Atjaunināt sīkdatņu piekrišanu

Introduction to Public Key Infrastructures 2013 ed. [Hardback]

4.00/5 (8 ratings by Goodreads)
, ,
  • Formāts: Hardback, 194 pages, height x width: 235x155 mm, weight: 4439 g, 146 Illustrations, black and white; XV, 194 p. 146 illus., 1 Hardback
  • Izdošanas datums: 04-Dec-2013
  • Izdevniecība: Springer-Verlag Berlin and Heidelberg GmbH & Co. K
  • ISBN-10: 3642406564
  • ISBN-13: 9783642406560
Citas grāmatas par šo tēmu:
  • Hardback
  • Cena: 73,68 €*
  • * ši ir gala cena, t.i., netiek piemērotas nekādas papildus atlaides
  • Standarta cena: 86,69 €
  • Ietaupiet 15%
  • Grāmatu piegādes laiks ir 3-4 nedēļas, ja grāmata ir uz vietas izdevniecības noliktavā. Ja izdevējam nepieciešams publicēt jaunu tirāžu, grāmatas piegāde var aizkavēties.
  • Daudzums:
  • Ielikt grozā
  • Piegādes laiks - 4-6 nedēļas
  • Pievienot vēlmju sarakstam
Introduction to Public Key Infrastructures 2013 ed.Palielināt
  • Formāts: Hardback, 194 pages, height x width: 235x155 mm, weight: 4439 g, 146 Illustrations, black and white; XV, 194 p. 146 illus., 1 Hardback
  • Izdošanas datums: 04-Dec-2013
  • Izdevniecība: Springer-Verlag Berlin and Heidelberg GmbH & Co. K
  • ISBN-10: 3642406564
  • ISBN-13: 9783642406560
Citas grāmatas par šo tēmu:
Permanent link: https://www.kriso.lv/db/9783642406560.html
Keywords:

The introduction of public key cryptography (PKC) was a critical advance in IT security. In contrast to symmetric key cryptography, it enables confidential communication between entities in open networks, in particular the Internet, without prior contact. Beyond this PKC also enables protection techniques that have no analogue in traditional cryptography, most importantly digital signatures which for example support Internet security by authenticating software downloads and updates. Although PKC does not require the confidential exchange of secret keys, proper management of the private and public keys used in PKC is still of vital importance: the private keys must remain private, and the public keys must be verifiably authentic. So understanding so-called public key infrastructures (PKIs) that manage key pairs is at least as important as studying the ingenious mathematical ideas underlying PKC.

In this book the authors explain the most important concepts underlying PKIs and discuss relevant standards, implementations, and applications. The book is structured into chapters on the motivation for PKI, certificates, trust models, private keys, revocation, validity models, certification service providers, certificate policies, certification paths, and practical aspects of PKI.

This is a suitable textbook for advanced undergraduate and graduate courses in computer science, mathematics, engineering, and related disciplines, complementing introductory courses on cryptography. The authors assume only basic computer science prerequisites, and they include exercises in all chapters and solutions in an appendix. They also include detailed pointers to relevant standards and implementation guidelines, so the book is also appropriate for self-study and reference by industrial and academic researchers and practitioners.



This book explains the most important concepts, standards, implementations, and applications of public key infrastructures (PKIs). All chapters contain exercises, with solutions provided in an appendix.

Recenzijas

From the reviews:

The layout and chapter exercises make the book suitable for use as a course textbook. The authors explain the complex workings of public-key cryptography and the infrastructure necessary to support it. The chapters are well illustrated with diagrams and figures. It is not necessary to understand how PKI works to securely use the Internet, but if you do want to understand the minutia of PKI then this book will help. (David B. Henderson, Computing Reviews, March, 2014)

