5
1
Hardcover
$112.00
-
PICK UP IN STORECheck Availability at Nearby Stores
Available within 2 business hours
Related collections and offers
112.0
In Stock
Overview
If you're charged with maintaining the security of e-commerce sites, you need this unique book that provides an in-depth understanding of basic security problems and relevant e-commerce solutions, while helping you implement today's most advanced security technologies.
From designing secure Web, e-commerce, and mobile commerce applications... to securing your internal network... to providing secure employee/user authentication, this cutting-edge book gives you a valuable security perspective you won't find in other resources.
Flexibly structured to give you a comprehensive overview or to help you quickly pinpoint topics of immediate concern, the book includes sections on basic security mechanisms, the specific requirements of electronic payment systems, address communication security, and Web- and Java-related security issues. A full section is devoted to the security aspects of code and customer mobility, specifically mobile agents, mobile devices, and smart cards. Over 70 illustrations help clarify important points throughout the book.
From designing secure Web, e-commerce, and mobile commerce applications... to securing your internal network... to providing secure employee/user authentication, this cutting-edge book gives you a valuable security perspective you won't find in other resources.
Flexibly structured to give you a comprehensive overview or to help you quickly pinpoint topics of immediate concern, the book includes sections on basic security mechanisms, the specific requirements of electronic payment systems, address communication security, and Web- and Java-related security issues. A full section is devoted to the security aspects of code and customer mobility, specifically mobile agents, mobile devices, and smart cards. Over 70 illustrations help clarify important points throughout the book.
Product Details
ISBN-13: | 9781580531085 |
---|---|
Publisher: | Artech House, Incorporated |
Publication date: | 10/31/2000 |
Series: | Artech House Computer Security Series |
Pages: | 436 |
Product dimensions: | 6.14(w) x 9.21(h) x 0.94(d) |
About the Author
Vesna Hassler is a member of the Distributed Systems Group at the Technical University of Vienna. Her research and teaching focus is on network and e-commerce security. She is also an independent consultant. She received her B.Sc. and M.Sc. degrees in Electrical Engineering from Zagreb University (Croatia), and her Ph.D. degree from Graz University of Technology (Austria). Dr. Hassler has published a number of conference and journal papers on cryptography, network security, payment systems, and smart cards.
Table of Contents
Preface | xix | |
What is covered in this book | xix | |
Is security an obstacle to e-commerce development? | xx | |
Why I wrote this book | xxi | |
Some disclaimers | xxi | |
How to read this book | xxi | |
Acknowledgements | xxii | |
Part 1 | Information Security | 1 |
1 | Introduction to Security | 3 |
1.1 | Security Threats | 3 |
1.2 | Risk Management | 4 |
1.3 | Security Services | 5 |
1.4 | Security Mechanisms | 6 |
2 | Security Mechanisms | 11 |
