THE WILLIAM STALLINGS BOOKS ON COMPUTER
DATA AND COMPUTER COMMUNICATIONS, EIGHTH EDITION
A comprehensive survey that has become the standard in the field, covering
(1) data communications, including transmission, media, signal encoding, link
control, and multiplexing; (2) communication networks, including circuit- and
packet-switched, frame relay, ATM, and LANs; (3) the TCP/IP protocol suite,
including IPv6, TCP, MIME, and HTTP, as well as a detailed treatment of
network security. Received the 2007 Text and Academic Authors Association
(TAA) award for the best Computer Science and Engineering Textbook of the
year. ISBN 0-13-243310-9
COMPUTER ORGANIZATION AND ARCHITECTURE,
EIGHTH EDITION
A unified view of this broad field. Covers fundamentals such as CPU, control
unit, microprogramming, instruction set, I/O, and memory. Also covers
advanced topics such as RISC, superscalar, and parallel organization. Fourth
and fifth editions received the TAA award for the best Computer Science and
Engineering Textbook of the year. ISBN 978-0-13-607373-4
OPERATING SYSTEMS, SIXTH EDITION
A state-of-the art survey of operating system principles. Covers fundamental
technology as well as contemporary design issues, such as threads,
microkernels, SMPs, real-time systems, multiprocessor scheduling, embedded
OSs, distributed systems, clusters, security, and object-oriented design.
Received the 2009 Text and Academic Authors Association (TAA) award
for the best Computer Science and Engineering Textbook of the year.
ISBN 978-0-13-600632-9
BUSINESS DATA COMMUNICATIONS, SIXTH EDITION
A comprehensive presentation of data communications and
telecommunications from a business perspective. Covers voice, data, image,
and video communications and applications technology and includes a number
of case studies. ISBN 978-0-13-606741-2
COMPUTER NETWORKS WITH INTERNET PROTOCOLS
AND TECHNOLOGY
An up-to-date survey of developments in the area of Internet-based protocols
and algorithms. Using a top-down approach, this book covers applications,
transport layer, Internet QoS, Internet routing, data link layer and computer
networks, security, and network management. ISBN 0-13141098-9
AND DATA COMMUNICATIONS TECHNOLOGY
NETWORK SECURITY ESSENTIALS, FOURTH EDITION
A tutorial and survey on network security technology. The book covers
important network security tools and applications, including S/MIME, IP
Security, Kerberos, SSL/TLS, SET, and X509v3. In addition, methods for
countering hackers and viruses are explored.
COMPUTER SECURITY (with Lawrie Brown)
A comprehensive treatment of computer security technology, including
algorithms, protocols, and applications. Covers cryptography, authentication,
access control, database security, intrusion detection and prevention, malicious
software, denial of service, firewalls, software security, physical security, human
factors, auditing, legal and ethical aspects, and trusted systems. Received the
2008 Text and Academic Authors Association (TAA) award for the best
Computer Science and Engineering Textbook of the year. ISBN 0-13-600424-5
WIRELESS COMMUNICATIONS AND NETWORKS, Second Edition
A comprehensive, state-of-the art survey. Covers fundamental wireless
communications topics, including antennas and propagation, signal encoding
techniques, spread spectrum, and error correction techniques. Examines
satellite, cellular, wireless local loop networks and wireless LANs, including
Bluetooth and 802.11. Covers Mobile IP and WAP. ISBN 0-13-191835-4
HIGH-SPEED NETWORKS AND INTERNETS, SECOND EDITION
A state-of-the art survey of high-speed networks. Topics covered include TCP
congestion control, ATM traffic management, Internet traffic management,
differentiated and integrated services, Internet routing protocols and multicast
routing protocols, resource reservation and RSVP, and lossless and lossy
compression. Examines important topic of self-similar data traffic.
