网络与信息安全(第四版) / 普通高等院校计算机类专业规划教材·精品系列
¥56.00定价
作者: 程震,王凤英
出版时间:2023-08
出版社:中国铁道出版社
“十二五”普通高等教育本科国家级规划教材
- 中国铁道出版社
- 9787113285791
- 4版
- 502229
- 48256938-1
- 16开
- 2023-08
- 计算机网络技术
- 本科 高职
作者简介
内容简介
本书系统阐述了网络与信息安全的各个方面。全书共十五章,包括网络信息安全的基本概念和术语、计算机密码学(包括对称密钥密码、公钥密码单向散列函数、混沌密码和量子密码等)、区块链技术及其应用、信息隐藏技术、身份认证与公钥基础设施 PKI、访问控制与系统审计、数据库系统安全、互联网安全、无线网络安全、防火墙技术、入侵检测与入侵防御、网络信息安全管理等内容。为了便于教学,每章后面都有习题,可以作为课程作业或复习要点。
本书将理论知识和实际应用有机地结合在一起,将实际应用中经常遇到的多个问题,经过精心设计作为案例讲解。
本书适合作为普通高等院校计算机科学与技术、软件工程、网络工程、信息安全、物联网工程、通信工程专业的教材,也可作为相关领域的研究人员和专业技术人员的参考书。
本书将理论知识和实际应用有机地结合在一起,将实际应用中经常遇到的多个问题,经过精心设计作为案例讲解。
本书适合作为普通高等院校计算机科学与技术、软件工程、网络工程、信息安全、物联网工程、通信工程专业的教材,也可作为相关领域的研究人员和专业技术人员的参考书。
目录
第 1 章 网络信息安全综述 ············ 1
1.1 网络与信息安全的重要性 ········· 2
1.2 网络与信息安全的基本概念 ······ 3
1.3 网络安全威胁 ························ 4
1.3.1 网络安全威胁的类型 ·········· 5
1.3.2 网络安全威胁的动机 ·········· 6
1.4 安全评价标准 ························ 6
1.4.1 可信计算机系统评估准则 ···· 7
1.4.2 网络安全体系结构 ············· 8
1.4.3 网络安全服务目标类型 ······· 8
1.4.4 特定安全机制 ·················· 10
1.4.5 普遍性安全机制 ··············· 11
1.5 网络安全等级保护概述 ·········· 12
1.5.1 等级保护对象 ·················· 13
1.5.2 不同级别的安全保护能力 ····· 13
1.5.3 安全要求分类 ·················· 13
*1.6 等级保护安全要求细则 ·········· 14
1.6.1 安全技术要求 ·················· 14
1.6.2 安全管理要求 ·················· 17
1.6.3 安全扩展要求 ·················· 19
小 结 ·································· 22
习 题 ·································· 23
第 2 章 对称密钥密码体系 ·········· 24
2.1 密码学原理 ························ 25
2.1.1 密码学的基本原理 ············ 25
2.1.2 安全密码算法 ·················· 26
2.1.3 对称密钥密码和非对称密钥密码 ······························ 27
2.2 数据加密标准(DES) ·········· 27
2.3 IDEA 算法 ·························· 29
2.4 高级加密标准(AES) ·········· 30
2.4.1 AES 的产生背景 ·············· 30
2.4.2 AES 算法的特点 ·············· 31
2.4.3 AES(Rijndael)算法 ········ 31
2.4.4 AES 算法的优点 ·············· 38
2.4.5 AES 算法应用················· 38
2.4.6 分组加密算法比较 ············ 38
2.5 序列密码 ···························· 38
2.5.1 序列密码原理 ·················· 38
2.5.2 A5 算法 ························· 39
*2.5.3 祖冲之算法(ZUC) ········· 40
*2.6 密码分析与攻击 ··················· 41
2.6.1 密码攻击 ······················· 42
2.6.2 密码算法安全性 ··············· 42
2.6.3 攻击方法的复杂性 ············ 42
*2.7 密码设计准则 ······················ 43
2.8 国产密码进展 ······················ 44
2.8.1 国产密码基本情况 ············ 44
2.8.2 国产密码算法简介 ············ 44
小 结 ··································· 46
习 题 ··································· 46
第 3 章 单向散列函数 ·················· 47
3.1 单向散列函数概述················· 47
3.2 MD5——消息摘要 ················ 48
3.3 SHA——安全散列算法 ··········· 49
3.3.1 SHA 家族 ······················· 49
3.3.2 SHA-1 算法 ···················· 49
3.3.3 SHA-1 应用举例 ·············· 51
*3.3.4 SHA-512 算法 ················· 52
*3.4 SM3——中国商用密码散列
算法标准 ···························· 53
3.5 几种哈希函数比较················· 54
3.6 消息认证码(MAC) ············ 55
3.6.1 消息认证码的基本概念 ······ 55
3.6.2 消息的完整性验证 ············ 55
3.6.3 HMAC 算法 ···················· 56
3.7 案例应用:信息的完整性验证 ··· 57
*3.8 对单向散列函数的攻击 ·········· 57
3.8.1 字典攻击 ························ 57
3.8.2 穷举攻击 ························ 58
小 结 ·································· 59
习 题 ·································· 59
第 4 章 公钥密码体系 ················· 60
