point (AP), IEEE 802.11, 526, 528 Active attacks, 15–19 Add key (AK ) function, S-AES, 184–186 AddRoundKey transformation,AES, 150–151, 153–155, 165–166 Administrators, identity management, 474 Advanced Encryption Standard (AES), 67, 102, 132–133, 147–191 AddRoundKey transformation, 150–151, 153–155, 165–166 arithmetic operations for, 148–150 avalanche effect, 170–174 data structures, 152, 184 decryption (inverse), 153–155, 174–176, 183–188 8-bit processor implementation, 175–176 encryption, 153–155, 183–188 equivalent inverse cipher of, 174–176 finite fields of, 102, 132–133, 148–150 implementation, 174–178 interchanging decryption rounds for, 174–175 interchanging rounds in, 174–175 irreducible polynomial of, 149–150 key expansion algorithm, 166–170 MixColumns transformation, 150, 153–155, 162–165, 182 multiplication by x, 182–183 polynomial arithmetic with GF(28), 180–183 S-boxes, 156–161, 188–191 ShiftRows transformation, 150, 153–155, 161–162 simplified (S-AES), 183–191 State array of, 150, 155 structure of, 150–155 SubBytes (substitute bytes) transformation, 150, 153–155, 156–161 transformation functions, 155–166, 182 12-bit processor implementation, 177–178 AES, see Advanced Encryption Standard (AES) AKS (deterministic primality) algorithm, 254 Alert codes,TLS, 504–505 Alert Protocol, 489, 494–495, 554–555 Algorithms, 2–3, 33, 47–49, 75–77, 88–89, 95–96, 104–107, 112–115, 128–129, 166–170, 188–189, 222, 225–228, 252–254, 277–291, 296–299, 302–304, 327–409, 557–560, 595–597, 629 AES key expansion, 166–170 AKS (deterministic primality) algorithm, 254 big-O notation for, 297–299 Blowfish, 95–96 Blum Blum Shub (BBS) generator, 227–228 cryptographic, 2–3, 33, 557–560, 595–597 data authentication (DAA), 380–381 data encryption (DEA), 88–89 data integrity, 8, 327–409 decryption, 33 DES key schedule, 96 Diffie-Hellman key exchange, 302–304 digital signature (DSA), 403–406 division, 104–105 encryption, 33 ESP, 629 Euclidian, 105–107, 112–115, 128–129 exponential, 299 Feistel decryption, 75–77 Hill, 47–49 HMAC, 377–378 linear congruential number generators, 226–227 linear, 299 Miller-Rabin, 252–254 polynomial, 299 pseudorandom number generation (PRNG), 222, 225–228 RSA, 277–291, 296–297 S-AES key expansion, 188–189 S/MIME, 595–597 time complexity of, 297–299 WTLS, 557–560 American National Standard (ANS), 196 ANSI X9.17 PRNG, 231–232 Anti-replay service, ESP, 630 Asymmetric ciphers, 8, 243–299, 300–326, 422–424, 470–472 big-O notation, 297–299 Diffie-Hellman key exchange, 301–305, 318–319 ElGamal cryptographic system, 305–308 elliptic curve cryptography (ECC), 308–320, 323 encryption, 8, 269–277, 422–424 number theory, 243–265 pseudorandom number generation (PRNG), 321–323 public-key cryptography, 266–299, 300–326 Rivest-Shamir-Adleman (RSA) algorithm, 277–291, 296–297, 321–322 symmetric key distribution, 422–424 time complexity of algorithms, 297–299 user authentication (remote) using, 470–472 Asymmetric keys, 268 Attacks, 8, 15–19, 35–38, 89–92, 195–196, 285–291, 337–341, 374–375, 398–399, 447–448, 450, 466. See also Cryptanalysis active, 15–19 brute-force, 36, 38, 285, 337–340, 374–375 chosen ciphertext (CCA), 36, 285, 289–291 chosen plaintext, 36–37 cryptanalytic, 33, 35–38, 89–92, 277, 340–341, 375 denial of service, 16–17 DES, on, 89–92, 195–196 differential cryptanalysis, 90–92 digital signatures and, 398–399 hash function security and, 337–341 linear cryptanalysis, 92 masquerade, 16 mathematical, 285–287 meet-in-the-middle, 195–196, 305, 342 modification of messages, 16 passive, 15–17 password, 466 release of message contents, 16 replay, 16, 447–448, 450 RSA security and, 285–291 threats and, 15 timing, 89, 285, 287–289 traffic analysis, 16 Attribute service, 474 Authentication, 8, 20–21, 329–331, 364–372, 444–484, 498–500, 531, 534–536, 557–558, 570–573, 579–580, 636, 641–642. See also Message authentication codes (MAC) data-origin, 20–21 federated identity management, 472–478 IEEE 802.11i phase, 531, 534–536 IKE key determination, 641–642 Internet Protocol (IP), 636 Kerberos, 452–469 key exchange client and server, SSL, 498–500 message, 329–331, 364–372, 579–580 mutual, 447–451, 470–471 one-way, 448, 451–452, 471–472 peer entity, 20–21 pretty good privacy (PGP), 570–573, 579–580 protocols, 8 Index