دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
برای ارتباط با ما می توانید از طریق شماره موبایل زیر از طریق تماس و پیامک با ما در ارتباط باشید
در صورت عدم پاسخ گویی از طریق پیامک با پشتیبان در ارتباط باشید
برای کاربرانی که ثبت نام کرده اند
درصورت عدم همخوانی توضیحات با کتاب
از ساعت 7 صبح تا 10 شب
ویرایش: 2
نویسندگان: Wenliang Du
سری:
ISBN (شابک) : 1733003932, 9781733003933
ناشر: Wenliang Du
سال نشر: 2019
تعداد صفحات: 690
زبان: English
فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 101 مگابایت
در صورت تبدیل فایل کتاب Computer & Internet Security: A Hands-on Approach به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب امنیت کامپیوتر و اینترنت: یک رویکرد عملی نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
Main Table of Contents Preface About the Author Acknowledgments Part I Software Security Part I Table of Contents Chapter 1 Set-UID Privileged Programs and Attacks on Them 1.1 The Need for Privileged Programs 1.1.1 The Password Dilemma 1.1.2 Different Types of Privileged Programs 1.2 The Set-UID Mechanism 1.2.1 A Superman Story 1.2.2 How It Works 1.2.3 An Example of Set-UID Program 1.2.4 How to Ensure Its Security 1.2.5 The Set-GID Mechanism 1.3 What Can Go Wrong: What Happened to Superman 1.4 Attack Surfaces of Set-UID Programs 1.4.1 User Inputs: Explicit Inputs 1.4.2 System Inputs 1.4.3 Environment Variables: Hidden Inputs 1.4.4 Capability Leaking 1.5 Invoking Other Programs 1.5.1 Unsafe Approach: Using system() 1.5.2 Safe Approach: Using execve() 1.5.3 Invoking External Commands in Other Languages 1.5.4 Lessons Learned: Principle of Isolation 1.6 Principle of Least Privilege 1.7 Summary Chapter 2 Attacks Through Environment Variables 2.1 Environment Variables 2.1.1 How to Access Environment Variables 2.1.2 How a Process Gets Its Environment Variables 2.1.3 Memory Location for Environment Variables 2.1.4 Shell Variables and Environment Variables 2.2 Attack Surface Caused by Environment Variables 2.3 Attacks via Dynamic Linker 2.3.1 Static and Dynamic Linking 2.3.2 Case Study: LD_PRELOAD and LD_LIBRARY_PATH 2.3.3 Case Study: OS X Dynamic Linker 2.4 Attack via External Program 2.4.1 Two Typical Ways to Invoke External Programs 2.4.2 Case Study: the PATH environment variable 2.4.3 Reduce Attack Surface 2.5 Attack via Library 2.5.1 Case Study - Locale in UNIX 2.6 Application Code 2.6.1 Case Study - Using getenv() in Application Code 2.7 Set-UID Approach versus Service Approach 2.8 Summary Chapter 3 Shellshock Attack 3.1 Background: Shell Functions 3.2 The Shellshock Vulnerability 3.2.1 Vulnerable Version of bash 3.2.2 The Shellshock Bug 3.2.3 Mistake in the Bash Source CodeThe She 3.2.4 Exploiting the Shellshock vulnerability 3.3 Shellshock Attack on Set-UID Programs 3.4 Shellshock Attack on CGI Programs 3.4.1 Experiment Environment Setup 3.4.2 How Web Server Invokes CGI Programs 3.4.3 How Attacker Sends Data to Bash 3.4.4 Launching the Shellshock Attack 3.4.5 Creating Reverse Shell 3.5 Remote Attack on PHP 3.6 Summary Chapter 4 Buffer Overflow Attack 4.1 Program Memory Layout 4.2 Stack and Function Invocation 4.2.1 Stack Memory Layout 4.2.2 Frame Pointer 4.3 Stack Buffer-Overflow Attack 4.3.1 Copy Data to Buffer 4.3.2 Buffer Overflow 4.3.3 Exploiting a Buffer Overflow Vulnerability 4.4 