TLS Cryptography In-Depth
Explore the intricacies of modern cryptography and the inner workings of TLS
Packt(GCO Science)
2024년 01월 29일 출간
(개의 리뷰)
(
0%
의 구매자)
- eBook 상품 정보
- 파일 정보 PDF (8.67MB)
- ISBN 9781804611951
- 지원기기 교보eBook App, PC e서재, 리더기, 웹뷰어
-
교보eBook App
듣기(TTS) 가능
TTS 란?텍스트를 음성으로 읽어주는 기술입니다.
- 전자책의 편집 상태에 따라 본문의 흐름과 다르게 텍스트를 읽을 수 있습니다.
- 이미지 형태로 제작된 전자책 (예 : ZIP 파일)은 TTS 기능을 지원하지 않습니다.
PDF 필기가능 (Android, iOS)
소득공제
소장
정가 : 40,000원
쿠폰적용가 36,000원
10% 할인 | 5%P 적립이 상품은 배송되지 않는 디지털 상품이며,
교보eBook앱이나 웹뷰어에서 바로 이용가능합니다.
카드&결제 혜택
- 5만원 이상 구매 시 추가 2,000P
- 3만원 이상 구매 시, 등급별 2~4% 추가 최대 416P
- 리뷰 작성 시, e교환권 추가 최대 200원
작품소개
이 상품이 속한 분야
A practical introduction to modern cryptography using the Transport Layer Security protocol as the primary reference
▶Book Description
TLS is the most widely used cryptographic protocol today, enabling e-commerce, online banking, and secure online communication. Written by Dr. Paul Duplys, Security, Privacy &Safety Research Lead at Bosch, and Dr. Roland Schmitz, Internet Security Professor at Stuttgart Media University, this book will help you gain a deep understanding of how and why TLS works, how past attacks on TLS were possible, and how vulnerabilities that enabled them were addressed in the latest TLS version 1.3. By exploring the inner workings of TLS, you’ll be able to configure it and use it more securely.
Starting with the basic concepts, you’ll be led step by step through the world of modern cryptography, guided by the TLS protocol. As you advance, you’ll be learning about the necessary mathematical concepts from scratch. Topics such as public-key cryptography based on elliptic curves will be explained with a view on real-world applications in TLS. With easy-to-understand concepts, you’ll find out how secret keys are generated and exchanged in TLS, and how they are used to creating a secure channel between a client and a server.
By the end of this book, you’ll have the knowledge to configure TLS servers securely. Moreover, you’ll have gained a deep knowledge of the cryptographic primitives that make up TLS.
▶ What You Will Learn
⦁ Understand TLS principles and protocols for secure internet communication
⦁ Find out how cryptographic primitives are used within TLS V1.3
⦁ Discover best practices for secure configuration and implementation of TLS
⦁ Evaluate and select appropriate cipher suites for optimal security
⦁ Get an in-depth understanding of common cryptographic vulnerabilities and ways to mitigate them
⦁ Explore forward secrecy and its importance in maintaining confidentiality
⦁ Understand TLS extensions and their significance in enhancing TLS functionality
▶Book Description
TLS is the most widely used cryptographic protocol today, enabling e-commerce, online banking, and secure online communication. Written by Dr. Paul Duplys, Security, Privacy &Safety Research Lead at Bosch, and Dr. Roland Schmitz, Internet Security Professor at Stuttgart Media University, this book will help you gain a deep understanding of how and why TLS works, how past attacks on TLS were possible, and how vulnerabilities that enabled them were addressed in the latest TLS version 1.3. By exploring the inner workings of TLS, you’ll be able to configure it and use it more securely.
Starting with the basic concepts, you’ll be led step by step through the world of modern cryptography, guided by the TLS protocol. As you advance, you’ll be learning about the necessary mathematical concepts from scratch. Topics such as public-key cryptography based on elliptic curves will be explained with a view on real-world applications in TLS. With easy-to-understand concepts, you’ll find out how secret keys are generated and exchanged in TLS, and how they are used to creating a secure channel between a client and a server.
By the end of this book, you’ll have the knowledge to configure TLS servers securely. Moreover, you’ll have gained a deep knowledge of the cryptographic primitives that make up TLS.