4.1 公钥密码概述 ······················ 61
4.2 RSA 密码系统 ····················· 62
4.2.1 RSA 算法 ······················· 62
4.2.2 对 RSA 算法的挑战 ··········· 64
4.3 Diffie-Hellman 密钥交换 ········ 64
4.3.1 Diffie-Hellman 算法 ··········· 65
4.3.2 中间人攻击 ····················· 65
*4.3.3 认证的 Diffie-Hellman 密钥交换 ······························ 66
4.3.4 三方或多方 Diffie-Hellman ···· 66
4.4 数字签名方案 ······················ 67
4.4.1 数字签名概述 ·················· 67
4.4.2 基本的数字签名方案 ········· 68
4.4.3 案例应用:高效数字签名方案 ······························ 69
4.4.4 案例应用:保密签名方案 ····· 69
4.4.5 案例应用:多重签名方案 ····· 70
4.5 数字签名算法 ······················ 71
*4.5.1 DSA——数字签名算法 ······ 71
4.5.2 RSA 作为数字签名算法 ······ 72
4.6 基于标识的密码算法 SM9 及应用 ······························· 73
4.6.1 标识密码 ························ 73
*4.6.2 有限域上的椭圆曲线与双线性对及 SM9 ··········· 73
4.6.3 SM9 应用现状 ················· 74
4.7 公钥密码与对称密码算法分析
与选择 ······························· 76
4.7.1 公钥密码与对称密码算法
分析 ····························· 76
4.7.2 加密算法的选择 ··············· 76
小 结 ··································· 76
习 题 ··································· 77
第 5 章 区块链技术及其应用 ········ 78
5.1 区块链发展 ························· 78
5.1.1 区块链发展历史渊源 ········· 78
5.1.2 区块链标准化进程 ············ 79
5.2 区块链结构及工作原理 ··········· 79
5.2.1 区块链结构····················· 79
5.2.2 区块链工作原理 ··············· 82
5.3 区块链特点及分类················· 82
5.3.1 区块链的特点 ·················· 82
5.3.2 区块链的分类 ·················· 84
5.4 区块链核心技术 ··················· 84
5.4.1 P2P 网络 ························ 84
5.4.2 加密算法 ······················· 85
5.4.3 共识机制 ······················· 86
5.4.4 智能合约 ······················· 87
*5.5 区块链核心问题优化方案 ········ 88
5.5.1 共识算法优化方案DPoS-BFT ······················ 88
5.5.2 DPoS 投票智能合约 ·········· 90
5.5.3 DPoS-BFT 激励机制 ·········· 92
5.6 区块链应用领域及发展方向 ····· 93
5.7 案例应用:基于区块链的公益
互助系统 ···························· 94
5.8 基于区块链技术的数字货币····· 100
5.8.1 货币的发展史 ················ 100
5.8.2 数字货币 ····················· 101
5.8.3 我国数字货币面临的挑战
及应对策略 ··················· 102
小 结 ································· 103
习 题 ································· 103
第 6 章 混沌密码和量子密码 ······ 104
6.1 混沌概述 ·························· 104
6.1.1 混沌起源 ······················ 105
6.1.2 混沌的定义 ··················· 105
6.1.3 混沌的三个主要特征 ······· 106
6.1.4 混沌模型 ······················ 107
6.2 混沌系统应用 ····················· 109
6.2.1 案例应用:基于混沌的文件加密 ······················ 109
6.2.2 Lorenz 混沌系统的高效数值量化 ······················ 111
6.2.3 混沌序列密码对图像加密 ··· 111
6.2.4 混沌同步构造非对称数字水印 ···························· 112
*6.3 量子加密密码体系 ··············· 112
6.3.1 量子密码的提出 ············· 112
6.3.2 量子物理学基础 ············· 113
6.3.3 量子密码学 ··················· 113
6.3.4 量子密码的安全性分析 ···· 115
*6.4 量子密码的研究与应用 ········· 115
6.4.1 量子密码的研究前沿 ······· 116
6.4.2 量子密码的应用领域 ······· 117
小 结 ································· 117
习 题 ································· 118
第 7 章 信息隐藏技术 ················ 119
7.1 信息隐藏技术概述 ··············· 119
7.1.1 信息隐藏产生的背景 ······· 119
7.1.2 信息隐藏的基本原理 ······· 120
7.1.3 信息隐藏系统的特征 ······· 121
7.1.4 信息隐藏技术的主要分支与应用 ························· 122
7.2 数字水印概述 ····················· 123
7.2.1 数字水印系统的基本框架 ·· 123
7.2.2 数字水印的主要特征 ······· 124
7.2.3 数字水印的分类 ············· 124
7.2.4 数字水印的原理 ············· 125
7.2.5 数字图像水印的典型算法 ··· 127