ISBN 0-13-03221-0
CRYPTOGRAPHY AND
NETWORK SECURITY
PRINCIPLES AND PRACTICE
FIFTH EDITION
William Stallings
Prentice Hall
Boston Columbus Indianapolis New York San Francisco
Upper Saddle River Amsterdam Cape Town Dubai London Madrid
Milan Munich Paris Montreal Toronto Delhi Mexico City Sao Paulo
Sydney Hong Kong Seoul Singapore Taipei Tokyo
Vice President and Editorial Director, ECS:
Marcia Horton
Executive Editor: Tracy Dunkelberger
Associate Editor: Melinda Haggerty
Editorial Assistant: Allison Michael
Senior Managing Editor: Scott Disanno
Production Editor: Rose Kernan
Senior Operations Supervisor: Alan Fischer
Operations Specialist: Lisa McDowell
Cover Design: Black Horse Designs
Art Director: Kristine Carney
Director, Image Resource Center: Melinda
Patelli
Manager, Rights and Permissions: Zina Arabia
Senior Marketing Manager: Erin Davis
Manager,Visual Research: Beth Brenzel
Manager, Cover Visual Research & Permissions:
Karen Sanatar
Composition: Integra
Printer/Binder: Edwards Brothers
Credits and acknowledgments borrowed from other sources and reproduced, with permission, in this textbook
appear on appropriate page within text.
If you purchased this book within the United States or Canada you should be aware that it has been
wrongfully imported without the approval of the Publisher or the Author.
Copyright © 2011, 2006 Pearson Education, Inc., publishing as Prentice Hall. All rights reserved.
Manufactured in the United States of America.This publication is protected by Copyright, and permission
should be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or
transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise.To
obtain permission(s) to use material from this work, please submit a written request to Pearson Education, Inc.,
Permissions Department, 1 Lake Street, Upper Saddle River, NY 07458
Many of the designations by manufacturers and seller to distinguish their products are claimed as trademarks.
Where those designations appear in this book, and the publisher was aware of a trademark claim, the
designations have been printed in initial caps or all caps.
Library of Congress Cataloging-in-Publication Data On File
10 9 8 7 6 5 4 3 2 1
ISBN 10:
0-13-609704-9
ISBN 13: 978-0-13-609704-4
To Antigone never
dull never boring
the smartest
person I know
This page intentionally left blank
CONTENTS
Notation xiii
Preface xv
About the Author xxiii
Chapter 0 Reader’s Guide 1
0.1
Outline of This Book 2
0.2
A Roadmap for Readers and Instructors 2
0.3
Internet and Web Resources 4
0.4
Standards 5
Chapter 1 Overview 7
1.1
Computer Security Concepts 9
1.2
The OSI Security Architecture 14
1.3
Security Attacks 15
1.4
Security Services 19
1.5
Security Mechanisms 23
1.6
A Model for Network Security 25
1.7
Recommended Reading and Web Sites 27
1.8
Key Terms, Review Questions, and Problems 29
PART ONE SYMMETRIC CIPHERS 31
Chapter 2 Classical Encryption Techniques 31
2.1
Symmetric Cipher Model 33
2.2
Substitution Techniques 38
2.3
Transposition Techniques 53
2.4
Rotor Machines 55
2.5
Steganography 57
2.6
Recommended Reading and Web Sites 59
2.7
Key Terms, Review Questions, and Problems 60
Chapter 3 Block Ciphers and the Data Encryption Standard 66
3.1
Block Cipher Principles 68
3.2
The Data Encryption Standard (DES) 77
3.3
A DES Example 85
3.4
The Strength of DES 88
3.5
Differential and Linear Cryptanalysis 89
3.6
Block Cipher Design Principles 92
3.7
Recommended Reading and Web Site 96
