Chapter 1 introduces the basic concepts of security. It discusses the need for security, the principles of security and the various types of attacks on computer systems and networks. We discuss both the theoretical concepts behind all these aspects, as well as the practical issues and examples of each one of them. This will cement our understanding of security. Without understanding why security is required, and what is under threat, there is no point in trying to understand how to make computer systems and networks secure. Changes from the first edition: A new section on the modern nature of security attacks is added. Discussions of trusted systems, security models, security management practices, and ethical/ legal issues are added. A new section describes the types of attacks. New attacks such as phishing and pharming are covered.

Chapter 2 introduces the concept of cryptography, which is the fundamental building block of computer security. Cryptography is achieved by using various algorithms. All these algorithms are based on either substitution of plain text with some cipher text, or by using certain transposition techniques, or a combination of both. The chapter then introduces the important terms of encryption and decryption. Changes from the first edition : Playfair Cipher and Hill Cipher are covered in detail. Diffie–Hellman Key Exchange coverage is expanded. Types of attacks are covered in detail.

Chapter 3 discusses the various issues involved in computer-based symmetric key cryptography. We discuss stream and block cipher and the various chaining modes. We also discuss the chief symmetric key cryptographic algorithms in great detail, such as DES, IDEA, RC5 and Blowfish. Changes from the first edition: The Blowfish algorithm is covered in more detail. AES is significantly expanded.

Chapter 4 examines the concepts, issues and trends in asymmetric key cryptography. We go through the history of asymmetric key cryptography. Later, we discuss the major asymmetric key cryptographic algorithms, such as RSA, MD5, SHA, and HMAC. We introduce several key terms, such as message digests and digital signatures in this chapter. We also study how best we can combine symmetric key cryptography with asymmetric key cryptography. Changes from the first edition : Variations of the SHA- 1 message digest algorithm are covered, with specific coverage of SHA-512.

Chapter 5 talks about the upcoming popular technology of Public Key Infrastructure (PKI). Here, we discuss what do we mean by digital certificates, how they can be created, distributed, maintained and used. We discuss the role of Certification Authorities (CA) and Registration Authorities (RA). We also introduce the Public Key Cryptography Standards (PKCS). Changes from the first edition : Covers the details of creating digital certificates in Java.

Chapter 6 deals with the important security protocols for the Internet. These protocols include SSL, SHTTP, TSP, SET and 3D-Secure. We also discuss how electronic money works, what are the dangers involved therein and how best we can make use of it. An extensive coverage of email security is provided, with a detailed discussion of the key email security protocols, such as PGP, PEM and S/ MIME. We also discuss wireless security here. Changes from the first edition : The coverage of SSL is expanded, and it is compared with TLS. Coverage of PGP is expanded to explain key rings, PGP certificates, and trust management.

Chapter 7 tells us how to authenticate a user. There are various ways to do this. The chapter examines each one of them in significantly great detail and addresses their pros and cons. We discuss password based authentication, authentication based on something derived from the password, authentication tokens, certificate-based authentication, and biometrics. We also study the popular Kerberos protocol. Changes from the first edition : Covers the concepts of security handshakes. It then covers one-way authentication and mutual authentication in detail.

Chapter 8 deals with the practical issues involved in cryptography. Currently, the three main ways to achieve this is to use the cryptographic mechanisms provided by Sun (in the Java programming language), Microsoft and third-party toolkits. We discuss each of these approaches. Changes from the first edition: The practical aspects of cryptography in Microsoft’s .NET framework are also covered now. The aspects of operating systems security have been enhanced. Database security is covered in detail.

Chapter 9 is concerned with network layer security. Here, we examine firewalls, their types and configurations. Then we go on to IP security, and conclude our discussion with Virtual Private Networks (VPN). Changes from the first edition : Network Address Translation (NAT) is added. The concepts of intrusion and intrusion detection are covered in detail.

Chapter 10 contains a number of case studies in the area of cryptography and network security. It discusses how the concepts learnt in the earlier chapters can be put into actual practice. It also covers a few real-life security attacks that have happened, and how they have been dealt with. This presents the viewpoints of the attackers as well as those of the attacked party. Changes from the first edition : A couple of more case studies are added.

An Online Learning Center provides online content for the benefit of students and instructors alike. This will contain solutions to all exercises, sample question papers, additional programming exercises, web links, PowerPoint Slides, Cryptography Demos with AES and DES Applets, and real-life case studies. The contents of this website will be updated from time to time.