7.2.6 数字水印的攻击类型及对策 ························ 128
7.2.7 数字水印的评价标准 ······· 131
7.2.8 信息隐藏的主要应用领域 ···························· 132
*7.3 案例应用:基于混沌的小波域
数字水印 ·························· 132
7.4 数字水印研究状况与展望 ······ 140
小 结 ································· 141
习 题 ································· 142
第 8 章 身份认证与 PKI 技术 ······ 143
8.1 身份认证 ·························· 143
8.1.1 根据用户知道什么进行认证 ··························· 144
8.1.2 根据用户拥有什么进行认证 ··························· 145
8.1.3 根据用户是什么进行认证 ··························· 145
8.2 PKI 概述 ··························· 146
8.2.1 公钥密码系统的问题 ······· 146
8.2.2 PKI 的概念、目的、实体构成和服务 ··················· 147
8.3 数字证书 ·························· 148
8.3.1 ASN.1 概述 ··················· 148
8.3.2 X.509 证书 ··················· 150
8.3.3 在线证书状态协议 ·········· 152
8.3.4 密码操作开发工具 ·········· 153
8.4 证书权威(CA) ················ 155
8.4.1 CA 的功能和组成 ··········· 155
8.4.2 CA 对用户证书的管理 ····· 157
8.4.3 密码硬件简介 ················ 159
8.4.4 商用 CA 产品 ················ 161
8.5 信任模型 ·························· 161
8.5.1 证书验证方法 ················ 162
8.5.2 信任模型 ······················ 163
8.6 案例应用 ·························· 165
8.6.1 软件防篡改 ··················· 165
8.6.2 网上银行 ······················ 166
小 结 ································· 169
习 题 ································· 169
第 9 章 访问控制与系统审计 ······ 171
9.1 访问控制基本概念 ··············· 172
9.2 系统安全模型 ····················· 173
9.3 安全策略 ·························· 174
9.3.1 基于身份的安全策略 ······· 175
9.3.2 基于规则的安全策略 ······· 175
9.4 访问控制实现方法 ··············· 175
9.4.1 目录表 ························· 176
9.4.2 访问控制列表 ················ 176
9.4.3 访问控制矩阵 ················ 177
9.4.4 访问控制安全标签列表 ···· 178
9.4.5 权限位 ························· 178
9.5 访问控制模型 ····················· 179
9.5.1 访问控制模型类型 ·········· 179
9.5.2 自主访问控制 ················ 180
9.5.3 强制访问控制 ················ 181
9.5.4 基于角色的访问控制 ······· 182
9.5.5 基于任务的访问控制 ······· 185
9.5.6 基于角色和任务的访问控制 ··························· 189
9.5.7 使用控制 ······················ 190
9.5.8 访问控制小结 ················ 195
9.6 案例应用:RBAC 在企业
Web 系统中的应用 ·············· 195
9.7 系统审计 ·························· 199
9.7.1 审计及审计跟踪 ············· 200
9.7.2 安全审计 ······················ 200
9.8 案例应用:Web 信息系统的 审计信息 ·························· 201
*9.9 授权管理基础设施(PMI) ····· 203
9.9.1 PMI 概述 ····················· 203
9.9.2 PMI 技术的授权管理模式及其优点 ····················· 203
小 结 ································· 204
习 题 ································· 205
第 10 章 数据库系统安全 ··········· 206
10.1 数据库安全概述 ················ 206
10.1.1 数据库安全技术 ··········· 207
10.1.2 多级数据库 ················· 208
10.2 数据库加密 ······················ 209
10.2.1 数据库加密的基本要求 ···· 209
10.2.2 数据库加密的方式 ········ 210
10.2.3 数据库加密的方法及加密粒度 ··························· 211
10.2.4 数据库加密系统的密钥管理 ·························· 212
10.3 统计数据库安全 ················ 213
10.3.1 统计数据库的安全问题 ···· 213
10.3.2 对统计数据库的攻击方式 ·························· 214
10.3.3 统计数据库的安全措施 ··· 215
10.4 网络数据库安全 ················ 216
10.4.1 网络数据库概述 ··········· 216
10.4.2 网络数据库安全简介 ····· 217
10.5 大数据安全 ······················ 219
10.5.1 大数据的安全问题 ········ 219
10.5.2 大数据安全技术 ··········· 221
10.6 案例应用:SQL Server 安全 设置 ······························ 222