3.8
Key Terms, Review Questions, and Problems 97
Chapter 4 Basic Concepts in Number Theory and Finite Fields 101
4.1
Divisibility and the Division Algorithm 103
4.2
The Euclidean Algorithm 105
v
vi
CONTENTS
4.3
4.4
4.5
4.6
4.7
4.8
4.9
Modular Arithmetic 108
Groups, Rings, and Fields 116
Finite Fields of the Form GF(p) 120
Polynomial Arithmetic 122
Finite Fields of the Form GF(2n) 129
Recommended Reading and Web Sites 141
Key Terms, Review Questions, and Problems 141
Appendix 4A The Meaning of mod 144
Chapter 5 Advanced Encryption Standard 47
5.1
The Origins AES 148
5.2
AES Structure 150
5.3
AES Round Functions 155
5.4
AES Key Expansion 166
5.5
An AES Example 169
5.6
AES Implementation 174
5.7
Recommended Reading and Web Sites 178
5.8
Key Terms, Review Questions, and Problems 179
Appendix 5A Polynomials with Coefficients in GF(28) 180
Appendix 5B Simplified AES 183
Chapter 6 Block Cipher Operation 192
6.1
Multiple Encryption and Triple DES 193
6.2
Electronic Codebook Mode 198
6.3
Cipher Block Chaining Mode 201
6.4
Cipher Feedback Mode 203
6.5
Output Feedback Mode 205
6.6
Counter Mode 206
6.7
XTS Mode for Block-Oriented Storage Devices 210
6.8
Recommended Web Site 214
6.9
Key Terms, Review Questions, and Problems 214
Chapter 7 Pseudorandom Number Generation and Stream Ciphers 218
7.1
Principles of Pseudorandom Number Generation 219
7.2
Pseudorandom Number Generators 226
7.3
Pseudorandom Number Generation Using a Block Cipher 229
7.4
Stream Ciphers 232
7.5
RC4 234
7.6
True Random Numbers 237
7.7
Recommended Reading 238
7.8
Key Terms, Review Questions, and Problems 239
PART TWO ASYMMETRIC CIPHERS 243
Chapter 8 More Number Theory 243
8.1
Prime Numbers 245
8.2
Fermat’s and Euler’s Theorems 248
8.3
Testing for Primality 251
8.4
The Chinese Remainder Theorem 254
CONTENTS
8.5
8.6
8.7
Discrete Logarithms 257
Recommended Reading and Web Sites 262
Key Terms, Review Questions, and Problems 263
Chapter 9 Public-Key Cryptography and RSA 266
9.1
Principles of Public-Key Cryptosystems 269
9.2
The RSA Algorithm 277
9.3
Recommended Reading and Web Sites 291
9.4
Key Terms, Review Questions, and Problems 291
Appendix 9A Proof of the RSA Algorithm 296
Appendix 9B The Complexity of Algorithms 297
Chapter 10 Other Public-Key Cryptosystems 300
10.1
Diffie-Hellman Key Exchange 301
10.2
ElGamal Cryptosystem 305
10.3
Elliptic Curve Arithmetic 308
10.4
Elliptic Curve Cryptography 317
10.5
Pseudorandom Number Generation Based on an Asymmetric Cipher 321
10.6
Recommended Reading and Web Sites 323
10.7
Key Terms, Review Questions, and Problems 324
PART THREE CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS 327
Chapter 11 Cryptographic Hash Functions 327
11.1
Applications of Cryptographic Hash Functions 329
11.2
Two Simple Hash Functions 333
11.3
Requirements and Security 335
11.4
Hash Functions Based on Cipher Block Chaining 341
11.5
Secure Hash Algorithm (SHA) 342
11.6
SHA-3 352
11.7
Recommended Reading and Web Sites 353
11.8
Key Terms, Review Questions, and Problems 353
Appendix 11A Mathematical Basis of Birthday Attack 356
Chapter 12 Message Authentication Codes 362
12.1
Message Authentication Requirements 364
12.2
Message Authentication Functions 365
12.3
Message Authentication Codes 372
12.4
Security of MACs 374
12.5
MACs Based on Hash Functions: HMAC 375
12.6
MACs Based on Block Ciphers: DAA and CMAC 380
12.7
Authenticated Encryption: CCM and GCM 383
12.8
