OTHER INFORMATION SECURITY BOOKS FROM AUERBACH Architecting Secure Software Systems Information Technology Control and Audit, Asoke K. Talukder and Manish Chaitanya Third Edition ISBN: 978-1-4200-8784-0 Sandra Senft and Frederick Gallegos ISBN: 978-1-4200-6550-3 Building an Effective Information Security Policy Architecture Intelligent Network Video: Understanding Modern Sandy Bacik Video Surveillance Systems ISBN: 978-1-4200-5905-2 Fredrik Nilsson ISBN: 978-1-4200-6156-7 Business Resumption Planning, Second Edition Leo A. Wrobel IT Auditing and Sarbanes-Oxley Compliance: ISBN: 978-0-8493-1459-9 Key Strategies for Business Improvement Dimitris N. Chorafas CISO Leadership: Essential Principles for Success ISBN: 978-1-4200-8617-1 Todd Fitzgerald and Micki Krause ISBN: 978-0-8493-7943-7 Malicious Bots: An Inside Look into the Cyber-Criminal Underground of the Internet CISO Soft Skills: Securing Organizations Impaired by Ken Dunham and Jim Melnick Employee Politics, Apathy, and Intolerant Perspectives ISBN: 978-1-4200-6903-7 Ron Collette, Michael Gentile, and Skye Gentile ISBN: 978-1-4200-8910-3 Oracle Identity Management: Governance, Risk, and Compliance Architecture, Third Edition Critical Infrastructure: Understanding Its Component Parts, Marlin B. Pohlman Vulnerabilities, Operating Risks, and Interdependencies ISBN: 978-1-4200-7247-1 Tyson Macaulay ISBN: 978-1-4200-6835-1 Profiling Hackers: The Science of Criminal Profiling as Applied to the World Cyber Fraud: Tactics, Techniques and Procedures of Hacking Rick Howard Raoul Chiesa, Stefania Ducci, and Silvio Ciappi ISBN: 978-1-4200-9127-4 ISBN: 978-1-4200-8693-5 Enterprise Systems Backup and Recovery: A Corporate Security in an IPv6 Environment Insurance Policy Daniel Minoli and Jake Kouns Preston de Guise ISBN: 978-1-4200-9229-5 ISBN: 978-1-4200-7639-4 Security Software Development: Assessing How to Complete a Risk Assessment in 5 Days or Less and Managing Security Risks Thomas R. Peltier Douglas A. Ashbaugh ISBN: 978-1-4200-6275-5 ISBN: 978-1-4200-6380-6 How to Develop and Implement a Security Master Plan Software Deployment, Updating, and Patching Timothy Giles Bill Stackpole and Patrick Hanrion ISBN: 978-1-4200-8625-6 ISBN: 978-0-8493-5800-5 HOWTO Secure and Audit Oracle 10g and 11g Terrorist Recognition Handbook: A Practitioner’s Ron Ben-Natan Manual for Predicting and Identifying Terrorist ISBN: 978-1-4200-8412-2 Activities, Second Edition Information Assurance Architecture Malcolm Nance Keith D. Willett ISBN: 978-1-4200-7183-2 ISBN: 978-0-8493-8067-9 21st Century Security and CPTED: Designing Information Security Management Handbook, Sixth for Critical Infrastructure Protection and Edition, Volume 3 Crime Prevention Harold F. Tipton and Micki Krause, Editors Randall I. Atlas ISBN: 978-1-4200-9092-5 ISBN: 978-1-4200-6807-8 Information Security Management Metrics: A Definitive Understanding and Applying Cryptography and Guide to Effective Security Monitoring and Measurement Data Security W. Krag Brotby Adam J. Elbirt ISBN: 978-1-4200-5285-5 ISBN: 978-1-4200-6160-4 AUERBACH PUBLICATIONS www.auerbach-publications.com To Order Call: 1-800-272-7737 • Fax: 1-800-374-3401 E-mail: [email protected] CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2009 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works Version Date: 20131120 International Standard Book Number-13: 978-1-4200-6161-1 (eBook - PDF) This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmit- ted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www.copyright. com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at http://www.crcpress.com Dedication To Danielle, Jacob, and Rachel — the impossible became real because of you. You are the shining lights of my life and bring joy to my heart. Contents 1 Introduction 1 1.1 A Brief History of Cryptography and Data Security 1 1.2 CryptographyandDataSecurityintheModernWorld 2 1.3 Existing Texts . . . . . . . . . . . . . . . . . . . . . 4 1.4 Book Organization . . . . . . . . . . . . . . . . . . 5 1.5 Supplements . . . . . . . . . . . . . . . . . . . . . . 8 2 Symmetric-Key Cryptography 9 2.1 Cryptosystem Overview . . . . . . . . . . . . . . . 10 2.2 The Modulo Operator . . . . . . . . . . . . . . . . 13 2.3 Greatest Common Divisor . . . . . . . . . . . . . . 19 2.4 The Ring Z . . . . . . . . . . . . . . . . . . . . . 20 m vii viii CONTENTS 2.5 Homework Problems . . . . . . . . . . . . . . . . . 22 3 Symmetric-KeyCryptography: SubstitutionCiphers 25 3.1 Basic Cryptanalysis . . . . . . . . . . . . . . . . . . 25 3.2 Shift Ciphers . . . . . . . . . . . . . . . . . . . . . 30 3.3 Affine Ciphers . . . . . . . . . . . . . . . . . . . . . 33 3.4 Homework Problems . . . . . . . . . . . . . . . . . 41 4 Symmetric-Key Cryptography: Stream Ciphers 49 4.1 Random Numbers . . . . . . . . . . . . . . . . . . . 52 4.2 The One-Time Pad . . . . . . . . . . . . . . . . . . 53 4.3 Key Stream Generators . . . . . . . . . . . . . . . . 56 4.3.1 Linear Feedback Shift Registers . . . . . . . 57 4.3.2 Clock Controlled Shift Register Key Stream Generators . . . . . . . . . . . . . . . . . . . 68 4.3.3 Attacks Against LFSRs . . . . . . . . . . . . 70 4.4 Real-World Applications . . . . . . . . . . . . . . . 73 4.5 Homework Problems . . . . . . . . . . . . . . . . . 74 CONTENTS ix 5 Symmetric-Key Cryptography: Block Ciphers 83 5.1 The Data Encryption Standard . . . . . . . . . . . 84 5.1.1 Feistel Networks. . . . . . . . . . . . . . . . 84 5.1.2 Cryptosystem . . . . . . . . . . . . . . . . . 87 5.1.3 Modes of Operation . . . . . . . . . . . . . . 99 5.1.3.1 Electronic Code Book Mode . . . . 99 5.1.3.2 Cipher Block Chaining Mode . . . 101 5.1.3.3 Propagating Cipher Block Chain- ing Mode . . . . . . . . . . . . . . 105 5.1.3.4 Cipher Feedback Mode . . . . . . . 107 5.1.3.5 Output Feedback Mode . . . . . . 109 5.1.3.6 Counter Mode . . . . . . . . . . . 111 5.1.4 Key Whitening . . . . . . . . . . . . . . . . 112 5.1.5 Efficient Implementation . . . . . . . . . . . 113 5.1.6 Attacks Against DES . . . . . . . . . . . . . 117 5.1.6.1 Weak and Semi-Weak Keys . . . . 118 5.1.6.2 Exhaustive Key Search . . . . . . . 120