1 The Purpose of PKI
1(20)
1.1 The Internet
1(1)
1.2 Security Goals
2(3)
1.2.1 Confidentiality
2(1)
1.2.2 Integrity
3(1)
1.2.3 Entity Authentication
3(1)
1.2.4 Data Authenticity
4(1)
1.2.5 Non-repudiation
5(1)
1.2.6 Other Security Goals
5(1)
1.3 Cryptography
5(10)
1.3.1 Secret Key Encryption
5(2)
1.3.2 Public Key Encryption
7(1)
1.3.3 The RSA Public Key Cryptosystem
8(1)
1.3.4 Other Public Key Cryptosystems
9(1)
1.3.5 Hybrid Encryption
10(1)
1.3.6 Cryptographic Hash Functions and Message Authentication Codes
11(1)
1.3.7 Digital Signatures
12(1)
1.3.8 The RSA Signature Scheme
13(1)
1.3.9 Other Digital Signature Schemes
14(1)
1.4 Why Public Key Infrastructure?
15(1)
1.5 Identity-Based Public Key Cryptography
16(1)
1.6 Object Identifiers
17(1)
1.7 Exercises
17(4)
References
18(3)
2 Certificates
21(18)
2.1 The Concept of a Certificate
21(1)
2.2 X.509 Certificates
22(5)
2.2.1 Structure
22(2)
2.2.2 tbsCertificate
24(3)
2.2.3 signatureAlgorithm
27(1)
2.2.4 signatureValue
27(1)
2.3 X.509 Certificate Extensions
27(4)
2.4 Attribute Certificates
31(1)
2.5 CV Certificates
31(2)
2.6 PGP Certificates
33(1)
2.7 Other Certificates
33(2)
2.7.1 WAP Certificates
34(1)
2.7.2 SPKI Certificates
34(1)
2.7.3 Traceable Anonymous Certificate
35(1)
2.8 Exercises
35(4)
References
37(2)
3 Trust Models
39(22)
3.1 Direct Trust
39(3)
3.2 Web of Trust
42(6)
3.2.1 Key Ring
44(3)
3.2.2 Trust Signatures
47(1)
3.2.3 Probabilistic Trust Model for GnuPG
48(1)
3.3 Hierarchical Trust
48(3)
3.3.1 Basic Constraints
50(1)
3.4 Combining Trust Hierarchies
51(7)
3.4.1 Trusted Lists
52(1)
3.4.2 Common Root
53(3)
3.4.3 Cross-Certification
56(1)
3.4.4 Bridge
56(2)
3.5 Exercises
58(3)
References
60(1)
4 Private Keys
61(14)
4.1 Private Key Life Cycle
61(1)
4.2 Personal Security Environments
62(1)
4.3 Software PSEs
63(5)
4.3.1 PKCS#12
63(1)
4.3.2 PKCS#8
64(1)
4.3.3 Java KeyStore
65(1)
4.3.4 Application-Specific Formats
65(3)
4.4 Hardware PSEs
68(5)
4.4.1 Smart Cards
68(1)
4.4.2 Smart Card Readers
69(1)
4.4.3 Smart Card Communication Interfaces
70(2)
4.4.4 Hardware Security Module
72(1)
4.5 Exercises
73(2)
References
73(2)
5 Revocation
75(20)
5.1 Requirements
75(1)
5.2 Certificate Revocation Lists
76(7)
5.2.1 Basic Fields
76(3)
5.2.2 CRL Extensions
79(2)
5.2.3 Issuing Time of a CRL
81(1)
5.2.4 Delta CRLs
82(1)
5.2.5 Authority Revocation List
83(1)
5.2.6 Indirect CRLs
83(1)
5.3 Certificate Extensions Related to Revocation
83(1)
5.3.1 CRL Distribution Points
83(1)
5.4 OCSP
84(5)
5.4.1 Functionality
84(2)
5.4.2 Extensions
86(3)
5.4.3 Lightweight OCSP
89(1)
5.4.4 Design of an OCSP Server
89(1)
5.5 Other Revocation Mechanisms
89(1)
5.5.1 Novomodo
89(1)
5.5.2 Short-Lived Certificates
90(1)
5.6 Revocation in PGP
90(1)
5.7 Exercises
91(4)
References
94(1)
6 Validity Models
95(8)
6.1 The Shell Model
95(2)
6.2 The Chain Model
97(1)
6.3 The Modified Shell Model
98(2)
6.4 Exercises
100(3)
References
101(2)
7 Certification Service Provider
103(14)
7.1 Certificate Life Cycle
103(2)
7.1.1 Certificate Generation Phase
103(1)
7.1.2 Certificate Validity Phase