2.1 | Data Integrity Mechanisms | 11 |
2.1.1 | Cryptographic Hash Functions | 12 |
2.1.2 | Message Authentication Code | 14 |
2.2 | Encryption Mechanisms | 15 |
2.2.1 | Symmetric Mechanisms | 15 |
2.2.2 | Public Key Mechanisms | 24 |
2.3 | Digital Signature Mechanisms | 36 |
2.3.1 | RSA Digital Signature | 37 |
2.3.2 | Digital Signature Algorithm | 38 |
2.3.3 | Elliptic Curve Analog of DSA | 40 |
2.3.4 | Public Key Management | 41 |
2.4 | Access Control Mechanisms | 41 |
2.4.1 | Identity-Based Access Control | 42 |
2.4.2 | Rule-Based Access Control | 43 |
2.5 | Authentication Exchange Mechanisms | 43 |
2.5.1 | Zero-Knowledge Protocols | 44 |
2.5.2 | Guillou-Quisquater | 44 |
2.6 | Traffic Padding Mechanisms | 45 |
2.7 | Message Freshness | 46 |
2.8 | Random Numbers | 47 |
3 | Key Management and Certificates | 51 |
3.1 | Key Exchange Protocols | 51 |
3.1.1 | Diffie-Hellman | 52 |
3.1.2 | Elliptic Curve Analog of Diffie-Hellman | 53 |
3.2 | Public Key Infrastructure | 53 |
3.2.1 | X.509 Certificate Format | 54 |
3.2.2 | Internet X.509 Public Key Infrastructure | 59 |
3.3 | Encoding Methods | 61 |
Part 2 | Electronic Payment Security | 65 |
4 | Electronic Payment Systems | 67 |
4.1 | Electronic Commerce | 67 |
4.2 | Electronic Payment Systems | 68 |
4.2.1 | Off-line Versus Online | 69 |
4.2.2 | Debit Versus Credit | 70 |
4.2.3 | Macro Versus Micro | 70 |
4.2.4 | Payment Instruments | 70 |
4.2.5 | Electronic Wallet | 75 |
4.2.6 | Smart Cards | 75 |
4.3 | Electronic Payment Security | 76 |
5 | Payment Security Services | 79 |
5.1 | Payment Security Services | 79 |
5.1.1 | Payment Transaction Security | 81 |
5.1.2 | Digital Money Security | 83 |
5.1.3 | Electronic Check Security | 83 |
5.2 | Availability and Reliability | 84 |
6 | Payment Transaction Security | 85 |
6.1 | User Anonymity and Location Untraceability | 85 |
6.1.1 | Chain of Mixes | 86 |
6.2 | Payer Anonymity | 88 |
6.2.1 | Pseudonyms | 88 |
6.3 | Payment Transaction Untraceability | 90 |
6.3.1 | Randomized Hashsum in iKP | 90 |
6.3.2 | Randomized Hashsum in SET | 90 |
6.4 | Confidentiality of Payment Transaction Data | 91 |
6.4.1 | Pseudorandom Function | 91 |
6.4.2 | Dual Signature | 93 |
6.5 | Nonrepudiation of Payment Transaction Messages | 95 |
6.5.1 | Digital Signature | 96 |
6.6 | Freshness of Payment Transaction Messages | 98 |
6.6.1 | Nonces and Time Stamps | 98 |
7 | Digital Money Security | 101 |
7.1 | Payment Transaction Untraceability | 101 |
7.1.1 | Blind Signature | 102 |
7.1.2 | Exchanging Coins | 102 |
7.2 | Protection Against Double Spending | 103 |
7.2.1 | Conditional Anonymity by Cut-and-Choose | 103 |
7.2.2 | Blind Signature | 104 |
7.2.3 | Exchanging Coins | 104 |
7.2.4 | Guardian | 105 |
7.3 | Protection Against of Forging of Coins | 110 |
7.3.1 | Expensive-to-Produce Coins | 110 |
7.4 | Protection Against Stealing of Coins | 111 |
7.4.1 | Customized Coins | 111 |
8 | Electronic Check Security | 119 |
8.1 | Payment Authorization Transfer | 119 |
8.1.1 | Proxies | 120 |
9 | An Electronic Payment Framework | 125 |
9.1 | Internet Open Trading Protocol (IOTP) | 125 |
9.2 | Security Issues | 127 |
9.3 | An Example With Digital Signatures | 128 |
Part 3 | Communication Security | 133 |
10 | Communication Network | 135 |
10.1 | Introduction | 135 |