Pseudorandom Number Generation Using Hash Functions and MACs 389
12.9
Recommended Reading 392
12.10
Key Terms, Review Questions, and Problems 393
Chapter 13 Digital Signatures 395
13.1
Digital Signatures 396
13.2
ElGamal Digital Signature Scheme 400
vii
viii
CONTENTS
13.3
13.4
13.5
13.6
Schnorr Digital Signature Scheme 402
Digital Signature Standard (DSS) 403
Recommended Reading and Web Sites 406
Key Terms, Review Questions, and Problems 407
PART FOUR MUTUAL TRUST 410
Chapter 14 Key Management and Distribution 410
14.1
Symmetric Key Distribution Using Symmetric Encryption 412
14.2
Symmetric Key Distribution Using Asymmetric Encryption 421
14.3
Distribution of Public Keys 423
14.4
X.509 Certificates 428
14.5
Public Key Infrastructure 436
14.6
Recommended Reading and Web Sites 438
14.7
Key Terms, Review Questions, and Problems 439
Chapter 15 User Authentication Protocols 444
15.1
Remote User Authentication Principles 445
15.2
Remote User Authentication Using Symmetric Encryption 448
15.3
Kerberos 452
15.4
Remote User Authentication Using Asymmetric Encryption 470
15.5
Federated Identity Management 472
15.6
Recommended Reading and Web Sites 478
15.7
Key Terms, Review Questions, and Problems 479
Appendix 15A Kerberos Encryption Techniques 481
PART FIVE NETWORK AND INTERNET SECURITY 485
Chapter 16 Transport-Level Security 485
16.1
Web Security Issues 486
16.2
Secure Sockets Layer (SSL) 489
16.3
Transport Layer Security (TLS) 502
16.4
HTTPS 506
16.5
Secure Shell (SSH) 508
16.6
Recommended Reading and Web Sites 519
16.7
Key Terms, Review Questions, and Problems 519
Chapter 17 Wireless Network Security 521
17.1
IEEE 802.11 Wireless LAN Overview 523
17.2
IEEE 802.11i Wireless LAN Security 529
17.3
Wireless Application Protocol Overview 543
17.4
Wireless Transport Layer Security 550
17.5
WAP End-to-End Security 560
17.6
Recommended Reading and Web Sites 563
17.7
Key Terms, Review Questions, and Problems 563
Chapter 18 Electronic Mail Security 567
18.1
Pretty Good Privacy (PGP) 568
18.2
S/MIME 587
CONTENTS
18.3
18.4
18.5
DomainKeys Identified Mail (DKIM) 603
Recommended Web Sites 610
Key Terms, Review Questions, and Problems 611
Appendix 18A Radix-64 Conversion 612
Chapter 19 IP Security 615
19.1
IP Security Overview 616
19.2
IP Security Policy 622
19.3
Encapsulating Security Payload 627
19.4
Combining Security Associations 634
19.5
Internet Key Exchange 638
19.6
Cryptographic Suites 647
19.7
Recommended Reading and Web Sites 648
19.8
Key Terms, Review Questions, and Problems 649
APPENDICES 651
Appendix A
Projects for Teaching Cryptography and Network Security 651
A.1
Sage Computer Algebra Projects 652
A.2
Hacking Project 653
A.3
Block Cipher Projects 653
A.4
Laboratory Exercises 654
A.5
Research Projects 654
A.6
Programming Projects 655
A.7
Practical Security Assessments 655
A.8
Writing Assignments 655
A.9
Reading/Report Assignments 656
Appendix B
Sage Examples 657
B.1
Chapter 2: Classical Encryption Techniques 659
B.2
Chapter 3: Block Ciphers and the Data Encryption Standard 662
B.3
Chapter 4: Basic Concepts in Number Theory and Finite Fields 666
B.4
Chapter 5:Advanced Encryption Standard 673
B.5
Chapter 6: Pseudorandom Number Generation and Stream Ciphers 678
B.6
Chapter 8: Number Theory 680
B.6
Chapter 9: Public-Key Cryptography and RSA 685
B.7
Chapter 10: Other Public-Key Cryptosystems 688
B.8
Chapter 11: Cryptographic Hash Functions 693
B.9
Chapter 13: Digital Signatures 695