104(1)
7.1.3 Certificate Invalidity Phase
104(1)
7.2 Registration Authority
105(2)
7.3 Certification Authority
107(1)
7.4 Other Components
108(1)
7.5 Communication Within CSPs
108(7)
7.5.1 Cryptographic Protection of Messages
108(1)
7.5.2 Certificate Requests
109(3)
7.5.3 Complex Message Formats and Protocols
112(3)
7.6 Exercises
115(2)
References
115(2)
8 Certificate Policies
117(8)
8.1 Structure of Certificate Policies
117(2)
8.1.1 Certification Practice Statement
119(1)
8.2 Relevant Certificate Extensions
119(3)
8.2.1 Certificate Policies
119(1)
8.2.2 Policy Mappings
119(2)
8.2.3 Policy Constraints
121(1)
8.2.4 Inhibit anyPolicy
121(1)
8.3 Extended Validation Certificates
122(1)
8.4 Exercises
122(3)
References
123(2)
9 Certification Paths: Retrieval and Validation
125(18)
9.1 LDAP
125(6)
9.1.1 Storing Certificates
126(3)
9.1.2 Certificate Search
129(1)
9.1.3 Storing CRLs
130(1)
9.1.4 Security
131(1)
9.2 Other Certificate Retrieval Methods
131(1)
9.2.1 DNS
131(1)
9.2.2 HTTP
132(1)
9.2.3 Web Servers and FTP Servers
132(1)
9.2.4 WebDAV
132(1)
9.3 Certification Path Building
132(2)
9.4 Certification Path Validation
134(3)
9.4.1 Validation Algorithm
135(2)
9.5 Server-Based Certificate Validation Protocol (SCVP)
137(1)
9.6 Relevant Certificate Extensions
138(2)
9.6.1 Authority Information Access
138(1)
9.6.2 Subject Information Access
139(1)
9.7 Exercises
140(3)
References
141(2)
10 PKI in Practice
143(22)
10.1 Internet
143(1)
10.2 Email
144(8)
10.2.1 S/MIME
145(2)
10.2.2 PGP
147(5)
10.3 Code Signing
152(2)
10.4 VPN
154(2)
10.5 Legally Binding Electronic Signatures
156(3)
10.6 E-Government
159(3)
10.7 Exercises
162(3)
References
163(2)
A Basic Path Validation Algorithm 165(8)
Solutions to the Exercises 173(14)
Index 187
Johannes A. Buchmann received a PhD in Mathematics in 1982. He is a Professor of Computer Science and Mathematics at TU Darmstadt specializing in cryptography and IT security. In 1993 he received the Leibniz Award of the German Science Foundation, the most prestigious science award in Germany. He is a member of the German National Academy of Sciences Leopoldina and the German Academy of Science and Engineering. He is also the author of the Springer Undergraduate Text in Mathematics "Introduction to Cryptography".

Evangelos Karatsiolis received a PhD in computer science in 2007. He works as a software engineer at FlexSecure GmbH in Darmstadt, designing and implementing PKI projects. He has lectured on PKI and has served on several program committees in the field of IT security.

Alexander Wiesmaier obtained a PhD in computer science in 2008. He works as a Lead Architect and a Senior Researcher at AGT International in Darmstadt. He specializes in critical infrastructure protection and national cyberspace defense. He is a consulting expert for the European Network and Information Security Agency, advising the agency on electronic identities and applied cryptography. He has lectured on IT security and has served on various program committees in the field of IT security.