▶ What You Will Learn
⦁ Understand TLS principles and protocols for secure internet communication
⦁ Find out how cryptographic primitives are used within TLS V1.3
⦁ Discover best practices for secure configuration and implementation of TLS
⦁ Evaluate and select appropriate cipher suites for optimal security
⦁ Get an in-depth understanding of common cryptographic vulnerabilities and ways to mitigate them
⦁ Explore forward secrecy and its importance in maintaining confidentiality
⦁ Understand TLS extensions and their significance in enhancing TLS functionality
▶ TABLE of CONTENTS
1. The Role of Cryptography in the Connected World
2. Secure Channel and the CIA Triad
3. A Secret to Share
4. Encryption and Decryption
5. Entity Authentication
6. Transport Layer Security at a Glance
7. Public-Key Cryptography
8. Elliptic Curves
9. Digital Signatures
10. Digital Certificates and Certification Authorities
11. Hash Functions and Message Authentication Codes
12. Secrets and Keys in TLS 1.3
13. TLS Handshake Protocol Revisited
14. Block Ciphers and Their Modes of Operation
15. Authenticated Encryption
16. The Galois Counter Mode
17. TLS Record Protocol Revisited
18. TLS Cipher Suites
19. Attacks on Cryptography(N.B. Please use the Read Sample option to see further chapters)
1. The Role of Cryptography in the Connected World
2. Secure Channel and the CIA Triad
3. A Secret to Share
4. Encryption and Decryption
5. Entity Authentication
6. Transport Layer Security at a Glance
7. Public-Key Cryptography
8. Elliptic Curves
9. Digital Signatures
10. Digital Certificates and Certification Authorities
11. Hash Functions and Message Authentication Codes
12. Secrets and Keys in TLS 1.3
13. TLS Handshake Protocol Revisited
14. Block Ciphers and Their Modes of Operation
15. Authenticated Encryption
16. The Galois Counter Mode
17. TLS Record Protocol Revisited
18. TLS Cipher Suites
19. Attacks on Cryptography(N.B. Please use the Read Sample option to see further chapters)
▶ What this book covers
CThe book starts with a general introduction to cryptography in Part 1, Getting Started. Part 2, Shaking Hands, and Part 3, Off the Record, are loosely organized around the most important subprotocols of TLS, the handshake protocol and the record protocol. Finally, Part 4, Bleeding Hearts and Biting Poodles, extensively covers known attacks on previous TLS versions at the handshake, record and implementation levels.
More specifically, this is what the individual chapters are about:
⦁ Chapter 1, The Role of Cryptography in the Connected World, sets the scene by providing some answers to why there are so many insecure IT systems and how cryptography helps to mitigate our security problems.
⦁ Chapter 2, Secure Channel and the CIA Triad, describes the general goals and objectives you can achieve with the help of cryptography and introduces cryptography’s main protagonists, Alice and Bob, and their ubiquitous opponents, Eve and Mallory.
⦁ Chapter 3, A Secret to Share, teaches you what a cryptographic key – a secret shared by Alice and Bob – really is, why it is needed to establish a secure channel, and how long it has to be for Alice and Bob to communicate securely.
⦁ Chapter 4, Encryption and Decryption, explains how keys are used together with cryptographic algorithms to encrypt and decrypt secret messages, and describes the prerequisites for secure encryption and decryption.
⦁ Chapter 5, Entity Authentication, covers entity authentication, an important security objective from the CIA triad that assures Alice of the identity of Bob.
⦁ Chapter 6, Transport Layer Securit y at a Glance, concludes Part 1, Getting Started, by taking a first look at Transport Layer Security (TLS) and explores the role of the World Wide Web in the development of TLS.
⦁ Chapter 7, Public-Key Cryptography, explains the mathematical techniques that enable secure key transport and key agreement over an insecure channel.
⦁ Chapter 8, Elliptic Curves, introduces special mathematical objects that are widely used within TLS 1.3 because they allow the use of much shorter keys compared to traditional public-key cryptography schemes.
⦁ Chapter 9, Digital Signatures, covers an important application of public-key cryptography which provides message integrity and authenticity and ensures another special security objective called non-repudiation.
⦁ Chapter 10, Digital Certificates and Certification Authorities, shows how Bob can verify the authenticity of Alice’s public key by relying on a trusted third party.
