Handbook of information and communication security: Part 1

HandbookofInformation andCommunicationSecurity PeterStavroulakis · MarkStamp(Editors) Handbookof Informationand Communication Security 123 Editors Prof. Peter Stavroulakis Technical University of Crete 73132 Chania, Crete Greece pete_tsi@yahoo.gr Prof. Mark Stamp Dept. Computer Science San Jose State University One Washington Square San Jose, CA 95192 USA stamp@cs.sjsu.edu ISBN 978-3-642-04116-7 e-ISBN 978-3-642-04117-4 DOI 10.1007/978-1-84882-684-7 Springer Heidelberg Dordrecht London NewYork Library of Congress Control Number: 2009943513 © Springer-Verlag Berlin Heidelberg 2010 This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilm or in any other way, and storage in data banks. Duplication of this publication orpartsthereof ispermittedonlyundertheprovisionsoftheGermanCopyright LawofSeptember 9,1965, in its current version, and permission for use must always be obtained from Springer. Violations are liable to prosecution under the German Copyright Law. Theuse ofgeneral descriptive names, registerednames, trademarks, etc.in this publicationdoesnotimply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. Cover illustration: Teodoro Cipresso Cover design: WMXDesign, Heidelberg Typesetting and production: le-tex publishing services GmbH, Leipzig, Germany Printed on acid-free paper Springer is part of Springer Science+Business Media (www.springer.com) Preface At its core, information security deals with the secure and accurate transfer of information. While information security has long been important, it was, perhaps, brought more clearly into mainstream focus with the so-called “Y2K” issue. The Y2K scare was the fear that com-puter networks and the systems that are controlled or operated by software would fail with the turn of the millennium, since their clocks could lose synchronization by not recognizing a number (instruction) with three zeros. A positive outcome of this scare was the creation of several Computer Emergency Response Teams (CERTs) around the world that now work co-operatively to exchange expertise and information, and to coordinate in case major problems should arise in the modern IT environment. The terrorist attacks of 11 September 2001 raised security concerns to a new level. The in-ternationalcommunityrespondedon atleasttwofronts;onefrontbeingthetransferofreliable information via secure networks and the other being the collection of information about po-tential terrorists. As a sign of this new emphasis on security, since 2001, all major academic publishers have started technical journals focused on security, and every major communica-tions conference (for example, Globecom and ICC) has organized workshops and sessions on security issues. In addition, the IEEE has created a technical committee on Communication and Information Security. ThefirsteditorwasintimatelyinvolvedwithsecurityfortheAthensOlympicGamesof2004. Thesegamesprovidedatestinggroundformuchoftheexistingsecuritytechnology.Onelesson learned fromthese gameswas thatsecurity-relatedtechnologyoften cannot beused effectively without violating the legalframework.Thisproblemis discussed– in the contextofthe Athens Olympics – in the final chapterof this handbook. In this handbook, we have attempted to emphasize the interplaybetween communications and the field of information security. Arguably, this is the first time in the security literature that this duality has been recognized in such an integral and explicit manner. It is important to realize that information security is a large topic – far too large to cover exhaustivelywithinasinglevolume.Consequently,wecannotclaimtoprovideacompleteview ofthesubject.Instead,wehavechosentoincludeseveralsurveysofsomeofthemostimportant, interesting, and timely topics, along with a significant number of research-oriented papers. Many of the research papers are very much on the cutting edge of the field. Specifically, this handbook covers some of the latest advances in fundamentals, cryptogra-phy,intrusiondetection,accesscontrol,networking(includingextensivesectionsonopticsand wirelesssystems),software,forensics,andlegalissues.Theeditors’intention,withrespecttothe presentation and sequencing of the chapters, was to create a reasonably natural flow between the various sub-topics. v ... - tailieumienphi.vn