A Multidisciplinary Introduction to Information Security

With most services and products now being offered through digital communications, new challenges have emerged for information security specialists. A Multidisciplinary Introduction to Information Security presents a range of topics on the security, privacy, and safety of information and communication technology. It brings together methods in pure mathematics, computer and telecommunication sciences, and social sciences. The book begins with the cryptographic algorithms of the Advanced Encryption Standard (AES) and Rivest, Shamir, and Adleman (RSA). It explains the mathematical reasoning behind public key cryptography and the properties of a cryptographic hash function before presenting the principles and examples of quantum cryptography. The text also describes the use of cryptographic primitives in the communication process, explains how a public key infrastructure can mitigate the problem of crypto-key distribution, and discusses the security problems of wireless network access. After examining past and present protection mechanisms in the global mobile telecommunication system, the book proposes a software engineering practice that prevents attacks and misuse of software. It then presents an evaluation method for ensuring security requirements of products and systems, covers methods and tools of digital forensics and computational forensics, and describes risk assessment as part of the larger activity of risk management. The final chapter focuses on information security from an organizational and people point of view. As our ways of communicating and doing business continue to shift, information security professionals must find answers to evolving issues. Offering a starting point for more advanced work in the field, this volume addresses various security and privacy problems and solutions related to the latest information and communication technology.

Introduction, Stig F. MjølsnesMotivation What Is Information Security? Some Basic ConceptsA Synopsis of the TopicsFurther Reading and Web Sites Security Electronics, E.J. Aas and P.G. KjeldsbergIntroduction Examples of Security ElectronicsSide Channel Attacks Summary Further Reading and Web Sites Public Key Cryptography, S.O. SmaløIntroduction Hash Functions and One Time PadsPublic Key Cryptography RSA-Public Key Cryptography RSA-Public Key Cryptography with Signature Problem with Signatures Receipt Secret Sharing Based on Discrete Logarithm Problems Further Reading Cryptographic Hash Functions, D. GligoroskiIntroduction Definition for Cryptographic Hash Function Iterated Hash FunctionsMost Popular Cryptographic Hash FunctionApplication of Cryptographic Hash FunctionFurther Reading and Web Sites Quantum Cryptography, Dag Roar Hjelme, Lars Lydersen, and Vadim MakarovIntroduction Quantum Bit Quantum Copying Quantum Key DistributionPractical Quantum Cryptography TechnologyApplicationsSummary Further Reading and Web Sites Cryptographic Protocols, Stig F. MjølsnesThe Origins Information Policies Some ConceptsProtocol FailuresHeuristicsTools for Automated Security Analysis Further Reading and Web Sites Public Key Distribution, Stig F. MjølsnesThe Public Key Distribution Problem Authenticity and Validity of Public Keys The Notion of Public Key CertificatesRevocation Public Key Infrastructure Identity-Based Public Key Further Reading and Web Sites Wireless Network Access, Stig F. Mjølsnes and Martin EianIntroduction Wireless Local Area Networks The 802.11 Security Mechanisms Wired Equivalent Privacy RSN with CCMP Assumptions and Vulnerabilities Summary Further Reading and Web Sites Mobile Security, Jan AudestadThe GSM Security 3G Architecture Extent of Protection Security Functions in the Authentication Center Security Functions in the SGSN/RNC Security Functions in the Mobile Terminal (USIM) Encryption and IntegrityAnonymity Example: Anonymous Roaming in a Mobile NetworkUsing GSM/3G Terminals as Authentication TokensFurther Reading A Lightweight Approach to Secure Software Engineering, Martin Gilje Jaatun, Jostein Jensen, Per Häkon Meland, and Inger Anne TøndelIntroduction Asset IdentificationSecurity RequirementsSecure Software DesignTesting for Software SecuritySummary Further Reading and Web Sites ICT Security Evaluation, S.J. KnapskogIntroduction ISO/IEC 15408, Part 1/3 Evaluation Criteria for IT Security (CC) Definition of Assurance Building Confidence in the Evaluation Process Organizing the Requirements in the CC Assurance Elements Functional Classes Protection Profiles (PPs) PP Registries Definition of a Security Target (ST) Evaluation of a STEvaluation Schemes Evaluation Methodology Conclusion ICT and Forensic Science, Stig F. Mjølsnes and Svein Y. WillassenICT and Forensic Science The Crime Scene Forensic Science Evidence The Digital Investigation Process Digital Evidence Extraction Digital Evidence Analysis Techniques Anti-Forensics Further Reading and Web Sites Risk Assessment, Stein HaugenRisk Assessment in the Risk Management Process TerminologyMain Elements of the Risk Assessment ProcessSummary Further Reading and Web Sites Information Security Management—From Regulations to End-Users, Eirik Albrechtsen and Jan HovdenA Risk Governance Framework Applied to Information Security Regulations and Control Information Security Management Index A Bibliography appears at the end of each chapter.

Stig F. Mjølsnes is a professor in the Department of Telematics at the Norwegian University of Science and Technology. His research focuses on the development and application of cryptographic protocols and security models.