Table Of ContentPREMIER REFERENCE SOURCE
Applied Cryptography
for Cyber Security
and Defense
Information Encryption and Cyphering
I
HAMID R. NEMATI & LI YANG
Applied Cryptography
for Cyber Security and
Defense:
Information Encryption and
Cyphering
Hamid R. Nemati
University of North Carolina at Greensboro, USA
Li Yang
University of Tennessee, USA
InformatIon scIence reference
Hershey • New York
Director of Editorial Content: Kristin Klinger
Director of Book Publications: Julia Mosemann
Acquisitions Editor: Lindsay Johnston
Development Editor: Christine Bufton
Publishing Assistant: Milan Vracarich Jr.
Typesetter: Casey Conapitski
Production Editor: Jamie Snavely
Cover Design: Lisa Tosheff
Published in the United States of America by
Information Science Reference (an imprint of IGI Global)
701 E. Chocolate Avenue
Hershey PA 17033
Tel: 717-533-8845
Fax: 717-533-8661
E-mail: cust@igi-global.com
Web site: http://www.igi-global.com
Copyright © 2011 by IGI Global. All rights reserved. No part of this publication may be reproduced, stored or distributed in
any form or by any means, electronic or mechanical, including photocopying, without written permission from the publisher.
Product or company names used in this set are for identification purposes only. Inclusion of the names of the products or com-
panies does not indicate a claim of ownership by IGI Global of the trademark or registered trademark.
Library of Congress Cataloging-in-Publication Data
Applied cryptography for cyber security and defense : information encryption and cyphering / Hamid R. Nemati and Li Yang,
editors.
p. cm.
Includes bibliographical references and index.
Summary: "This book is written for professionals who want to improve their understanding about how to bridge the gap
between cryptographic theory and real-world cryptographic applications and how to adapt cryptography solutions to emerging
areas that have special requirements"--Provided by publisher.
ISBN 978-1-61520-783-1 (hardcover) -- ISBN 978-1-61520-784-8 (ebook) 1. Telecommunication--Security measures. 2.
Data encryption (Computer science) 3. Cryptography. I. Nemati, Hamid R., 1958- II. Yang, Li, 1974 Oct. 29- TK5102.94.
A67 2010
005.8'2--dc22
British Cataloguing in Publication Data
A Cataloguing in Publication record for this book is available from the British Library.
All work contributed to this book is new, previously-unpublished material. The views expressed in this book are those of the
authors, but not necessarily of the publisher.
Dedication
This book is dedicated to my wonderful son Daniel as he is about to embark on a new and exciting chapter
of his life and to the love of my life, my beautiful wife Mary for being there to celebrate it with me.
Hamid R. Nemati
I dedicate this book to my dearest mother Xiuqing, father Wenjun, my husband Hong, and my precious
daughter Helen-Tianyang who always support me in every endeavor. They are the reason I’m here at
all, and made me who I am today.