References 699
Index 711
ONLINE CHAPTERS
PART SIX
Chapter 20
20.1
20.2
SYSTEM SECURITY
Intruders
Intruders
Intrusion Detection
ix
x
CONTENTS
Password Management
Recommended Reading and Web Sites
Key Terms, Review Questions, and Problems
Appendix 20A The Base-Rate Fallacy
Chapter 21 Malicious Software
21.1
Types of Malicious Software
21.2
Viruses
21.3
Virus Countermeasures
21.4
Worms
21.5
Distributed Denial of Service Attacks
21.6
Recommended Reading and Web Sites
21.7
Key Terms, Review Questions, and Problems
Chapter 22 Firewalls
22.1
The Need for Firewalls
22.2
Firewall Characteristics
22.3
Types of Firewalls
22.4
Firewall Basing
22.5
Firewall Location and Configurations
22.6
Recommended Reading and Web Sites
22.7
Key Terms, Review Questions, and Problems
20.3
20.4
20.5
PART SEVEN LEGAL AND ETHICAL ISSUES
Chapter 23 Legal and Ethical Issues
23.1
Cybercrime and Computer Crime
23.2
Intellectual Property
23.3
Privacy
23.4
Ethical Issues
23.5
Recommended Reading and Web Sites
23.6
Key Terms, Review Questions, and Problems
ONLINE APPENDICES
WilliamStallings.com/Crypto/Crypto5e.html
Appendix C
Sage Problems
C.1
Getting Started with Sage
C.2
Programming with Sage
C.3
Chapter 2: Classical Encryption Techniques
C.4
Chapter 3: Block Ciphers and the Data Encryption Standard
C.5
Chapter 4: Basic Concepts in Number Theory and Finite Fields
C.6
Chapter 5:Advanced Encryption Standard
C.7
Chapter 7: Pseudorandom Number Generation and Stream Ciphers
C.8
Chapter 8: Number Theory
C.9
Chapter 9: Public-Key Cryptography and RSA
C.10
Chapter 10: Other Public-Key Cryptosystems
C.11
Chapter 11: Cryptographic Hash Functions
C.12
Chapter 13: Digital Signatures
CONTENTS
Appendix D Standards and Standards-Setting Organizations
D.1
The Importance of Standards
D.2
Internet Standards and the Internet Society
D.3
National Institute of Standards and Technology
Appendix E Basic Concepts from Linear Algebra
E.1
Operations on Vectors and Matrices
E.2
Linear Algebra Operations over Zn
Appendix
F.1
F.2
F.3
Appendix
G.1
G.2
G.3
G.4
G.5
Appendix
H.1
H.2
F Measures of Security and Secrecy
Perfect Secrecy
Information and Entropy
Entropy and Secrecy
G Simplified DES
Overview
S-DES Key Generation
S-DES Encryption
Analysis of Simplified DES
Relationship to DES
H Evaluation Criteria for AES
The Origins of AES
AES Evaluation
Appendix
I.1
I.2
Appendix
J.1
J.2
J.3
Appendix
Appendix
L.1
L.2
L.3
L.4
L.5
L.6
Appendix
M.1
M.2
M.3
M.4
M.5
I More on Simplified AES
Arithmetic in GF(24)
The Mix Column Function
J Knapsack Public-Key Algorithm
The Knapsack Problem
The Knapsack Cryptosystem
Example
K Proof of the Digital Signature Algorithm
L TCP/IP and OSI
Protocols and Protocol Architectures
The TCP/IP Protocol Architecture
The Role of an Internet Protocol
IPv4
IPv6
The OSI Protocol Architecture
M Java Cryptographic APIs
Introduction
JCA and JCE Architecture
JCA Classes
JCE Classes
Conclusion and References
xi
xii
CONTENTS
M.6
M.7
Appendix
N.1
N.2
N.3
Appendix
O.1
O.2
Appendix
P.1
P.2
Appendix
Glossary
Using the Cryptographic Application
JCA/JCE Cryptography Example
N The Whirlpool Hash Function
Whirlpool Hash Structure
Block Cipher W
Performance of Whirlpool
O Data Compression Using ZIP
Compression Algorithm
Decompression Algorithm
P PGP Random Number Generation
True Random Numbers
Pseudorandom Numbers
Q International Reference Alphabet
NOTATION
Even the natives have difficulty mastering this peculiar vocabulary.
