1st Edition

A Multidisciplinary Introduction to Information Security

Edited By Stig F. Mjolsnes Copyright 2012
    348 Pages 83 B/W Illustrations
    by Chapman & Hall

    348 Pages 83 B/W Illustrations
    by Chapman & Hall

    With most services and products now being offered through digital communications, new challenges have emerged for information security specialists. A Multidisciplinary Introduction to Information Security presents a range of topics on the security, privacy, and safety of information and communication technology. It brings together methods in pure mathematics, computer and telecommunication sciences, and social sciences.

    The book begins with the cryptographic algorithms of the Advanced Encryption Standard (AES) and Rivest, Shamir, and Adleman (RSA). It explains the mathematical reasoning behind public key cryptography and the properties of a cryptographic hash function before presenting the principles and examples of quantum cryptography. The text also describes the use of cryptographic primitives in the communication process, explains how a public key infrastructure can mitigate the problem of crypto-key distribution, and discusses the security problems of wireless network access. After examining past and present protection mechanisms in the global mobile telecommunication system, the book proposes a software engineering practice that prevents attacks and misuse of software. It then presents an evaluation method for ensuring security requirements of products and systems, covers methods and tools of digital forensics and computational forensics, and describes risk assessment as part of the larger activity of risk management. The final chapter focuses on information security from an organizational and people point of view.

    As our ways of communicating and doing business continue to shift, information security professionals must find answers to evolving issues. Offering a starting point for more advanced work in the field, this volume addresses various security and privacy problems and solutions related to the latest information and communication technology.

    Introduction, Stig F. Mjølsnes
    Motivation
    What Is Information Security?
    Some Basic Concepts
    A Synopsis of the Topics
    Further Reading and Web Sites

    Security Electronics, E.J. Aas and P.G. Kjeldsberg
    Introduction
    Examples of Security Electronics
    Side Channel Attacks
    Summary
    Further Reading and Web Sites

    Public Key Cryptography, S.O. Smalø
    Introduction
    Hash Functions and One Time Pads
    Public Key Cryptography
    RSA-Public Key Cryptography
    RSA-Public Key Cryptography with Signature
    Problem with Signatures
    Receipt
    Secret Sharing Based on Discrete Logarithm Problems
    Further Reading

    Cryptographic Hash Functions, D. Gligoroski
    Introduction
    Definition for Cryptographic Hash Function
    Iterated Hash Functions
    Most Popular Cryptographic Hash Function
    Application of Cryptographic Hash Function
    Further Reading and Web Sites

    Quantum Cryptography, Dag Roar Hjelme, Lars Lydersen, and Vadim Makarov
    Introduction
    Quantum Bit
    Quantum Copying
    Quantum Key Distribution
    Practical Quantum Cryptography
    Technology
    Applications
    Summary
    Further Reading and Web Sites

    Cryptographic Protocols, Stig F. Mjølsnes
    The Origins
    Information Policies
    Some Concepts
    Protocol Failures
    Heuristics
    Tools for Automated Security Analysis
    Further Reading and Web Sites

    Public Key Distribution, Stig F. Mjølsnes
    The Public Key Distribution Problem
    Authenticity and Validity of Public Keys
    The Notion of Public Key Certificates
    Revocation
    Public Key Infrastructure
    Identity-Based Public Key
    Further Reading and Web Sites

    Wireless Network Access, Stig F. Mjølsnes and Martin Eian
    Introduction
    Wireless Local Area Networks
    The 802.11 Security Mechanisms
    Wired Equivalent Privacy
    RSN with CCMP
    Assumptions and Vulnerabilities
    Summary
    Further Reading and Web Sites

    Mobile Security, Jan Audestad
    The GSM Security
    3G Architecture
    Extent of Protection
    Security Functions in the Authentication Center
    Security Functions in the SGSN/RNC
    Security Functions in the Mobile Terminal (USIM)
    Encryption and Integrity
    Anonymity
    Example: Anonymous Roaming in a Mobile Network
    Using GSM/3G Terminals as Authentication Tokens
    Further Reading

    A Lightweight Approach to Secure Software Engineering, Martin Gilje Jaatun, Jostein Jensen, Per Häkon Meland, and Inger Anne Tøndel
    Introduction
    Asset Identification
    Security Requirements
    Secure Software Design
    Testing for Software Security
    Summary
    Further Reading and Web Sites

    ICT Security Evaluation, S.J. Knapskog
    Introduction
    ISO/IEC 15408, Part 1/3 Evaluation Criteria for IT Security (CC)
    Definition of Assurance
    Building Confidence in the Evaluation Process
    Organizing the Requirements in the CC
    Assurance Elements
    Functional Classes
    Protection Profiles (PPs)
    PP Registries
    Definition of a Security Target (ST)
    Evaluation of a ST
    Evaluation Schemes
    Evaluation Methodology
    Conclusion

    ICT and Forensic Science, Stig F. Mjølsnes and Svein Y. Willassen
    ICT and Forensic Science
    The Crime Scene
    Forensic Science
    Evidence
    The Digital Investigation Process
    Digital Evidence Extraction
    Digital Evidence Analysis Techniques
    Anti-Forensics
    Further Reading and Web Sites

    Risk Assessment, Stein Haugen
    Risk Assessment in the Risk Management Process
    Terminology
    Main Elements of the Risk Assessment Process
    Summary
    Further Reading and Web Sites

    Information Security Management—From Regulations to End-Users, Eirik Albrechtsen and Jan Hovden
    A Risk Governance Framework Applied to Information Security
    Regulations and Control
    Information Security Management

    Index

    A Bibliography appears at the end of each chapter.

    Biography

    Stig F. Mjølsnes is a professor in the Department of Telematics at the Norwegian University of Science and Technology. His research focuses on the development and application of cryptographic protocols and security models.