10.6.1 SQL Server 网络安全设置 ·························· 222
10.6.2 SQL Server 其他安全设置 ·························· 224
小 结 ································· 226
习 题 ································· 226
第 11 章 互联网安全 ················· 228
11.1 TCP/IP 协议族的安全问题 ····· 228
11.1.1 TCP/IP 协议族模型 ········ 229
11.1.2 IP 协议的安全问题 ········ 230
11.1.3 TCP 协议的安全问题······ 232
11.1.4 UDP 协议的安全问题 ····· 235
11.2 黑客攻击概述 ··················· 235
11.2.1 黑客攻击基本流程 ········· 235
11.2.2 黑客攻击基本技术 ········· 237
11.3 计算机病毒简介 ················ 240
11.3.1 计算机病毒概述 ············ 240
11.3.2 计算机病毒防范 ············ 241
11.3.3 杀毒软件简介 ·············· 241
11.4 虚拟专用网 ······················ 242
11.4.1 VPN 概述 ···················· 243
11.4.2 VPN 协议 ···················· 244
11.5 IPSec ····························· 244
11.5.1 IP 安全性分析 ·············· 244
11.5.2 安全关联 ···················· 245
11.5.3 IPSec 模式 ··················· 246
11.5.4 认证报头 ···················· 247
11.5.5 封装安全有效载荷 ········· 248
11.6 安全套接字层(SSL) ········ 251
11.6.1 SSL 概述 ···················· 251
11.6.2 SSL 工作原理 ··············· 252
11.6.3 SSL VPN ····················· 256
11.7 案例应用 ························· 257
11.7.1 IE 浏览器中的 SSL ········ 257
11.7.2 华为 VPN 客户端 ·········· 259
小 结 ································· 260
习 题 ································· 261
第 12 章 无线网络安全 ·············· 262
12.1 无线网络的安全威胁 ·········· 262
12.2 无线局域网安全 ················ 264
12.2.1 无线局域网概述 ··········· 264
12.2.2 IEEE 802.11i 概述 ········· 265
12.2.3 WPA 与 WPA2 ·············· 267
12.2.4 WPA3 ························ 270
12.3 移动通信安全 ··················· 271
12.3.1 2G 的安全机制 ············· 271
12.3.2 3G 的安全机制 ············· 273
12.3.3 4G 的安全机制 ············· 274
12.3.4 5G 的安全机制 ············· 275
12.4 案例应用:无线局域网安全设置 ······························ 276
小 结 ································· 279
习 题 ································· 279
第 13 章 防火墙技术 ················· 280
13.1 防火墙的基本概念 ············· 280
13.2 防火墙的类型 ··················· 281
13.2.1 包过滤防火墙 ·············· 281
13.2.2 应用代理防火墙 ··········· 282
13.2.3 电路级网关防火墙 ········ 283
13.2.4 状态检测防火墙 ··········· 283
13.3 防火墙在网络上的设置 ······· 285
13.3.1 单防火墙结构 ·············· 285
13.3.2 双防火墙结构 ·············· 287
13.4 防火墙基本技术 ················ 287
13.4.1 包过滤技术 ················· 287
13.4.2 应用代理技术 ·············· 292
13.5 新一代人工智能防火墙 ······· 296
13.6 案例应用:瑞星个人防火墙软件 ······························ 297
小 结 ································· 301
习 题 ································· 301
第 14 章 入侵检测与入侵防御 ···· 303
14.1 入侵检测系统概述 ············· 303
14.2 入侵检测系统结构 ············· 305
14.2.1 入侵检测系统的 CIDF 模型 ·························· 305
14.2.2 Denning 的通用入侵检测系统模型 ····················· 306
14.3 入侵检测系统类型 ············· 307
14.3.1 按数据来源分类 ··········· 307
14.3.2 按分析技术分类 ··········· 309
14.3.3 其他分类 ···················· 311
14.4 入侵防御系统 ··················· 311
14.5 案例应用:入侵检测
软件 Snort ······················· 313
小 结 ································· 314
习 题 ································· 314
第 15 章 网络信息安全管理 ········ 315
15.1 信息安全管理概述 ············· 315
15.1.1 信息安全管理的重要性 ···· 316
15.1.2 信息安全管理策略········· 316
15.2 信息安全管理标准 ············· 318
15.2.1 BS7799 标准 ················ 318
15.2.2 安全成熟度模型 ··········· 319