⦁ Chapter 11, Hash Functions and Message Authentication Codes, explains hash functions and message authentication codes, the main cryptographic mechanisms to ensure the authenticity of messages.
⦁ Chapter 12, Secrets and Keys in TLS 1.3, examines in detail the different types of secrets and keys Alice and Bob establish during the TLS 1.3 Handshake protocol.
⦁ Chapter 13, TLS Handshake Protocol Revisited, zooms out of the cryptographic details and gives a high-level description of the TLS handshake using state machines for the TLS server and the TLS client.
⦁ Chapter 14, Block Ciphers and Their Modes of Operation, discusses how the TLS Record protocol uses block ciphers and their modes of operation to protect application data transmitted between Alice and Bob.
⦁ Chapter 15, Authenticated Encryption, introduces a special block cipher mode of operation that combines encryption and message authentication in a single algorithm.
⦁ Chapter 16, The Galois Counter Mode, gives a detailed description of the authenticated encryption algorithm that all TLS 1.3 implementations must support.
⦁ Chapter 17, TLS Record Protocol Revisited, zooms out of technical and mathematical details again and revisits the TLS Record protocol by showing how the cryptographic mechanisms covered so far fit together.
⦁ Chapter 18, TLS Cipher Suites, covers the combinations of ciphers and cryptographic algorithms that any TLS 1.3 endpoint must support and implement.
⦁ Chapter 19, Attacks on Cryptography, describes attacks on cryptographic schemes and cryptographic protocols from a conceptual perspective.
⦁ Chapter 20, Attacks on the TLS Handshake Protocol, studies actual, real-world attacks on the Handshake protocol in earlier TLS versions. These attacks either try to get hold of the key established during the handshake or to impersonate one of the communicating parties.
⦁ Chapter 21, Attacks on the TLS Record Protocol, explores attacks on TLS records that aim to extract the data transmitted in the encrypted records.
⦁ Chapter 22, Attacks on TLS Implementations, covers attacks that exploit implementation bugs in software stacks implementing TLS.
▶ Preface
Hello and welcome to TLS Cryptography In-Depth!
As you perhaps know, there are already many excellent books on cryptography out there, written by renowned experts in the field. So why did we write yet another?
First of all, we wanted to make cryptography easier to grasp by showing how the theory of cryptography is used in real-world cryptographic applications. It is impossible to provide a serious introduction to cryptography without delving deeply into abstract mathematical concepts, and this book is no exception. But oftentimes, these mathematical concepts are presented in a way that is difficult for a beginner to follow, and particularly to relate theory to practice, so it takes a lot of patience and energy until you get to the seemingly far-away applications. Finally, these applications are often presented quite briefly, almost like an afterthought.
Yet applications of cryptography profoundly affect our daily lives and are not remote at all. Perhaps most importantly, practically everybody who is surfing the web today uses web addresses starting with https, which stands for Hypertext Transport Protocol Secure, and the Secure part is realized by a cryptographic protocol called Transport Layer Security, or TLS for short. If you are using the Firefox browser, for example, and click on the padlock icon next to the URL you are visiting, a few clicks later, you will arrive at the technical details of the Security tab of the page info. Here, a typical entry could be as follows:
TLS_AES_128_GCM_SHA256, 128 bit keys, TLS 1.3
What do these abbreviations mean? Is this really a secure connection? Providing you with the knowledge necessary to answer these questions is one of the main goals of this book. As we will see, much of present-day cryptography comes together in TLS. We therefore use TLS not just as an application but as a leitmotif of our book. That is, all cryptographic concepts are ultimately motivated by their appearance within the TLS protocol, and advanced cryptanalytic techniques such as linear and differential cryptanalysis are discussed only if they affect TLS protocol design.
TLS is a rather old protocol: its first version dates back to 1994 (under the name Secure Sockets Layer, or SSL). In 2018, TLS underwent a major revision: not only were many old, insecure cryptographic options deprecated but also protocol messages and their sequence were changed in the latest TLS version, 1.3. The underlying internet standard, IETF RFC 8446, however, is rather complex, densely written, and provides little in the way of motivation.
