Information Security. Mark Stamp
Читать онлайн книгу.
Real‐World Protocols
A security course based on this book is an ideal venue for individual or group projects. The textbook website includes a section on cryptanalysis, which is one possible source for crypto projects. In addition, many homework problems lend themselves well to class discussions or in‐class assignments; see, for example, Problem 16 in Chapter 10 or Problem 17 in Chapter 11.
The textbook website is at
http://www.cs.sjsu.edu/∼stamp/infosec/
where you'll find PowerPoint slides, all of the files mentioned in the homework problems, errata, and many other goodies. If I were teaching this class for the first time, I would particularly appreciate the PowerPoint slides, which have been thoroughly “battle tested” and improved over many iterations. In addition, a solutions manual is available to instructors (sorry, students) directly from your sentinel‐like author.
How does the math found in the Appendix fit in? Elementary modular arithmetic arises in a few sections of Chapters 3 and 5, while the number theory results are needed in Chapter 4 and Section 9.5 of Chapter 9. I've found that the vast majority of my students need to brush up on modular arithmetic basics. It only takes about 20 to 30 minutes of class time to cover the material on modular arithmetic and that will be time well spent prior to diving into public key cryptography. Trust me.
Permutations, which are briefly discussed in the Appendix, are most prominent in Chapter 3. The material in the Appendix on discrete probability is needed in the password cracking section of Chapter 6, for example.
Just as any large and complex software project must have bugs, it is a metaphysical certitude that this book has errors. I would like to hear about any errors—large or small—that you find. I will strive to maintain an up‐to‐date errata list on the textbook website. Also, don't hesitate to provide any suggestions you might have for a future edition of this book.
What's New for the Third Edition?
Several sections of the book have been reorganized and expanded, while other sections (and two entire chapters) have been removed. The major section on Network Security covers a broader range of topics, including an introduction to networking, which makes a course based on this book more self‐contained. Based on feedback from people who have used the book, there are additional examples in the crypto chapters, while the protocol chapters have been modified and expanded. The first and second edition included a chapter on modern cryptanalysis, which has been removed from this edition, but is still available on the textbook website—as are other topics that were deleted.
All figures have been reworked, making them clearer and (hopefully) better. And, of course, all known errors from the second edition have been fixed. The homework problems have been extensively modified throughout.
Information security is an evolving field and there have been some significant changes since this book was originally published in 2005. Nevertheless, the basic structure of that first edition remains essentially intact. I believe the organization and list of topics has held up well over the years. Consequently, for this third edition, the changes to the structure of the book are more evolutionary than revolutionary.
A Note on Typesetting
Cats right themselves; books don't.
— John Aycock
Having typeset many kilo‐pages using Donald Knuth's amazing TE X system and it's numerous add‐ons, your obsessive author decided to typeset this book in “pure” TeX. Specifically, the text is typeset using LaTeX, while the graphics are all generated using PGF and TikZ which, in turn, are written in METAPOST, which is itself based on Knuth's METAFONT. Did you follow all of that? Regardless, the point is that everything in this book is generated directly (more or less) from TeX. Yes, that includes images of fingerprints, pictures from Alice in Wonderland, a visual crypto generator (written entirely in TikZ, no less), and, literally, everything else. Why your eccentric author chose to do this is a mystery for the ages.
Mark Stamp
Los Gatos, California
June 2021
About the Author
I've been active in information security since dinosaurs roamed the earth, computing‐wise. My real‐world experience includes more than seven years at the National Security Agency followed by two years at a Silicon Valley startup company. While I can't say too much about my work at NSA, I can tell you that my job title was Cryptologic Mathematician. In industry I helped design and develop a digital rights management security product. This real‐world experience was sandwiched between academic jobs. While in academia, my research has dealt with a wide variety of security‐related topics, frequently including various aspects of machine learning and deep learning.
When I returned to academia in the early years of this century, there were few security books available, and none seemed to have much connection with the real world. I felt that I could write a textbook that would fill this gap, and that the resulting book could serve a dual purpose as both a textbook and a useful resource for working IT professionals. Based on the feedback I've received, the first two editions seem to have been reasonably successful in both aspects.
I believe that this third edition will prove even more valuable in its dual role as a textbook and as a resource for working professionals, but, of course, I'm biased. I can say that many of my former students who are now at leading Silicon Valley technology companies (some having started their own such companies) tell me that the material they learned in my courses has been useful to them. And I certainly wish that a book like this had been available when I worked in industry, since my colleagues and I would have benefitted greatly from it.
I do have a life outside of information security.1 My family includes my lovely wife, Melody, and two excellent sons, Austin (whose initials are AES), and Miles (whose initials are not DES, thanks to Melody). We enjoy the outdoors, with regular local hiking trips, among many other activities. I spend much of my free time kayak fishing and sailing in the Monterey Bay, or working on my perpetual fixer‐upper house in the wildfire‐and‐earthquake prone Santa Cruz mountains.
Note
1 1 Well, sort of.
Acknowledgments
My work in information security began when I was in graduate school. First and foremost, I want to thank my thesis advisor, Clyde F. Martin, for introducing me to this fascinating subject.
In my seven‐plus years at NSA, I learned more