10.2 | The OSI Reference Model | 136 |
10.3 | The Internet Model | 138 |
10.4 | Networking Technologies | 141 |
10.5 | Security at Different Layers | 143 |
10.5.1 | Protocol Selection Criteria | 145 |
10.6 | Malicious Programs | 146 |
10.6.1 | The Internet Worm | 147 |
10.6.2 | Macros and Executable Content | 149 |
10.7 | Communication Security Issues | 149 |
10.7.1 | Security Threats | 150 |
10.7.2 | Security Negotiation | 153 |
10.7.3 | TCP/IP Support Protocols | 154 |
10.7.4 | Vulnerabilities and Flaws | 154 |
10.8 | Firewalls | 157 |
10.9 | Virtual Private Networks (VPN) | 158 |
11 | Network Access Layer Security | 161 |
11.1 | Introduction | 161 |
11.2 | Asynchronous Transfer Mode (ATM) | 162 |
11.2.1 | ATM Security Services | 164 |
11.2.2 | Multicast Security | 169 |
11.2.3 | ATM Security Message Exchange | 169 |
11.2.4 | ATM VPN | 169 |
11.3 | Point-to-Point Protocol (PPP) | 170 |
11.3.1 | Password Authentication Protocol (PAP) | 173 |
11.3.2 | Challenge-Handshake Authentication Protocol (CHAP) | 174 |
11.3.3 | Extensible Authentication Protocol (EAP) | 176 |
11.3.4 | Encryption Control Protocol (ECP) | 179 |
11.4 | Layer Two Tunneling Protocol (L2TP) | 179 |
12 | Internet Layer Security | 185 |
12.1 | Introduction | 185 |
12.2 | Packet Filters | 186 |
12.2.1 | Filtering Based on IP Addresses | 186 |
12.2.2 | Filtering Based on IP Addresses and Port Numbers | 188 |
12.2.3 | Problems With TCP | 191 |
12.2.4 | Network Address Translation (NAT) | 195 |
12.3 | IP Security (IPsec) | 196 |
12.3.1 | Security Association | 197 |
12.3.2 | The Internet Key Exchange (IKE) | 199 |
12.3.3 | IP Security Mechanisms | 204 |
12.4 | Domain Name Service (DNS) Security | 210 |
12.5 | Network-Based Intrusion Detection | 210 |
12.5.1 | Network Intrusion Detection Model | 212 |
12.5.2 | Intrusion Detection Methods | 213 |
12.5.3 | Attack Signatures | 215 |
13 | Transport Layer Security | 221 |
13.1 | Introduction | 221 |
13.2 | TCP Wrapper | 222 |
13.3 | Circuit Gateways | 223 |
13.3.1 | SOCKS Version 5 | 223 |
13.4 | Transport Layer Security (TLS) | 225 |
13.4.1 | TLS Record Protocol | 226 |
13.4.2 | TLS Handshake Protocol | 227 |
13.5 | Simple Authentication and Security Layer (SASL) | 232 |
13.5.1 | An Example: LDAPv3 With SASL | 233 |
13.6 | Internet Security Association and Key Management Protocol (ISAKMP) | 235 |
13.6.1 | Domain of Interpretation (DOI) | 235 |
13.6.2 | ISAKMP Negotiations | 236 |
14 | Application Layer Security | 243 |
14.1 | Introduction | 243 |
14.2 | Application Gateways and Content Filters | 244 |
14.3 | Access Control and Authorization | 245 |
14.4 | Operating System Security | 246 |
14.5 | Host-Based Intrusion Detection | 249 |
14.5.1 | Audit Records | 249 |
14.5.2 | Types of Intruders | 249 |
14.5.3 | Statistical Intrusion Detection | 250 |
14.6 | Security-Enhanced Internet Applications | 251 |
14.7 | Security Testing | 251 |
Part 4 | Web Security | 255 |
15 | The Hypertext Transfer Protocol | 257 |
15.1 | Introduction | 257 |
15.2 | Hypertext Transfer Protocol (HTTP) | 258 |
15.2.1 | HTTP Messages | 260 |
15.2.2 | Headers Leaking Sensitive Information | 262 |
15.2.3 | HTTP Cache Security Issues | 263 |
15.2.4 | HTTP Client Authentication | 264 |
15.2.5 | SSL Tunneling | 267 |