Therefore, our second reason for writing this book was to show how the design of TLS 1.3 is motivated by good cryptographic practices and earlier cryptographic attacks. Very often, we also dive deeply into TLS 1.3 specification and investigate the meaning of its various data structures. Therefore, you may also read this book as a detailed introduction to the TLS protocol and its nuts and bolts, or use it as a companion to IETF RFC 8446.
작가정보
저자(글) Dr. Paul Duplys
Dr. Paul Duplys is chief expert for cybersecurity at the department for technical strategies
and enabling within the Mobility sector of Robert Bosch GmbH, a Tier-1 automotive
supplier and manufacturer of industrial, residential, and consumer goods. Previous to
this position, he spent over 12 years with Bosch Corporate Research, where he led the
security and privacy research program and conducted applied research in various fields
of information security. Paul’s research interests include security automation, software
security, security economics, software engineering, and AI. Paul holds a PhD degree in
computer science from the the University of Tubingen, Germany.
저자(글) Dr. Roland Schmitz
Dr. Roland Schmitz has been a professor of internet security at the Stuttgart Media
University (HdM) since 2001. Prior to joining HdM, from 1995 to 2001, he worked as
a research engineer at Deutsche Telekom, with a focus on mobile security and digital
signature standardization. At HdM, Roland teaches courses on internet security, system
security, security engineering, digital rights management, theoretical computer science,
discrete mathematics, and game physics. He has published numerous scientific papers in
the fields of internet and multimedia security. Moreover, he has authored and co-authored
several books. Roland holds a PhD degree in mathematics from Technical University
Braunschweig, Germany.
이 상품의 총서
Klover리뷰 (0)
Klover리뷰 안내
Klover(Kyobo-lover)는 교보를 애용해 주시는 고객님들이 남겨주신 평점과 감상을 바탕으로, 다양한 정보를 전달하는 교보문고의 리뷰 서비스입니다.
1. 리워드 안내
구매 후 90일 이내에 평점 작성 시 e교환권 100원을 적립해 드립니다.
- - e교환권은 적립일로부터 180일 동안 사용 가능합니다.
- - 리워드는 5,000원 이상 eBook, 오디오북, 동영상에 한해 다운로드 완료 후 리뷰 작성 시 익일 제공됩니다. (2024년 9월 30일부터 적용)
- - 리워드는 한 상품에 최초 1회만 제공됩니다.
- - sam 이용권 구매 상품 / 선물받은 eBook은 리워드 대상에서 제외됩니다.
2. 운영 원칙 안내
Klover리뷰를 통한 리뷰를 작성해 주셔서 감사합니다. 자유로운 의사 표현의 공간인 만큼 타인에 대한 배려를 부탁합니다. 일부 타인의 권리를 침해하거나 불편을 끼치는 것을 방지하기 위해 아래에 해당하는 Klover 리뷰는 별도의 통보 없이 삭제될 수 있습니다.
- 도서나 타인에 대해 근거 없이 비방을 하거나 타인의 명예를 훼손할 수 있는 리뷰
- 도서와 무관한 내용의 리뷰
- 인신공격이나 욕설, 비속어, 혐오 발언이 개재된 리뷰
- 의성어나 의태어 등 내용의 의미가 없는 리뷰
구매 후 리뷰 작성 시, e교환권 100원 적립
문장수집
문장수집 안내
문장수집은 고객님들이 직접 선정한 책의 좋은 문장을 보여 주는 교보문고의 새로운 서비스 입니다. 교보eBook 앱에서 도서 열람 후 문장 하이라이트 하시면 직접 타이핑 하실 필요 없이 보다 편하게 남길 수 있습니다. 마음을 두드린 문장들을 기록하고 좋은 글귀들은 ‘좋아요’ 하여 모아보세요. 도서 문장과 무관한 내용 등록 시 별도 통보없이 삭제될 수 있습니다.
리워드 안내
- 구매 후 90일 이내에 문장 수집 등록 시 e교환권 100원을 적립해 드립니다.
- e교환권은 적립일로부터 180일 동안 사용 가능합니다.
- 리워드는 5,000원 이상 eBook에 한해 다운로드 완료 후 문장수집 등록 시 제공됩니다. (2024년 9월 30일부터 적용)
- 리워드는 한 상품에 최초 1회만 제공됩니다.
- sam 이용권 구매 상품 / 선물받은 eBook / 오디오북·동영상 상품/주문취소/환불 시 리워드 대상에서 제외됩니다.
