Cryptography Reference
In-Depth Information
of cryptography in context. A wider education in information security requires, at
a minimum, a broad understanding of information security management, network
security and computer security. While there are increasing numbers of texts on
specialist aspects of these subjects, we recommend Dhillon [56] and Purser [159]
for general introductions to the management of information security, Stallings [183]
for network security, and Bishop [34] and Gollmann [92] for introductions to
computer security. Anderson [23] provides an interesting read of relevance to
all of those subjects, including cryptography. Although only of indirect relevance
to cryptography, Stoll [187] is an entertaining story for anyone seeking further
motivation for securing information systems.
Levy's highly recommended Crypto is a fascinating read, which covers the
dramatic development of cryptography in the latter decades of the 20th century.
The 'crypto politics' that surrounded these events provides a rich perspective on the
different attitudes and perspectives that are held about cryptography. Levy brings
this subject alive through interesting profiles of some of the main parties involved
during this influential period. This topic has been published under two different
subtitles [117, 118] and, although sometimes hard to get hold of, is worth tracking
down.
The different security services that we have introduced in this chapter are
notoriously hard to formally define. Menezes, van Oorschot and Vanstone [123]
contains a number of useful definitions, while Dent and Mitchell [55] cover
the approach taken by ISO. For an introduction to coding theory, and how it
relates to cryptography, approachable reads include Biggs [33] and Welsh [198].
More information about access control can be found in Gollman [92] and
Anderson [23]. An accessible introduction to steganography and how it relates
to cryptography is Wayner [197], while Fridrich [85] provides a more detailed
discussion of steganographic principles and techniques. Walton [195] provides a
thought-provoking perspective on the changes that have occurred in the application
environment in which cryptography is deployed since the early 1970s, and the
subsequent implications. A useful portal for laws and regulations relating to
cryptography is maintained by Bert-Jaap Koops [110].
Auguste Kerckhoffs' original article [108] is available online, as are various
translations of his six principles for cryptosystem design. We have only touched
on very basic attack models for cryptosystems in this chapter. An indication of the
stronger and more rigorous attack models used to design modern cryptosystems
can be found in, for example, Katz and Lindell [105] and Stinson [185]. The study of
side-channel attacks is a very active area of current research, with The Side Channel
Cryptanalysis Lounge [64] being a recommended starting point.
Finally, wemention two interesting perspectives on cryptography. Matt Blaze [35]
takes our analogy between encryption and physical locks much further. Blaze caused
a real stir in the locksmith world when he first published this article, which is an
interesting read and illustrates lessons that can be learnt by both the cryptographic
and locksmith communities from studying one another's design methodologies.
Young and Yung [206] discuss a number of ways in which cryptography can be