Setup for Our Experiment 4.4.1 Disable Address Randomization 4.4.2 Vulnerable Program 4.5 Conduct Buffer-Overflow Attack 4.5.1 Finding the Address of the Injected Code 4.5.2 Improving Chances of Guessing 4.5.3 Finding the Address Without Guessing 4.5.4 Constructing the Input File 4.6 Attacks with Unknown Address and Buffer Size 4.6.1 Knowing the Range of Buffer Size 4.6.2 Knowing the Range of the Buffer Address 4.6.3 A General Solution 4.7 Writing a Shell code 4.7.1 Writing Malicious Code Using C 4.7.2 Writing a Shellcode: Main Idea 4.7.3 Explanation of a Shellcode Example 4.8 Countermeasures: Overview 4.9 Address Randomization 4.9.1 Address Randomization on Linux 4.9.2 Effectiveness of Address Randomization 4.10 StackGuard 4.10.1 The Observation and the Idea 4.10.2 Manually Adding Code to Function 4.10.3 StackGuard Implementation in gcc 4.11 Defeating the Countermeasure in bash and dash 4.12 Summary Chapter 5 Return-to-libc Attack and Return-Oriented Programming 5.1 Introduction: Non-Executable Stack 5.2 The Attack Experiment: Setup 5.3 Launch the Return-to-libc Attack: Part I 5.3.1 Task A: Find the Address of the system() Function 5.3.2 Task B: Find the Address of the String \"/bin/sh\" 5.4 Launch the Return-to-libc Attack: Part II 5.4.1 Function Prologue 5.4.2 Function Epilogue 5.4.3 Function Prologue and Epilogue Example 5.4.4 Perform Task C 5.4.5 Construct Malicious Input 5.4.6 Launch the Attack 5.5 Return-Oriented Programming 5.5.1 Experiment Setup 5.5.2 Tracking the values of the esp and ebp registers 5.5.3 Chaining Function Calls Without Arguments 5.5.4 Chaining Function Calls With Arguments: Skipping Prologue 5.5.5 Chaining Function Calls With Arguments: via leave and ret 5.5.6 Chaining Function Calls With Zero in the Argument 5.5.7 Use the Chaining Technique to Get Root Shell 5.5.8 Further Generalization: Return-Oriented Programming 5.6 Summary Chapter 6 Format String Vulnerability 6.1 Functions with Variable Number of Arguments 6.1.1 How to Access Optional Arguments 6.1.2 How printf() Accesses Optional Arguments 6.2 Format String with Missing Optional Arguments 6.3 Vulnerable Program and Experiment Setup 6.4 Exploiting the Format String Vulnerability 6.4.1 Attack 1: Crash Program 6.4.2 Attack 2: Print out Data on the Stack 6.4.3 Attack 3: Change the Program\'s Data in the Memory 6.4.4 Attack 4: Change the Program\'s Data to a Specific Value 6.4.5 Attack 4 (Continuation): A Much Faster Approach 6.5 Code Injection Attack using Format String Vulnerability 6.5.1 The Revised Vulnerable Program 6.5.2 The Attack Strategy 6.5.3 The Attack Program 6.5.4 Reducing the Size of Format String 6.6 Countermeasures 6.6.1 Developer 6.6.2 Compiler 6.6.3 Address Randomization 6.7 Relationship with the Buffer-Overflow Attack 6.8 Summary Chapter 7 Race Condition Vulnerability 7.1 The General Race Condition Problem 7.2 Race Condition Vulnerability 7.3 Experiment Setup 7.4 Exploiting Race Condition Vulnerabilities 7.4.1 Choose a Target File 7.4.2 Launch Attack 7.4.3 Monitor the Result 7.4.4 Running the Exploit 7.5 Countermeasures 7.5.1 Atomic Operation 7.5.2 Repeating Check and Use 7.5.3 Sticky Symlink Protection 7.5.4 Principle of Least Privilege 7.6 Summary Chapter 8 The Dirty COW Race Condition Attack 8.1 Memory Mapping