Déjà client ? Identifiez-vous

Nouveau client ?


Librairie Eyrolles - Paris 5e



Designing and Building Secure Systems

499 pages, parution le 10/01/2001


Secure Sockets Layer (SSL) and its IETF successor, Transport Layer Security (TLS), are the leading Internet security protocols, providing security for e-commerce, web services, and many other network functions. Using SSL/TLS effectively requires a firm grasp of its role in network communications, its security properties, and its performance characteristics. SSL and TLS provides total coverage of the protocols from the bits on the wire up to application programming.

This comprehensive book not only describes how SSL/TLS is supposed to behave but also uses the author's free ssldump diagnostic tool to show the protocols in action. The author covers each protocol feature, first explaining how it works and then illustrating it in a live implementation. This unique presentation bridges the difficult gap between specification and implementation that is a common source of confusion and incompatibility. In addition to describing the protocols, SSL and TLS delivers the essential details required by security architects, application designers, and software engineers. Use the practical design rules in this book to quickly design fast and secure systems using SSL/TLS. These design rules are illustrated with chapters covering the new IETF standards for HTTP and SMTP over TLS.

Written by an experienced SSL implementor, SSL and TLS contains detailed information on programming SSL applications. The author discusses the common problems faced by implementors and provides complete sample programs illustrating the solutions in both C and Java. The sample programs use the free OpenSSL and PureTLS toolkits so the reader can immediately run the examples.

