Information Security. Mark Stamp
Читать онлайн книгу.
for confused deputy example
7 Chapter 8Table 8.1 Spoofed email in SMTPTable 8.2 Example ACLTable 8.3 Aliceś initial file access ratesTable 8.4 Aliceś recent file access ratesTable 8.5 Aliceś updated file access ratesTable 8.6 Aliceś more recent file access ratesTable 8.7 Aliceś second updated access rates
8 Chapter 11Table 11.1 Approximate lines of codeTable 11.2 A flawed programTable 11.3 Code exampleTable 11.4 Disassembled serial number programTable 11.5 Source code for serial number exampleTable 11.6 Serial number program
9 Chapter 12Table 12.1 Example Java programTable 12.2 Decompiled Java programTable 12.3 Serial number program disassemblyTable 12.4 Hex view of serial.exe Table 12.5 Hex view of original and patchedTable 12.6 Disassembly of patched serial number program
List of Illustrations
1 Chapter 1Figure 1.1 The main actors
2 Chapter 2Figure 2.1 Crypto as a black boxFigure 2.2 English letter relative frequenciesFigure 2.3 Frequency counts for ciphertext in 2.2Figure 2.4 Reproduction of the Zimmermann TelegramFigure 2.5 Enigma wiring diagram
3 Chapter 3Figure 3.1 A5 / 1 keystream generatorFigure 3.2 One round of DESFigure 3.3 Alice hates ECB modeFigure 3.4 Alice loves CBC mode
4 Chapter 4Figure 4.1 Diffie–Hellman key exchangeFigure 4.2 Diffie–Hellman man‐in‐the‐middle attackFigure 4.3 Graph of the elliptic curve
5 Chapter 5Figure 5.1 A better way to signFigure 5.2 SHA‐3 “sponge”Figure 5.3 SHA‐3 state
6 Chapter 6Figure 6.1 Examples of Galton's minutiaFigure 6.2 Extracting minutiaFigure 6.3 An iris in search of a scannerFigure 6.4 Histogram of iris scan resultsFigure 6.5 Smartphone for authentication
7 Chapter 7Figure 7.1 ACLs versus capabilitiesFigure 7.2 Confused deputyFigure 7.3 BLP versus BibaFigure 7.4 Compartments exampleFigure 7.5 Covert channel exampleFigure 7.6 Covert channel using TCP sequence numberFigure 7.7 CAPTCHA example
8 Chapter 8Figure 8.1 A computer networkFigure 8.2 Layering in actionFigure 8.3 TCP headerFigure 8.4 TCP three‐way handshakeFigure 8.5 IP headerFigure 8.6 ARP cache poisoningFigure 8.7 Big picture of the role of a firewallFigure 8.8 Purview of a packet filterFigure 8.9 TCP ACK scanFigure 8.10 Purview of a stateful packet filterFigure 8.11 Purview of an application proxyFigure 8.12 FirewalkFigure 8.13 Defense in depth
9 Chapter 9Figure 9.1 Identify friend or foeFigure 9.2 MiG‐in‐the‐middleFigure 9.3 Too simple authenticationFigure 9.4 Simple replay attackFigure 9.5 Simple authentication with a hashFigure 9.6 Generic authenticationFigure 9.7 Challenge–responseFigure 9.8 Symmetric key authentication protocolFigure 9.9 Mutual authentication?Figure 9.10 Secure mutual authentication?Figure 9.11 Trudy's attackFigure 9.12 Strong mutual authentication protocolFigure 9.13 Authentication with public key encryptionFigure 9.14 Authentication via digital signatureFigure 9.15 Authentication and a session keyFigure 9.16 Signature‐based authentication and a session keyFigure 9.17 Mutual authentication and a session keyFigure 9.18 Encrypt and sign mutual authenticationFigure 9.19 Naïve attempt at PFSFigure 9.20 Diffie–HellmanFigure 9.21 Ephemeral Diffie–Hellman for PFSFigure 9.22 Mutual authentication, session key, and PFSFigure 9.23 Authentication using a timestampFigure 9.24 Encrypt and sign using a timestampFigure 9.25 Trudy's attack on encrypt and signFigure 9.26 Secure encrypt and sign with a timestampFigure 9.27 TCP 3‐way handshakeFigure 9.28 TCP “authentication” attackFigure 9.29 Initial SEQ numbers [139]Figure 9.30 Bob's caveFigure 9.31 Bob's cave protocolFigure 9.32 Fiat–Shamir protocolFigure 9.33 Protocol subject to replacement attack
10 Chapter 10Figure 10.1 Simplified SSHFigure 10.2 Man‐in‐the‐middle “attack” on SSHFigure 10.3 Socket layerFigure 10.4 Too‐simple protocolFigure 10.5 Simplified SSLFigure 10.6 Man‐in‐the‐middle attack on SSLFigure 10.7 SSL connection protocolFigure 10.8 IPsecFigure 10.9 IPsec digital signature main modeFigure 10.10 IPsec digital signature aggressive modeFigure 10.11 IPsec public key encryption main modeFigure 10.12 IPsec public key encryption aggressive modeFigure 10.13 Trudy making mischiefFigure 10.14 IKE phase 2Figure 10.15 IP datagramFigure 10.16 IPsec transport modeFigure 10.17 IPsec from host‐to‐hostFigure 10.18 IPsec tunnel modeFigure 10.19 IPsec from firewall‐to‐firewallFigure 10.20 Kerberized loginFigure 10.21 Alice gets TicketToBob Figure 10.22 Alice contacts BobFigure 10.23 WEP authenticationFigure 10.24 WEP encryptionFigure 10.25 GSM overviewFigure 10.26 GSM authentication and encryption keyFigure 10.27 GSM fake base station
11 Chapter 11Figure 11.1 Buffer and a boolean flagFigure 11.2 Simple buffer overflowFigure 11.3 Memory organizationFigure 11.4 Stack exampleFigure 11.5 Buffer overflow causes a problemFigure 11.6 Evil buffer overflowFigure 11.7 Improved evil buffer overflowFigure 11.8 Incorrect serial numberFigure 11.9 Buffer overflow in serial number programFigure 11.10 Failed buffer overflow attackFigure 11.11 Successful buffer overflow attackFigure 11.12 CanaryFigure 11.13 How mkdir is supposed to workFigure 11.14 Attack on mkdir race conditionFigure 11.15 Slammer and Internet trafficFigure 11.16 Icon for freeMusic.mp3 Figure 11.17 Unexpected effect of freeMusic.mp3 TrojanFigure 11.18 Trojan revealed
12 Chapter 12Figure 12.1 Serial number programFigure 12.2 Correct serial numberFigure 12.3 Patched executableFigure 12.4 False disassemblyFigure 12.5 Anti‐debugging example
13 AppendixFigure A‐1 Number “line” mod 6Figure A‐2 DES expansion permutationFigure A‐3 DES P‐box permutationFigure A‐4 Initial
Guide
2
Title