using mmap() 8.2 MAP_SHARED, MAP_PRIVATE and Copy On Write 8.3 Discard the Copied Memory 8.4 Mapping Read-Only Files 8.5 The Dirty COW Vulnerability 8.6 Exploiting the Dirty COW Vulnerability 8.6.1 Selecting /etc/passwd as Target File 8.6.2 Set Up the Memory Mapping and Threads 8.6.3 The write Thread 8.6.4 The madvise Thread 8.6.5 The Attack Result 8.7 Summary Chapter 9 Reverse Shell 9.1 Introduction 9.2 File Descriptor and Redirection 9.2.1 File Descriptor 9.2.2 Standard IO Devices 9.2.3 Redirection 9.2.4 How To Implement Redirection 9.3 Redirecting Input/Output to a TCP Connection 9.3.1 Redirecting Output to a TCP Connection 9.3.2 Redirecting Input to a TCP Connection 9.3.3 Redirecting to TCP Connection From Shell 9.4 Reverse Shell 9.4.1 Redirecting the Standard Output 9.4.2 Redirecting the Standard Input 9.4.3 Redirecting the Standard Error 9.4.4 Code Injection 9.5 Summary Part II Web Security Part II Table of Contents Chapter 10 Cross Site Request Forgery 10.1 Cross-Site Requests and Its Problems 10.2 Cross-Site Request Forgery Attack 10.3 CSRF Attacks on HTTP GET Services 10.3.1 HTTP GET and POST Services 10.3.2 The Basic Idea of CSRF Attacks 10.3.3 Attack on Elgg\'s Add-friend Service 10.4 CSRF Attacks on HTTP POST Services 10.4.1 Constructing a POST Request Using JavaScript 10.4.2 Attack on Elgg\'s Edit-Profile Service 10.5 Countermeasures 10.5.1 Using the referer Header 10.5.2 Same-Site Cookies 10.5.3 Secret Token 10.5.4 Case Study: Elgg\'s Countermeasures 10.6 Summary Chapter 11 Cross-Site Scripting Attack 11.1 The Cross-Site Scripting Attack 11.1.1 Non-persistent (Reflected) XSS Attack 11.1.2 Persistent XSS Attack 11.1.3 What damage can XSS cause? 11.2 XSS Attacks in Action 11.2.1 Prelude: Injecting JavaScript Code 11.2.2 Use XSS Attacks to Befriend with Others 11.2.3 Use XSS Attacks to Change Other People\'s Profiles 11.3 Achieving Self-Propagation 11.3.1 Creating a Self-Propagating XSS Worm: the DOM Approach 11.3.2 Create a Self-Propagating Worm: the Link Approach 11.4 Preventing XSS attacks 11.4.1 Getting Rid of Code from User Inputs 11.4.2 Defeating XSS Attacks using Content Security Policy 11.4.3 Experimenting with Content Security Policy 11.5 Summary Chapter 12 SQL Injection Attack 12.1 A Brief Tutorial of SQL 12.1.1 Log in to MySQL 12.1.2 Create a Database 12.1.3 CREATE a Table 12.1.4 INSERT a Row 12.1.5 The SELECT Statement 12.1.6 WHERE Clause 12.1.7 UPDATE SQL Statement 12.1.8 Comments in SQL Statements 12.2 Interacting with Database in Web Application 12.2.1 Getting Data from User 12.2.2 Getting Data From Database 12.3 Launching SQL Injection Attacks 12.3.1 Attack Using cURL 12.3.2 Modify Database 12.3.3 Multiple SQL Statements 12.4 The Fundamental Cause 12.5 Countermeasures 12.5.1 Filtering and Encoding Data 12.5.2 Prepared Statement 12.6 Summary Part III Hardware Security Part III Table of Contents Chapter 13 Meltdown Attack 13.1 Introduction and Analogy 13.1.1 Analogy: The Microsoft Brainteaser Question 13.1.2 Stealing A Secret 13.1.3 Side Channels 13.2 Side Channel Attacks via CPU Cache 13.2.1 Time Difference When Accessing Cache v.s Memory 13.2.2 Using CPU Cache as a Side Channel 13.3 The Room Holding Secret: The Kernel 13.3.1 Secret Data in Kernel Space 13.3.2 The Guard: Preventing Direct Access to Kernel Memory 13.3.3 Avoid Getting Killed: Handling Error/Exceptions in C 13.4 Passing the Guard: Out-of-Order Execution by CPU 13.5 The Meltdown Attack 13.5.1 A Naive Approach 13.5.2 Improve the Attack by Getting the Secret Data Cached 13.5.3 Improve the Attack Using Assembly Code 13.5.4 Improve the Attack Using Statistic Approach 13.6 Countermeasures 13. 