Student Resources
Cryptography and Network Security, Fourth Edition

Last updated: Thursday, June 3, 2010

Appendices and Documents

Appendix C through Appendix H, in PDF format, are available for download here.
Applied Cryptography and Data Security. This 200-page set of lecture notes is a useful study guide. By Prof. Christof Paar, Ruhr-Universitat Bochum, Germany.
Lecture Notes on Cryptography. This 289-page online book is a useful technical reference.. By S. Goldwasser and M. Bellare.
Introduction to Modern Cryptography. Another useful and lengthy set of lecture notes. By Mihir Bellare and Phillip Rogaway.

Useful Forums

Security and Cryptography Forum: Sponsered by DevShed. Discusses issues related to coding, server applications, network protection, data protection, firewalls, ciphers and the like.
Cryptography Forum: On Topix. Fairly good focus on technical issues.
Security Forums: On Broad range of forums, including cryptographic theory, cryptographic software, firewalls, and malware.

Useful Web Sites

Computer Science Student Resource Site: Help and advice for the long-suffering, overworked student.
Errata sheet: Latest list of errors, updated at most monthly. File name is Errata-Crytpo4e-mmyy. If you spot any errors, please report them to .
Introduction to Cryptography: Provides a Web-based introduction to cryptography for non-CS majors. Although elementary, it provides a useful feel for some key concepts. Originally appeared in the on-line Journal on Educational Resources in Computing, September 2002.
Cryptography Demos: Animation of a number of cryptographic algorithms.
Security Cartoon: A cartoon-based approach aimed at improving the understanding of security risk among typical Internet users.

Chapter 1 - Overview

IETF Security Area: Provides up-to-date information on Internet security standardization efforts
Internet Cryptography Provides references to the use of cryptography on the Internet, in the form of links to IETF RFCs or Internet Drafts.
Crypto Forum Research Group An Internet Research Task Force (IRTF) Research Group for the discussion and review of cryptographic mechanisms for network security in general and for the IETF in particular..
The Cryptography FAQ: Worthwhile FAQ, from RSA Laboratories, covering all aspects of cryptography. Last updated in 2001.
Tom Dunigan's Security Page: An excellent list of pointers to cryptography and network security web sites.
Peter Gutmann's Home Page: Good collection of cryptography stuff.
Helger Lipmaa's Cryptology Pointers: Another excellent list of pointers to cryptography and network security web sites.
Cryptology ePrint Archive: Provides rapid access to recent research in cryptology; consists of a collection of unrefereed papers.
IEEE Technical Committee on Security and Privacy: Home of the electronic newsletter Cipher, which provides book reviews, new crypto and security links, and links to reports and papers available online.
Computer Security Resource Center: Maintained by NIST; contains a broad range of information on security threats, technology, and standards.
Computer and Network Security Reference Index: A good index to vendor and commercial products, FAQs, newsgroup archives, papers, and other Web sites.
Security Focus: A wide variety of security information, with an emphasis on vendor products and end-user concerns. Maintains the Bugtraq, a mailing list for the detailed discussion and announcement of computer security vulnerabilities.
SANS Institute: Similar to Security Focus. Extensive collection of white papers. Maintains Internet Storm Center, which provides a warning service to Internet users and organizations concerning security threats.
Bouncy Castle Crypto Package: Java implementation of cryptographic algorithms. The package is organized so that it contains a light-weight API suitable for use in any environment. The package is distributed at no charge for commercial or non-commercial use.
Cryptography Code: Another useful collection of software.
Crypto++ Library: A free C++ class library of cryptographic schemes.
Botan: Another free C++ class library of cryptographic schemes.
CrypTool A freeware program which enables you to apply and analyze cryptographic mechanisms.
Risks Digest: Forum on risks to the public in computers and related systems.
Institute for Security and Open Methodologies: An open, collaborative security research community. Lots of interesting information.
Center for Internet Security: Provides freeware benchmark and scoring tools for evaluating security of operating systems, network devices, and applications. Includes case studies and technical papers.

Chapter 2 - Classical Encryption Techniques

American Cryptogram Association: An association of amateur cryptographers. The Web site includes information and links to sites concerned with classical cryptography.
Crypto Corner: Simon Singh's Website. Lots of good information, plus interactive tools for learning about cryptography.
Solitaire Encryption Algorithm: Developed by Bruce Schneier. This is perhaps the most secure encryption algorithm that can be implemented without a computer
Lanaki Classical Cryptography Course: A free online course in 24 lessons.
Steganography: Good collection of links and documents.

Chapter 3 - Block Ciphers and DES

The DES Algorithm Illustrated Detailed explanation of the inner workings of DES. By J. Orlin Grabbe.
Block Cipher Hospital: Contains links to papers and theses on block cipher cryptanalysis.