구매 후 문장수집 작성 시, e교환권 100원 적립
교보eBook 첫 방문을 환영 합니다!
신규가입 혜택 지급이 완료 되었습니다.
바로 사용 가능한 교보e캐시 1,000원 (유효기간 7일)
지금 바로 교보eBook의 다양한 콘텐츠를 이용해 보세요!
신간 알림 안내
TLS Cryptography In-Depth
웹툰 신간 알림이 신청되었습니다.
신간 알림 안내
TLS Cryptography In-Depth
웹툰 신간 알림이 취소되었습니다.
리뷰작성
- 구매 후 90일 이내 작성 시, e교환권 100원 (최초1회)
- 리워드 제외 상품 : 마이 > 라이브러리 > Klover리뷰 > 리워드 안내 참고
- 콘텐츠 다운로드 또는 바로보기 완료 후 리뷰 작성 시 익일 제공
감성 태그
가장 와 닿는 하나의 키워드를 선택해주세요.
사진 첨부(선택)
0 / 5
총 5MB 이하로 jpg,jpeg,png 파일만 업로드 가능합니다.
신고/차단
신고 사유를 선택해주세요.
신고 내용은 이용약관 및 정책에 의해 처리됩니다.
허위 신고일 경우, 신고자의 서비스 활동이 제한될 수
있으니 유의하시어 신중하게 신고해주세요.
이 글을 작성한 작성자의 모든 글은 블라인드 처리 됩니다.
문장수집 작성
구매 후 90일 이내 작성 시, e교환권 100원 적립
eBook 문장수집은 웹에서 직접 타이핑 가능하나, 모바일 앱에서 도서를 열람하여 문장을 드래그하시면 직접 타이핑 하실 필요 없이 보다 편하게 남길 수 있습니다.
P.
TLS Cryptography In-Depth
Explore the intricacies of modern cryptography and the inner workings of TLS
저자 모두보기
낭독자 모두보기
sam 이용권 선택
님이 보유하신 이용권입니다.
차감하실 sam이용권을 선택하세요.
차감하실 sam이용권을 선택하세요.
sam 이용권 선택
님이 보유하신 이용권입니다.
차감하실 sam이용권을 선택하세요.
차감하실 sam이용권을 선택하세요.
sam 이용권 선택
님이 보유하신 프리미엄 이용권입니다.
선물하실 sam이용권을 선택하세요.
선물하실 sam이용권을 선택하세요.
결제완료
e캐시 원 결제
계속 하시겠습니까?
교보 e캐시 간편 결제
sam 열람권 선물하기
-
보유 권수 / 선물할 권수0권 / 1권
-
받는사람 이름받는사람 휴대전화
- 구매한 이용권의 대한 잔여권수를 선물할 수 있습니다.
- 열람권은 1인당 1권씩 선물 가능합니다.
- 선물한 열람권이 ‘미등록’ 상태일 경우에만 ‘열람권 선물내역’화면에서 선물취소 가능합니다.
- 선물한 열람권의 등록유효기간은 14일 입니다.
(상대방이 기한내에 등록하지 않을 경우 소멸됩니다.) - 무제한 이용권일 경우 열람권 선물이 불가합니다.
이 상품의 총서 전체보기
네이버 책을 통해서 교보eBook 첫 구매 시
교보e캐시 지급해 드립니다.
교보e캐시 지급해 드립니다.
- 첫 구매 후 3일 이내 다운로드 시 익일 자동 지급
- 한 ID당 최초 1회 지급 / sam 이용권 제외
- 네이버 책을 통해 교보eBook 구매 이력이 없는 회원 대상
- 교보e캐시 1,000원 지급 (유효기간 지급일로부터 7일)
구글바이액션을 통해서 교보eBook
첫 구매 시 교보e캐시 지급해 드립니다.
첫 구매 시 교보e캐시 지급해 드립니다.
- 첫 구매 후 3일 이내 다운로드 시 익일 자동 지급
- 한 ID당 최초 1회 지급 / sam 이용권 제외
- 구글바이액션을 통해 교보eBook 구매 이력이 없는 회원 대상
- 교보e캐시 1,000원 지급 (유효기간 지급일로부터 7일)