Li Yang
List of Reviewers
Moses Acquaah, The University of North Carolina at Greensboro, USA
Xinliang Zheng, Frostburg State University, USA
B. Dawn Medlin, Appalachian State University, USA
Alessandro Acquisti, Carnegie Mellon University, USA
Pierre Balthazard, Arizona State University, USA
Christopher Barko, Laboratory Corporation of America, USA
Dieter Bartmann, University of Regensburg, Germany
Joseph Cazier, Appalachian State University, USA
Elizabeth Chang, Curtin University of Technology, Australia
John Eatman, The University of North Carolina at Greensboro, USA
Simone Fischer-Hübner, Karlstad University, Sweden
Keith Frikken, Purdue University, USA
Philippe Golle, Palo Alto Research Center, USA
Rüdiger Grimm, University Koblenz-Landau, Germany
Harry Hochheiser, Towson University, USA
Earp Julie, North Carolina State University, USA
Chang Koh, University of North Texas, USA
Mary Jane Lenard, Meredith College, USA
Gregorio Martinez, University of Murcia, Spain
Dawn Medlin, Appalachian State University, USA
Mihir Parikh, University of Central Florida, USA
Norman Pendegraft, The University of Idaho, USA
Carol Pollard, Appalachian State University, USA
Ellen Rose, Massey University, New Zealand
Alain Mohsen Sadeghi, eTechSecurity Pro, USA
Kathy Schwaig, Kennesaw State University, USA
Victoria Skoularidou, Athens University of Economics and Business, USA
William Tullar, The University of North Carolina at Greensboro, USA
Sameer Verma, San Francisco State University, USA
Liisa von Hellens, Griffith University, Australia
Table of Contents
Preface .................................................................................................................................................xv
Section 1
Cryptography in Networking and Cyber Space
Chapter 1
Network Security ....................................................................................................................................1
Ramakrishna Thurimella, University of Denver, USA
Leemon C. Baird III, United States Air Force Academy, USA
Chapter 2
Cryptography-Based Authentication for Protecting Cyber Systems ....................................................32
Xunhua Wang, James Madison University, USA
Hua Lin, University of Virginia, USA
Section 2
Cryptography in E-Mail and Web Services
Chapter 3
E-Mail, Web Service and Cryptography ...............................................................................................52
Wasim A. Al-Hamdani, Kentucky State University, USA
Chapter 4
Cryptography in E-Mail and Web Services ..........................................................................................79
Wasim A. Al-Hamdani, Kentucky State University, USA
Chapter 5
Applied Cryptography in E-Mail Services and Web Services ............................................................130
Lei Chen, Sam Houston State University, USA
Wen-Chen Hu, University of North Dakota, USA
Ming Yang, Jacksonville State University, USA
Lei Zhang, Frostburg State University, USA
Section 3
Cryptography in Wireless Communication
Chapter 6
Applied Cryptography in Wireless Sensor Networks .........................................................................146
Dulal C. Kar, Texas A&M University-Corpus Christi, USA
Hung Ngo, Texas A&M University-Corpus Christi, USA
Clifton J. Mulkey, Texas A&M University-Corpus Christi, USA
Chapter 7
Applied Cryptography in Infrastructure-Free Wireless Networks ......................................................168
Lei Zhang, Frostburg State University, USA
Chih-Cheng Chang, Rutgers University, USA
Danfeng Yao, Rutgers University, USA
Section 4
Cryptography in Electronic Commerce
Chapter 8
Applied Cryptography in Electronic Commerce ................................................................................180
Sławomir Grzonkowski, National University of Ireland, Ireland
Brian D. Ensor, National University of Ireland, Ireland
Bill McDaniel, National University of Ireland, Ireland
Chapter 9
An Electronic Contract Signing Protocol Using Fingerprint Biometrics ...........................................201
Harkeerat Bedi, University of Tennessee at Chattanooga, USA
Li Yang, University of Tennessee at Chattanooga, USA
Joseph M. Kizza, University of Tennessee at Chattanooga, USA
Section 5
Cryptography in Emerging Areas
Chapter 10
Secure and Private Service Discovery in Pervasive Computing Environments .................................229
Feng Zhu, University of Alabama in Huntsville, USA
Wei Zhu, Intergraph Co, USA
Chapter 11
Multimedia Information Security: Cryptography and Steganography ...............................................244
Ming Yang, Jacksonville State University, USA
Monica Trifas, Jacksonville State University, USA
Nikolaos Bourbakis, Wright State University, USA
Lei Chen, Sam Houston State University, USA
Chapter 12
Secure Electronic Voting with Cryptography .....................................................................................271
Xunhua Wang, James Madison University, USA
Ralph Grove, James Madison University, USA
M. Hossain Heydari, James Madison University, USA
Chapter 13
Biometric Security in the E-World ......................................................................................................289
Kunal Sharma, DOEACC Centre, India
A.J. Singh, H.P. University, India
Compilation of References ..............................................................................................................338
About the Contributors ...................................................................................................................367
Index ...................................................................................................................................................373
Detailed Table of Contents
Preface .................................................................................................................................................xv
Section 1
Cryptography in Networking and Cyber Space
Chapter 1
Network Security ....................................................................................................................................1
Ramakrishna Thurimella, University of Denver, USA
Leemon C. Baird III, United States Air Force Academy, USA
Three pillars of security—confidentiality, integrity, and availability—are examined in the context of
networks. Each is explained with known practical attacks and possible defenses against them, demon-
strating that strong mathematical techniques are necessary but not sufficient to build practical systems
that are secure. This chapter illustrates how adversaries commonly side-step cryptographic protections.