Chapter 4 - Finite Fields

PascGalois Project: Contains a clever set of examples and projects to aid in giving students a visual understanding of key concepts in abstract algebra.
Finite Fields: A useful reference document by Timothy Murphy of University of Dublin.

Chapter 5 - Advanced Encryption Standard

AES Home Page: NIST's page on AES. Contains the standard plus a number of other relevant documents
AES Lounge: Contains a comprehensive bibliography of documents and papers on AES, with access to electronic copies.
AES Example: A worked out example of AES operation, authored by instructors at Massey U., New Zealand
AES Animation: An excellent way to gain an understanding of the inner workings of AES.

Chapter 6 - More on Symmetric Ciphers

Block Cipher Modes of Operation: NIST page with full information on NIST-approved modes of operation.

Chapter 7 - Confidentiality Using Symmetric Encryption

NIST Random Number Generation Technical Working Group: Contains documents and tests developed by NIST that related to PRNGs for cryptographic applications. Also has useful set of links.
NIST Random Number Generation Cryptographic Toolkit: Another useful NIST site with documents and links.
LavaRnd: LavaRnd is an open source project that uses a chaotic source to generate truly random numbers. The site also has background information on random numbers in general.
Quantum Random Numbers: You can access quantum random numbers on the fly here. Another source of random numbers.
A Million Random Digits: You'll never know when you're going to need some.

Chapter 8 - Number Theory

The Prime Pages: Prime number research, records, and resources.

Chapter 9 - Public-Key Cryptography and RSA

RSA Laboratories: The research center of RSA Security, Inc., it offers an extensive collection of technical material on RSA and other topics in cryptography.

Chapter 10 - Other Public-Key Cryptosystems

Certicom: Extensive collection of technical material on elliptic curve cryptography and other topics in cryptography.

Chapter 12 - Hash Algorithms

NIST Secure Hashing Page: SHA FIPS and related documents.
Whirlpool: Range of information on Whirlpool.
Block Cipher Modes of Operation: NIST page with full information on CMAC.
Cryptographic Hash Algorithm Competition: NIST page on its competition for a new standardized hash algorithm, to be called SHA-3.
SHA-3 Zoo: This Web site monitors the progress of the SHA-3 competition.

Chapter 13 - Digital Signatures

Digital Signatures: NIST page with information on NIST-approved digital signature options.
Digital Signatures Illustrated Detailed explanation of the inner workings of the digital signature. By J. Orlin Grabbe.

Chapter 14 - Authentication Applications

MIT Kerberos Site: Information about Kerberos, including the FAQ, papers and documents, and pointers to commercial product sites.
MIT Kerberos Consortium: Created to establish Kerberos as the universal authentication platform for the world's computer networks.
USC/ISI Kerberos Page: Another good source of Kerberos material.
Kerberos Working Group: IETF group developing standards for Kerberos.
Public-Key Infrastructure Working Group: IETF group developing standards based on X.509v3.
NIST PKI Program: Good source of information.
Verisign: A leading commercial vendor of X.509-related products; white papers and other worthwhile material at this site.

Chapter 15 - Electronic Mail Security

PGP Home Page: Web site of PGP Corp., the leading PGP commercial vendor.
International PGP Home Page: Designed to promote worldwide use of PGP. Contains documents and links of interest.
S/MIME Charter: Latest RFCs and internet drafts for S/MIME.

Chapter 16 - IP Security

NIST IPsec Project: Contains papers, presentations, and reference implementations.
IPsec Maintenance and Extensions Charter: Latest RFCs and internet drafts for IPsec.

Chapter 17 - Web Security

TLS Charter: Latest RFCs and internet drafts for TLS.
OpenSSL Project: Project to develop open-source SSL and TLS software. Site includes documents, links, and software.

Chapter 18 - Intruders

CERT Coordination Center: The organization that grew from the computer emergency response team formed by the Defense Advanced Research Projects Agency. Site provides good information on Internet security threats, vulnerabilities, and attack statistics.
Packet Storm: Resource of up-to-date and historical security tools, exploits, and advisories.
Honeynet Project: A research project studying the techniques of predatory hackers and developing honeypot products
Honeypots: A good collection of research papers and technical articles.
STAT Project: A research and open-source project at the U. of California, Santa Barbara that focuses on signature-based intrusion detection tools for hosts, applications, and networks..
Password Usage and Generation NIST documents on this topic

Chapter 19 - Malicious Software

Anti-Virus Online: IBM's site on virus information; one of the best.
Vmyths: Dedicated to exposing virus hoaxes and dispelling misconceptions about real viruses.
VirusList: Site maintained by commercial antivirus software provider. Good collection of useful information.
DDoS Attacks/Tools: Extensive list of links and documents.

Chapter 20 - Firewalls Numerous links to firewall references and software resources.
Trusted Computing Group: Vendor group involved in developing and promoting trusted computer standards. Site includes white papers, specifications, and vendor links.
Common Criteria Portal: Official Web site of the common criteria project.