—The Golden Bough, Sir James George Frazer
Symbol
Expression
Meaning
D, K
D1K, Y2
Symmetric decryption of ciphertext Y using secret key K
D, PRa
D1PRa, Y2
Asymmetric decryption of ciphertext Y using A’s private key PRa
D, PUa
D1PUa, Y2
Asymmetric decryption of ciphertext Y using A’s public key PUa
E, K
E1K, X2
Symmetric encryption of plaintext X using secret key K
E, PRa
E(PRa, X)
Asymmetric encryption of plaintext X using A’s private key PRa
E, PUa
E(PUa, X)
Asymmetric encryption of plaintext X using A’s public key PUa
K
Secret key
PRa
Private key of user A
PUa
Public key of user A
MAC, K
MAC(K, X)
Message authentication code of message X using secret key K
GF( p)
The finite field of order p, where p is prime. The field is defined as
the set Zp together with the arithmetic operations modulo p.
GF(2n)
The finite field of order 2n
Zn
Set of nonnegative integers less than n
gcd
gcd(i, j)
Greatest common divisor; the largest positive integer that divides
both i and j with no remainder on division.
mod
a mod m
Remainder after division of a by m
mod, K
a K b (mod m)
a mod m = b mod m
mod, [
a [ b (mod m)
a mod m Z b mod m
dlog
dloga, p(b)
Discrete logarithm of the number b for the base a (mod p)
w
f(n)
The number of positive integers less than n and relatively prime to n.
This is Eulers totient function.
â
a ai
n
i=1
n
ò
q ai
i=1
a1 + a2 + Á + an
a1 * a2 * Á * an
xiii
xiv
NOTATION
|
i|j
i divides j, which means that there is no remainder when j is divided
by i
|, |
|a|
Absolute value of a
||
x || y
x concatenated with y
L
x L y
x is approximately equal to y
䊝
x䊝y
:, ;
:x ;
The largest integer less than or equal to x
僆
x僆S
The element x is contained in the set S.
·
A · (a1, a2,
The integer A corresponds to the sequence of integers
(a1, a2, Á , ak)
Á , ak2
Exclusive-OR of x and y for single-bit variables;
Bitwise exclusive-OR of x and y for multiple-bit variables
PREFACE
“The tie, if I might suggest it, sir, a shade more tightly knotted. One aims at the
perfect butterfly effect. If you will permit me —”
“What does it matter, Jeeves, at a time like this? Do you realize that
Mr. Little’s domestic happiness is hanging in the scale?”
“There is no time, sir, at which ties do not matter.”
—Very Good, Jeeves! P. G. Wodehouse
In this age of universal electronic connectivity, of viruses and hackers, of electronic eavesdropping and electronic fraud, there is indeed no time at which security does not matter. Two
trends have come together to make the topic of this book of vital interest. First, the explosive
growth in computer systems and their interconnections via networks has increased the
dependence of both organizations and individuals on the information stored and communicated using these systems. This, in turn, has led to a heightened awareness of the need to
protect data and resources from disclosure, to guarantee the authenticity of data and
messages, and to protect systems from network-based attacks. Second, the disciplines of
cryptography and network security have matured, leading to the development of practical,
readily available applications to enforce network security.
OBJECTIVES
It is the purpose of this book to provide a practical survey of both the principles and practice
of cryptography and network security. In the first part of the book, the basic issues to be
addressed by a network security capability are explored by providing a tutorial and survey of
cryptography and network security technology. The latter part of the book deals with the
practice of network security: practical applications that have been implemented and are in
use to provide network security.
The subject, and therefore this book, draws on a variety of disciplines. In particular, it is
impossible to appreciate the significance of some of the techniques discussed in this book
without a basic understanding of number theory and some results from probability theory.
Nevertheless, an attempt has been made to make the book self-contained. The book presents
not only the basic mathematical results that are needed but provides the reader with an
intuitive understanding of those results. Such background material is introduced as needed.
This approach helps to motivate the material that is introduced, and the author considers
this preferable to simply presenting all of the mathematical material in a lump at the beginning of the book.
INTENDED AUDIENCE
The book is intended for both academic and a professional audiences. As a textbook, it is
intended as a one-semester undergraduate course in cryptography and network security for
computer science, computer engineering, and electrical engineering majors. It covers the
xv
xvi
PREFACE
material in IAS2 Security Mechanisms, a core area in the Information Technology body of
knowledge; NET4 Security, another core area in the Information Technology body of knowledge; and IT311, Cryptography, an advanced course; these subject areas are part of the
ACM/IEEE Computer Society Computing Curricula 2005.