15.3 我国关于网络安全的法律法规 ······························ 320
15.3.1 相关法律法规 ·············· 320
15.3.2 《中华人民共和国电子签名法》 ···················· 321
15.3.3 《中华人民共和国网络安全法》 ···················· 322
15.3.4 《中华人民共和国密码法》 ···················· 323
小 结 ································· 324
习 题 ································· 324
参考文献 ··································· 325
1.1 网络与信息安全的重要性 ········· 2
1.2 网络与信息安全的基本概念 ······ 3
1.3 网络安全威胁 ························ 4
1.3.1 网络安全威胁的类型 ·········· 5
1.3.2 网络安全威胁的动机 ·········· 6
1.4 安全评价标准 ························ 6
1.4.1 可信计算机系统评估准则 ···· 7
1.4.2 网络安全体系结构 ············· 8
1.4.3 网络安全服务目标类型 ······· 8
1.4.4 特定安全机制 ·················· 10
1.4.5 普遍性安全机制 ··············· 11
1.5 网络安全等级保护概述 ·········· 12
1.5.1 等级保护对象 ·················· 13
1.5.2 不同级别的安全保护能力 ····· 13
1.5.3 安全要求分类 ·················· 13
*1.6 等级保护安全要求细则 ·········· 14
1.6.1 安全技术要求 ·················· 14
1.6.2 安全管理要求 ·················· 17
1.6.3 安全扩展要求 ·················· 19
小 结 ·································· 22
习 题 ·································· 23
第 2 章 对称密钥密码体系 ·········· 24
2.1 密码学原理 ························ 25
2.1.1 密码学的基本原理 ············ 25
2.1.2 安全密码算法 ·················· 26
2.1.3 对称密钥密码和非对称密钥密码 ······························ 27
2.2 数据加密标准(DES) ·········· 27
2.3 IDEA 算法 ·························· 29
2.4 高级加密标准(AES) ·········· 30
2.4.1 AES 的产生背景 ·············· 30
2.4.2 AES 算法的特点 ·············· 31
2.4.3 AES(Rijndael)算法 ········ 31
2.4.4 AES 算法的优点 ·············· 38
2.4.5 AES 算法应用················· 38
2.4.6 分组加密算法比较 ············ 38
2.5 序列密码 ···························· 38
2.5.1 序列密码原理 ·················· 38
2.5.2 A5 算法 ························· 39
*2.5.3 祖冲之算法(ZUC) ········· 40
*2.6 密码分析与攻击 ··················· 41
2.6.1 密码攻击 ······················· 42
2.6.2 密码算法安全性 ··············· 42
2.6.3 攻击方法的复杂性 ············ 42
*2.7 密码设计准则 ······················ 43
2.8 国产密码进展 ······················ 44
2.8.1 国产密码基本情况 ············ 44
2.8.2 国产密码算法简介 ············ 44
小 结 ··································· 46
习 题 ··································· 46
第 3 章 单向散列函数 ·················· 47
3.1 单向散列函数概述················· 47
3.2 MD5——消息摘要 ················ 48
3.3 SHA——安全散列算法 ··········· 49
3.3.1 SHA 家族 ······················· 49
3.3.2 SHA-1 算法 ···················· 49
3.3.3 SHA-1 应用举例 ·············· 51
*3.3.4 SHA-512 算法 ················· 52
*3.4 SM3——中国商用密码散列
算法标准 ···························· 53
3.5 几种哈希函数比较················· 54
3.6 消息认证码(MAC) ············ 55
3.6.1 消息认证码的基本概念 ······ 55
3.6.2 消息的完整性验证 ············ 55
3.6.3 HMAC 算法 ···················· 56
3.7 案例应用:信息的完整性验证 ··· 57
*3.8 对单向散列函数的攻击 ·········· 57
3.8.1 字典攻击 ························ 57
3.8.2 穷举攻击 ························ 58
小 结 ·································· 59
习 题 ·································· 59
第 4 章 公钥密码体系 ················· 60
4.1 公钥密码概述 ······················ 61
4.2 RSA 密码系统 ····················· 62
4.2.1 RSA 算法 ······················· 62
4.2.2 对 RSA 算法的挑战 ··········· 64
4.3 Diffie-Hellman 密钥交换 ········ 64
4.3.1 Diffie-Hellman 算法 ··········· 65
4.3.2 中间人攻击 ····················· 65
*4.3.3 认证的 Diffie-Hellman 密钥交换 ······························ 66
4.3.4 三方或多方 Diffie-Hellman ···· 66
