CRYPTOGRAPHY AND
N
ETWORK SECURITY
PRINCIPLES AND PRACTICE
SEVENTH EDITION
GLOBAL EDITION
William Stallings
Boston Columbus Indianapolis New York San Francisco Hoboken
Amsterdam Cape Town Dubai London Madrid Milan Munich Paris Montréal Toronto
Delhi Mexico City São Paulo Sydney Hong Kong Seoul Singapore Taipei Tokyo
For Tricia: never dull, never boring,
the smartest and bravest person
Iknow
ISBN 10:1-292-15858-1
ISBN 13: 978-1-292-15858-7
10 9
8 7 6 5 4 3 2 1
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library
Vice President and Editorial Director, ECS:
Marcia J. Horton
Executive Editor:
Tracy Johnson (Dunkelberger)
Editorial Assistant: Kristy Alaura
Acquisitions Editor, Global Editions: Abhijit Baroi
Program Manager: Carole Snyder
Project Manager: Robert Engelhardt
Project Editor, Global Editions: K.K. Neelakantan
Media Team Lead: Steve Wright
R&P Manager: Rachel Youdelman
R&P Senior Project Manager: William Opaluch
Senior Operations Specialist: Maura Zaldivar-Garcia
Inventory Manager: Meredith Maresca
Inventory Manager: Meredith Maresca
Senior Manufacturing Controller, Global Editions:
Trudy Kimber
Media Production Manager, Global Editions:
Vikram Kumar
Product Marketing Manager: Bram Van Kempen
Marketing Assistant: Jon Bryant
Cover Designer: Lumina Datamatics
Cover Art: © goghy73 / Shutterstock
Full-Service Project Management:
Chandrakala Prakash, SPi Global
Composition: SPi Global
Credits and acknowledgments borrowed from other sources and reproduced, with permission, in this textbook
appear on page 753.
© Pearson Education Limited 2017
The right of William Stallings to be identified as the author of this work has been asserted by him in accordance
with the Copyright, Designs and Patents Act 1988.
Authorized adaptation from the United States edition, entitled Cryptography and Network Security: Principles and
Practice, 7
th
Edition, ISBN 978-0-13-444428-4, by William Stallings published by Pearson Education © 2017.
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in
any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without either the prior
written permission of the publisher or a license permitting restricted copying in the United Kingdom issued by the
Copyright Licensing Agency Ltd, Saffron House, 6–10 Kirby Street, London EC1N 8TS.
All trademarks used herein are the property of their respective owners. The use of any trademark in this text does
not vest in the author or publisher any trademark ownership rights in such trademarks, nor does the use of such
trademarks imply any affiliation with or endorsement of this book by such owners.
Pearson Education Limited
Edinburgh Gate
Harlow
Essex CM20 2JE
England
and Associated Companies throughout the world
Visit us on the World Wide Web at:
www.pearsonglobaleditions.com
Typeset by SPi Global
Printed and bound in Malaysia.
3
CONTENTS
Notation 10
Preface 12
About the Author 18
PART ONE: BACKGROUND 19
Chapter 1 Computer and Network Security Concepts 19
1.1 Computer Security Concepts 21
1.2 The OSI Security Architecture 26
1.3 Security Attacks 27
1.4 Security Services 29
1.5 Security Mechanisms 32
1.6 Fundamental Security Design Principles 34
1.7 Attack Surfaces and Attack Trees 37
1.8 A Model for Network Security 41
1.9 Standards 43
1.10 Key Terms, Review Questions, and Problems 44
Chapter 2 Introduction to Number Theory 46
2.1 Divisibility and the Division Algorithm 47
2.2 The Euclidean Algorithm 49
2.3 Modular Arithmetic 53
2.4 Prime Numbers 61
2.5 Fermat’s and Euler’s Theorems 64
2.6 Testing for Primality 68
2.7 The Chinese Remainder Theorem 71
2.8 Discrete Logarithms 73
2.9 Key Terms, Review Questions, and Problems 78
Appendix 2A The Meaning of Mod 82
PART TWO: SYMMETRIC CIPHERS 85
Chapter 3 Classical Encryption Techniques 85