The book also serves as a basic reference volume and is suitable for self-study.
PLAN OF THE BOOK
The book is divided into seven parts (see Chapter 0 for an overview):
•
•
•
•
•
•
•
Symmetric Ciphers
Asymmetric Ciphers
Cryptographic Data Integrity Algorithms
Mutual Trust
Network and Internet Security
System Security
Legal and Ethical Issues
The book includes a number of pedagogic features, including the use of the computer
algebra system Sage and numerous figures and tables to clarify the discussions. Each chapter
includes a list of key words, review questions, homework problems, suggestions for further
reading, and recommended Web sites. The book also includes an extensive glossary, a list
of frequently used acronyms, and a bibliography. In addition, a test bank is available to
instructors.
ONLINE DOCUMENTS FOR STUDENTS
For this new edition, a tremendous amount of original supporting material has been made
available online, in the following categories.
• Online chapters: To limit the size and cost of the book, four chapters of the book
are provided in PDF format. This includes three chapters on computer security and
one on legal and ethical issues. The chapters are listed in this book’s table of
contents.
• Online appendices: There are numerous interesting topics that support material
found in the text but whose inclusion is not warranted in the printed text. A total of
fifteen online appendices cover these topics for the interested student. The appendices are listed in this book’s table of contents.
• Homework problems and solutions: To aid the student in understanding the material,
a separate set of homework problems with solutions are available. These enable the
students to test their understanding of the text.
• Key papers: Twenty-four papers from the professional literature, many hard to find,
are provided for further reading.
• Supporting documents: A variety of other useful documents are referenced in the text
and provided online.
• Sage code: The Sage code from the examples in Appendix B in case the student wants
to play around with the examples.
PREFACE
xvii
Purchasing this textbook now grants the reader six months of access to this online
material. See the access card bound into the front of this book for details.
INSTRUCTIONAL SUPPORT MATERIALS
To support instructors, the following materials are provided:
• Solutions Manual: Solutions to end-of-chapter Review Questions and Problems.
• Projects Manual: Suggested project assignments for all of the project categories listed
below.
• PowerPoint Slides: A set of slides covering all chapters, suitable for use in lecturing.
• PDF Files: Reproductions of all figures and tables from the book.
• Test Bank: A chapter-by-chapter set of questions.
All of these support materials are available at the Instructor Resource Center
(IRC) for this textbook, which can be reached via personhighered.com/stallings or by
clicking on the button labeled “Book Info and More Instructor Resources” at this book’s
Web Site WilliamStallings.com/Crypto/Crypto5e.html. To gain access to the IRC,
please contact your local Prentice Hall sales representative via pearsonhighered.com/
educator/replocator/requestSalesRep.page or call Prentice Hall Faculty Services at
1-800-526-0485.
INTERNET SERVICES FOR INSTRUCTORS AND STUDENTS
There is a Web site for this book that provides support for students and instructors. The site
includes links to other relevant sites, transparency masters of figures and tables in the book
in PDF (Adobe Acrobat) format, and PowerPoint slides. The Web page is at
WilliamStallings.com/Crypto/Crypto5e.html. For more information, see Chapter 0.
New to this edition is a set of homework problems with solutions available at this Web
site. Students can enhance their understanding of the material by working out the solutions
to these problems and then checking their answers.
An Internet mailing list has been set up so that instructors using this book can
exchange information, suggestions, and questions with each other and with the author. As
soon as typos or other errors are discovered, an errata list for this book will be available at
WilliamStallings.com. In addition, the Computer Science Student Resource site at
WilliamStallings.com/StudentSupport.html provides documents, information, and useful
links for computer science students and professionals.
PROJECTS AND OTHER STUDENT EXERCISES
For many instructors, an important component of a cryptography or security course is a project or set of projects by which the student gets hands-on experience to reinforce concepts
from the text. This book provides an unparalleled degree of support, including a projects
component in the course. The IRC not only includes guidance on how to assign and structure