7 Summary Chapter 14 Spectre Attack 14.1 Introduction 14.2 Out-of-Order Execution and Branch Prediction 14.2.1 An Experiment 14.2.2 Experiment Results 14.3 The Spectre Attack 14.3.1 The Setup for the Experiment 14.3.2 The Program Used in the Experiment 14.4 Improve the Attack Using Statistic Approach 14.5 Spectre Variant and Mitigation 14.6 Summary Part IV Network Security Part IV Table of Contents Chapter 15 Packet Sniffing and Spoofing 15.1 How Packets Are Received 15.1.1 Network Interface Card (NIC) 15.1.2 BSD Packet Filter (BPF) 15.2 Packet Sniffing 15.2.1 Receiving Packets Using Sockets 15.2.2 Packet Sniffing using Raw Sockets 15.2.3 Packet Sniffing Using the pcap API 15.2.4 Processing Captured Packet 15.3 Packet Spoofing 15.3.1 Sending Normal Packets Using Socket 15.3.2 Sending Spoofed Packets Using Raw Sockets 15.3.3 Constructing ICMP Packets 15.3.4 Constructing UDP Packets 15.4 Sniffing and Then Spoofing 15.5 Sniffing and Spoofing Using Python and Scapy 15.5.1 Installing Scapy 15.5.2 A Simple Example 15.5.3 Packet Sniffing 15.5.4 Spoofing ICMP Packets 15.5.5 Spoofing UDP Packets 15.5.6 Sniffing and Then Spoofing 15.5. 7 Sending and Receiving Packets 15.6 Spoofing Packets Using a Hybrid Approach 15.6.1 A Hybrid Approach 15.6.2 Constructing Packet Template Using Scapy 15.6.3 Modifying and Sending Packets Using C 15. 7 Endianness 15.8 Calculating Checksum 15.9 Summary Chapter 16 Attacks on the TCP Protocol 16.1 How the TCP Protocol Works 16.1.1 TCP Client Program 16.1.2 TCP Server Program 16.1.3 Data Transmission: Under the Hood 16.1.4 TCP Header 16.2 SYN Flooding Attack 16.2.1 TCP Three-Way Handshake Protocol 16.2.2 The SYN Flooding Attack 16.2.3 Launching the SYN Flooding Attack 16.2.4 Launching SYN Flooding Attacks Using C Code 16.2.5 Countermeasure 16.3 TCP Reset Attack 16.3.1 Closing TCP Connections 16.3.2 How the Attack Works 16.3.3 Launching the TCP Reset Attack: Setup 16.3.4 TCP Reset Attack on Telnet connections 16.3.5 TCP Reset Attack on SSH connections 16.3.6 TCP Reset Attack on Video-Streaming Connections 16.4 TCP Session Hijacking Attack 16.4.1 TCP Session and Session Hijacking 16.4.2 Launching TCP Session Hijacking Attack 16.4.3 What Happens to the Hijacked TCP Connection 16.4.4 Causing More Damage 16.4.5 Creating Reverse Shell 16.5 Summary Chapter 17 Firewall 17.1 Introduction 17.2 Types of Firewalls 17.2.1 Packet Filter 17.2.2 Stateful Firewall 17.2.3 Application/Proxy Firewall 17.3 Building a Simple Firewall using Netfilter 17.3.1 Writing Loadable Kernel Modules 17.3.2 Compiling Kernel Modules 17 .3.3 Installing Kernel Modules 17.4 Netfilter 17.4.1 netfilter Hooks for 1Pv4 17.4.2 Implementing a Simple Packet Filter Firewall 17.5 The iptables Firewall in Linux 17.5.1 The structure of the iptables Firewall 17.5.2 Traversing Chains and Rule Matching 17.5.3 iptables Extensions 17.5.4 Building a Simple Firewall 17.6 Stateful Firewall