xv Section 1 Cryptography in Networking and Cyber Space Chapter 1 Network Security ....................................................................................................................................1 Ramakrishna Thurimella, University of Denver, USA Leemon C. Baird III, United States Air Force Academy, USA Three pillars of security—confidentiality, integrity, and availability—are examined in the context of networks. Each is explained with known practical attacks and possible defenses against them, demon- strating that strong mathematical techniques are necessary but not sufficient to build practical systems that are secure. This chapter illustrates how adversaries commonly side-step cryptographic protections. In addition, we contend that effective key management techniques, along with privacy concerns must be taken into account during the design of any secure online system. This chapter concludes with a discussion of open problems for which fundamentally new methods are needed. Chapter 2 Cryptography-Based Authentication for Protecting Cyber Systems ....................................................32 Xunhua Wang, James Madison University, USA Hua Lin, University of Virginia, USA Entity authentication is a fundamental building block for system security and has been widely used to protect cyber systems. Nonetheless, the role of cryptography in entity authentication is not very clear, although cryptography is known for providing confidentiality, integrity, and non-repudiation. This chapter studies the roles of cryptography in three entity authentication categories: knowledge- based authentication, token-based authentication, and biometric authentication. For these three authen- tication categories, we discuss (1) the roles of cryptography in the generation of password verification data, in password-based challenge/response authentication protocol, and in password-authenticated key exchange protocols; (2) the roles of cryptography in both symmetric key-based and private key-based token authentications; (3) cryptographic fuzzy extractors, which can be used to enhance the security and privacy of biometric authentication. This systematic study of the roles of cryptography in entity authentication will deepen our understanding of both cryptography and entity authentication and can help us better protect cyber systems. Section 2 Cryptography in E-Mail and Web Services Chapter 3 E-Mail, Web Service and Cryptography ...............................................................................................52 Wasim A. Al-Hamdani, Kentucky State University, USA Cryptography is the study and practice of protecting information and has been used since ancient times in many different shapes and forms to protect messages from being intercepted. However, since 1976, when data encryption was selected as an official Federal Information Processing Standard (FIPS) for the United States, cryptography has gained large attention and a great amount of application and use. Furthermore, cryptography started to be part of protected public communication when e-mail became commonly used by the public. There are many electronic services. Some are based on web interaction and others are used as independent servers, called e-mail hosting services, which is an Internet hosting service that runs e-mail servers. Encrypting e-mail messages as they traverse the Internet is not the only reason to understand or use various cryptographic methods. Every time one checks his/her e-mail, the password is being sent over the wire. Many Internet service providers or corporate environments use no encryption on their mail servers and the passwords used to check mail are submitted to the network in clear text (with no encryption). When a password is put into clear text on a wire, it can easily be intercepted. Encrypting email will keep all but the most dedicated hackers from intercepting and read- ing a private communications. Using a personal email certificate one can digitally sign an email so that recipients can verify that it’s really from the sender as well as encrypt the messages so that only the intended recipients can view it. Web service is defined as “a software system designed to support in- teroperable machine-to-machine interaction over a network” and e-mail is “communicate electronically on the computer”. This chapter focus on introduce three topics: E-mail structure and organization, web service types, their organization and cryptography algorithms which integrated in the E-mail and web services to provide high level of security. The main issue in this chapter is to build the general founda- tion through Definitions, history, cryptography algorithms symmetric and asymmetric, hash algorithms, digital signature, suite B and general principle to introduce the use of cryptography in the E-mail and web service. Chapter 4 Cryptography in E-Mail and Web Services ..........................................................................................79 Wasim A. Al-Hamdani, Kentucky State University, USA Cryptography has been used since ancient times in many different shapes and forms to protect mes- sages from being intercepted. However, since 1976, cryptography started to be part of protected public communication when e-mail became commonly used by the public. Webmail (or Web-based e-mail) is an e-mail service intended to be primarily accessed via a web browser, as opposed to through an e-