Catálogo de publicaciones - libros

The following exercises will help test your understanding and give you some hands-on experience with the topics covered in Chapters 5 through 10. While some of the exercises test conceptual understanding, others have you do some calculations, write code, and construct attacks. In the world of security, the devil is often in the details, and doing the following exercises will give you a much deeper, more detailed understanding to complement your readings. Additional materials (and hints) supporting these exercises are available at www.learnsecurity.com/ntk.

Cryptography is the study of how to mathematically encode and decode messages. The objective of this chapter and the next is to show you how to use cryptography as a tool to achieve some of the security goals we discussed in Chapter 1. A cryptographic primitive is an algorithm that can be used to, for example, encode or decode a message. In this chapter and the next, you’ll see how to use cryptographic primitives to achieve authentication, confidentiality, and message integrity.

This chapter continues our discussion of cryptography by examining asymmetric key cryptography. In the previous chapter, we covered symmetric key cryptography. The problem with symmetric key cryptography is that any two parties that want to exchange confidential information with each other need to agree on a key beforehand. Alice needs to somehow tell Bob the key in order for him to decrypt a message that she sends him. Alice and Bob could meet in person to agree on a key—but this is not usually possible in an Internet transaction. How should they agree upon a key?

In this chapter, we focus on keys—how they can be generated, stored, and used in different ways, and how parties can agree upon them. Key management refers to the process by which keys are generated, stored, agreed upon, and revoked. The following list presents some important questions pertaining to key management. •Generation: How should new keys be created? •Storage: Once created, how should keys be securely stored so that they cannot be easily stolen? •Agreement: How should two or more parties decide on a session key used to protect the confidentiality of their conversation?

In this chapter, we discuss message authentication codes (MACs) and digital signature schemes. Recall from Section 1.5 that a MAC is a sequence of bits that can be attached to a message to verify where it originated and that it has not been tampered with. We will describe two types of MACs: one based on block ciphers and one based on hash functions. The MACs we describe require the sender and receiver to share a key. In many cases, it might be useful to allow anyone (without possession of a shared key) to be able to verify the originator of message, and we will thus describe how digital signatures allow you to do so.

The exercises in this section will help test your understanding and give you some practical experience with the topics covered in Chapters 12 through 15. If you have been reading through all the chapters in this book, and you complete all (or at least most) of the exercises, including the ones listed here, you will be well on your way toward being a security-conscious programmer!