using Connection Tracking 17.6.1 Stateful Firewall 17.6.2 The Connection Tracking Framework in Linux 17.6.3 Example: Set up a Stateful Firewall 17.7 Application/Proxy Firewall and Web Proxy 17.8 Evading Firewalls 17.8.1 Using SSH Tunneling to Evade Firewalls 17.8.2 Dynamic Port Forwarding 17.8.3 Reverse SSH Tunneling 17.8.4 Using VPN to Evade Firewall 17.9 Summary Chapter 18 Domain Name System (DNS) and Attacks 18.1 DNS Hierarchy, Zones, and Servers 18.1.1 DNS Domain Hierarchy 18.1.2 DNS Zone 18.1.3 Authoritative Name Servers 18.1.4 The Organization of Zones on the Internet 18.2 DNS Query Process 18.2.1 Local DNS Files 18.2.2 Local DNS Server and the Iterative Query Process 18.3 Set Up DNS Server and Experiment Environment 18.3.1 Configure the User Machine 18.3.2 Configure the Local DNS server 18.3.3 Set Up Zones in the Local DNS Server 18.4 Constructing DNS Request and Reply Using Scapy 18.4.1 DNS Header 18.4.2 DNS Records 18.4.3 Example 1: Sending a DNS Query 18.4.4 Example 2: Implement a Simple DNS Server 18.5 DNS Attacks: Overview 18.6 Local DNS Cache Poisoning Attack 18.6.1 Launch DNS Cache Poisoning Attack 18.6.2 Targeting the Authority Section 18.7 Remote DNS Cache Poisoning Attack 18.7.1 The Kaminsky Attack 18.7.2 Construct the IP and UDP headers of DNS reply 18.7.3 Construct the DNS Header and Payload 18.7.4 Result Verification 18.8 Reply Forgery Attacks from Malicious DNS Servers 18.8.1 Fake Data in the Additional Section 18.8.2 Fake Data in the Authority Section 18.8.3 Fake Data in Both Authority and Additional Sections 18.8.4 Fake Data in the Answer Section 18.8.5 Fake Answer in Reverse DNS Lookup 18.9 DNS Rebinding Attack 18.9.1 How DNS Rebinding Attack Works 18.9.2 Attack Environment Setup 18.9.3 Set Up the User Machine 18.9.4 Emulating a Vulnerable loT Device\'s Web Server 18.9.5 Set Up the Web Server on Attacker Computer 18.9.6 Setting Up the Malicious DNS Server 18.9.7 Launching the Attack 18.9.8 Defending Against DNS Rebinding Attack 18.10 Protection Against DNS Spoofing Attacks 18.10.1 DNSSEC 18.10.2 TLS/SSL Solution 18.11 Denial of Service Attacks on DNS Servers 18.11.1 Attacks on the Root and TLD Servers 18.11.2 Attacks on Nameservers of a Particular Domain 18.12 Summary Chapter 19 Virtual Private Network 19.1 Introduction 19.1.1 Virtual Private Network 19.1.2 How a Virtual Private Network Works 19.2 An Overview of How TLS/SSL VPN Works 19.2.1 Establishing A TLS/SSL Tunnel 19.2.2 Forwarding IP packets 19.2.3 Releasing IP Packets 19.3 How TLS/SSL VPN Works: Details 19.3.1 Virtual Network Interfaces 19.3.2 Creating a TUN Interface 19.3.3 Routing Packets to a TUN Interface 19.3.4 Reading and Writing Operations on the TUN Interface 19.3.5 Forwarding Packets via the Tunnel 19.3.6 Packet\'s Return Trip 19.4 Building a VPN 19.4.1 Establish the Tunnel 19.4.2 Monitoring File Descriptors 19.4.3 From TUN To Tunnel 19.4.4 From Tunnel to TUN 19.4.5 Bring Everything Together 19.5 Setting Up a VPN 19.5.1 Network Configuration 19.5.2 Configure VPN Server 19.5.3 Configure VPN Client 19.5.4 Configure Host V 19.6 Testing VPN 19.6.1 Ping Test 19.6.2 Telnet Test 19.7 Using VPN to Bypass Egress Firewall 19.7.1 Network Setup 19.7.2 Setting Up VPN to Bypass Firewall 19.8 Summary Chapter 20 The Heartbleed Bug and