4.4 数字签名方案 ······················ 67
4.4.1 数字签名概述 ·················· 67
4.4.2 基本的数字签名方案 ········· 68
4.4.3 案例应用:高效数字签名方案 ······························ 69
4.4.4 案例应用:保密签名方案 ····· 69
4.4.5 案例应用:多重签名方案 ····· 70
4.5 数字签名算法 ······················ 71
*4.5.1 DSA——数字签名算法 ······ 71
4.5.2 RSA 作为数字签名算法 ······ 72
4.6 基于标识的密码算法 SM9 及应用 ······························· 73
4.6.1 标识密码 ························ 73
*4.6.2 有限域上的椭圆曲线与双线性对及 SM9 ··········· 73
4.6.3 SM9 应用现状 ················· 74
4.7 公钥密码与对称密码算法分析
与选择 ······························· 76
4.7.1 公钥密码与对称密码算法
分析 ····························· 76
4.7.2 加密算法的选择 ··············· 76
小 结 ··································· 76
习 题 ··································· 77
第 5 章 区块链技术及其应用 ········ 78
5.1 区块链发展 ························· 78
5.1.1 区块链发展历史渊源 ········· 78
5.1.2 区块链标准化进程 ············ 79
5.2 区块链结构及工作原理 ··········· 79
5.2.1 区块链结构····················· 79
5.2.2 区块链工作原理 ··············· 82
5.3 区块链特点及分类················· 82
5.3.1 区块链的特点 ·················· 82
5.3.2 区块链的分类 ·················· 84
5.4 区块链核心技术 ··················· 84
5.4.1 P2P 网络 ························ 84
5.4.2 加密算法 ······················· 85
5.4.3 共识机制 ······················· 86
5.4.4 智能合约 ······················· 87
*5.5 区块链核心问题优化方案 ········ 88
5.5.1 共识算法优化方案DPoS-BFT ······················ 88
5.5.2 DPoS 投票智能合约 ·········· 90
5.5.3 DPoS-BFT 激励机制 ·········· 92
5.6 区块链应用领域及发展方向 ····· 93
5.7 案例应用:基于区块链的公益
互助系统 ···························· 94
5.8 基于区块链技术的数字货币····· 100
5.8.1 货币的发展史 ················ 100
5.8.2 数字货币 ····················· 101
5.8.3 我国数字货币面临的挑战
及应对策略 ··················· 102
小 结 ································· 103
习 题 ································· 103
第 6 章 混沌密码和量子密码 ······ 104
6.1 混沌概述 ·························· 104
6.1.1 混沌起源 ······················ 105
6.1.2 混沌的定义 ··················· 105
6.1.3 混沌的三个主要特征 ······· 106
6.1.4 混沌模型 ······················ 107
6.2 混沌系统应用 ····················· 109
6.2.1 案例应用:基于混沌的文件加密 ······················ 109
6.2.2 Lorenz 混沌系统的高效数值量化 ······················ 111
6.2.3 混沌序列密码对图像加密 ··· 111
6.2.4 混沌同步构造非对称数字水印 ···························· 112
*6.3 量子加密密码体系 ··············· 112
6.3.1 量子密码的提出 ············· 112
6.3.2 量子物理学基础 ············· 113
6.3.3 量子密码学 ··················· 113
6.3.4 量子密码的安全性分析 ···· 115
*6.4 量子密码的研究与应用 ········· 115
6.4.1 量子密码的研究前沿 ······· 116
6.4.2 量子密码的应用领域 ······· 117
小 结 ································· 117
习 题 ································· 118
第 7 章 信息隐藏技术 ················ 119
7.1 信息隐藏技术概述 ··············· 119
7.1.1 信息隐藏产生的背景 ······· 119
7.1.2 信息隐藏的基本原理 ······· 120
7.1.3 信息隐藏系统的特征 ······· 121
7.1.4 信息隐藏技术的主要分支与应用 ························· 122
7.2 数字水印概述 ····················· 123
7.2.1 数字水印系统的基本框架 ·· 123
7.2.2 数字水印的主要特征 ······· 124
7.2.3 数字水印的分类 ············· 124
7.2.4 数字水印的原理 ············· 125
7.2.5 数字图像水印的典型算法 ··· 127
7.2.6 数字水印的攻击类型及对策 ························ 128
7.2.7 数字水印的评价标准 ······· 131
7.2.8 信息隐藏的主要应用领域 ···························· 132
*7.3 案例应用:基于混沌的小波域
数字水印 ·························· 132
7.4 数字水印研究状况与展望 ······ 140
小 结 ································· 141
习 题 ································· 142
第 8 章 身份认证与 PKI 技术 ······ 143
