HelpFeedback
Kahate
Information Center
Preface
Note of Appreciation
Foreword
Table of Contents
Salient Features
About the Author
Books by the Same Author
Queries & Feedback
Buy the Book


Student Edition
Instructor Edition
Cryptography and Network Security

Atul Kahate, Project Manager, i-flex solutions limited, Pune

ISBN: 0070494835
Copyright year: 2003

Preface



Background

"Three people can keep a secret only if two of them are dead!" — Benjamin Franklin

Quotes such as these are quite common. Keeping secrets is not easy. In fact, human tendency is such that when told that something is a secret and asked to keep it secret, people are actually quite eager to share that secret with everyone else! It is often said that to make something public, it should be called a secret, and told it in a very hush-hush manner to as many people as possible. The word of mouth will automatically spread it!

In the early days of serious computing (1950s-60s), there was not a great deal of emphasis on security, because the systems in those days were proprietary or closed. In simple terms, although computers exchanged data and information with each other, they formed a part of a network that was completely under the control of an organization. The protocols used for computer-to-computer communication in those days were also not known to the general public. Therefore, the chances of someone getting an access to the information being exchanged were not very high. That was also the reason why information security was not a major issue in those days.

As the minicomputers and microcomputers evolved in the 1970s and 1980s, the issue of information security started to gain more prominence. However, it was still not an item of the highest priority on the agenda of the managers and technologists. People used to treat information security as one of the objectives of a hardware/software system. This continued well into the early 1990s. However, it was the Internet, which changed the whole computing paradigm, and brought a tremendous change in the way computers communicated with each other. The world of computers had suddenly become very open. Proprietary protocols (such as IBM’s SNA) were no longer popular. It was the open standard of TCP/IP, which was the glue between the computers scattered around the world.

The stupendous growth of the Internet opened up unlimited opportunities for computing. However, at the same time, it also brought about a plethora of new issues and concerns, chief among them being the security of information being exchanged. For example, some of the possibilities were:

  • It was no longer safe to send your credit cards details over the network (Internet) to another computer.

  • A person accessing the connection between the sender and the recipient could read the e-mails being exchanged.

  • People would try to login with someone else’s credentials, and use the privileges of that person.

Now, there were so many new threats and possible attacks on information. As the technologists found new ways to thwart these attacks, the attackers found new ways to beat the technologists. This continues even now, and in all probability, it will continue to happen in the future. Therefore, it is very important to know how we can make information exchange secure.

Motivation

Having worked in the area of Information Technology for about 8 years, I had read a lot about information security, and how to achieve it. However, my concepts were vague, and I knew the technology of security in bits and pieces. This was quite annoying, as it never gave a feeling of satisfaction. It was as if I did not know the complete picture. For example, I did know that number systems played an important role in cryptography, but did not know how much I should know about them to understand the concepts thoroughly. Similarly, I knew that digital certificates and Public Key Infrastructure (PKI) were quite wonderful technologies, but knew only to some extent as to how they worked. Numerous other examples can be given.

Then I got an opportunity to lead a PKI project. I knew that I could learn a lot simply by working on that project. However, I also felt very strongly that until I was thorough with all the aspects of computer security/cryptography myself, I would not be able to do true justice to this project. It was for this reason that I took up the task of studying each and every aspect of these technologies. Unfortunately, there were a lot of hurdles. The main hurdle was that there was not a single book, which explained all that I wanted, and more importantly, in the manner that I wanted. My colleagues in the project also expressed this feeling on many occasions. The information available was scattered, was quite complex to understand, and was not explained to the level that makes one completely understand what is going on. I had to struggle a lot to understand how it all works.

The struggle for learning was quite wonderful! However, it also convinced me that I should make an attempt to explain what I know, in a very simple manner, so that others who venture into this area do not have to struggle the way I did. This is perhaps the main intention behind this book. In simple terms, it is something, which makes me feel, ‘if only such a book were available when I started exploring and learning about security/cryptography’. The biggest satisfaction will be if and when readers in similar situations, who have the same feeling, feel contented after reading this book.

Intended Audience

This book is targeted at two sets of readers: IT professionals and undergraduate/graduate/post-graduate students. To satisfy the diverse needs of both of these categories, the book is designed very carefully. On one hand, it touches upon the aspects that the IT professionals like to know (conceptual level), and it also goes into the depth of every aspect, to satisfy the needs of the students.

Organization

Teachers teaching information security/cryptography courses would find the book very helpful. It discusses the technology in great detail, and there are over 400 diagrams, which the teachers can use in classroom discussions. Each chapter contains the summary of salient points and a list of terms and concepts. To help the reader to check the understanding of the concepts, each chapter concludes with self-assessment questions. There are Multiple Choice Questions (MCQ), Review Questions, and a unique section on Design/Programming Exercises. This provides the reader with sufficient hands-on opportunities.

An attempt has been made to keep the presentation style lucid and the language simple.

An online learning centre is set up for the teachers, where they can find answers to the chapter-end Review Questions and solutions to the Design/Programming Exercises. This site also contains important diagrams from the book as PowerPoint slides (with appropriate notes), which can be directly used for classroom discussions or presentations.

The chapter-wise organization of the book is explained at the end of the first chapter.

Feedback/Comments

You are welcome to write to me at akahate@indiatimes.com with your suggestions or comments about this book. Your feedback would help in making this book better when we revise it for the next edition.

ATUL KAHATE

Small Cover

To obtain a lecturer login to the Online Learning Centres, ask your local sales representative. If you're a lecturer thinking about adopting this textbook, request a complimentary copy for review.