Attack 20.1 Background: the Heartbeat Protocol 20.2 Launch the Heartbleed Attack 20.2.1 Attack Environment and Setup 20.2.2 Launch an Attack 20.3 Fixing the Heartbleed Bug 20.4 Summary Part V Cryptography Part V Table of Contents Chapter 21 Secret-Key Encryption 21.1 Introduction 21.2 Substitution Cipher 21.2.1 Monoalphabetic Substitution Cipher 21.2.2 Breaking Monoalphabetic Substitution Cipher 21.2.3 Polyalphabetic Substitution Cipher 21.2.4 The Enigma Machine 21.3 DES and AES Encryption Algorithms 21.3.1 DES: Data Encryption Standard 21.3.2 AES: Advanced Encryption Standard 21.4 Encryption Modes 21.4.1 Encryption Modes 21.4.2 Electronic Codebook (ECB) Mode 21.4.3 Cipher Block Chaining (CBC) Mode 21.4.4 Cipher Feedback (CFB) Mode 21.4.5 Output Feedback (OFB) Mode 21.4.6 Counter (CTR) Mode 21.4.7 Modes for Authenticated Encryption 21.4.8 Padding 21.5 Initialization Vector and Common Mistakes 21.5.1 Common Mistake: Use the Same IV 21.5.2 Common Mistake: Use a Predictable IV 21.6 Programming using Cryptography APis 21. 7 Authenticated Encryption and the GCM Mode 21.7.1 The GCM Mode 21.7.2 Programming using the GCM Mode 21.8 Summary Chapter 22 One-Way Hash Function 22.1 Introduction 22.2 Concept and Properties 22.2.1 Cryptographic Properties 22.2.2 Replay the Number Game 22.3 Algorithms and Programs 22.3.1 The MD (Message Digest) Series 22.3.2 The SHA (Secure Hash Algorithm) Series 22.3.3 How Hash Algorithm Works 22.3.4 One-Way Hash Commands 22.3.5 Computing One-Way Hash in Programs 22.3.6 Performance of One-Way Hash Functions 22.4 Applications of One-Way Hash Functions 22.4.1 Integrity Verification 22.4.2 Committing a Secret Without Telling It 22.4.3 Password Verification 22.4.4 Trusted Timestamping 22.5 Message Authentication Code (MAC) 22.5.1 Constructing MAC and Potential Attacks 22.5.2 Launching the Length Extension Attack 22.5.3 Case Study: Length Extension Attack on Flickr 22.5.4 The Keyed-Hash MAC (HMAC) Algorithm 22.6 Blockchain and Bitcoins 22.6.1 Hash Chain and Blockchain 22.6.2 Make Chaining Difficult 22.6.3 Adding Incentives and Bitcoin 22.7 Hash Collision Attacks 22.7.1 Security Impact of Collision Attacks 22.7.2 Generating Two Different Files with the Same MD5 Hash 22.7.3 Generating Two Programs with the Same MD5 Hash 22.7.4 Making the Two Programs Behave Differently 22.7.5 Hash-Colliding X.509 Certificates 22.8 Summary Chapter 23 Public Key Cryptography 23.1 Introduction 23.2 Diffie-Hellman Key Exchange 23.2.1 Diffie-Hellman Key Exchange 23.2.2 Turn DH Key Exchange into a Public-Key Encryption Algorithm 23.3 The RSA Algorithm 23.3.1 Math Background: Modulo Operation 23.3.2 Math Background: Euler\'s Theorem 23.3.3 Math Background: Extended Euclidean Algorithm 23.3.4 The RSA Algorithm 23.3.5 Exercise: Small Number 23.3.6 Exercise: Large Number 23.3. 