In addition, we contend that effective key management techniques, along with privacy concerns must
be taken into account during the design of any secure online system. This chapter concludes with a
discussion of open problems for which fundamentally new methods are needed.
Chapter 2
Cryptography-Based Authentication for Protecting Cyber Systems ....................................................32
Xunhua Wang, James Madison University, USA
Hua Lin, University of Virginia, USA
Entity authentication is a fundamental building block for system security and has been widely used
to protect cyber systems. Nonetheless, the role of cryptography in entity authentication is not very
clear, although cryptography is known for providing confidentiality, integrity, and non-repudiation.
This chapter studies the roles of cryptography in three entity authentication categories: knowledge-
based authentication, token-based authentication, and biometric authentication. For these three authen-
tication categories, we discuss (1) the roles of cryptography in the generation of password verification
data, in password-based challenge/response authentication protocol, and in password-authenticated key
exchange protocols; (2) the roles of cryptography in both symmetric key-based and private key-based
token authentications; (3) cryptographic fuzzy extractors, which can be used to enhance the security
and privacy of biometric authentication. This systematic study of the roles of cryptography in entity
authentication will deepen our understanding of both cryptography and entity authentication and can
help us better protect cyber systems.
Section 2
Cryptography in E-Mail and Web Services
Chapter 3
E-Mail, Web Service and Cryptography ...............................................................................................52
Wasim A. Al-Hamdani, Kentucky State University, USA
Cryptography is the study and practice of protecting information and has been used since ancient times
in many different shapes and forms to protect messages from being intercepted. However, since 1976,
when data encryption was selected as an official Federal Information Processing Standard (FIPS) for
the United States, cryptography has gained large attention and a great amount of application and use.
Furthermore, cryptography started to be part of protected public communication when e-mail became
commonly used by the public. There are many electronic services. Some are based on web interaction
and others are used as independent servers, called e-mail hosting services, which is an Internet hosting
service that runs e-mail servers. Encrypting e-mail messages as they traverse the Internet is not the only
reason to understand or use various cryptographic methods. Every time one checks his/her e-mail, the
password is being sent over the wire. Many Internet service providers or corporate environments use
no encryption on their mail servers and the passwords used to check mail are submitted to the network
in clear text (with no encryption). When a password is put into clear text on a wire, it can easily be
intercepted. Encrypting email will keep all but the most dedicated hackers from intercepting and read-
ing a private communications. Using a personal email certificate one can digitally sign an email so that
recipients can verify that it’s really from the sender as well as encrypt the messages so that only the
intended recipients can view it. Web service is defined as “a software system designed to support in-
teroperable machine-to-machine interaction over a network” and e-mail is “communicate electronically
on the computer”. This chapter focus on introduce three topics: E-mail structure and organization, web
service types, their organization and cryptography algorithms which integrated in the E-mail and web
services to provide high level of security. The main issue in this chapter is to build the general founda-
tion through Definitions, history, cryptography algorithms symmetric and asymmetric, hash algorithms,
digital signature, suite B and general principle to introduce the use of cryptography in the E-mail and
web service.
Chapter 4
Cryptography in E-Mail and Web Services ..........................................................................................79
Wasim A. Al-Hamdani, Kentucky State University, USA
Cryptography has been used since ancient times in many different shapes and forms to protect mes-
sages from being intercepted. However, since 1976, cryptography started to be part of protected public
communication when e-mail became commonly used by the public. Webmail (or Web-based e-mail)
is an e-mail service intended to be primarily accessed via a web browser, as opposed to through an e-
