1st Edition
A Multidisciplinary Introduction to Information Security
With most services and products now being offered through digital communications, new challenges have emerged for information security specialists. A Multidisciplinary Introduction to Information Security presents a range of topics on the security, privacy, and safety of information and communication technology. It brings together methods in pure mathematics, computer and telecommunication sciences, and social sciences.
The book begins with the cryptographic algorithms of the Advanced Encryption Standard (AES) and Rivest, Shamir, and Adleman (RSA). It explains the mathematical reasoning behind public key cryptography and the properties of a cryptographic hash function before presenting the principles and examples of quantum cryptography. The text also describes the use of cryptographic primitives in the communication process, explains how a public key infrastructure can mitigate the problem of crypto-key distribution, and discusses the security problems of wireless network access. After examining past and present protection mechanisms in the global mobile telecommunication system, the book proposes a software engineering practice that prevents attacks and misuse of software. It then presents an evaluation method for ensuring security requirements of products and systems, covers methods and tools of digital forensics and computational forensics, and describes risk assessment as part of the larger activity of risk management. The final chapter focuses on information security from an organizational and people point of view.
As our ways of communicating and doing business continue to shift, information security professionals must find answers to evolving issues. Offering a starting point for more advanced work in the field, this volume addresses various security and privacy problems and solutions related to the latest information and communication technology.
Introduction, Stig F. Mjølsnes
Motivation
What Is Information Security?
Some Basic Concepts
A Synopsis of the Topics
Further Reading and Web Sites
Security Electronics, E.J. Aas and P.G. Kjeldsberg
Introduction
Examples of Security Electronics
Side Channel Attacks
Summary
Further Reading and Web Sites
Public Key Cryptography, S.O. Smalø
Introduction
Hash Functions and One Time Pads
Public Key Cryptography
RSA-Public Key Cryptography
RSA-Public Key Cryptography with Signature
Problem with Signatures
Receipt
Secret Sharing Based on Discrete Logarithm Problems
Further Reading
Cryptographic Hash Functions, D. Gligoroski
Introduction
Definition for Cryptographic Hash Function
Iterated Hash Functions
Most Popular Cryptographic Hash Function
Application of Cryptographic Hash Function
Further Reading and Web Sites
Quantum Cryptography, Dag Roar Hjelme, Lars Lydersen, and Vadim Makarov
Introduction
Quantum Bit
Quantum Copying
Quantum Key Distribution
Practical Quantum Cryptography
Technology
Applications
Summary
Further Reading and Web Sites
Cryptographic Protocols, Stig F. Mjølsnes
The Origins
Information Policies
Some Concepts
Protocol Failures
Heuristics
Tools for Automated Security Analysis
Further Reading and Web Sites
Public Key Distribution, Stig F. Mjølsnes
The Public Key Distribution Problem
Authenticity and Validity of Public Keys
The Notion of Public Key Certificates
Revocation
Public Key Infrastructure
Identity-Based Public Key
Further Reading and Web Sites
Wireless Network Access, Stig F. Mjølsnes and Martin Eian
Introduction
Wireless Local Area Networks
The 802.11 Security Mechanisms
Wired Equivalent Privacy
RSN with CCMP
Assumptions and Vulnerabilities
Summary
Further Reading and Web Sites
Mobile Security, Jan Audestad
The GSM Security
3G Architecture
Extent of Protection
Security Functions in the Authentication Center
Security Functions in the SGSN/RNC
Security Functions in the Mobile Terminal (USIM)
Encryption and Integrity
Anonymity
Example: Anonymous Roaming in a Mobile Network
Using GSM/3G Terminals as Authentication Tokens
Further Reading
A Lightweight Approach to Secure Software Engineering, Martin Gilje Jaatun, Jostein Jensen, Per Häkon Meland, and Inger Anne Tøndel
Introduction
Asset Identification
Security Requirements
Secure Software Design
Testing for Software Security
Summary
Further Reading and Web Sites
ICT Security Evaluation, S.J. Knapskog
Introduction
ISO/IEC 15408, Part 1/3 Evaluation Criteria for IT Security (CC)
Definition of Assurance
Building Confidence in the Evaluation Process
Organizing the Requirements in the CC
Assurance Elements
Functional Classes
Protection Profiles (PPs)
PP Registries
Definition of a Security Target (ST)
Evaluation of a ST
Evaluation Schemes
Evaluation Methodology
Conclusion
ICT and Forensic Science, Stig F. Mjølsnes and Svein Y. Willassen
ICT and Forensic Science
The Crime Scene
Forensic Science
Evidence
The Digital Investigation Process
Digital Evidence Extraction
Digital Evidence Analysis Techniques
Anti-Forensics
Further Reading and Web Sites
Risk Assessment, Stein Haugen
Risk Assessment in the Risk Management Process
Terminology
Main Elements of the Risk Assessment Process
Summary
Further Reading and Web Sites
Information Security Management—From Regulations to End-Users, Eirik Albrechtsen and Jan Hovden
A Risk Governance Framework Applied to Information Security
Regulations and Control
Information Security Management
Index
A Bibliography appears at the end of each chapter.
Biography
Stig F. Mjølsnes is a professor in the Department of Telematics at the Norwegian University of Science and Technology. His research focuses on the development and application of cryptographic protocols and security models.