Overview

Now in its Third Edition, this completely revised and updated reference provides a thorough and comprehensive introduction into the SSL, TLS, and DTLS protocols, explaining all the details and technical subtleties and showing how the current design helps mitigate the attacks that have made press headlines in the past. The book tells the complete story of TLS, from its earliest incarnation (SSL 1.0 in 1994), all the way up to and including TLS 1.3. Detailed descriptions of each protocol version give you a full understanding of why the protocol looked like it did, and why it now looks like it does.   You will get a clear, detailed introduction to TLS 1.3 and understand the broader context of how TLS works with firewall and network middleboxes, as well the key topic of public infrastructures and their role in securing TLS. You will also find similar details on DTLS, a close sibling of TLS that is designed to operate over UDP instead of TCP. The book helps you fully understand the rationale behind the design of the SSL, TLS, and DTLS protocols and all of its extensions. It also gives you an in-depth and accessible breakdown of the many vulnerabilities in earlier versions of TLS, thereby more fully equipping you to properly configure and use the protocols in the field and protect against specific (network-based) attacks.   With its thorough discussion of widely deployed network security technology, coupled with its practical applications you can utilize today, this is a must-have book for network security practitioners and software/web application developers at all levels.

Full Product Details

Author:   Rolf Oppliger
Publisher:   Artech House Publishers
Imprint:   Artech House Publishers
Edition:   3rd Unabridged edition
Dimensions:   Width: 15.20cm , Height: 2.80cm , Length: 22.90cm
Weight:   0.748kg
ISBN:  

9781685690151

ISBN 10:   1685690157
Pages:   388
Publication Date:   30 June 2023
Audience:   Professional and scholarly ,  Professional & Vocational
Format:   Hardback
Publisher's Status:   Active
Availability:   In Print  
This item will be ordered in for you from one of our suppliers. Upon receipt, we will promptly dispatch it out to you. For in store availability, please contact us.

Table of Contents

Chapter 1 Introduction 1.1 Information and Network Security 1.1.1 Security Services 1.1.2 Security Mechanisms 1.2 Transport Layer Security 1.3 Final Remarks   Chapter 2 SSL Protocol 2.1 Introduction 2.2 Protocols 2.2.1 SSL Record Protocol 2.2.2 SSL Handshake Protocol 2.2.3 SSL Change Cipher Spec Protocol 2.2.4 SSL Alert Protocol 2.2.5 SSL Application Data Protocol 2.3 Protocol Transcript 2.4 Security Analysis 2.5 Final Remarks   Chapter 3 TLS Protocol 3.1 Introduction 3.1.1 TLS PRF 3.1.2 Generation of Keying Material 3.2 TLS 1.0 3.2.1 Cipher Suites 3.2.2 Certificate Management 3.2.3 Alert Messages 3.2.4 Other Differences 3.3 TLS 1.1 3.3.1 Cipher Suites 3.3.2 Certificate Management 3.3.3 Alert Messages 3.3.4 Other Differences 3.4 TLS 1.2 3.4.1 TLS Extensions 3.4.2 Cipher Suites 3.4.3 Certificate Management 3.4.4 Alert Messages 3.4.5 Other Differences 3.5 TLS 1.3 3.5.1 Handshake Protocol 3.5.2 Key Derivation 3.5.3 Certificate Management 3.5.4 Alert Messages 3.5.5 Other Differences 3.6 HSTS 3.7 Protocol Transcripts 3.7.1 TLS 1.0 3.7.2 TLS 1.2 3.8 Security Analysis 3.9 Final Remarks   Chapter 4 DTLS Protocol 4.1 Introduction 4.2 DTLS 1.0 4.2.1 Record Protocol 4.2.2 Handshake Protocol 4.3 DTLS 1.2 4.4 DTLS 1.3 4.4.1 Record Protocol 4.4.2 Handshake Protocol 4.5 Security Analysis 4.6 Final Remarks   Chapter 5 Firewall Traversal 5.1 Introduction 5.2 SSL/TLS Tunneling 5.3 SSL/TLS Proxying 5.4 Middlebox Mitigation 5.5 Final Remarks   Chapter 6 Public Key Certificates and Internet PKI 6.1 Introduction 6.2 X.509 Certificates 6.2.1 Certificate Format 6.2.2 Hierarchical Trust Model 6.3 Server Certificates 6.4 Client Certificates 6.5 Problems and Pitfalls 6.6 Certificate Legitimation 6.6.1 Public Key Pinning 6.6.2 DNS Resource Records 6.6.3 Distributed Notaries 6.6.4 Certificate Transparency 6.7 Final Remarks   Chapter 7 Concluding Remarks   Appendix A Attacks Against SSL/TLS A.1 Bleichenbacher Attack A.1.1 DROWN, ROBOT, and CATs A.1.2 Kl´ıma-Pokorn´y-Rosa Attack A.1.3 Manger Attack A.2 Vaudenay Attack A.3 BEAST A.4 POODLE A.5 Renegotiation Attacks A.6 Compression-Related Attacks A.7 Key Exchange Downgrade Attacks A.7.1 FREAK A.7.2 Logjam   Appendix B TLS Cipher Suites   Appendix C TLS Extensions C.1 Overview C.2 Detailed Explanations   Appendix D Abbreviations and Acronyms

Reviews

Author Information

Tab Content 6

Author Website:  

Customer Reviews

Recent Reviews

No review item found!

Add your own review!

Countries Available

All regions