7 Performance 23.3.8 Hybrid Encryption 23.3.9 Other Public-Key Encryption Algorithms 23.4 Using OpenSSL Tools to Conduct RSA Operations 23.4.1 Generating RSA keys 23.4.2 Extracting the public key 23.4.3 Encryption and Decryption 23.5 Paddings for RSA 23.5.1 Attacks Against Textbook RSA 23.5.2 Paddings: PKCS#1 v1.5 and OAEP 23.6 Digital Signature 23.6.1 Digital Signature using RSA 23.6.2 DSA and Other Digital Signature Algorithms 23.7 Programming using Public-Key Cryptography APis 23.7.1 Key Generation 23.7.2 Encryption and Decryption 23.7.3 Digital Signature 23.8 Applications 23.8.1 Authentication 23.8.2 HTTPS and TLS/SSL 23.8.3 Chip Technology Used in Credit Cards 23.9 Blockchain and Bitcoins 23.10 Summary and Further Learning Chapter 24 Public Key Infrastructure 24.1 Attack on Public Key Cryptography 24.1.1 Man-in-the-Middle (MITM) Attack 24.1.2 Defeating MITM Attacks 24.1.3 Public Key Infrastructure 24.2 Public Key Certificates 24.2.1 X.509 Digital Certificate 24.2.2 Get Certificate from a Real Server 24.3 Certificate Authority (CA) 24.3.1 Being a CA 24.3.2 Getting X.509 Certificate from CA 24.3.3 Deploying Public Key Certificate in Web Server 24.3.4 Apache Setup for HTTPS 24.4 Root and Intermediate Certificate Authorities 24.4.1 Root CAs and Self-Signed Certificate 24.4.2 Intermediate CAs and Chain of Trust 24.4.3 Creating Certificates for Intermediate CA 24.4.4 Apache Setup 24.4.5 Trusted CAs in the Real World 24.5 How PKI Def eats the MITM Attack 24.5.1 Attacker Forwards the Authentic Certificate 24.5.2 Attacker Creates a Fake Certificate 24.5.3 Attackers Send Their Own Certificates 24.5.4 The Man-In-The-Middle Proxy 24.6 Attacks on the Public-Key Infrastructure 24.6.1 Attack on CA\'s Verification Process 24.6.2 Attack on CA\'s Signing Process 24.6.3 Attacks on the Algorithms 24.6.4 Attacks on User Confirmation 24.7 Types of Digital Certificates 24.7.1 Domain Validated Certificates (DV) 24.7.2 Organizational Validated Certificates (OV) 24. 7 .3 Extended Validated Certificates (EV) 24.8 Summary Chapter 25 Transport Layer Security 25.1 Overview of TLS 25.2 TLS Handshake 25.2.1 Overview of the TLS Handshake Protocol 25.2.2 Certificate Verification 25.2.3 Key Generation and Exchange 25.3 TLS Data Transmission 25.3.1 Sending Data with TLS Record Protocol 25.3.2 Receiving Data with TLS Record Protocol 25.4 TLS Programming: A Client Program 25.4.1 The Overall Picture 25.4.2 TLS Initialization 25.4.3 TCP Connection Setup 25.4.4 TLS Handshake 25.4.5 Application Data Transmission 25.4.6 Set Up the Certificate Folder 25.4.7 The Complete Client Code 25.5 Verifying Server\'s Hostname 25.5.1 Modified Client Code 25.5.2 An Experiment: Man-In-The-Middle Attack 25.5.3 Hostname Checking 25.6 TLS Programming: the Server Side 25.6.1 TLS Setup 25.6.2 TCP Setup 25.6.3 TLS Handshake 25.6.4 TLS Data Transmission 25.6.5 Testing 25.7 Summary Chapter 26 Bitcoin and Blockchain 26.1 History 26.2 Cryptography Foundation and Bitcoin Address 26.2.1 Generating Private and Public Keys 26.2.2 Turning Hash Value Into Bitcoin Address 26.2.3 Wallet 26.3 Transactions 26.3.1 The \"Safe\" Analogy 26.3.2 An Example 26.3.3 Input 26.3.4 Output 26.4 Unlocking the Output of a Transaction 26.4.1 Some Fun but Non-standard Locks 26.4.2 Pay-to-Pubkey-Hash Type (P2PH) 26.4.3 Pay-to-Multisig (P2MS) 26.4.4 Pay-to-ScriptHash (P2SH) 26.4.5 P2SH Example: Multi-Signature 26.4.6 Case Study: A Real Transaction 26.4.7 Propagation of Transactions 26.5 Blockchain and Mining 26.5.1 Generating Blocks 26.5.2 Rewarding 26.5.3 Transaction and Merkle Tree 26.5.4 Branching and Reaching Consensus 26.5.5 Double Spending and Majority of Hash Power 26.5.6 Case Study: Users with Majority of Hash Power 26.6 Summary Bibliography