xiv PREFACE
consists of 11 chapters and focuses on the critical security issues related to the Internet.
The following is a summary of the contents of each chapter.
Chapter 1 begins with a brief history of the Internet and describes topics covering
(1) networking fundamentals such as LANs (Ethernet, Token Ring, FDDI), WANs (Frame
Relay, X.25, PPP) and ATM; (2) connecting devices such as circuit- and packet-switches,
repeaters, bridges, routers, and gateways; (3) the OSI model which specifies the function-
ality of its seven layers; and finally (4) a TCP/IP five-layer suite providing a hierarchical
protocol made up of physical standards, a network interface and internetworking.
Chapter 2 presents a state-of-the-art survey of the TCP/IP suite. Topics covered include
(1) TCP/IP network layer protocols such as ICMP, IP version 4 and IP version 6 relat-
ing to the IP packet format, addressing (including ARP, RARP and CIDR) and rout-
ing; (2) transport layer protocols such as TCP and UDP; (3) HTTP for the World Wide
Web; (4) FTP, TFTP and NFS protocols for file transfer; (5) SMTP, POP3, IMAP and
MIME for e-mail; and (6) SNMP protocol for network management.
Chapter 3 deals with some of the important contemporary block cipher algorithms that
have been developed over recent years with an emphasis on the most widely used encryp-
tion techniques such as Data Encryption Standard (DES), International Data Encryption
Algorithm (IDEA), the RC5 and RC6 encryption algorithms, and Advanced Encryption
Standard (AES). AES specifies an FIPS-approved Rijndael algorithm (2001) that can pro-
cess data blocks of 128 bits, using cipher keys with lengths of 128, 192 and 256 bits.
DES is not new, but it has survived remarkably well over 20 years of intense cryptanal-
ysis. The complete analysis of triple DES-EDE in CBC mode is also included., Pretty
Good Privacy (PGP) used for electronic mail (e-mail) and file storage applications utilises
IDEA for conventional block encryption, along with RSA for public key encryption and
MD5 for hash coding. RC5 and RC6 are both parameterised block algorithms of variable
size, variable number of rounds, and a variable-length key. They are designed for great
flexibility in both performance and level of security.
Chapter 4 covers the various authentication techniques based on digital signatures. It
is often necessary for communication parties to verify each other’s identity. One practical
way to do this is the use of cryptographic authentication protocols employing a one-way
hash function. Several contemporary hash functions (such as DMDC, MD5 and SHA-1)
are introduced to compute message digests or hash codes for providing a systematic
approach to authentication. This chapter also extends the discussion to include the Internet
standard HMAC, which is a secure digest of protected data. HMAC is used with a variety
of different hash algorithms, including MD5 and SHA-1. Transport Layer Security (TLS)
also makes use of the HMAC algorithm.
Chapter 5 describes several public-key cryptosystems brought in after conventional
encryption. This chapter concentrates on their use in providing techniques for public-key
encryption, digital signature and authentication. This chapter covers in detail the widely
used Diffie–Hellman key exchange technique (1976), the Rivest–Schamir–Adleman
(RSA) algorithm (1978), the ElGamal algorithm (1985), the Schnorr algorithm (1990),
the Digital Signature Algorithm (DSA, 1991) and the Elliptic Curve Cryptosystem
(ECC, 1985) and Elliptic Curve Digital Signature Algorithm (ECDSA, 1999).
Chapter 6 presents profiles related to a public-key infrastructure (PKI) for the Internet.
The PKI automatically manages public keys through the use of public-key certificates. The