3.1 Symmetric Cipher Model 86
3.2 Substitution Techniques 92
3.3 Transposition Techniques 107
3.4 Rotor Machines 108
3.5 Steganography 110
3.6 Key Terms, Review Questions, and Problems 112
Chapter 4 Block Ciphers and the Data Encryption Standard 118
4.1 Traditional Block Cipher Structure 119
4.2 The Data Encryption Standard 129
4.3 A DES Example 131
4.4 The Strength of DES 134
4 CONTENTS
4.5 Block Cipher Design Principles 135
4.6 Key Terms, Review Questions, and Problems 137
Chapter 5 Finite Fields 141
5.1 Groups 143
5.2 Rings 145
5.3 Fields 146
5.4 Finite Fields of the Form GF(p) 147
5.5 Polynomial Arithmetic 151
5.6 Finite Fields of the Form GF(2
n
) 157
5.7 Key Terms, Review Questions, and Problems 169
Chapter 6 Advanced Encryption Standard 171
6.1 Finite Field Arithmetic 172
6.2 AES Structure 174
6.3 AES Transformation Functions 179
6.4 AES Key Expansion 190
6.5 An AES Example 193
6.6 AES Implementation 197
6.7 Key Terms, Review Questions, and Problems 202
Appendix 6A Polynomials with Coefficients in GF(2
8
) 203
Chapter 7 Block Cipher Operation 207
7.1 Multiple Encryption and Triple DES 208
7.2 Electronic Codebook 213
7.3 Cipher Block Chaining Mode 216
7.4 Cipher Feedback Mode 218
7.5 Output Feedback Mode 220
7.6 Counter Mode 222
7.7 XTS-AES Mode for Block-Oriented Storage Devices 224
7.8 Format-Preserving Encryption 231
7.9 Key Terms, Review Questions, and Problems 245
Chapter 8 Random Bit Generation and Stream Ciphers 250
8.1 Principles of Pseudorandom Number Generation 252
8.2 Pseudorandom Number Generators 258
8.3 Pseudorandom Number Generation Using a Block Cipher 261
8.4 Stream Ciphers 267
8.5 RC4 269
8.6 True Random Number Generators 271
8.7 Key Terms, Review Questions, and Problems 280
PART THREE: ASYMMETRIC CIPHERS 283
Chapter 9 Public-Key Cryptography and RSA 283
9.1 Principles of Public-Key Cryptosystems 285
9.2 The RSA Algorithm 294
9.3 Key Terms, Review Questions, and Problems 308
CONTENTS 5
Chapter 10 Other Public-Key Cryptosystems 313
10.1 Diffie-Hellman Key Exchange 314
10.2 Elgamal Cryptographic System 318
10.3 Elliptic Curve Arithmetic 321
10.4 Elliptic Curve Cryptography 330
10.5 Pseudorandom Number Generation Based on an Asymmetric Cipher 334
10.6 Key Terms, Review Questions, and Problems 336
PART FOUR: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS 339
Chapter 11 Cryptographic Hash Functions 339
11.1 Applications of Cryptographic Hash Functions 341
11.2 Two Simple Hash Functions 346
11.3 Requirements and Security 348
11.4 Hash Functions Based on Cipher Block Chaining 354
11.5 Secure Hash Algorithm (SHA) 355
11.6 SHA-3 365
11.7 Key Terms, Review Questions, and Problems 377
Chapter 12 Message Authentication Codes 381
12.1 Message Authentication Requirements 382
12.2 Message Authentication Functions 383
12.3 Requirements for Message Authentication Codes 391
12.4 Security of MACs 393
12.5 MACs Based on Hash Functions: HMAC 394
12.6 MACs Based on Block Ciphers: DAA and CMAC 399
12.7 Authenticated Encryption: CCM and GCM 402
12.8 Key Wrapping 408
12.9 Pseudorandom Number Generation Using Hash Functions and MACs 413
12.10 Key Terms, Review Questions, and Problems 416
Chapter 13 Digital Signatures 419
13.1 Digital Signatures 421
13.2 Elgamal Digital Signature Scheme 424
13.3 Schnorr Digital Signature Scheme 425
13.4 NIST Digital Signature Algorithm 426
13.5 Elliptic Curve Digital Signature Algorithm 430
13.6 RSA-PSS Digital Signature Algorithm 433
13.7 Key Terms, Review Questions, and Problems 438
PART FIVE: MUTUAL TRUST 441
Chapter 14 Key Management and Distribution 441
14.1 Symmetric Key Distribution Using Symmetric Encryption 442
14.2 Symmetric Key Distribution Using Asymmetric Encryption 451
14.3 Distribution of Public Keys 454
14.4 X.509 Certificates 459
评论5