Chapter 1: Security Concepts
1.1 Introduction
1.2 The Internet Threat Model
1.3 The Players
1.4 The Goals of Security
1.5 Tools of the Trade
1.6 Putting It All Together
1.7 A Simple Secure Messaging System
1.8 A Simple Secure Channel
1.9 The Export Situation
1.10 Real Cryptographic Algorithms
1.11 Symmetric Encryption: Stream Ciphers
1.12 Symmetric Encryption: Block Ciphers
1.13 Digest Algorithms
1.14 Key Establishment
1.15 Digital Signature
v1.16 MACs
1.17 Key length
1.18 Summary
Chapter 2: Introduction to SSL
2.1 Introduction
2.2 Standards and Standards Bodies
2.3 SSL Overview
2.4 SSL/TLS Design Goals
2.5 SSL and the TCP/IP Suite
2.6 SSL History
2.7 SSL for the Web
2.8 Everything over SSL
2.9 Getting SSL
2.10 Summary
Chapter 3: Basic SSL
3.1 Introduction
3.2 SSL Overview
3.3 Handshake
3.4 SSL Record Protocol
3.5 Putting the Pieces Together
3.6 A Real Connection
3.7 Some More Connection Details
3.8 SSL Specification Language
3.9 Handshake Message Structure
3.10 Handshake Messages
3.11 Key Derivation
3.12 Record Protocol
3.13 Alerts and Closure
3.14 Summary
Chapter 4: Advanced SSL
4.1 Introduction
4.2 Session Resumption
4.3 Client Authentication
4.4 Ephemeral RSA
4.5 Server Gated Cryptography
4.6 DSS and DH
4.7 Elliptic Curve Cipher Suites
4.8 Kerberos
4.10 The Story So Far
4.11 Session Resumption Details
4.12 Client Authentication Details
4.13 Ephemeral RSA Details
4.14 SGC Details
4.15 HelloRequest
4.16 DH/DSS Details
4.17 FORTEZZA Details
4.18 Error Alerts
4.19 SSLv2 Backward Compatibility
4.20 Summary
Chapter 5: SSL Security
5.1 Introduction
5.2 What SSL Provides
5.3 Protect the master_secret
5.4 Protect the server's Private key
5.5 Use Good Randomness
5.6 Check the Certificate Chain
5.7 Algorithm Selection
5.8 The Story So Far
5.9 Compromise of the master_secret
5.10 Protecting Secrets in Memory
5.11 Securing the Server's Private Key
5.12 Random Number Generation
5.13 Certificate Chain Verification
5.14 Partial Compromise
5.15 Known Attacks
5.16 Timing Cryptanalysis
5.17 Million Message Attack
5.18 Small-Subgroup Attack
5.19 Summary
Chapter 6: SSL Performance
6.1 Introduction
6.2 SSL Is Slow
6.3 Performance Principles
6.4 Cryptography is Expensive
6.5 Session Resumption
6.6 Handshake Algorithm and Key Choice
6.7 Bulk Data Transfer
6.8 Basic SSL Performance Rules
6.9 The Story So Far
6.10 Handshake Time Allocation
6.11 Normal RSA Mode
6.12 RSA with Client Authentication
6.13 Ephemeral RSA
6.14 DSS/DHE
6.15 DSS/DHE with Client Authentication
6.16 Performance Improvements with DH
6.17 Record Processing
6.18 Java
6.19 SSL Servers under Load
6.20 Hardware Acceleration
6.21 Inline Hardware Accelerators
6.22 Network Latency
6.23 The Nagle Algorithm
6.24 Handshake Buffering
6.25 Advanced SSL Performance Rules
6.26 Summary
Chapter 7: Designing with SSL
7.1 Introduction
7.2 Know What You Want to Secure
7.3 Client Authentication Options
7.4 Reference Integrity
7.5 Inappropriate Tasks
7.6 Protocol Selection
7.7 Reducing Handshake Overhead
7.8 Design Strategy
7.9 The Story So Far
7.10 Separate Ports
7.11 Upward Negotiation
7.12 Downgrade Attacks
7.13 Reference Integrity
7.14 Username/Pasword Authentication
7.15 SSL Client Authentication
7.16 Mutual Username/Password Authentication
7.17 Rehandshake
7.18 Secondary Channels
7.19 Closure
7.20 Summary
Chapter 8: Coding with SSL
8.1 Introduction
8.2 SSL Implementations
8.3 Sample Programs
8.4 Context Initialization
8.5 Client Connect
8.6 Server Accept
8.7 Simple I/O Handling
8.8 Multiplexed I/O Using Threads
8.9 Multiplexed I/O with select()
8.10 Closure
8.11 Session Resumption
8.12 What's Missing?
8.13 Summary
Chapter 9: HTTP over SSL
9.1 Introduction
9.2 Securing the Web
9.3 HTTP
9.4 HTML
9.5 URLs
9.6 HTTP Connection Behavior
9.7 Proxies
9.8 Virtual Hosts
9.9 Protocol Selection
9.10 Client Authentication
9.11 Reference Integrity
9.12 HTTPS
9.13 HTTPS Overview
9.14 URLs and Reference Integrity
9.15 Connection Closure
9.16 Proxies
9.17 Virtual Hosts
9.18 Client Authentication
9.19 Referrer
9.20 Substitution Attacks
9.21 Upgrade
9.22 Programming Issues
9.23 Proxy CONNECT
9.24 Handling Multiple Clients
9.25 Summary
Chapter 10. SMTP over TLS
10.1 Introduction
10.2 Internet Mail Security
10.3 Internet Messaging Overview
10.4 SMTP
10.5 RFC 822 and MIME
10.6 E-Mail Addresses
10.7 Mail Relaying
10.8 Virtual Hosts
10.9 MX Records
10.10 Client Mail Access
10.11 Protocol Selection
10.12 Client Authentication
10.13 Reference Integrity
10.14 Connection Semantics
10.16 STARTTLS Overview
10.17 Connection Closure
10.18 Requiring TLS
10.19 Virtual Hosts
10.20 Security Indicators
10.21 Authenticated Relaying
10.22 Originator Authentication
10.23 Reference Integrity
10.24 Why not CONNECT?
10.25 What's STARTTLS good for?
10.26 Programming Issues
10.27 Implementing STARTTLS
10.28 Server Startup
10.29 Summary
Chapter 11. Contrasting Approaches
11.1 Introduction
11.2 The End-to-End Argument
11.3 The End-to-End Argument and SMTP
11.4 Other Protocols
11.5 IPsec
11.6 Security Associations
11.7 ISAKMP and IKE
11.8 AH and ESP
11.9 Putting It All Together: IPsec
11.10 IPsec versus SSL
11.11 Secure HTTP
11.12 CMS
11.13 Message Format
11.14 Cryptographic Options
11.15 Putting It All Together: S-HTTP
11.16 S-HTTP versus HTTPS
11.17 S/MIME
11.18 Basic S/MIME formatting
11.19 Signing Only
11.20 Algorithm Choice
11.21 Putting It All Together: S/MIME
11.22 Implementation Barriers
11.23 S/MIME versus SMTP/TLS
11.24 Choosing the Appropriate Solution
11.25 Summary
Appendix A: Example Code
A.1 Chapter 8
A.1.1 C Examples
A.1.2 Java Examples
A.2 Chapter 9
A.2.1 Demonstration Programs
A.2.2 mod_ssl Session Caching
Appendix B: SSLv2
B.1 Introduction
B.2 SSLv2 Overview
B.3 Missing Features
B.4 Security Problems
B.6 What About SSLv1?

L'auteur Eric Rescorla

Eric Rescorla is an Internet security consultant and author of several commercial SSL implementations, including the freely available Java
PureTLS toolkit. He is also the author of HTTP over TLS and Secure HTTP IETF RFCs.

Caractéristiques techniques du livre "SSL and TLS"

Éditeur(s) Addison Wesley
Auteur(s) Eric Rescorla
Parution 10/01/2001
Nb. de pages 499
Couverture Broché
Intérieur Noir et Blanc
EAN13 9780201615982
ISBN13 978-0-201-61598-2

Avantages Eyrolles.com

Livraison à partir de 0,01 en France métropolitaine

Paiement en ligne SÉCURISÉ

Livraison dans le monde

Retour sous 15 jours

+ d'un million de livres disponibles

satisfait ou remboursé
Satisfait ou remboursé
Paiement sécurisé
modes de paiement
Paiement à l'expédition
partout dans le monde
Livraison partout dans le monde
Service clients 0 321 79 56 75 sav@commande.eyrolles.com
librairie française
Librairie française depuis 1925