15.3 | Web Transaction Security | 268 |
15.3.1 | S-HTTP | 270 |
16 | Web Server Security | 273 |
16.1 | Common Gateway Interface | 274 |
16.2 | Servlets | 276 |
16.3 | Anonymous Web Publishing: Rewebber | 277 |
16.4 | Database Security | 277 |
16.5 | Copyright Protection | 280 |
17 | Web Client Security | 285 |
17.1 | Web Spoofing | 286 |
17.2 | Privacy Violations | 287 |
17.3 | Anonymizing Techniques | 288 |
17.3.1 | Anonymous Remailers | 289 |
17.3.2 | Anonymous Routing: Onion Routing | 290 |
17.3.3 | Anonymous Routing: Crowds | 291 |
17.3.4 | Web Anonymizer | 295 |
17.3.5 | Lucent Personalized Web Assistant (LPWA) | 295 |
18 | Mobile Code Security | 299 |
18.1 | Introduction | 299 |
18.2 | Helper Applications and Plug-Ins | 302 |
18.3 | Java | 302 |
18.3.1 | Java Safety | 304 |
18.3.2 | Java Type Safety | 305 |
18.3.3 | Java Threads and Timing Attacks | 307 |
18.3.4 | Java Applets | 308 |
18.3.5 | Malicious and Hostile Applets | 309 |
18.3.6 | Stack Inspection | 310 |
18.3.7 | Protection Domains in JDK 1.2.x | 312 |
18.3.8 | Writing Secure Applications in Java | 314 |
18.4 | ActiveX Controls and Authenticode | 315 |
18.5 | JavaScript | 316 |
19 | Web-Based E-Commerce Concepts | 321 |
19.1 | Introduction | 321 |
19.2 | XML-Based Concepts | 322 |
19.3 | Micropayment Markup | 324 |
19.4 | Joint Electronic Payments Initiative (JEPI) | 324 |
19.5 | Java Commerce | 325 |
Part 5 | Mobile Security | 329 |
20 | Mobile Agent Security | 331 |
20.1 | Introduction | 331 |
20.2 | Mobile Agents | 333 |
20.3 | Security Issues | 334 |
20.4 | Protecting Platforms From Hostile Agents | 336 |
20.5 | Protecting Platforms From Agents Tampered With by Hostile Platforms | 337 |
20.5.1 | Path Histories | 337 |
20.5.2 | State Appraisal | 338 |
20.5.3 | Signing of Mutable Agent Information | 338 |
20.6 | Protecting Agents From Hostile Platforms | 339 |
20.6.1 | Cryptographic Traces | 340 |
20.6.2 | Partial Result Chaining | 341 |
20.6.3 | Environmental Key Generation | 343 |
20.6.4 | Computing With Encrypted Functions | 344 |
20.6.5 | Code Obfuscation | 344 |
20.6.6 | Tamper-Resistant Hardware | 345 |
20.6.7 | Cooperating Agents | 345 |
20.6.8 | Replicated Agents | 346 |
20.7 | Standardization Efforts | 348 |
21 | Mobile Commerce Security | 353 |
21.1 | Introduction | 353 |
21.2 | Technology Overview | 354 |
21.3 | GSM Security | 356 |
21.3.1 | Subscriber Identity Confidentiality | 359 |
21.3.2 | Subscriber Identity Authentication | 359 |
21.3.3 | Data and Connection Confidentiality | 360 |
21.4 | Wireless Application Protocol | 361 |
21.4.1 | Wireless Transport Layer Security (WTLS) | 363 |
21.4.2 | WAP Identity Module | 364 |
21.4.3 | WML Security Issues | 364 |
21.5 | SIM Application Toolkit | 364 |
21.6 | Mobile Station Application Execution Environment (MExE) | 365 |
21.7 | Outlook | 366 |
22 | Smart Card Security | 369 |
22.1 | Introduction | 369 |
22.2 | Hardware Security | 371 |
22.3 | Card Operating System Security | 373 |
22.4 | Card Application Security | 374 |
22.5 | Java Card | 376 |
22.6 | SIM Card | 377 |
22.7 | Biometrics | 377 |
22.7.1 | Physiological Characteristics | 381 |
22.7.2 | Behavioral Characteristics | 382 |
Afterword | 385 | |
About the Authors | 389 | |
Index | 391 |
From the B&N Reads Blog
Page 1 of