8.1 身份认证 ·························· 143
8.1.1 根据用户知道什么进行认证 ··························· 144
8.1.2 根据用户拥有什么进行认证 ··························· 145
8.1.3 根据用户是什么进行认证 ··························· 145
8.2 PKI 概述 ··························· 146
8.2.1 公钥密码系统的问题 ······· 146
8.2.2 PKI 的概念、目的、实体构成和服务 ··················· 147
8.3 数字证书 ·························· 148
8.3.1 ASN.1 概述 ··················· 148
8.3.2 X.509 证书 ··················· 150
8.3.3 在线证书状态协议 ·········· 152
8.3.4 密码操作开发工具 ·········· 153
8.4 证书权威(CA) ················ 155
8.4.1 CA 的功能和组成 ··········· 155
8.4.2 CA 对用户证书的管理 ····· 157
8.4.3 密码硬件简介 ················ 159
8.4.4 商用 CA 产品 ················ 161
8.5 信任模型 ·························· 161
8.5.1 证书验证方法 ················ 162
8.5.2 信任模型 ······················ 163
8.6 案例应用 ·························· 165
8.6.1 软件防篡改 ··················· 165
8.6.2 网上银行 ······················ 166
小 结 ································· 169
习 题 ································· 169
第 9 章 访问控制与系统审计 ······ 171
9.1 访问控制基本概念 ··············· 172
9.2 系统安全模型 ····················· 173
9.3 安全策略 ·························· 174
9.3.1 基于身份的安全策略 ······· 175
9.3.2 基于规则的安全策略 ······· 175
9.4 访问控制实现方法 ··············· 175
9.4.1 目录表 ························· 176
9.4.2 访问控制列表 ················ 176
9.4.3 访问控制矩阵 ················ 177
9.4.4 访问控制安全标签列表 ···· 178
9.4.5 权限位 ························· 178
9.5 访问控制模型 ····················· 179
9.5.1 访问控制模型类型 ·········· 179
9.5.2 自主访问控制 ················ 180
9.5.3 强制访问控制 ················ 181
9.5.4 基于角色的访问控制 ······· 182
9.5.5 基于任务的访问控制 ······· 185
9.5.6 基于角色和任务的访问控制 ··························· 189
9.5.7 使用控制 ······················ 190
9.5.8 访问控制小结 ················ 195
9.6 案例应用:RBAC 在企业
Web 系统中的应用 ·············· 195
9.7 系统审计 ·························· 199
9.7.1 审计及审计跟踪 ············· 200
9.7.2 安全审计 ······················ 200
9.8 案例应用:Web 信息系统的 审计信息 ·························· 201
*9.9 授权管理基础设施(PMI) ····· 203
9.9.1 PMI 概述 ····················· 203
9.9.2 PMI 技术的授权管理模式及其优点 ····················· 203
小 结 ································· 204
习 题 ································· 205
第 10 章 数据库系统安全 ··········· 206
10.1 数据库安全概述 ················ 206
10.1.1 数据库安全技术 ··········· 207
10.1.2 多级数据库 ················· 208
10.2 数据库加密 ······················ 209
10.2.1 数据库加密的基本要求 ···· 209
10.2.2 数据库加密的方式 ········ 210
10.2.3 数据库加密的方法及加密粒度 ··························· 211
10.2.4 数据库加密系统的密钥管理 ·························· 212
10.3 统计数据库安全 ················ 213
10.3.1 统计数据库的安全问题 ···· 213
10.3.2 对统计数据库的攻击方式 ·························· 214
10.3.3 统计数据库的安全措施 ··· 215
10.4 网络数据库安全 ················ 216
10.4.1 网络数据库概述 ··········· 216
10.4.2 网络数据库安全简介 ····· 217
10.5 大数据安全 ······················ 219
10.5.1 大数据的安全问题 ········ 219
10.5.2 大数据安全技术 ··········· 221
10.6 案例应用:SQL Server 安全 设置 ······························ 222
10.6.1 SQL Server 网络安全设置 ·························· 222
10.6.2 SQL Server 其他安全设置 ·························· 224
小 结 ································· 226
习 题 ································· 226
第 11 章 互联网安全 ················· 228
11.1 TCP/IP 协议族的安全问题 ····· 228
11.1.1 TCP/IP 协议族模型 ········ 229
11.1.2 IP 协议的安全问题 ········ 230
11.1.3 TCP 协议的安全问题······ 232
11.1.4 UDP 协议的安全问题 ····· 235
11.2 黑客攻击概述 ··················· 235
11.2.1 黑客攻击基本流程 ········· 235
11.2.2 黑客攻击基本技术 ········· 237
11.3 计算机病毒简介 ················ 240
11.3.1 计算机病毒概述 ············ 240
11.3.2 计算机病毒防范 ············ 241
11.3.3 杀毒软件简介 ·············· 241
11.4 虚拟专用网 ······················ 242
11.4.1 VPN 概述 ···················· 243
11.4.2 VPN 协议 ···················· 244
11.5 IPSec ····························· 244
11.5.1 IP 安全性分析 ·············· 244
11.5.2 安全关联 ···················· 245
11.5.3 IPSec 模式 ··················· 246
11.5.4 认证报头 ···················· 247
11.5.5 封装安全有效载荷 ········· 248
11.6 安全套接字层(SSL) ········ 251
11.6.1 SSL 概述 ···················· 251
11.6.2 SSL 工作原理 ··············· 252
11.6.3 SSL VPN ····················· 256
11.7 案例应用 ························· 257
11.7.1 IE 浏览器中的 SSL ········ 257
11.7.2 华为 VPN 客户端 ·········· 259
小 结 ································· 260
习 题 ································· 261
第 12 章 无线网络安全 ·············· 262
12.1 无线网络的安全威胁 ·········· 262
12.2 无线局域网安全 ················ 264
12.2.1 无线局域网概述 ··········· 264
12.2.2 IEEE 802.11i 概述 ········· 265
12.2.3 WPA 与 WPA2 ·············· 267
12.2.4 WPA3 ························ 270
12.3 移动通信安全 ··················· 271
12.3.1 2G 的安全机制 ············· 271
12.3.2 3G 的安全机制 ············· 273
12.3.3 4G 的安全机制 ············· 274
12.3.4 5G 的安全机制 ············· 275
12.4 案例应用:无线局域网安全设置 ······························ 276
小 结 ································· 279
习 题 ································· 279
第 13 章 防火墙技术 ················· 280
13.1 防火墙的基本概念 ············· 280
13.2 防火墙的类型 ··················· 281
13.2.1 包过滤防火墙 ·············· 281
13.2.2 应用代理防火墙 ··········· 282
13.2.3 电路级网关防火墙 ········ 283
13.2.4 状态检测防火墙 ··········· 283
13.3 防火墙在网络上的设置 ······· 285
13.3.1 单防火墙结构 ·············· 285
13.3.2 双防火墙结构 ·············· 287
13.4 防火墙基本技术 ················ 287
13.4.1 包过滤技术 ················· 287
13.4.2 应用代理技术 ·············· 292
13.5 新一代人工智能防火墙 ······· 296
13.6 案例应用:瑞星个人防火墙软件 ······························ 297
小 结 ································· 301
习 题 ································· 301
第 14 章 入侵检测与入侵防御 ···· 303
14.1 入侵检测系统概述 ············· 303
14.2 入侵检测系统结构 ············· 305
14.2.1 入侵检测系统的 CIDF 模型 ·························· 305
14.2.2 Denning 的通用入侵检测系统模型 ····················· 306
14.3 入侵检测系统类型 ············· 307
14.3.1 按数据来源分类 ··········· 307
14.3.2 按分析技术分类 ··········· 309
14.3.3 其他分类 ···················· 311
14.4 入侵防御系统 ··················· 311
14.5 案例应用:入侵检测
软件 Snort ······················· 313
小 结 ································· 314
习 题 ································· 314
第 15 章 网络信息安全管理 ········ 315
15.1 信息安全管理概述 ············· 315
15.1.1 信息安全管理的重要性 ···· 316
15.1.2 信息安全管理策略········· 316
15.2 信息安全管理标准 ············· 318
15.2.1 BS7799 标准 ················ 318
15.2.2 安全成熟度模型 ··········· 319
15.3 我国关于网络安全的法律法规 ······························ 320
15.3.1 相关法律法规 ·············· 320
15.3.2 《中华人民共和国电子签名法》 ···················· 321
15.3.3 《中华人民共和国网络安全法》 ···················· 322
15.3.4 《中华人民共和国密码法》 ···················· 323
小 结 ································· 324
习 题 ································· 324
参考文献 ··································· 325
